SCORE: 0
Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "420cc11b3042",
"src_ip": "161.132.4.167",
"start_time": "2026-05-09T17:04:00.509302Z",
"end_time": "2026-05-09T17:04:00.512719Z",
"duration": "0.0",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}
RECONNAISSANCE
SUCCESSFUL LOGIN
COMMANDS RUN
SCORE: 160
Credential acceptance event recorded. Target authentication: root / 12345
Remote entity achieved interactive shell state. Command sequence (4 executed):
[obs-node]:~$
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"
[obs-node]:~$
uname -s -v -n -m 2 > /dev/null
[obs-node]:~$
uname -m 2 > /dev/null
[obs-node]:~$
cat /proc/uptime 2 > /dev/null | cut -d. -f1
{
"id": "e9c09fa19448",
"src_ip": "161.132.4.167",
"start_time": "2026-05-09T17:03:28.387352Z",
"end_time": "2026-05-09T17:03:29.517476Z",
"duration": "1.1",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "12345"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"",
"uname -s -v -n -m 2 > /dev/null",
"uname -m 2 > /dev/null",
"cat /proc/uptime 2 > /dev/null | cut -d. -f1"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "uname -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "cat /proc/uptime 2 > /dev/null | cut -d. -f1",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 160,
"tags": [
"RECONNAISSANCE",
"SUCCESSFUL LOGIN",
"COMMANDS RUN"
]
}
FAILED LOGIN
SCORE: 0
Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: solana
{
"id": "bcc95cab9638",
"src_ip": "193.32.162.145",
"start_time": "2026-05-09T17:03:15.674594Z",
"end_time": "2026-05-09T17:03:17.557159Z",
"duration": "1.9",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [
{
"user": "solana",
"pass": "Solana"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}
RECONNAISSANCE
SUCCESSFUL LOGIN
COMMANDS RUN
SCORE: 160
Credential acceptance event recorded. Target authentication: root / 1234
Remote entity achieved interactive shell state. Command sequence (4 executed):
[obs-node]:~$
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"
[obs-node]:~$
uname -s -v -n -m 2 > /dev/null
[obs-node]:~$
uname -m 2 > /dev/null
[obs-node]:~$
cat /proc/uptime 2 > /dev/null | cut -d. -f1
{
"id": "ee1985e9f5c7",
"src_ip": "161.132.4.167",
"start_time": "2026-05-09T17:02:49.957720Z",
"end_time": "2026-05-09T17:02:54.269081Z",
"duration": "4.3",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "1234"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"",
"uname -s -v -n -m 2 > /dev/null",
"uname -m 2 > /dev/null",
"cat /proc/uptime 2 > /dev/null | cut -d. -f1"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "uname -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "cat /proc/uptime 2 > /dev/null | cut -d. -f1",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 160,
"tags": [
"RECONNAISSANCE",
"SUCCESSFUL LOGIN",
"COMMANDS RUN"
]
}
RECONNAISSANCE
SUCCESSFUL LOGIN
COMMANDS RUN
SCORE: 160
Credential acceptance event recorded. Target authentication: root / 123456789
Remote entity achieved interactive shell state. Command sequence (4 executed):
[obs-node]:~$
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"
[obs-node]:~$
uname -s -v -n -m 2 > /dev/null
[obs-node]:~$
uname -m 2 > /dev/null
[obs-node]:~$
cat /proc/uptime 2 > /dev/null | cut -d. -f1
{
"id": "562173466b97",
"src_ip": "161.132.4.167",
"start_time": "2026-05-09T17:02:14.748345Z",
"end_time": "2026-05-09T17:02:15.890508Z",
"duration": "1.1",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "123456789"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"",
"uname -s -v -n -m 2 > /dev/null",
"uname -m 2 > /dev/null",
"cat /proc/uptime 2 > /dev/null | cut -d. -f1"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "uname -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "cat /proc/uptime 2 > /dev/null | cut -d. -f1",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 160,
"tags": [
"RECONNAISSANCE",
"SUCCESSFUL LOGIN",
"COMMANDS RUN"
]
}
SCORE: 0
Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "eeec6b753834",
"src_ip": "161.132.4.167",
"start_time": "2026-05-09T17:02:14.634758Z",
"end_time": "2026-05-09T17:02:14.638262Z",
"duration": "0.0",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}
FAILED LOGIN
SCORE: 0
Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: support
{
"id": "b202d1fa3d14",
"src_ip": "87.251.64.176",
"start_time": "2026-05-09T17:02:14.522236Z",
"end_time": "2026-05-09T17:02:16.395568Z",
"duration": "1.9",
"version": "SSH-2.0-Go",
"hassh": "eff4c24daffc8532c160e86e5f006e53",
"attempts": [
{
"user": "support",
"pass": "support"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}
FAILED LOGIN
SCORE: 0
Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: root
{
"id": "4d96e25803f4",
"src_ip": "161.132.4.167",
"start_time": "2026-05-09T17:01:08.772852Z",
"end_time": "2026-05-09T17:01:10.414352Z",
"duration": "1.6",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [
{
"user": "root",
"pass": "123456"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}
FAILED LOGIN
SCORE: 0
Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: solana
{
"id": "9686a577df5a",
"src_ip": "193.32.162.145",
"start_time": "2026-05-09T17:01:06.575327Z",
"end_time": "2026-05-09T17:01:08.422175Z",
"duration": "1.8",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [
{
"user": "solana",
"pass": "1234"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}
RECONNAISSANCE
SUCCESSFUL LOGIN
COMMANDS RUN
SCORE: 160
Credential acceptance event recorded. Target authentication: root / password
Remote entity achieved interactive shell state. Command sequence (4 executed):
[obs-node]:~$
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"
[obs-node]:~$
uname -s -v -n -m 2 > /dev/null
[obs-node]:~$
uname -m 2 > /dev/null
[obs-node]:~$
cat /proc/uptime 2 > /dev/null | cut -d. -f1
{
"id": "d9d31bd5ad73",
"src_ip": "161.132.4.167",
"start_time": "2026-05-09T17:00:07.701228Z",
"end_time": "2026-05-09T17:00:13.179672Z",
"duration": "5.5",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "password"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"",
"uname -s -v -n -m 2 > /dev/null",
"uname -m 2 > /dev/null",
"cat /proc/uptime 2 > /dev/null | cut -d. -f1"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "uname -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "cat /proc/uptime 2 > /dev/null | cut -d. -f1",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 160,
"tags": [
"RECONNAISSANCE",
"SUCCESSFUL LOGIN",
"COMMANDS RUN"
]
}
FAILED LOGIN
SCORE: 0
Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: node
{
"id": "101b8b65d09a",
"src_ip": "193.32.162.145",
"start_time": "2026-05-09T16:58:56.815369Z",
"end_time": "2026-05-09T16:58:58.723722Z",
"duration": "1.9",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [
{
"user": "node",
"pass": "node"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}
RECONNAISSANCE
SUCCESSFUL LOGIN
COMMANDS RUN
SCORE: 160
Credential acceptance event recorded. Target authentication: root / admin
Remote entity achieved interactive shell state. Command sequence (4 executed):
[obs-node]:~$
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"
[obs-node]:~$
uname -s -v -n -m 2 > /dev/null
[obs-node]:~$
uname -m 2 > /dev/null
[obs-node]:~$
cat /proc/uptime 2 > /dev/null | cut -d. -f1
{
"id": "93213fd69b27",
"src_ip": "161.132.4.167",
"start_time": "2026-05-09T16:58:31.511433Z",
"end_time": "2026-05-09T16:58:32.500919Z",
"duration": "1.0",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "admin"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"",
"uname -s -v -n -m 2 > /dev/null",
"uname -m 2 > /dev/null",
"cat /proc/uptime 2 > /dev/null | cut -d. -f1"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "uname -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "cat /proc/uptime 2 > /dev/null | cut -d. -f1",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 160,
