nonproductions.net banner
Logo
Subsystem: NO BONK

Adversarial Observation Interface

Page 53 / 4461 (223024 total records)
Passive Observation Node - Active Operational Overview
45.156.87.93
2026-07-01 22:50:50.033449 UTC
SUCCESSFUL LOGIN COMMANDS RUN RECONNAISSANCE SCORE: 100

Credential acceptance event recorded. Target authentication: root / Password@123

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ uname -s -v -n -r -m
Record ID: 9e2049f32433
Client Version: SSH-2.0-Go
Engagement Duration: 1.2s
HASSH Fingerprint: 0a07365cc01fa9fc82608ba4019af499
{
  "id": "9e2049f32433",
  "src_ip": "45.156.87.93",
  "start_time": "2026-07-01T22:50:50.033449Z",
  "end_time": "2026-07-01T22:50:51.279919Z",
  "duration": "1.2",
  "version": "SSH-2.0-Go",
  "hassh": "0a07365cc01fa9fc82608ba4019af499",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "Password@123"
  },
  "commands": [
    "uname -s -v -n -r -m"
  ],
  "detailed_commands": [
    {
      "cmd": "uname -s -v -n -r -m",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 100,
  "tags": [
    "SUCCESSFUL LOGIN",
    "COMMANDS RUN",
    "RECONNAISSANCE"
  ]
}
45.156.87.93
2026-07-01 22:50:45.261469 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: main

Record ID: eb59fe5efa2b
Client Version: SSH-2.0-Go
Engagement Duration: 1.8s
HASSH Fingerprint: 0a07365cc01fa9fc82608ba4019af499
{
  "id": "eb59fe5efa2b",
  "src_ip": "45.156.87.93",
  "start_time": "2026-07-01T22:50:45.261469Z",
  "end_time": "2026-07-01T22:50:47.021683Z",
  "duration": "1.8",
  "version": "SSH-2.0-Go",
  "hassh": "0a07365cc01fa9fc82608ba4019af499",
  "attempts": [
    {
      "user": "main",
      "pass": "12345"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
45.156.87.93
2026-07-01 22:50:40.358369 UTC
SUCCESSFUL LOGIN COMMANDS RUN RECONNAISSANCE SCORE: 100

Credential acceptance event recorded. Target authentication: user / rootroot

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ uname -s -v -n -r -m
Record ID: fa67a5bca00e
Client Version: SSH-2.0-Go
Engagement Duration: 1.3s
HASSH Fingerprint: 0a07365cc01fa9fc82608ba4019af499
{
  "id": "fa67a5bca00e",
  "src_ip": "45.156.87.93",
  "start_time": "2026-07-01T22:50:40.358369Z",
  "end_time": "2026-07-01T22:50:41.615897Z",
  "duration": "1.3",
  "version": "SSH-2.0-Go",
  "hassh": "0a07365cc01fa9fc82608ba4019af499",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "user",
    "pass": "rootroot"
  },
  "commands": [
    "uname -s -v -n -r -m"
  ],
  "detailed_commands": [
    {
      "cmd": "uname -s -v -n -r -m",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 100,
  "tags": [
    "SUCCESSFUL LOGIN",
    "COMMANDS RUN",
    "RECONNAISSANCE"
  ]
}
45.156.87.93
2026-07-01 22:50:35.488688 UTC
SUCCESSFUL LOGIN COMMANDS RUN RECONNAISSANCE SCORE: 100

Credential acceptance event recorded. Target authentication: test / 123456

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ uname -s -v -n -r -m
Record ID: fa5ec1656a25
Client Version: SSH-2.0-Go
Engagement Duration: 1.3s
HASSH Fingerprint: 0a07365cc01fa9fc82608ba4019af499
{
  "id": "fa5ec1656a25",
  "src_ip": "45.156.87.93",
  "start_time": "2026-07-01T22:50:35.488688Z",
  "end_time": "2026-07-01T22:50:36.741252Z",
  "duration": "1.3",
  "version": "SSH-2.0-Go",
  "hassh": "0a07365cc01fa9fc82608ba4019af499",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "test",
    "pass": "123456"
  },
  "commands": [
    "uname -s -v -n -r -m"
  ],
  "detailed_commands": [
    {
      "cmd": "uname -s -v -n -r -m",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 100,
  "tags": [
    "SUCCESSFUL LOGIN",
    "COMMANDS RUN",
    "RECONNAISSANCE"
  ]
}
45.156.87.93
2026-07-01 22:50:30.295511 UTC
SUCCESSFUL LOGIN COMMANDS RUN RECONNAISSANCE SCORE: 100

Credential acceptance event recorded. Target authentication: deploy / password

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ uname -s -v -n -r -m
Record ID: b2a0f6071ea0
Client Version: SSH-2.0-Go
Engagement Duration: 1.3s
HASSH Fingerprint: 0a07365cc01fa9fc82608ba4019af499
{
  "id": "b2a0f6071ea0",
  "src_ip": "45.156.87.93",
  "start_time": "2026-07-01T22:50:30.295511Z",
  "end_time": "2026-07-01T22:50:31.568724Z",
  "duration": "1.3",
  "version": "SSH-2.0-Go",
  "hassh": "0a07365cc01fa9fc82608ba4019af499",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "deploy",
    "pass": "password"
  },
  "commands": [
    "uname -s -v -n -r -m"
  ],
  "detailed_commands": [
    {
      "cmd": "uname -s -v -n -r -m",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 100,
  "tags": [
    "SUCCESSFUL LOGIN",
    "COMMANDS RUN",
    "RECONNAISSANCE"
  ]
}
45.156.87.93
2026-07-01 22:50:25.384790 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: pi

