Sat Jun 13 06:25:07 MDT 2020 06:25:07 up 21:03, 1 user, load average: 0.77, 0.37, 0.31 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT pi tty7 :0 Fri09 21:07m 34.72s 0.50s /usr/bin/lxsession -s LXDE-pi -e LXDE 83.97.20.21 - - [13/Jun/2020:12:35:34 +0000] "GET / HTTP/1.0" 200 25000 "" "" 114.35.244.6 - - [13/Jun/2020:12:37:03 +0000] "GET / HTTP/1.1" 400 0 "" "" 162.243.142.136 - - [13/Jun/2020:14:41:03 +0000] "GET /hudson HTTP/1.1" 404 0 "" "Mozilla/5.0 zgrab/0.x" 195.54.160.135 - - [13/Jun/2020:15:14:31 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 195.54.160.135 - - [13/Jun/2020:15:18:21 +0000] "GET /?a=fetch&content=die(@md5(HelloThinkCMF)) HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 195.54.160.135 - - [13/Jun/2020:15:18:22 +0000] "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 195.54.160.135 - - [13/Jun/2020:15:28:03 +0000] "GET /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 192.35.168.201 - - [13/Jun/2020:15:31:42 +0000] "GET / HTTP/1.1" 200 25000 "" "" 192.35.168.201 - - [13/Jun/2020:15:31:42 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 zgrab/0.x" 68.65.102.30 - - [13/Jun/2020:16:23:40 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36" 195.54.160.135 - - [13/Jun/2020:17:03:23 +0000] "POST /api/jsonws/invoke HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 45.201.150.208 - - [13/Jun/2020:18:03:43 +0000] "GET / HTTP/1.1" 400 0 "" "" 176.99.48.23 - - [13/Jun/2020:19:06:16 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36" 185.216.140.6 - - [13/Jun/2020:19:25:23 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 zgrab/0.x" 162.243.138.178 - - [13/Jun/2020:19:28:38 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 zgrab/0.x" 1.34.187.90 - - [13/Jun/2020:20:24:09 +0000] "GET / HTTP/1.1" 400 0 "" "" 195.54.160.135 - - [13/Jun/2020:20:52:27 +0000] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 205.185.114.231 - - [13/Jun/2020:21:23:30 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0" 195.54.160.135 - - [13/Jun/2020:21:39:27 +0000] "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 162.250.19.7 - - [13/Jun/2020:21:36:05 +0000] "GET /ac0xl/ HTTP/1.1" 200 25000 "http://162.250.19.7/" "Mozilla/5.0 (Android 4.4.2; Mobile; rv:68.0) Gecko/68.0 Firefox/68.0" 162.250.19.7 - - [13/Jun/2020:21:36:12 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 162.250.19.7 - - [13/Jun/2020:21:36:14 +0000] "GET /ac0xl/ HTTP/1.1" 200 25000 "http://162.250.19.7/" "Mozilla/5.0 (Android 4.4.2; Mobile; rv:68.0) Gecko/68.0 Firefox/68.0" 2020.06.13 Power failure. Computer hung and did not restart. 162.250.19.7 - - [17/Jun/2020:14:45:33 +0000] "GET /ac0xl/logs/ HTTP/1.1" 200 25000 "http://162.250.19.7/ac0xl/" "Mozilla/5.0 (Android 4.4.2; Mobile; rv:68.0) Gecko/68.0 Firefox/68.0" 118.24.158.75 - - [17/Jun/2020:14:49:26 +0000] "GET /TP/public/index.php HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)" 118.24.158.75 - - [17/Jun/2020:14:49:27 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 118.24.158.75 - - [17/Jun/2020:14:49:30 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)" 162.250.19.7 - - [17/Jun/2020:14:59:35 +0000] "GET /ac0xl/logs/ HTTP/1.1" 200 