"tags": [
"RECONNAISSANCE",
"SUCCESSFUL LOGIN",
"COMMANDS RUN"
]
}
FAILED LOGIN
SCORE: 0
Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: root
{
"id": "a27970915177",
"src_ip": "161.132.4.167",
"start_time": "2026-05-09T16:57:14.597858Z",
"end_time": "2026-05-09T16:57:17.891749Z",
"duration": "3.3",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [
{
"user": "root",
"pass": "root"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}
FAILED LOGIN
SCORE: 0
Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: validator
{
"id": "451f3581f7ef",
"src_ip": "193.32.162.145",
"start_time": "2026-05-09T16:56:51.638035Z",
"end_time": "2026-05-09T16:56:53.714225Z",
"duration": "2.1",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [
{
"user": "validator",
"pass": "validator"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}
FAILED LOGIN
SCORE: 0
Unauthorized authentication attempt escalated. Dictionary traversal detected (5 distinct queries). Vector identities: admin
{
"id": "67ccf78a8abd",
"src_ip": "2.57.121.112",
"start_time": "2026-05-09T16:54:37.469113Z",
"end_time": "2026-05-09T16:54:44.237155Z",
"duration": "6.8",
"version": "SSH-2.0-libssh2_1.9.0",
"hassh": "57446c12547a668110aa237e5965e374",
"attempts": [
{
"user": "admin",
"pass": "ravi"
},
{
"user": "admin",
"pass": "Rattolo58"
},
{
"user": "admin",
"pass": "randi"
},
{
"user": "admin",
"pass": "radost"
},
{
"user": "admin",
"pass": "qzwxecrv"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}
FAILED LOGIN
SCORE: 0
Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: ubuntu
{
"id": "7dd61054dac2",
"src_ip": "193.32.162.145",
"start_time": "2026-05-09T16:54:33.737077Z",
"end_time": "2026-05-09T16:54:35.611950Z",
"duration": "1.9",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [
{
"user": "ubuntu",
"pass": "ubuntu"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}
FAILED LOGIN
SCORE: 0
Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: solana
{
"id": "c25cc8d25860",
"src_ip": "193.32.162.145",
"start_time": "2026-05-09T16:52:15.904654Z",
"end_time": "2026-05-09T16:52:18.120313Z",
"duration": "2.2",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [
{
"user": "solana",
"pass": "solana"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}
FAILED LOGIN
SCORE: 0
Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: sol
{
"id": "0058c2b4cf87",
"src_ip": "193.32.162.145",
"start_time": "2026-05-09T16:50:03.604868Z",
"end_time": "2026-05-09T16:50:05.706999Z",
"duration": "2.1",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [
{
"user": "sol",
"pass": "sol"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}
SCORE: 0
Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "0cc5efc59700",
"src_ip": "54.152.61.40",
"start_time": "2026-05-09T16:49:56.324957Z",
"end_time": "2026-05-09T16:49:56.514436Z",
"duration": "0.2",
"version": "SSH-2.0-Go",
"hassh": "9052c4ab4164c78256e71143dcfc7eac",
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}
FAILED LOGIN
SCORE: 0
Unauthorized authentication attempt escalated. Dictionary traversal detected (2 distinct queries). Vector identities: admin
{
"id": "66738fb51793",
"src_ip": "139.19.117.197",
"start_time": "2026-05-09T16:48:35.834934Z",
"end_time": "2026-05-09T16:48:45.834152Z",
"duration": "10.0",
"version": "SSH-2.0-Go",
"hassh": "f1e5e9d24e5e345e8745613bde22d532",
"attempts": [
{
"user": "admin",
"pass": null
},
{
"user": "admin",
"pass": null
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}
SCORE: 0
Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "03e32982b556",
"src_ip": "193.32.162.145",
"start_time": "2026-05-09T16:46:12.892995Z",
"end_time": "2026-05-09T16:46:13.062183Z",
"duration": "0.2",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}
SCORE: 0
Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "3353ba263079",
"src_ip": "147.185.132.30",
"start_time": "2026-05-09T16:33:44.954415Z",