Record ID: 1d90a6fe8589
Client Version: SSH-2.0-Go
Engagement Duration: 1.9s
HASSH Fingerprint: 0a07365cc01fa9fc82608ba4019af499
{
  "id": "1d90a6fe8589",
  "src_ip": "45.156.87.93",
  "start_time": "2026-07-01T22:50:25.384790Z",
  "end_time": "2026-07-01T22:50:27.249445Z",
  "duration": "1.9",
  "version": "SSH-2.0-Go",
  "hassh": "0a07365cc01fa9fc82608ba4019af499",
  "attempts": [
    {
      "user": "pi",
      "pass": "toor"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
45.156.87.93
2026-07-01 22:50:20.341889 UTC
SUCCESSFUL LOGIN COMMANDS RUN RECONNAISSANCE SCORE: 100

Credential acceptance event recorded. Target authentication: root / 123321

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ uname -s -v -n -r -m
Record ID: 808980f1647a
Client Version: SSH-2.0-Go
Engagement Duration: 1.2s
HASSH Fingerprint: 0a07365cc01fa9fc82608ba4019af499
{
  "id": "808980f1647a",
  "src_ip": "45.156.87.93",
  "start_time": "2026-07-01T22:50:20.341889Z",
  "end_time": "2026-07-01T22:50:21.582521Z",
  "duration": "1.2",
  "version": "SSH-2.0-Go",
  "hassh": "0a07365cc01fa9fc82608ba4019af499",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "123321"
  },
  "commands": [
    "uname -s -v -n -r -m"
  ],
  "detailed_commands": [
    {
      "cmd": "uname -s -v -n -r -m",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 100,
  "tags": [
    "SUCCESSFUL LOGIN",
    "COMMANDS RUN",
    "RECONNAISSANCE"
  ]
}
45.156.87.93
2026-07-01 22:50:15.244682 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: work

Record ID: f949f0bffe34
Client Version: SSH-2.0-Go
Engagement Duration: 1.8s
HASSH Fingerprint: 0a07365cc01fa9fc82608ba4019af499
{
  "id": "f949f0bffe34",
  "src_ip": "45.156.87.93",
  "start_time": "2026-07-01T22:50:15.244682Z",
  "end_time": "2026-07-01T22:50:17.006168Z",
  "duration": "1.8",
  "version": "SSH-2.0-Go",
  "hassh": "0a07365cc01fa9fc82608ba4019af499",
  "attempts": [
    {
      "user": "work",
      "pass": "work"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
45.156.87.93
2026-07-01 22:50:10.163895 UTC
SUCCESSFUL LOGIN COMMANDS RUN RECONNAISSANCE SCORE: 100

Credential acceptance event recorded. Target authentication: root / 0

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ uname -s -v -n -r -m
Record ID: efa6e3fbda1e
Client Version: SSH-2.0-Go
Engagement Duration: 1.1s
HASSH Fingerprint: 0a07365cc01fa9fc82608ba4019af499
{
  "id": "efa6e3fbda1e",
  "src_ip": "45.156.87.93",
  "start_time": "2026-07-01T22:50:10.163895Z",
  "end_time": "2026-07-01T22:50:11.302747Z",
  "duration": "1.1",
  "version": "SSH-2.0-Go",
  "hassh": "0a07365cc01fa9fc82608ba4019af499",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "0"
  },
  "commands": [
    "uname -s -v -n -r -m"
  ],
  "detailed_commands": [
    {
      "cmd": "uname -s -v -n -r -m",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 100,
  "tags": [
    "SUCCESSFUL LOGIN",
    "COMMANDS RUN",
    "RECONNAISSANCE"
  ]
}
45.156.87.93
2026-07-01 22:50:04.981990 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: gd

Record ID: acf506e57a2c
Client Version: SSH-2.0-Go
Engagement Duration: 1.8s
HASSH Fingerprint: 0a07365cc01fa9fc82608ba4019af499
{
  "id": "acf506e57a2c",
  "src_ip": "45.156.87.93",
  "start_time": "2026-07-01T22:50:04.981990Z",
  "end_time": "2026-07-01T22:50:06.759491Z",
  "duration": "1.8",
  "version": "SSH-2.0-Go",
  "hassh": "0a07365cc01fa9fc82608ba4019af499",
  "attempts": [
    {
      "user": "gd",
      "pass": "gd"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
45.156.87.93
2026-07-01 22:49:59.915631 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: vncuser

Record ID: 0127447ba185
Client Version: SSH-2.0-Go
Engagement Duration: 1.8s
HASSH Fingerprint: 0a07365cc01fa9fc82608ba4019af499
{
  "id": "0127447ba185",
  "src_ip": "45.156.87.93",
  "start_time": "2026-07-01T22:49:59.915631Z",
  "end_time": "2026-07-01T22:50:01.686939Z",
  "duration": "1.8",
  "version": "SSH-2.0-Go",
  "hassh": "0a07365cc01fa9fc82608ba4019af499",
  "attempts": [
    {
      "user": "vncuser",
      "pass": "vncuser"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
45.156.87.93
2026-07-01 22:49:54.713334 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: labuser

Record ID: 78292f98d47d
Client Version: SSH-2.0-Go
Engagement Duration: 1.8s
HASSH Fingerprint: 0a07365cc01fa9fc82608ba4019af499
{
  "id": "78292f98d47d",
  "src_ip": "45.156.87.93",
  "start_time": "2026-07-01T22:49:54.713334Z",
  "end_time": "2026-07-01T22:49:56.545389Z",
  "duration": "1.8",
  "version": "SSH-2.0-Go",
  "hassh": "0a07365cc01fa9fc82608ba4019af499",
  "attempts": [
    {
      "user": "labuser",
      "pass": "labuser"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
45.156.87.93
2026-07-01 22:49:49.476424 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: customer

