Same here I think those where you only get 3 servs are bugged MSS.hvm anomalousengineering.hvm, etc... those where you do get in but the netscan sends you back an error or nothing are solvable through another tool MITM but those that are only 3 you just can't get access to their network via fishing/foxacid/hydra so they probably don't work.
Also note you don't necessarily need every variable filled from phones and whatnot to hack passwords (but I'm not 100% sure you can just brute force by running it a very long one in the background) and that if something is marked vulnerable via fingerprinting you can get access to it even if searsploit tells you there is not exploit (just trial and error the foxacid attack).

Edit: I tried and you can definitely brute force password with a minimum of variables.

try to run sfuzzer again, there is an option to run an internal domain scan when you are connected to the c2 turbine interface

Yes I know but to connect to a server you need to do so through either foxacid/fishing/hydra.
The .hvm with 3 servs don't even send back fingerprint response which is why I think they're probably bugged or disabled.

I did find a way to get into them (MSS) but it's so laughably insane it can't be that.
Wondering if it was a bug I tried fingerprinting random servers name based of the way the game formating.
I did for a while trying variants 1 by 1, until I got a fingerprint, so I kept doing it in a pure brute force fashion until finally one got me a vulnerable one
Problem is with the protocol used searchsploit send you exactly what you expect: the same message if you type random things in it
So I tried all the foxacid attack one by one
It worked eventuially I got in.
Netscan? No response, MITM? No response, sfuzzer? sfuzzer is now happy and is giving me plenty of servs... problem those aren't the ones I got fingerprint hits from! While they did clear up the drone map nothing is clickable so we go blind to airodump
airodump give you MAC a plenty, except you don't have a clue to a timeslot so you just do it one by one, but at that point that's actually not hard.
Find the phone (doesn't update in drone view), it has an username and some info off to password cracking we go. (It is also extremely familiar and from what I remmeber the other one had far more info in it.)
Except there is no hvm access point and my proxy isn't the right one in the target field.
Type one by one every node from the sfuzzer request until the right one is found
Far too much critical info is missing (first name, age), lucky for us the thing tells green when you're right... age is very easy to brute force... first name not so much, luckily it was a Berta and not a Zoe.
All filters on, spends 45 minutes cooking, and voila, you're in.

This CANNOT be the normal way to do this.