"end_time": "2026-05-09T16:33:48.041100Z",
"duration": "3.1",
"version": "SSH-2.0-ZGrab ZGrab SSH Survey",
"hassh": "dd9bcf093c355da7000132131cb36fd0",
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}
FAILED LOGIN
SCORE: 0
Unauthorized authentication attempt escalated. Dictionary traversal detected (5 distinct queries). Vector identities: federico
{
"id": "ee0ed8bf1b12",
"src_ip": "213.209.159.56",
"start_time": "2026-05-09T16:32:25.675554Z",
"end_time": "2026-05-09T16:32:32.333891Z",
"duration": "6.7",
"version": "SSH-2.0-libssh2_1.9.0",
"hassh": "57446c12547a668110aa237e5965e374",
"attempts": [
{
"user": "federico",
"pass": "federico"
},
{
"user": "federico",
"pass": "federico1"
},
{
"user": "federico",
"pass": "federico123"
},
{
"user": "federico",
"pass": "federico1234"
},
{
"user": "federico",
"pass": "federico12345"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}
RECONNAISSANCE
SUCCESSFUL LOGIN
COMMANDS RUN
SCORE: 160
Credential acceptance event recorded. Target authentication: root / password
Remote entity achieved interactive shell state. Command sequence (4 executed):
[obs-node]:~$
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"
[obs-node]:~$
uname -s -v -n -m 2 > /dev/null
[obs-node]:~$
uname -m 2 > /dev/null
[obs-node]:~$
cat /proc/uptime 2 > /dev/null | cut -d. -f1
{
"id": "8c735b35571d",
"src_ip": "161.132.4.167",
"start_time": "2026-05-09T16:31:50.775237Z",
"end_time": "2026-05-09T16:31:53.036168Z",
"duration": "2.3",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "password"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"",
"uname -s -v -n -m 2 > /dev/null",
"uname -m 2 > /dev/null",
"cat /proc/uptime 2 > /dev/null | cut -d. -f1"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "uname -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "cat /proc/uptime 2 > /dev/null | cut -d. -f1",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 160,
"tags": [
"RECONNAISSANCE",
"SUCCESSFUL LOGIN",
"COMMANDS RUN"
]
}
RECONNAISSANCE
SUCCESSFUL LOGIN
COMMANDS RUN
SCORE: 160
Credential acceptance event recorded. Target authentication: root / admin
Remote entity achieved interactive shell state. Command sequence (4 executed):
[obs-node]:~$
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"
[obs-node]:~$
uname -s -v -n -m 2 > /dev/null
[obs-node]:~$
uname -m 2 > /dev/null
[obs-node]:~$
cat /proc/uptime 2 > /dev/null | cut -d. -f1
{
"id": "daf67d640a88",
"src_ip": "161.132.4.167",
"start_time": "2026-05-09T16:30:21.648601Z",
"end_time": "2026-05-09T16:30:22.639034Z",
"duration": "1.0",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "admin"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"",
"uname -s -v -n -m 2 > /dev/null",
"uname -m 2 > /dev/null",
"cat /proc/uptime 2 > /dev/null | cut -d. -f1"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "uname -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "cat /proc/uptime 2 > /dev/null | cut -d. -f1",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 160,
"tags": [
"RECONNAISSANCE",
"SUCCESSFUL LOGIN",
"COMMANDS RUN"
]
}
FAILED LOGIN
SCORE: 0
Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: root
{
"id": "97458f1dbaf5",
"src_ip": "161.132.4.167",
"start_time": "2026-05-09T16:29:03.395557Z",
"end_time": "2026-05-09T16:29:07.242487Z",
"duration": "3.8",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [
{
"user": "root",
"pass": "root"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}
SCORE: 0
Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "a890fbffa567",
"src_ip": "192.168.0.1",
"start_time": "2026-05-09T16:18:29.338308Z",
"end_time": "2026-05-09T16:18:29.352726Z",
"duration": "0.0",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}
RECONNAISSANCE
SUCCESSFUL LOGIN
COMMANDS RUN
SCORE: 160
Credential acceptance event recorded. Target authentication: root / 123456789
Remote entity achieved interactive shell state. Command sequence (4 executed):