Record ID: f0176dff9a9e
Client Version: SSH-2.0-Go
Engagement Duration: 1.9s
HASSH Fingerprint: 0a07365cc01fa9fc82608ba4019af499
{
  "id": "f0176dff9a9e",
  "src_ip": "45.156.87.93",
  "start_time": "2026-07-01T22:49:49.476424Z",
  "end_time": "2026-07-01T22:49:51.384053Z",
  "duration": "1.9",
  "version": "SSH-2.0-Go",
  "hassh": "0a07365cc01fa9fc82608ba4019af499",
  "attempts": [
    {
      "user": "customer",
      "pass": "customer"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
45.156.87.93
2026-07-01 22:49:44.030678 UTC
SUCCESSFUL LOGIN COMMANDS RUN RECONNAISSANCE SCORE: 100

Credential acceptance event recorded. Target authentication: root / Qq123456

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ uname -s -v -n -r -m
Record ID: f0abe7cf0972
Client Version: SSH-2.0-Go
Engagement Duration: 1.2s
HASSH Fingerprint: 0a07365cc01fa9fc82608ba4019af499
{
  "id": "f0abe7cf0972",
  "src_ip": "45.156.87.93",
  "start_time": "2026-07-01T22:49:44.030678Z",
  "end_time": "2026-07-01T22:49:45.188032Z",
  "duration": "1.2",
  "version": "SSH-2.0-Go",
  "hassh": "0a07365cc01fa9fc82608ba4019af499",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "Qq123456"
  },
  "commands": [
    "uname -s -v -n -r -m"
  ],
  "detailed_commands": [
    {
      "cmd": "uname -s -v -n -r -m",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 100,
  "tags": [
    "SUCCESSFUL LOGIN",
    "COMMANDS RUN",
    "RECONNAISSANCE"
  ]
}
45.156.87.93
2026-07-01 22:49:38.863353 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: sftpuser

Record ID: f75187a71428
Client Version: SSH-2.0-Go
Engagement Duration: 1.9s
HASSH Fingerprint: 0a07365cc01fa9fc82608ba4019af499
{
  "id": "f75187a71428",
  "src_ip": "45.156.87.93",
  "start_time": "2026-07-01T22:49:38.863353Z",
  "end_time": "2026-07-01T22:49:40.724292Z",
  "duration": "1.9",
  "version": "SSH-2.0-Go",
  "hassh": "0a07365cc01fa9fc82608ba4019af499",
  "attempts": [
    {
      "user": "sftpuser",
      "pass": "123"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
45.156.87.93
2026-07-01 22:49:33.745467 UTC
SUCCESSFUL LOGIN COMMANDS RUN RECONNAISSANCE SCORE: 100

Credential acceptance event recorded. Target authentication: root / abc123

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ uname -s -v -n -r -m
Record ID: b10f66f63212
Client Version: SSH-2.0-Go
Engagement Duration: 1.2s
HASSH Fingerprint: 0a07365cc01fa9fc82608ba4019af499
{
  "id": "b10f66f63212",
  "src_ip": "45.156.87.93",
  "start_time": "2026-07-01T22:49:33.745467Z",
  "end_time": "2026-07-01T22:49:34.974752Z",
  "duration": "1.2",
  "version": "SSH-2.0-Go",
  "hassh": "0a07365cc01fa9fc82608ba4019af499",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "abc123"
  },
  "commands": [
    "uname -s -v -n -r -m"
  ],
  "detailed_commands": [
    {
      "cmd": "uname -s -v -n -r -m",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 100,
  "tags": [
    "SUCCESSFUL LOGIN",
    "COMMANDS RUN",
    "RECONNAISSANCE"
  ]
}
45.156.87.93
2026-07-01 22:49:28.633412 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: teamspeak

Record ID: be7c2b1daa38
Client Version: SSH-2.0-Go
Engagement Duration: 1.8s
HASSH Fingerprint: 0a07365cc01fa9fc82608ba4019af499
{
  "id": "be7c2b1daa38",
  "src_ip": "45.156.87.93",
  "start_time": "2026-07-01T22:49:28.633412Z",
  "end_time": "2026-07-01T22:49:30.399182Z",
  "duration": "1.8",
  "version": "SSH-2.0-Go",
  "hassh": "0a07365cc01fa9fc82608ba4019af499",
  "attempts": [
    {
      "user": "teamspeak",
      "pass": "123456"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
45.156.87.93
2026-07-01 22:49:23.472040 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: home

Record ID: 9a28adec3fb6
Client Version: SSH-2.0-Go
Engagement Duration: 1.8s
HASSH Fingerprint: 0a07365cc01fa9fc82608ba4019af499
{
  "id": "9a28adec3fb6",
  "src_ip": "45.156.87.93",
  "start_time": "2026-07-01T22:49:23.472040Z",
  "end_time": "2026-07-01T22:49:25.295797Z",
  "duration": "1.8",
  "version": "SSH-2.0-Go",
  "hassh": "0a07365cc01fa9fc82608ba4019af499",
  "attempts": [
    {
      "user": "home",
      "pass": "root"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
45.156.87.93
2026-07-01 22:49:18.614406 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: elastic

Record ID: 51b47008da15
Client Version: SSH-2.0-Go
Engagement Duration: 1.8s
HASSH Fingerprint: 0a07365cc01fa9fc82608ba4019af499
{
  "id": "51b47008da15",
  "src_ip": "45.156.87.93",
  "start_time": "2026-07-01T22:49:18.614406Z",
  "end_time": "2026-07-01T22:49:20.383660Z",
  "duration": "1.8",
  "version": "SSH-2.0-Go",
  "hassh": "0a07365cc01fa9fc82608ba4019af499",
  "attempts": [
    {
      "user": "elastic",
      "pass": "123456"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
45.156.87.93
2026-07-01 22:49:13.689712 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: rocky