25000 "http://162.250.19.7/ac0xl/" "Mozilla/5.0 (Android 4.4.2; Mobile; rv:68.0) Gecko/68.0 Firefox/68.0" 162.250.19.7 - - [17/Jun/2020:14:59:54 +0000] "GET /ac0xl/logs/2020.06.15 HTTP/1.1" 200 0 "http://162.250.19.7/ac0xl/logs/" "Mozilla/5.0 (Android 4.4.2; Mobile; rv:68.0) Gecko/68.0 Firefox/68.0" 162.250.19.7 - - [17/Jun/2020:15:00:21 +0000] "GET /ac0xl/logs/2020.06.14 HTTP/1.1" 200 4313 "http://162.250.19.7/ac0xl/logs/" "Mozilla/5.0 (Android 4.4.2; Mobile; rv:68.0) Gecko/68.0 Firefox/68.0" 162.250.19.7 - - [17/Jun/2020:15:01:16 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 162.250.19.7 - - [17/Jun/2020:15:01:24 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 139.99.237.25 - - [17/Jun/2020:15:15:19 +0000] "UNKNOWN UNKNOWN" 0 0 "" "" 139.99.237.25 - - [17/Jun/2020:15:15:27 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)" 103.88.243.144 - - [17/Jun/2020:15:35:06 +0000] "GET / HTTP/1.1" 400 0 "" "" 162.250.19.7 - - [17/Jun/2020:15:51:58 +0000] "GET /delinquent-accounts/ HTTP/1.1" 200 25000 "http://162.250.19.7/" "Mozilla/5.0 (Android 4.4.2; Mobile; rv:68.0) Gecko/68.0 Firefox/68.0" 162.250.19.7 - - [17/Jun/2020:15:52:08 +0000] "GET /delinquent-accounts/I-Camp-RV-Park-Campground-Green-River-Utah-84525/ HTTP/1.1" 200 25000 "http://162.250.19.7/delinquent-accounts/" "Mozilla/5.0 (Android 4.4.2; Mobile; rv:68.0) Gecko/68.0 Firefox/68.0" 162.250.19.7 - - [17/Jun/2020:15:52:19 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 162.250.19.7 - - [17/Jun/2020:15:52:20 +0000] "GET /delinquent-accounts/I-Camp-RV-Park-Campground-Green-River-Utah-84525/Inv-FC-680.prn HTTP/1.1" 200 3405 "http://162.250.19.7/delinquent-accounts/I-Camp-RV-Park-Campground-Green-River-Utah-84525/" "Mozilla/5.0 (Android 4.4.2; Mobile; rv:68.0) Gecko/68.0 Firefox/68.0" 162.250.19.7 - - [17/Jun/2020:15:54:10 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 162.250.19.7 - - [17/Jun/2020:15:54:16 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 162.250.19.7 - - [17/Jun/2020:15:54:18 +0000] "GET /delinquent-accounts/I-Camp-RV-Park-Campground-Green-River-Utah-84525/www-2020-06-17.prn HTTP/1.1" 200 4459 "http://162.250.19.7/delinquent-accounts/I-Camp-RV-Park-Campground-Green-River-Utah-84525/" "Mozilla/5.0 (Android 4.4.2; Mobile; rv:68.0) Gecko/68.0 Firefox/68.0" 162.250.19.7 - - [17/Jun/2020:15:55:15 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 162.250.19.7 - - [17/Jun/2020:15:55:20 +0000] "GET /delinquent-accounts/I-Camp-RV-Park-Campground-Green-River-Utah-84525/www-statement-2020-06-17.prn HTTP/1.1" 200 4459 "http://162.250.19.7/delinquent-accounts/I-Camp-RV-Park-Campground-Green-River-Utah-84525/" "Mozilla/5.0 (Android 4.4.2; Mobile; rv:68.0) Gecko/68.0 Firefox/68.0" 162.250.19.7 - - [17/Jun/2020:15:56:06 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 192.35.168.248 - - [17/Jun/2020:16:21:37 +0000] "GET / HTTP/1.1" 200 25000 "" "" 192.35.168.248 - - [17/Jun/2020:16:21:37 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 zgrab/0.x" 196.52.43.127 - - [17/Jun/2020:17:02:24 +0000] "GET / HTTP/1.0" 200 25000 "" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3602.2 Safari/537.36" 185.173.35.25 - - [17/Jun/2020:17:34:38 +0000] "GET / HTTP/1.1" 200 25000 "" "NetSystemsResearch studies the availability of various services across the internet. Our website is netsystemsresearch.com" 202.44.210.157 - - [17/Jun/2020:18:31:29 +0000] "GET / HTTP/1.1" 200 25000 "" "" 202.44.210.157 - - [17/Jun/2020:18:31:39 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 202.44.210.157 - - [17/Jun/2020:18:31:40 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 94.177.214.123 - - [17/Jun/2020:19:07:53 +0000] "GET / HTTP/1.1" 200 25000 "http://162.250.19.7:80/left.html" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0" 45.201.205.137 - - [17/Jun/2020:19:09:53 +0000] "GET / HTTP/1.1" 400 0 "" "" 162.243.136.153 - - [17/Jun/2020:20:05:27 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 zgrab/0.x" 188.217.242.149 - - [17/Jun/2020:21:18:31 +0000] "GET / HTTP/1.1" 400 0 "" "" 139.162.119.197 - - [17/Jun/2020:22:10:31 +0000] "GET / HTTP/1.1" 200 25000 "" "HTTP Banner Detection (https://security.ipip.net)" 37.233.2.71 - - [17/Jun/2020:22:24:42 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36" 162.250.19.7 - - [17/Jun/2020:22:36:11 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 162.250.19.7 - - [17/Jun/2020:22:36:18 +0000] "GET / HTTP/1.1" 200 25000 "http://162.250.19.7/documents/" "Mozilla/5.0 (Android 4.4.2; Mobile; rv:68.0) Gecko/68.0 Firefox/68.0" 162.250.19.7 - - [17/Jun/2020:22:36:31 +0000] "GET /favicon.ico HTTP/1.1" 200 533 "http://162.250.19.7/" "Mozilla/5.0 (Android 4.4.2; Mobile; rv:68.0) Gecko/68.0 Firefox/68.0" 162.250.19.7 - - [17/Jun/2020:22:36:41 +0000] "GET /memes/ HTTP/1.1" 200 25000 "http://162.250.19.7/" "Mozilla/5.0 (Android 4.4.2; Mobile; rv:68.0) Gecko/68.0 Firefox/68.0" 162.250.19.7 - - [17/Jun/2020:22:36:56 +0000] "GET /memes/fauci-faucet-768x614.jpg HTTP/1.1" 304 0 "http://162.250.19.7/memes/" "Mozilla/5.0 (Android 4.4.2; Mobile; rv:68.0) Gecko/68.0 Firefox/68.0" 162.250.19.7 - - [17/Jun/2020:22:37:02 +0000] "GET /memes/fauci-faucet-768x614.jpg HTTP/1.1" 304 0 "http://162.250.19.7/memes/" "Mozilla/5.0 (Android 4.4.2; Mobile; rv:68.0) Gecko/68.0 Firefox/68.0" 162.250.19.7 - - [17/Jun/2020:22:37:17 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 5.19.246.87 - - [17/Jun/2020:22:59:20 +0000] "GET / HTTP/1.1" 400 0 "" "" 220.133.69.112 - - [17/Jun/2020:23:29:20 +0000] "GET / HTTP/1.1" 400 0 "" "" 5.2.196.229 - - [17/Jun/2020:23:34:07 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36" 191.252.193.79 - - [18/Jun/2020:00:04:53 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36" 94.177.214.123 - - [18/Jun/2020:00:35:42 +0000] "POST /boaform/admin/formLogin HTTP/1.1" 404 0 "http://162.250.19.7:80/admin/login.asp" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0" 103.47.16.187 - - [18/Jun/2020:00:46:25 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.7" 52.173.82.34 - - [18/Jun/2020:00:48:50 +0000] "GET /muieblackcat HTTP/1.1" 404 0 "" "" 52.173.82.34 - - [18/Jun/2020:00:48:51 +0000] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 400 0 "" "" 52.173.82.34 - - [18/Jun/2020:00:48:52 +0000] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 400 0 "" "" 52.173.82.34 - - [18/Jun/2020:00:48:52 +0000] "GET //pma/scripts/setup.php HTTP/1.1" 400 0 "" "" 52.173.82.34 - - [18/Jun/2020:00:48:52 +0000] "GET //myadmin/scripts/setup.php HTTP/1.1" 400 0 "" "" 52.173.82.34 - - [18/Jun/2020:00:48:52 +0000] "GET //MyAdmin/scripts/setup.php HTTP/1.1" 400 0 "" "" 205.185.114.231 - - [18/Jun/2020:01:44:33 +0000] "POST /boaform/admin/formLogin HTTP/1.1" 404 0 "http://162.250.19.7:80/admin/login.asp" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0" 59.126.122.123 - - [18/Jun/2020:03:06:53 +0000] "GET / HTTP/1.1" 400 0 "" "" 168.227.169.12 - - [18/Jun/2020:03:08:06 +0000] "GET / HTTP/1.1" 400 0 "" "" 187.0.165.226 - - [18/Jun/2020:04:26:56 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36" 218.208.176.238 - - [18/Jun/2020:04:56:57 +0000] "GET / HTTP/1.1" 400 0 "" "" 151.235.157.166 - - [18/Jun/2020:05:16:33 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36" 92.87.52.140 - - [18/Jun/2020:05:24:40 +0000] "GET / HTTP/1.1" 400 0 "" "" 185.244.111.48 - - [18/Jun/2020:05:50:44 +0000] "GET / HTTP/1.1" 400 0 "" "" 3.128.18.189 - - [18/Jun/2020:06:00:31 +0000] "GET /app/config/ HTTP/1.1" 404 0 "" "curl/7.68.0" 185.220.101.19 - - [18/Jun/2020:06:05:23 +0000] "GET /async/ HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows ME 4.9; rv:31.0) Gecko/20100101 Firefox/31.7" 3.128.18.189 - - [18/Jun/2020:06:25:35 +0000] "GET /app/config/config.ini HTTP/1.1" 404 0 "" "curl/7.68.0" 3.128.18.189 - - [18/Jun/2020:06:50:41 +0000] "GET /include/ HTTP/1.1" 404 0 "" "curl/7.68.0" 3.128.18.189 - - [18/Jun/2020:07:15:47 +0000] "GET /include/config.ini HTTP/1.1" 404 0 "" "curl/7.68.0" 45.230.115.129 - - [18/Jun/2020:07:32:09 +0000] "GET / HTTP/1.1" 400 0 "" "" 186.101.230.155 - - [18/Jun/2020:07:35:45 +0000] "POST /cgi-bin/mainfunction.cgi HTTP/1.1" 404 0 "" "XTC" 186.101.230.155 - - [18/Jun/2020:07:35:45 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 3.128.18.189 - - [18/Jun/2020:07:41:01 +0000] "GET /include/config/ HTTP/1.1" 404 0 "" "curl/7.68.0" 3.128.18.189 - - [18/Jun/2020:08:06:09 +0000] "GET /include/config/config.ini HTTP/1.1" 404 0 "" "curl/7.68.0" 168.227.48.251 - - [18/Jun/2020:08:06:24 +0000] "GET /adv,/cgi-bin/weblogin.cgi?username=admin%27%3Bls%20%23&password=asdf HTTP/1.1" 404 0 "" "Mozilla/5.0" 168.227.48.251 - - [18/Jun/2020:08:06:26 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" 3.128.18.189 - - [18/Jun/2020:08:31:15 +0000] "GET /include/functions/ HTTP/1.1" 404 0 "" "curl/7.68.0" 94.177.214.123 - - [18/Jun/2020:08:31:15 +0000] "GET / HTTP/1.1" 200 25000 "http://162.250.19.7:80/left.html" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0" 172.104.108.109 - - [18/Jun/2020:08:53:04 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0" 3.128.18.189 - - [18/Jun/2020:08:56:18 +0000] "GET /include/functions/config.ini HTTP/1.1" 404 0 "" "curl/7.68.0" 87.7.2.67 - - [18/Jun/2020:12:02:05 +0000] "GET / HTTP/1.1" 400 0 "" "" 5.95.219.74 - - [18/Jun/2020:12:18:43 +0000] "UNKNOWN UNKNOWN" 400 0 "" "" Thu Jun 18 06:25:13 MDT 2020 06:25:13 up 21:40, 1 user, load average: 0.49, 0.29, 0.28 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT pi tty7 :0 Sat15 4days 50.07s 0.30s /usr/bin/lxsession -s LXDE-pi -e LXDE