[obs-node]:~$
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"
[obs-node]:~$
uname -s -v -n -m 2 > /dev/null
[obs-node]:~$
uname -m 2 > /dev/null
[obs-node]:~$
cat /proc/uptime 2 > /dev/null | cut -d. -f1
{
"id": "6c60644a3172",
"src_ip": "161.132.4.167",
"start_time": "2026-05-09T16:05:27.742635Z",
"end_time": "2026-05-09T16:05:30.539647Z",
"duration": "2.8",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "123456789"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"",
"uname -s -v -n -m 2 > /dev/null",
"uname -m 2 > /dev/null",
"cat /proc/uptime 2 > /dev/null | cut -d. -f1"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "uname -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "cat /proc/uptime 2 > /dev/null | cut -d. -f1",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 160,
"tags": [
"RECONNAISSANCE",
"SUCCESSFUL LOGIN",
"COMMANDS RUN"
]
}
FAILED LOGIN
SCORE: 0
Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: root
{
"id": "c7aa1fcc6e45",
"src_ip": "161.132.4.167",
"start_time": "2026-05-09T16:04:44.406751Z",
"end_time": "2026-05-09T16:04:47.142037Z",
"duration": "2.7",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [
{
"user": "root",
"pass": "123456"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}
RECONNAISSANCE
SUCCESSFUL LOGIN
COMMANDS RUN
SCORE: 160
Credential acceptance event recorded. Target authentication: root / password
Remote entity achieved interactive shell state. Command sequence (4 executed):
[obs-node]:~$
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"
[obs-node]:~$
uname -s -v -n -m 2 > /dev/null
[obs-node]:~$
uname -m 2 > /dev/null
[obs-node]:~$
cat /proc/uptime 2 > /dev/null | cut -d. -f1
{
"id": "37751b66dace",
"src_ip": "161.132.4.167",
"start_time": "2026-05-09T16:03:59.183076Z",
"end_time": "2026-05-09T16:04:00.443402Z",
"duration": "1.3",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "password"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"",
"uname -s -v -n -m 2 > /dev/null",
"uname -m 2 > /dev/null",
"cat /proc/uptime 2 > /dev/null | cut -d. -f1"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "uname -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "cat /proc/uptime 2 > /dev/null | cut -d. -f1",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 160,
"tags": [
"RECONNAISSANCE",
"SUCCESSFUL LOGIN",
"COMMANDS RUN"
]
}
SCORE: 0
Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "96567cff8236",
"src_ip": "161.132.4.167",
"start_time": "2026-05-09T16:03:55.947408Z",
"end_time": "2026-05-09T16:03:56.023169Z",
"duration": "0.1",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}
SCORE: 0
Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "ebd9353b7f4f",
"src_ip": "2.57.122.194",
"start_time": "2026-05-09T16:03:40.315329Z",
"end_time": "2026-05-09T16:03:41.187301Z",
"duration": "0.9",
"version": "SSH-2.0-PUTTY",
"hassh": "5bd26477da5440a6187bd3f1b39a429c",
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}
RECONNAISSANCE
SUCCESSFUL LOGIN
COMMANDS RUN
SCORE: 160
Credential acceptance event recorded. Target authentication: root / admin
Remote entity achieved interactive shell state. Command sequence (4 executed):
[obs-node]:~$
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"
[obs-node]:~$
uname -s -v -n -m 2 > /dev/null
[obs-node]:~$
uname -m 2 > /dev/null
[obs-node]:~$
cat /proc/uptime 2 > /dev/null | cut -d. -f1
{
"id": "62d75d715f6b",
"src_ip": "161.132.4.167",
"start_time": "2026-05-09T16:02:31.490340Z",
"end_time": "2026-05-09T16:02:35.523774Z",
"duration": "4.0",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "admin"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"",
"uname -s -v -n -m 2 > /dev/null",
"uname -m 2 > /dev/null",
"cat /proc/uptime 2 > /dev/null | cut -d. -f1"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "uname -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "cat /proc/uptime 2 > /dev/null | cut -d. -f1",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 160,