Record ID: 4ab08d99f15b
Client Version: SSH-2.0-Go
Engagement Duration: 1.9s
HASSH Fingerprint: 0a07365cc01fa9fc82608ba4019af499
{
  "id": "4ab08d99f15b",
  "src_ip": "45.156.87.93",
  "start_time": "2026-07-01T22:49:13.689712Z",
  "end_time": "2026-07-01T22:49:15.602126Z",
  "duration": "1.9",
  "version": "SSH-2.0-Go",
  "hassh": "0a07365cc01fa9fc82608ba4019af499",
  "attempts": [
    {
      "user": "rocky",
      "pass": "1234"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
45.156.87.93
2026-07-01 22:49:08.914632 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: admin1

Record ID: a65996d44b5e
Client Version: SSH-2.0-Go
Engagement Duration: 1.8s
HASSH Fingerprint: 0a07365cc01fa9fc82608ba4019af499
{
  "id": "a65996d44b5e",
  "src_ip": "45.156.87.93",
  "start_time": "2026-07-01T22:49:08.914632Z",
  "end_time": "2026-07-01T22:49:10.677905Z",
  "duration": "1.8",
  "version": "SSH-2.0-Go",
  "hassh": "0a07365cc01fa9fc82608ba4019af499",
  "attempts": [
    {
      "user": "admin1",
      "pass": "modzmodz"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
45.156.87.93
2026-07-01 22:49:03.922189 UTC
SUCCESSFUL LOGIN COMMANDS RUN RECONNAISSANCE SCORE: 100

Credential acceptance event recorded. Target authentication: user / user1234

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ uname -s -v -n -r -m
Record ID: dc457c76b542
Client Version: SSH-2.0-Go
Engagement Duration: 1.4s
HASSH Fingerprint: 0a07365cc01fa9fc82608ba4019af499
{
  "id": "dc457c76b542",
  "src_ip": "45.156.87.93",
  "start_time": "2026-07-01T22:49:03.922189Z",
  "end_time": "2026-07-01T22:49:05.298490Z",
  "duration": "1.4",
  "version": "SSH-2.0-Go",
  "hassh": "0a07365cc01fa9fc82608ba4019af499",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "user",
    "pass": "user1234"
  },
  "commands": [
    "uname -s -v -n -r -m"
  ],
  "detailed_commands": [
    {
      "cmd": "uname -s -v -n -r -m",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 100,
  "tags": [
    "SUCCESSFUL LOGIN",
    "COMMANDS RUN",
    "RECONNAISSANCE"
  ]
}
45.156.87.93
2026-07-01 22:48:00.699203 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: 3b120210123f
Client Version: SSH-2.0-Go
Engagement Duration: 8.0s
HASSH Fingerprint: 084386fa7ae5039bcf6f07298a05a227
{
  "id": "3b120210123f",
  "src_ip": "45.156.87.93",
  "start_time": "2026-07-01T22:48:00.699203Z",
  "end_time": "2026-07-01T22:48:08.698276Z",
  "duration": "8.0",
  "version": "SSH-2.0-Go",
  "hassh": "084386fa7ae5039bcf6f07298a05a227",
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
223.83.114.88
2026-07-01 22:42:16.828831 UTC
SCORE: 10

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: 8cb46c5f88d8
Client Version: SSH-2.0-libssh2_1.11.1
Engagement Duration: 2m 0s
{
  "id": "8cb46c5f88d8",
  "src_ip": "223.83.114.88",
  "start_time": "2026-07-01T22:42:16.828831Z",
  "end_time": "2026-07-01T22:44:16.898883Z",
  "duration": "120.1",
  "version": "SSH-2.0-libssh2_1.11.1",
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 10,
  "tags": []
}
195.178.110.137
2026-07-01 22:41:11.882766 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: b9d45b5c7281
Client Version: Unknown
Engagement Duration: 0.1s
{
  "id": "b9d45b5c7281",
  "src_ip": "195.178.110.137",
  "start_time": "2026-07-01T22:41:11.882766Z",
  "end_time": "2026-07-01T22:41:12.026795Z",
  "duration": "0.1",
  "version": null,
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
195.178.110.137
2026-07-01 22:32:33.933541 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: ac3359bdbf34
Client Version: Unknown
Engagement Duration: 0.1s
{
  "id": "ac3359bdbf34",
  "src_ip": "195.178.110.137",
  "start_time": "2026-07-01T22:32:33.933541Z",
  "end_time": "2026-07-01T22:32:34.077505Z",
  "duration": "0.1",
  "version": null,
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
152.53.42.70
2026-07-01 22:21:31.776425 UTC
SUCCESSFUL LOGIN COMMANDS RUN RECONNAISSANCE SCORE: 100

Credential acceptance event recorded. Target authentication: root / blackcat

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ uname -a
Record ID: ac03f549c134
Client Version: SSH-2.0-Go
Engagement Duration: 1.1s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "ac03f549c134",
  "src_ip": "152.53.42.70",
  "start_time": "2026-07-01T22:21:31.776425Z",
  "end_time": "2026-07-01T22:21:32.880188Z",
  "duration": "1.1",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "blackcat"
  },
  "commands": [
    "uname -a"
  ],
  "detailed_commands": [
    {
      "cmd": "uname -a",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 100,
  "tags": [
    "SUCCESSFUL LOGIN",
    "COMMANDS RUN",
    "RECONNAISSANCE"
  ]
}
176.53.159.196
2026-07-01 22:18:34.230963 UTC
SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: support / support

