Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "d1ea47f4b822",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:49:15.755572Z",
"end_time": "2026-07-01T03:49:20.580430Z",
"duration": "4.8",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "b95e54833ba2",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:49:10.334018Z",
"end_time": "2026-07-01T03:49:15.562552Z",
"duration": "5.2",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "f49b04bf1927",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:49:05.341753Z",
"end_time": "2026-07-01T03:49:10.164011Z",
"duration": "4.8",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "12a88b5e4507",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:48:59.888233Z",
"end_time": "2026-07-01T03:49:05.138008Z",
"duration": "5.2",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "b781032e6faa",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:48:54.316365Z",
"end_time": "2026-07-01T03:48:59.715339Z",
"duration": "5.4",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "b8ae1671135d",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:48:49.066104Z",
"end_time": "2026-07-01T03:48:54.134245Z",
"duration": "5.1",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "130f3f970cd0",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:48:43.750877Z",
"end_time": "2026-07-01T03:48:48.881964Z",
"duration": "5.1",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "d29c771d3ed2",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:48:33.507751Z",
"end_time": "2026-07-01T03:48:38.335660Z",
"duration": "4.8",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "a0d93e7bb76d",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:48:28.200929Z",
"end_time": "2026-07-01T03:48:33.331161Z",
"duration": "5.1",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "733dac69f6ca",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:48:22.965887Z",
"end_time": "2026-07-01T03:48:28.017011Z",
"duration": "5.0",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "721e753c7d68",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:48:17.663466Z",
"end_time": "2026-07-01T03:48:22.787824Z",
"duration": "5.1",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "7a7420693f92",
"src_ip": "115.190.248.214",
"start_time": "2026-07-01T03:48:12.359269Z",
"end_time": "2026-07-01T03:50:12.366603Z",
"duration": "120.0",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 10,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "b415667b863e",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:48:12.239209Z",
"end_time": "2026-07-01T03:48:17.486430Z",
"duration": "5.2",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "aca11736babd",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:48:07.244000Z",
"end_time": "2026-07-01T03:48:12.074563Z",
"duration": "4.8",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "991ba60807cd",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:48:02.040967Z",
"end_time": "2026-07-01T03:48:07.040630Z",
"duration": "5.0",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: es
{
"id": "3c03c068e837",
"src_ip": "97.74.87.152",
"start_time": "2026-07-01T03:47:59.182596Z",
"end_time": "2026-07-01T03:48:01.379987Z",
"duration": "2.2",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [
{
"user": "es",
"pass": "111111"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "dc4a010e6d9f",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:47:57.037777Z",
"end_time": "2026-07-01T03:48:01.857143Z",
"duration": "4.8",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "ff900947b065",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:47:51.491908Z",
"end_time": "2026-07-01T03:47:56.853498Z",
"duration": "5.4",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Credential acceptance event recorded. Target authentication: root / admin
Remote entity achieved interactive shell state. Command sequence (9 executed):
{
"id": "32842740a966",
"src_ip": "2.57.122.150",
"start_time": "2026-07-01T03:47:38.391408Z",
"end_time": "2026-07-01T03:47:42.718146Z",
"duration": "4.3",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "admin"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"uname -s -v -n -m 2 > /dev/null",
"/bin/uname -s -v -n -m 2 > /dev/null",
"/usr/bin/uname -s -v -n -m 2 > /dev/null",
"busybox uname -s -v -n -m 2 > /dev/null",
"( [ -f /proc/version ]",
"[ -f /proc/version ]",
"head -1 /proc/version | cut -d -f1",
"[ -f /etc/os-release ]"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
"failed": true,
"error": "Command not found: /usr/bin/uname -s -v -n -m"
},
{
"cmd": "busybox uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "( [ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "[ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "head -1 /proc/version | cut -d -f1",
"failed": false,
"error": null
},
{
"cmd": "[ -f /etc/os-release ]",
"failed": false,
"error": null
}
],
"failed_commands": [
"/usr/bin/uname -s -v -n -m"
],
"score": 200,
"tags": [
"RECONNAISSANCE",
"SUCCESSFUL LOGIN",
"COMMANDS RUN"
]
}Credential acceptance event recorded. Target authentication: ubuntu / admin!