"tags": [
"RECONNAISSANCE",
"SUCCESSFUL LOGIN",
"COMMANDS RUN"
]
}
FAILED LOGIN
SCORE: 0
Unauthorized authentication attempt escalated. Dictionary traversal detected (5 distinct queries). Vector identities: user
{
"id": "f4d203501999",
"src_ip": "2.57.121.25",
"start_time": "2026-05-09T16:01:46.525339Z",
"end_time": "2026-05-09T16:01:53.284727Z",
"duration": "6.8",
"version": "SSH-2.0-libssh2_1.9.0",
"hassh": "57446c12547a668110aa237e5965e374",
"attempts": [
{
"user": "user",
"pass": "230584"
},
{
"user": "user",
"pass": "23031979"
},
{
"user": "user",
"pass": "23021995"
},
{
"user": "user",
"pass": "23021994"
},
{
"user": "user",
"pass": "230190"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}
FAILED LOGIN
SCORE: 0
Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: root
{
"id": "4a65a7d7278d",
"src_ip": "161.132.4.167",
"start_time": "2026-05-09T16:00:53.389360Z",
"end_time": "2026-05-09T16:00:57.684889Z",
"duration": "4.3",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [
{
"user": "root",
"pass": "root"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}
SCORE: 0
Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "17eb0cda925d",
"src_ip": "161.132.4.167",
"start_time": "2026-05-09T15:59:31.660834Z",
"end_time": "2026-05-09T15:59:31.775094Z",
"duration": "0.1",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}
FAILED LOGIN
SCORE: 0
Unauthorized authentication attempt escalated. Dictionary traversal detected (2 distinct queries). Vector identities: admin
{
"id": "a2e0b4877f13",
"src_ip": "139.19.117.197",
"start_time": "2026-05-09T15:48:34.947557Z",
"end_time": "2026-05-09T15:48:44.946776Z",
"duration": "10.0",
"version": "SSH-2.0-Go",
"hassh": "f1e5e9d24e5e345e8745613bde22d532",
"attempts": [
{
"user": "admin",
"pass": null
},
{
"user": "admin",
"pass": null
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}
FAILED LOGIN
SCORE: 0
Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: solana
{
"id": "c71b30f2cf8b",
"src_ip": "80.94.92.168",
"start_time": "2026-05-09T15:35:48.825347Z",
"end_time": "2026-05-09T15:35:51.968659Z",
"duration": "3.1",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [
{
"user": "solana",
"pass": "solana"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}
FAILED LOGIN
SCORE: 0
Unauthorized authentication attempt escalated. Dictionary traversal detected (5 distinct queries). Vector identities: admin
{
"id": "e3b6eea6f650",
"src_ip": "2.57.121.112",
"start_time": "2026-05-09T15:34:17.487403Z",
"end_time": "2026-05-09T15:34:24.257612Z",
"duration": "6.8",
"version": "SSH-2.0-libssh2_1.9.0",
"hassh": "57446c12547a668110aa237e5965e374",
"attempts": [
{
"user": "admin",
"pass": "redknapp"
},
{
"user": "admin",
"pass": "redfred"
},
{
"user": "admin",
"pass": "redeemed"
},
{
"user": "admin",
"pass": "redcloud"
},
{
"user": "admin",
"pass": "raygun"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}
SCORE: 0
Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "bccbc3fe3cbd",
"src_ip": "80.94.92.168",
"start_time": "2026-05-09T15:30:15.906761Z",
"end_time": "2026-05-09T15:30:16.082077Z",
"duration": "0.2",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}
FAILED LOGIN
SCORE: 0
Unauthorized authentication attempt escalated. Dictionary traversal detected (5 distinct queries). Vector identities: eleazar
{
"id": "4e6ebc5457b0",
"src_ip": "213.209.159.56",
"start_time": "2026-05-09T15:25:02.765731Z",
"end_time": "2026-05-09T15:25:09.363323Z",
"duration": "6.6",
"version": "SSH-2.0-libssh2_1.9.0",
"hassh": "57446c12547a668110aa237e5965e374",
"attempts": [
{
"user": "eleazar",
"pass": "eleazar"
},
{
"user": "eleazar",
"pass": "eleazar1"
},
{
"user": "eleazar",
"pass": "eleazar123"
},
{
"user": "eleazar",
"pass": "eleazar1234"
},
{
"user": "eleazar",
"pass": "eleazar12345"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}
RECONNAISSANCE
SUCCESSFUL LOGIN