Record ID: 6c216bf9ec1a
Client Version: SSH-2.0-Go
Engagement Duration: 1.2s
HASSH Fingerprint: eff4c24daffc8532c160e86e5f006e53
{
  "id": "6c216bf9ec1a",
  "src_ip": "176.53.159.196",
  "start_time": "2026-07-01T22:18:34.230963Z",
  "end_time": "2026-07-01T22:18:35.393965Z",
  "duration": "1.2",
  "version": "SSH-2.0-Go",
  "hassh": "eff4c24daffc8532c160e86e5f006e53",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "support",
    "pass": "support"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}
92.118.39.77
2026-07-01 22:11:32.364578 UTC
SUCCESSFUL LOGIN COMMANDS RUN RECONNAISSANCE SCORE: 200

Credential acceptance event recorded. Target authentication: root / 54321

Remote entity achieved interactive shell state. Command sequence (9 executed):

[obs-node]:~$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output"
[obs-node]:~$ uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /bin/uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /usr/bin/uname -s -v -n -m 2 > /dev/null
Command not found: /usr/bin/uname -s -v -n -m
[obs-node]:~$ busybox uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ ( [ -f /proc/version ]
[obs-node]:~$ [ -f /proc/version ]
[obs-node]:~$ head -1 /proc/version | cut -d -f1
[obs-node]:~$ [ -f /etc/os-release ]
Record ID: d00bef05ba6e
Client Version: SSH-2.0-Go
Engagement Duration: 1.3s
HASSH Fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5
{
  "id": "d00bef05ba6e",
  "src_ip": "92.118.39.77",
  "start_time": "2026-07-01T22:11:32.364578Z",
  "end_time": "2026-07-01T22:11:33.624773Z",
  "duration": "1.3",
  "version": "SSH-2.0-Go",
  "hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "54321"
  },
  "commands": [
    "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
    "uname -s -v -n -m 2 > /dev/null",
    "/bin/uname -s -v -n -m 2 > /dev/null",
    "/usr/bin/uname -s -v -n -m 2 > /dev/null",
    "busybox uname -s -v -n -m 2 > /dev/null",
    "( [ -f /proc/version ]",
    "[ -f /proc/version ]",
    "head -1 /proc/version | cut -d -f1",
    "[ -f /etc/os-release ]"
  ],
  "detailed_commands": [
    {
      "cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": true,
      "error": "Command not found: /usr/bin/uname -s -v -n -m"
    },
    {
      "cmd": "busybox uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "( [ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "head -1 /proc/version | cut -d -f1",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /etc/os-release ]",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "/usr/bin/uname -s -v -n -m"
  ],
  "score": 200,
  "tags": [
    "SUCCESSFUL LOGIN",
    "COMMANDS RUN",
    "RECONNAISSANCE"
  ]
}
45.148.10.157
2026-07-01 22:06:56.160385 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: fcfa867d9448
Client Version: SSH-2.0-PUTTY
Engagement Duration: 0.7s
HASSH Fingerprint: 5bd26477da5440a6187bd3f1b39a429c
{
  "id": "fcfa867d9448",
  "src_ip": "45.148.10.157",
  "start_time": "2026-07-01T22:06:56.160385Z",
  "end_time": "2026-07-01T22:06:56.911090Z",
  "duration": "0.7",
  "version": "SSH-2.0-PUTTY",
  "hassh": "5bd26477da5440a6187bd3f1b39a429c",
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
61.43.121.132
2026-07-01 22:05:28.422160 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: international

Record ID: 5b16b0e456a3
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 1.9s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "5b16b0e456a3",
  "src_ip": "61.43.121.132",
  "start_time": "2026-07-01T22:05:28.422160Z",
  "end_time": "2026-07-01T22:05:30.355965Z",
  "duration": "1.9",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "international",
      "pass": "123456"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
92.118.39.77
2026-07-01 22:05:09.863352 UTC
SUCCESSFUL LOGIN COMMANDS RUN RECONNAISSANCE SCORE: 200

Credential acceptance event recorded. Target authentication: root / 4321

Remote entity achieved interactive shell state. Command sequence (9 executed):

