Removal of filesystem attribute protections from the user’s .ssh directory followed by deletion and recreation of the directory and insertion of a new public key into authorized_keys. This pattern reflects deliberate modification of SSH trust configuration to establish persistent key-based access.

Automated probe attempting to determine whether the target HTTP service functions as a forward proxy by requesting an external host and port (/google.com:443). Commonly observed in internet-wide open proxy discovery scanning.