COMMANDS RUN
SCORE: 100
Credential acceptance event recorded. Target authentication: root / ------fuck------
Remote entity achieved interactive shell state. Command sequence (1 executed):
[obs-node]:~$
uname -s -m
{
"id": "ff190b489b70",
"src_ip": "171.109.111.69",
"start_time": "2026-05-09T15:22:05.259308Z",
"end_time": "2026-05-09T15:22:06.742315Z",
"duration": "1.5",
"version": "SSH-2.0-Go",
"hassh": "98f63c4d9c87edbd97ed4747fa031019",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "------fuck------"
},
"commands": [
"uname -s -m"
],
"detailed_commands": [
{
"cmd": "uname -s -m",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 100,
"tags": [
"RECONNAISSANCE",
"SUCCESSFUL LOGIN",
"COMMANDS RUN"
]
}
SCORE: 0
Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "2b76b106523d",
"src_ip": "171.109.111.69",
"start_time": "2026-05-09T15:22:04.771703Z",
"end_time": "2026-05-09T15:22:05.064343Z",
"duration": "0.3",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}
SCORE: 0
Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "42f8ad3f3d83",
"src_ip": "63.229.76.169",
"start_time": "2026-05-09T15:11:13.194964Z",
"end_time": "2026-05-09T15:11:13.212320Z",
"duration": "0.0",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}
SCORE: 0
Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "4177a6eab980",
"src_ip": "77.90.185.16",
"start_time": "2026-05-09T15:03:29.460030Z",
"end_time": "2026-05-09T15:03:29.632005Z",
"duration": "0.2",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}
FAILED LOGIN
SCORE: 0
Unauthorized authentication attempt escalated. Dictionary traversal detected (2 distinct queries). Vector identities: admin
{
"id": "c2fa23c20873",
"src_ip": "139.19.117.197",
"start_time": "2026-05-09T14:52:54.466594Z",
"end_time": "2026-05-09T14:53:04.466276Z",
"duration": "10.0",
"version": "SSH-2.0-Go",
"hassh": "f1e5e9d24e5e345e8745613bde22d532",
"attempts": [
{
"user": "admin",
"pass": null
},
{
"user": "admin",
"pass": null
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}
FAILED LOGIN
SCORE: 0
Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: support
{
"id": "11c79ff3e88b",
"src_ip": "87.251.64.176",
"start_time": "2026-05-09T14:52:27.048158Z",
"end_time": "2026-05-09T14:52:29.233203Z",
"duration": "2.2",
"version": "SSH-2.0-Go",
"hassh": "eff4c24daffc8532c160e86e5f006e53",
"attempts": [
{
"user": "support",
"pass": "support"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}
FAILED LOGIN
SCORE: 0
Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: support
{
"id": "ad654fa16631",
"src_ip": "87.251.64.176",
"start_time": "2026-05-09T14:48:59.330962Z",
"end_time": "2026-05-09T14:49:01.404913Z",
"duration": "2.1",
"version": "SSH-2.0-Go",
"hassh": "eff4c24daffc8532c160e86e5f006e53",
"attempts": [
{
"user": "support",
"pass": "support"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}
FAILED LOGIN
SCORE: 0
Unauthorized authentication attempt escalated. Dictionary traversal detected (5 distinct queries). Vector identities: user
{
"id": "608038cef61a",
"src_ip": "2.57.121.25",
"start_time": "2026-05-09T14:46:28.078343Z",
"end_time": "2026-05-09T14:46:34.844998Z",
"duration": "6.8",
"version": "SSH-2.0-libssh2_1.9.0",
"hassh": "57446c12547a668110aa237e5965e374",
"attempts": [
{
"user": "user",
"pass": "23071996"
},
{
"user": "user",
"pass": "23071978"
},
{
"user": "user",
"pass": "230689"
},
{
"user": "user",
"pass": "23061993"
},
{
"user": "user",
"pass": "23061978"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}
FAILED LOGIN
SCORE: 0
Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: support
{
"id": "2795363aed80",
"src_ip": "87.251.64.176",
"start_time": "2026-05-09T14:45:04.332154Z",
"end_time": "2026-05-09T14:45:06.224488Z",
"duration": "1.9",
"version": "SSH-2.0-Go",
"hassh": "eff4c24daffc8532c160e86e5f006e53",
"attempts": [
{
"user": "support",
"pass": "support"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}