[obs-node]:~$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output"
[obs-node]:~$ uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /bin/uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /usr/bin/uname -s -v -n -m 2 > /dev/null
Command not found: /usr/bin/uname -s -v -n -m
[obs-node]:~$ busybox uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ ( [ -f /proc/version ]
[obs-node]:~$ [ -f /proc/version ]
[obs-node]:~$ head -1 /proc/version | cut -d -f1
[obs-node]:~$ [ -f /etc/os-release ]
Record ID: 08a426714feb
Client Version: SSH-2.0-Go
Engagement Duration: 1.3s
HASSH Fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5
{
  "id": "08a426714feb",
  "src_ip": "92.118.39.77",
  "start_time": "2026-07-01T22:05:09.863352Z",
  "end_time": "2026-07-01T22:05:11.138531Z",
  "duration": "1.3",
  "version": "SSH-2.0-Go",
  "hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "4321"
  },
  "commands": [
    "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
    "uname -s -v -n -m 2 > /dev/null",
    "/bin/uname -s -v -n -m 2 > /dev/null",
    "/usr/bin/uname -s -v -n -m 2 > /dev/null",
    "busybox uname -s -v -n -m 2 > /dev/null",
    "( [ -f /proc/version ]",
    "[ -f /proc/version ]",
    "head -1 /proc/version | cut -d -f1",
    "[ -f /etc/os-release ]"
  ],
  "detailed_commands": [
    {
      "cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": true,
      "error": "Command not found: /usr/bin/uname -s -v -n -m"
    },
    {
      "cmd": "busybox uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "( [ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "head -1 /proc/version | cut -d -f1",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /etc/os-release ]",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "/usr/bin/uname -s -v -n -m"
  ],
  "score": 200,
  "tags": [
    "SUCCESSFUL LOGIN",
    "COMMANDS RUN",
    "RECONNAISSANCE"
  ]
}
34.222.65.186
2026-07-01 22:04:10.389191 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: 8409dfc342a9
Client Version: SSH-2.0-paramiko_3.4.1
Engagement Duration: 0.1s
HASSH Fingerprint: 87e3d9ffee0540b0390f8a5b9c343c08
{
  "id": "8409dfc342a9",
  "src_ip": "34.222.65.186",
  "start_time": "2026-07-01T22:04:10.389191Z",
  "end_time": "2026-07-01T22:04:10.473293Z",
  "duration": "0.1",
  "version": "SSH-2.0-paramiko_3.4.1",
  "hassh": "87e3d9ffee0540b0390f8a5b9c343c08",
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
34.222.65.186
2026-07-01 22:04:09.463091 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: 0c4e72d982c9
Client Version: SSH-2.0-paramiko_3.4.1
Engagement Duration: 0.9s
HASSH Fingerprint: 87e3d9ffee0540b0390f8a5b9c343c08
{
  "id": "0c4e72d982c9",
  "src_ip": "34.222.65.186",
  "start_time": "2026-07-01T22:04:09.463091Z",
  "end_time": "2026-07-01T22:04:10.348940Z",
  "duration": "0.9",
  "version": "SSH-2.0-paramiko_3.4.1",
  "hassh": "87e3d9ffee0540b0390f8a5b9c343c08",
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
34.222.65.186
2026-07-01 22:04:09.005388 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: 7ce774a87417
Client Version: SSH-2.0-paramiko_3.4.1
Engagement Duration: 0.2s
HASSH Fingerprint: 87e3d9ffee0540b0390f8a5b9c343c08
{
  "id": "7ce774a87417",
  "src_ip": "34.222.65.186",
  "start_time": "2026-07-01T22:04:09.005388Z",
  "end_time": "2026-07-01T22:04:09.229812Z",
  "duration": "0.2",
  "version": "SSH-2.0-paramiko_3.4.1",
  "hassh": "87e3d9ffee0540b0390f8a5b9c343c08",
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
34.222.65.186
2026-07-01 22:04:08.051904 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: 87476b88e15e
Client Version: SSH-2.0-paramiko_3.4.1
Engagement Duration: 0.6s
HASSH Fingerprint: 87e3d9ffee0540b0390f8a5b9c343c08
{
  "id": "87476b88e15e",
  "src_ip": "34.222.65.186",
  "start_time": "2026-07-01T22:04:08.051904Z",
  "end_time": "2026-07-01T22:04:08.690248Z",
  "duration": "0.6",
  "version": "SSH-2.0-paramiko_3.4.1",
  "hassh": "87e3d9ffee0540b0390f8a5b9c343c08",
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
34.222.65.186
2026-07-01 22:04:07.911079 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: 1ed333ab6ea1
Client Version: SSH-2.0-paramiko_3.4.1
Engagement Duration: 0.1s
HASSH Fingerprint: 87e3d9ffee0540b0390f8a5b9c343c08
{
  "id": "1ed333ab6ea1",
  "src_ip": "34.222.65.186",
  "start_time": "2026-07-01T22:04:07.911079Z",
  "end_time": "2026-07-01T22:04:07.994477Z",
  "duration": "0.1",
  "version": "SSH-2.0-paramiko_3.4.1",
  "hassh": "87e3d9ffee0540b0390f8a5b9c343c08",
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
34.222.65.186
2026-07-01 22:04:07.048727 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: 490420a58caa
Client Version: SSH-2.0-paramiko_3.4.1
Engagement Duration: 0.7s
HASSH Fingerprint: 87e3d9ffee0540b0390f8a5b9c343c08
{
  "id": "490420a58caa",
  "src_ip": "34.222.65.186",
  "start_time": "2026-07-01T22:04:07.048727Z",
  "end_time": "2026-07-01T22:04:07.744973Z",
  "duration": "0.7",
  "version": "SSH-2.0-paramiko_3.4.1",
  "hassh": "87e3d9ffee0540b0390f8a5b9c343c08",
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
34.222.65.186
2026-07-01 22:04:06.516154 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: b0b839d97388
Client Version: SSH-2.0-paramiko_3.4.1
Engagement Duration: 0.5s
HASSH Fingerprint: 87e3d9ffee0540b0390f8a5b9c343c08
{
  "id": "b0b839d97388",
  "src_ip": "34.222.65.186",
  "start_time": "2026-07-01T22:04:06.516154Z",
  "end_time": "2026-07-01T22:04:07.008384Z",
  "duration": "0.5",
  "version": "SSH-2.0-paramiko_3.4.1",
  "hassh": "87e3d9ffee0540b0390f8a5b9c343c08",
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
34.222.65.186
2026-07-01 22:04:06.045866 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: 97b13ea18ddf
Client Version: SSH-2.0-paramiko_3.4.1
Engagement Duration: 0.4s
HASSH Fingerprint: 87e3d9ffee0540b0390f8a5b9c343c08
{
  "id": "97b13ea18ddf",
  "src_ip": "34.222.65.186",
  "start_time": "2026-07-01T22:04:06.045866Z",
  "end_time": "2026-07-01T22:04:06.475610Z",
  "duration": "0.4",
  "version": "SSH-2.0-paramiko_3.4.1",
  "hassh": "87e3d9ffee0540b0390f8a5b9c343c08",
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
61.43.121.132
2026-07-01 22:03:00.789292 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: honda