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "f476269b2ff2",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:47:00.848848Z",
"end_time": "2026-07-01T03:47:51.308789Z",
"duration": "50.5",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "ubuntu",
"pass": "admin!"
},
"commands": [
"uname -a && echo \"====\" && cat /etc/os-release"
],
"detailed_commands": [
{
"cmd": "uname -a && echo \"====\" && cat /etc/os-release",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 100,
"tags": [
"RECONNAISSANCE",
"SUCCESSFUL LOGIN",
"COMMANDS RUN"
]
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "af71bde4aba7",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:46:55.550799Z",
"end_time": "2026-07-01T03:47:00.674386Z",
"duration": "5.1",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Credential acceptance event recorded. Target authentication: ubuntu / pass123!
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "2a8dffa8fc0d",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:46:10.442934Z",
"end_time": "2026-07-01T03:46:55.367667Z",
"duration": "44.9",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "ubuntu",
"pass": "pass123!"
},
"commands": [
"uname -a && echo \"====\" && cat /etc/os-release"
],
"detailed_commands": [
{
"cmd": "uname -a && echo \"====\" && cat /etc/os-release",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 100,
"tags": [
"RECONNAISSANCE",
"SUCCESSFUL LOGIN",
"COMMANDS RUN"
]
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "39d3e44007c4",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:46:05.455762Z",
"end_time": "2026-07-01T03:46:10.270847Z",
"duration": "4.8",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "676f59f58866",
"src_ip": "59.38.131.149",
"start_time": "2026-07-01T03:46:04.603258Z",
"end_time": "2026-07-01T03:48:04.609647Z",
"duration": "120.0",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 10,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "32042df51274",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:46:00.188569Z",
"end_time": "2026-07-01T03:46:05.268484Z",
"duration": "5.1",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "086749536460",
"src_ip": "115.190.248.214",
"start_time": "2026-07-01T03:45:54.135626Z",
"end_time": "2026-07-01T03:47:54.141038Z",
"duration": "120.0",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 10,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "74660639296e",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:45:53.297700Z",
"end_time": "2026-07-01T03:45:59.983782Z",
"duration": "6.7",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Credential acceptance event recorded. Target authentication: root / Root123
Remote entity achieved interactive shell state. Command sequence (9 executed):
{
"id": "699ecd07e5ee",
"src_ip": "2.57.122.150",
"start_time": "2026-07-01T03:45:41.468726Z",
"end_time": "2026-07-01T03:45:45.587754Z",
"duration": "4.1",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "Root123"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"uname -s -v -n -m 2 > /dev/null",
"/bin/uname -s -v -n -m 2 > /dev/null",
"/usr/bin/uname -s -v -n -m 2 > /dev/null",
"busybox uname -s -v -n -m 2 > /dev/null",
"( [ -f /proc/version ]",
"[ -f /proc/version ]",
"head -1 /proc/version | cut -d -f1",
"[ -f /etc/os-release ]"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
"failed": true,
"error": "Command not found: /usr/bin/uname -s -v -n -m"
},
{
"cmd": "busybox uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "( [ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "[ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "head -1 /proc/version | cut -d -f1",
"failed": false,
"error": null
},
{
"cmd": "[ -f /etc/os-release ]",
"failed": false,
"error": null
}
],
"failed_commands": [
"/usr/bin/uname -s -v -n -m"
],
"score": 200,
"tags": [
"RECONNAISSANCE",
"SUCCESSFUL LOGIN",
"COMMANDS RUN"
]
}Credential acceptance event recorded. Target authentication: ubuntu / password12345
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "fa37d2126269",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:45:14.563558Z",
"end_time": "2026-07-01T03:45:53.086920Z",
"duration": "38.5",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "ubuntu",
"pass": "password12345"
},
"commands": [
"uname -a && echo \"====\" && cat /etc/os-release"
],
"detailed_commands": [
{
"cmd": "uname -a && echo \"====\" && cat /etc/os-release",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 100,
"tags": [
"RECONNAISSANCE",