Record ID: 309d3072b176
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 1.9s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "309d3072b176",
  "src_ip": "61.43.121.132",
  "start_time": "2026-07-01T22:03:00.789292Z",
  "end_time": "2026-07-01T22:03:02.720498Z",
  "duration": "1.9",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "honda",
      "pass": "honda"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
61.43.121.132
2026-07-01 22:00:40.922496 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: oec

Record ID: bab1c4c1a72e
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 2.0s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "bab1c4c1a72e",
  "src_ip": "61.43.121.132",
  "start_time": "2026-07-01T22:00:40.922496Z",
  "end_time": "2026-07-01T22:00:42.885011Z",
  "duration": "2.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "oec",
      "pass": "123456"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
92.118.39.77
2026-07-01 22:00:00.790271 UTC
SUCCESSFUL LOGIN COMMANDS RUN RECONNAISSANCE SCORE: 200

Credential acceptance event recorded. Target authentication: root / 321

Remote entity achieved interactive shell state. Command sequence (9 executed):

[obs-node]:~$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output"
[obs-node]:~$ uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /bin/uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /usr/bin/uname -s -v -n -m 2 > /dev/null
Command not found: /usr/bin/uname -s -v -n -m
[obs-node]:~$ busybox uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ ( [ -f /proc/version ]
[obs-node]:~$ [ -f /proc/version ]
[obs-node]:~$ head -1 /proc/version | cut -d -f1
[obs-node]:~$ [ -f /etc/os-release ]
Record ID: e827b70ccf46
Client Version: SSH-2.0-Go
Engagement Duration: 1.2s
HASSH Fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5
{
  "id": "e827b70ccf46",
  "src_ip": "92.118.39.77",
  "start_time": "2026-07-01T22:00:00.790271Z",
  "end_time": "2026-07-01T22:00:01.993568Z",
  "duration": "1.2",
  "version": "SSH-2.0-Go",
  "hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "321"
  },
  "commands": [
    "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
    "uname -s -v -n -m 2 > /dev/null",
    "/bin/uname -s -v -n -m 2 > /dev/null",
    "/usr/bin/uname -s -v -n -m 2 > /dev/null",
    "busybox uname -s -v -n -m 2 > /dev/null",
    "( [ -f /proc/version ]",
    "[ -f /proc/version ]",
    "head -1 /proc/version | cut -d -f1",
    "[ -f /etc/os-release ]"
  ],
  "detailed_commands": [
    {
      "cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": true,
      "error": "Command not found: /usr/bin/uname -s -v -n -m"
    },
    {
      "cmd": "busybox uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "( [ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "head -1 /proc/version | cut -d -f1",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /etc/os-release ]",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "/usr/bin/uname -s -v -n -m"
  ],
  "score": 200,
  "tags": [
    "SUCCESSFUL LOGIN",
    "COMMANDS RUN",
    "RECONNAISSANCE"
  ]
}
192.168.0.1
2026-07-01 21:56:55.865382 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: 0901c5b21034
Client Version: Unknown
Engagement Duration: 0.0s
{
  "id": "0901c5b21034",
  "src_ip": "192.168.0.1",
  "start_time": "2026-07-01T21:56:55.865382Z",
  "end_time": "2026-07-01T21:56:55.875799Z",
  "duration": "0.0",
  "version": null,
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
92.118.39.77
2026-07-01 21:56:41.159569 UTC
SUCCESSFUL LOGIN COMMANDS RUN RECONNAISSANCE SCORE: 200

Credential acceptance event recorded. Target authentication: root / 21

Remote entity achieved interactive shell state. Command sequence (9 executed):

[obs-node]:~$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output"
[obs-node]:~$ uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /bin/uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /usr/bin/uname -s -v -n -m 2 > /dev/null
Command not found: /usr/bin/uname -s -v -n -m
[obs-node]:~$ busybox uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ ( [ -f /proc/version ]
[obs-node]:~$ [ -f /proc/version ]
[obs-node]:~$ head -1 /proc/version | cut -d -f1
[obs-node]:~$ [ -f /etc/os-release ]
Record ID: f7007e774dfe
Client Version: SSH-2.0-Go
Engagement Duration: 1.4s
HASSH Fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5
{
  "id": "f7007e774dfe",
  "src_ip": "92.118.39.77",
  "start_time": "2026-07-01T21:56:41.159569Z",
  "end_time": "2026-07-01T21:56:42.588654Z",
  "duration": "1.4",
  "version": "SSH-2.0-Go",
  "hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "21"
  },
  "commands": [
    "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
    "uname -s -v -n -m 2 > /dev/null",
    "/bin/uname -s -v -n -m 2 > /dev/null",
    "/usr/bin/uname -s -v -n -m 2 > /dev/null",
    "busybox uname -s -v -n -m 2 > /dev/null",
    "( [ -f /proc/version ]",
    "[ -f /proc/version ]",
    "head -1 /proc/version | cut -d -f1",
    "[ -f /etc/os-release ]"
  ],
  "detailed_commands": [
    {
      "cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": true,
      "error": "Command not found: /usr/bin/uname -s -v -n -m"
    },
    {
      "cmd": "busybox uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "( [ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "head -1 /proc/version | cut -d -f1",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /etc/os-release ]",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "/usr/bin/uname -s -v -n -m"
  ],
  "score": 200,
  "tags": [
    "SUCCESSFUL LOGIN",
    "COMMANDS RUN",
    "RECONNAISSANCE"
  ]
}
61.43.121.132
2026-07-01 21:55:45.042181 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: mails

Record ID: 804a77a41b08
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 2.0s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "804a77a41b08",
  "src_ip": "61.43.121.132",
  "start_time": "2026-07-01T21:55:45.042181Z",
  "end_time": "2026-07-01T21:55:47.052541Z",
  "duration": "2.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "mails",
      "pass": "mails123"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
92.118.39.77
2026-07-01 21:54:09.027035 UTC
SUCCESSFUL LOGIN COMMANDS RUN RECONNAISSANCE SCORE: 200

Credential acceptance event recorded. Target authentication: root / 123qwerty

Remote entity achieved interactive shell state. Command sequence (9 executed):

[obs-node]:~$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output"
[obs-node]:~$ uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /bin/uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /usr/bin/uname -s -v -n -m 2 > /dev/null
Command not found: /usr/bin/uname -s -v -n -m
[obs-node]:~$ busybox uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ ( [ -f /proc/version ]
[obs-node]:~$ [ -f /proc/version ]
[obs-node]:~$ head -1 /proc/version | cut -d -f1
[obs-node]:~$ [ -f /etc/os-release ]
Record ID: 9147379ed032
Client Version: SSH-2.0-Go
Engagement Duration: 1.8s
HASSH Fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5
{
  "id": "9147379ed032",
  "src_ip": "92.118.39.77",
  "start_time": "2026-07-01T21:54:09.027035Z",
  "end_time": "2026-07-01T21:54:10.786416Z",
  "duration": "1.8",
  "version": "SSH-2.0-Go",
  "hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "123qwerty"
  },
  "commands": [
    "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
    "uname -s -v -n -m 2 > /dev/null",
    "/bin/uname -s -v -n -m 2 > /dev/null",
    "/usr/bin/uname -s -v -n -m 2 > /dev/null",
    "busybox uname -s -v -n -m 2 > /dev/null",
    "( [ -f /proc/version ]",
    "[ -f /proc/version ]",
    "head -1 /proc/version | cut -d -f1",
    "[ -f /etc/os-release ]"
  ],
  "detailed_commands": [
    {
      "cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": true,
      "error": "Command not found: /usr/bin/uname -s -v -n -m"
    },
    {
      "cmd": "busybox uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "( [ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "head -1 /proc/version | cut -d -f1",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /etc/os-release ]",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "/usr/bin/uname -s -v -n -m"
  ],
  "score": 200,
  "tags": [
    "SUCCESSFUL LOGIN",
    "COMMANDS RUN",
    "RECONNAISSANCE"
  ]
}
185.242.3.195
2026-07-01 21:53:41.586855 UTC
SUCCESSFUL LOGIN COMMANDS RUN SCORE: 80

Credential acceptance event recorded. Target authentication: root / 123456aA@

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ echo OK
Record ID: 6021ee61e3fb
Client Version: SSH-2.0-Go
Engagement Duration: 1.2s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "6021ee61e3fb",
  "src_ip": "185.242.3.195",
  "start_time": "2026-07-01T21:53:41.586855Z",
  "end_time": "2026-07-01T21:53:42.764631Z",
  "duration": "1.2",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "123456aA@"
  },
  "commands": [
    "echo OK"
  ],
  "detailed_commands": [
    {
      "cmd": "echo OK",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 80,
  "tags": [
    "SUCCESSFUL LOGIN",
    "COMMANDS RUN"
  ]
}
61.43.121.132
2026-07-01 21:53:20.804372 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: ayuda

Record ID: 14f1f146a40c
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 1.9s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "14f1f146a40c",
  "src_ip": "61.43.121.132",
  "start_time": "2026-07-01T21:53:20.804372Z",
  "end_time": "2026-07-01T21:53:22.752413Z",
  "duration": "1.9",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "ayuda",
      "pass": "ayuda123"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
91.92.40.176
2026-07-01 21:53:07.732567 UTC
SUCCESSFUL LOGIN COMMANDS RUN RECONNAISSANCE SCORE: 200

Credential acceptance event recorded. Target authentication: root / 12345

Remote entity achieved interactive shell state. Command sequence (9 executed):

[obs-node]:~$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output"
[obs-node]:~$ uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /bin/uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /usr/bin/uname -s -v -n -m 2 > /dev/null
Command not found: /usr/bin/uname -s -v -n -m
[obs-node]:~$ busybox uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ ( [ -f /proc/version ]
[obs-node]:~$ [ -f /proc/version ]
[obs-node]:~$ head -1 /proc/version | cut -d -f1
[obs-node]:~$ [ -f /etc/os-release ]
Record ID: 71f149fd5d80
Client Version: SSH-2.0-Go
Engagement Duration: 1.3s
HASSH Fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5
{
  "id": "71f149fd5d80",
  "src_ip": "91.92.40.176",
  "start_time": "2026-07-01T21:53:07.732567Z",
  "end_time": "2026-07-01T21:53:09.027589Z",
  "duration": "1.3",
  "version": "SSH-2.0-Go",
  "hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "12345"
  },
  "commands": [
    "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
    "uname -s -v -n -m 2 > /dev/null",
    "/bin/uname -s -v -n -m 2 > /dev/null",
    "/usr/bin/uname -s -v -n -m 2 > /dev/null",
    "busybox uname -s -v -n -m 2 > /dev/null",
    "( [ -f /proc/version ]",
    "[ -f /proc/version ]",
    "head -1 /proc/version | cut -d -f1",
    "[ -f /etc/os-release ]"
  ],
  "detailed_commands": [
    {
      "cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": true,
      "error": "Command not found: /usr/bin/uname -s -v -n -m"
    },
    {
      "cmd": "busybox uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "( [ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "head -1 /proc/version | cut -d -f1",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /etc/os-release ]",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "/usr/bin/uname -s -v -n -m"
  ],
  "score": 200,
  "tags": [
    "SUCCESSFUL LOGIN",
    "COMMANDS RUN",
    "RECONNAISSANCE"
  ]
}