"SUCCESSFUL LOGIN",
"COMMANDS RUN"
]
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "c8322b8afa52",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:45:09.550747Z",
"end_time": "2026-07-01T03:45:14.387737Z",
"duration": "4.8",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "82dbe634ee62",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:45:04.546702Z",
"end_time": "2026-07-01T03:45:09.373564Z",
"duration": "4.8",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "2e01fe4bced3",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:44:59.059374Z",
"end_time": "2026-07-01T03:45:04.370046Z",
"duration": "5.3",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "3fe19aa4de05",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:44:54.059160Z",
"end_time": "2026-07-01T03:44:58.888625Z",
"duration": "4.8",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "280a7253ac61",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:44:49.052643Z",
"end_time": "2026-07-01T03:44:53.861051Z",
"duration": "4.8",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "d8467972436f",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:44:44.017337Z",
"end_time": "2026-07-01T03:44:48.849021Z",
"duration": "4.8",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Credential acceptance event recorded. Target authentication: ubuntu / Temp1234
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "5b658a14e22f",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:43:56.560813Z",
"end_time": "2026-07-01T03:44:43.840405Z",
"duration": "47.3",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "ubuntu",
"pass": "Temp1234"
},
"commands": [
"uname -a && echo \"====\" && cat /etc/os-release"
],
"detailed_commands": [
{
"cmd": "uname -a && echo \"====\" && cat /etc/os-release",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 100,
"tags": [
"RECONNAISSANCE",
"SUCCESSFUL LOGIN",
"COMMANDS RUN"
]
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "53876cfd6e00",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:43:51.542032Z",
"end_time": "2026-07-01T03:43:56.361721Z",
"duration": "4.8",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Credential acceptance event recorded. Target authentication: root / P@ssword
Remote entity achieved interactive shell state. Command sequence (9 executed):
{
"id": "9de62c0deca0",
"src_ip": "2.57.122.150",
"start_time": "2026-07-01T03:43:42.308461Z",
"end_time": "2026-07-01T03:43:46.347319Z",
"duration": "4.0",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "P@ssword"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"uname -s -v -n -m 2 > /dev/null",
"/bin/uname -s -v -n -m 2 > /dev/null",
"/usr/bin/uname -s -v -n -m 2 > /dev/null",
"busybox uname -s -v -n -m 2 > /dev/null",
"( [ -f /proc/version ]",
"[ -f /proc/version ]",
"head -1 /proc/version | cut -d -f1",
"[ -f /etc/os-release ]"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
"failed": true,
"error": "Command not found: /usr/bin/uname -s -v -n -m"
},
{
"cmd": "busybox uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "( [ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "[ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "head -1 /proc/version | cut -d -f1",
"failed": false,
"error": null
},
{
"cmd": "[ -f /etc/os-release ]",
"failed": false,
"error": null
}
],
"failed_commands": [
"/usr/bin/uname -s -v -n -m"
],
"score": 200,
"tags": [
"RECONNAISSANCE",
"SUCCESSFUL LOGIN",
"COMMANDS RUN"
]
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "3dc63e27f26d",
"src_ip": "115.190.248.214",
"start_time": "2026-07-01T03:43:41.933036Z",
"end_time": "2026-07-01T03:45:41.937170Z",
"duration": "120.0",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 10,
"tags": []
}Credential acceptance event recorded. Target authentication: ubuntu / Welcome1
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "d41766c94a22",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:43:07.849888Z",
"end_time": "2026-07-01T03:43:51.349799Z",
"duration": "43.5",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "ubuntu",
"pass": "Welcome1"
},
"commands": [
"uname -a && echo \"====\" && cat /etc/os-release"
],
"detailed_commands": [
{
"cmd": "uname -a && echo \"====\" && cat /etc/os-release",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 100,
"tags": [
"RECONNAISSANCE",
"SUCCESSFUL LOGIN",
"COMMANDS RUN"
]
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "137cff54768f",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:43:02.850269Z",
"end_time": "2026-07-01T03:43:07.681830Z",
"duration": "4.8",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: presse
{
"id": "bb7b83b4ee04",
"src_ip": "172.172.186.3",
"start_time": "2026-07-01T03:42:40.630041Z",
"end_time": "2026-07-01T03:42:50.995974Z",
"duration": "10.4",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [
{
"user": "presse",
"pass": "presse"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: ubuntu / P@ssw0rd
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "2291b18c964a",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:42:18.646216Z",
"end_time": "2026-07-01T03:43:02.638498Z",
"duration": "44.0",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "ubuntu",
"pass": "P@ssw0rd"
},
"commands": [
"uname -a && echo \"====\" && cat /etc/os-release"
],
"detailed_commands": [
{
"cmd": "uname -a && echo \"====\" && cat /etc/os-release",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 100,
"tags": [
"RECONNAISSANCE",
"SUCCESSFUL LOGIN",
"COMMANDS RUN"
]
}Credential acceptance event recorded. Target authentication: root / P@ssw0rd
Remote entity achieved interactive shell state. Command sequence (9 executed):
{
"id": "14c6682466c4",
"src_ip": "2.57.122.150",
"start_time": "2026-07-01T03:41:43.723942Z",
"end_time": "2026-07-01T03:41:48.817825Z",
"duration": "5.1",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "P@ssw0rd"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"uname -s -v -n -m 2 > /dev/null",
"/bin/uname -s -v -n -m 2 > /dev/null",
"/usr/bin/uname -s -v -n -m 2 > /dev/null",
"busybox uname -s -v -n -m 2 > /dev/null",
"( [ -f /proc/version ]",
"[ -f /proc/version ]",
"head -1 /proc/version | cut -d -f1",
"[ -f /etc/os-release ]"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
"failed": true,
"error": "Command not found: /usr/bin/uname -s -v -n -m"
},
{
"cmd": "busybox uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "( [ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "[ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "head -1 /proc/version | cut -d -f1",
"failed": false,
"error": null
},
{
"cmd": "[ -f /etc/os-release ]",
"failed": false,
"error": null
}
],
"failed_commands": [
"/usr/bin/uname -s -v -n -m"
],
"score": 200,
"tags": [
"RECONNAISSANCE",
"SUCCESSFUL LOGIN",
"COMMANDS RUN"
]
}Credential acceptance event recorded. Target authentication: ubuntu / Passw0rd
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "e248c7a7a78f",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:41:33.690466Z",
"end_time": "2026-07-01T03:42:18.449259Z",
"duration": "44.8",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "ubuntu",
"pass": "Passw0rd"
},
"commands": [
"uname -a && echo \"====\" && cat /etc/os-release"
],
"detailed_commands": [
{
"cmd": "uname -a && echo \"====\" && cat /etc/os-release",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 100,
"tags": [
"RECONNAISSANCE",
"SUCCESSFUL LOGIN",
"COMMANDS RUN"
]
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "40be3367bfad",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:41:28.715449Z",
"end_time": "2026-07-01T03:41:33.525709Z",
"duration": "4.8",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: smsgateway
{
"id": "9c82c4b91239",
"src_ip": "115.190.248.214",
"start_time": "2026-07-01T03:41:28.594353Z",
"end_time": "2026-07-01T03:41:31.981007Z",
"duration": "3.4",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [
{
"user": "smsgateway",
"pass": "smsgateway123"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: ubuntu / instance
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "6c5187da0724",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:40:44.735863Z",
"end_time": "2026-07-01T03:41:28.492918Z",
"duration": "43.8",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "ubuntu",
"pass": "instance"
},
"commands": [
"uname -a && echo \"====\" && cat /etc/os-release"
],
"detailed_commands": [
{
"cmd": "uname -a && echo \"====\" && cat /etc/os-release",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 100,
"tags": [
"RECONNAISSANCE",
"SUCCESSFUL LOGIN",
"COMMANDS RUN"
]
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "b5588c0f839a",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:40:39.757910Z",
"end_time": "2026-07-01T03:40:44.562999Z",
"duration": "4.8",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "b37c16eadf90",
"src_ip": "139.99.74.35",
"start_time": "2026-07-01T03:40:34.742389Z",
"end_time": "2026-07-01T03:40:39.563286Z",
"duration": "4.8",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}