Front to the WordPress application

Файловый менеджер - Редактировать - /usr/local/apache/domlogs/freeclou/app.optimyar.com

Назад
45.88.186.111 - - [20/Nov/2025:16:40:00 +0330] "GET /.env HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 20.243.53.228 - - [20/Nov/2025:17:18:31 +0330] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:33 +0330] "GET /shoha.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:33 +0330] "GET /ze.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:34 +0330] "GET /xo.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:34 +0330] "GET /wp-the1me.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:35 +0330] "GET /m.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:36 +0330] "GET /e.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:36 +0330] "GET /dd1.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:37 +0330] "GET /conn.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:38 +0330] "GET /card.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:38 +0330] "GET /asas.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:38 +0330] "GET /kki.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:39 +0330] "GET /js.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:39 +0330] "GET /view.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:40 +0330] "GET /wso.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:40 +0330] "GET /sid3.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:41 +0330] "GET /mans.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:41 +0330] "GET /111.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:42 +0330] "GET /403.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:42 +0330] "GET /4yps5d.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:43 +0330] "GET /fs6.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:43 +0330] "GET /lv.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:44 +0330] "GET /habhan.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:44 +0330] "GET /akcc.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:45 +0330] "GET /bi1f.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:45 +0330] "GET /lib.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:46 +0330] "GET /luxe.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:46 +0330] "GET /wsd.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:47 +0330] "GET /404.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:47 +0330] "GET /an7.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:48 +0330] "GET /fs7.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:48 +0330] "GET /new4.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:49 +0330] "GET /icon.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:49 +0330] "GET /blox.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:50 +0330] "GET /gm.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:50 +0330] "GET /iko.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:51 +0330] "GET /miso.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:51 +0330] "GET /moie.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:52 +0330] "GET /shelp.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:52 +0330] "GET /siln.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:53 +0330] "GET /sko.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:53 +0330] "GET /3.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:54 +0330] "GET /wp-gif.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:54 +0330] "GET /wp-good.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:55 +0330] "GET /rrr.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:55 +0330] "GET /tj.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:56 +0330] "GET /vansec.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:56 +0330] "GET /filesss.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:57 +0330] "GET /ss.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:57 +0330] "GET /wp-is.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:57 +0330] "GET /jmfi2.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:58 +0330] "GET /scx.php7 HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:58 +0330] "GET /777.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:59 +0330] "GET /f35.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:18:59 +0330] "GET /ioxi-o.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:00 +0330] "GET /csv.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:00 +0330] "GET /shlo.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:01 +0330] "GET /abc.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:01 +0330] "GET /wpc1.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:02 +0330] "GET /ww.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:02 +0330] "GET /raw.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:03 +0330] "GET /mah.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:03 +0330] "GET /p.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:04 +0330] "GET /xpas22.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:04 +0330] "GET /wp1.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:04 +0330] "GET /fm.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:06 +0330] "GET /eauu.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:06 +0330] "GET /css.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:07 +0330] "GET /ru.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:08 +0330] "GET /tmpls.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:08 +0330] "GET /shell.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:08 +0330] "GET /ae.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:09 +0330] "GET /smpx.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:09 +0330] "GET /wp-asd.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:10 +0330] "GET /class5.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:10 +0330] "GET /yas.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:11 +0330] "GET /yanki.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:12 +0330] "GET /g7y.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:12 +0330] "GET /ok.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:13 +0330] "GET /yasnu.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:13 +0330] "GET /moon.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:14 +0330] "GET /wio.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:14 +0330] "GET /oswkk.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:15 +0330] "GET /rex.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:15 +0330] "GET /aj.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:16 +0330] "GET /snus.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:16 +0330] "GET /naxc.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:17 +0330] "GET /v3.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:17 +0330] "GET /nc4.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:18 +0330] "GET /api137.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:18 +0330] "GET /class629.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:19 +0330] "GET /wp-x7.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:19 +0330] "GET /wp670.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:20 +0330] "GET /Okxob.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:20 +0330] "GET /Sanskrit.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:21 +0330] "GET /jq.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:21 +0330] "GET /x7.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:22 +0330] "GET /zex.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:22 +0330] "GET /zxin.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:23 +0330] "GET /asd67.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:23 +0330] "GET /st.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:24 +0330] "GET /an.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:24 +0330] "GET /enkkk.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:25 +0330] "GET /ext.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:25 +0330] "GET /fe5.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:26 +0330] "GET /13.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:26 +0330] "GET /wp.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:27 +0330] "GET /wp-freya.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:27 +0330] "GET /hello.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:28 +0330] "GET /ex.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:28 +0330] "GET /lock1.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:29 +0330] "GET /mini.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:29 +0330] "GET /ups.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:30 +0330] "GET /bes.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:30 +0330] "GET /wp-swa.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:31 +0330] "GET /42u.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:31 +0330] "GET /lc.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:32 +0330] "GET /gmo.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:32 +0330] "GET /CLA.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:33 +0330] "GET /gfile.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:34 +0330] "GET /ahax.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:34 +0330] "GET /gold.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:35 +0330] "GET /ol.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:35 +0330] "GET /wp-gr.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:36 +0330] "GET /co.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:36 +0330] "GET /aua.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:37 +0330] "GET /aa.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:37 +0330] "GET /great.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:38 +0330] "GET /class9.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:38 +0330] "GET /pass.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:39 +0330] "GET /lock360.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:39 +0330] "GET /ot.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:40 +0330] "GET /witmm.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:41 +0330] "GET /lo.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:41 +0330] "GET /vxrl.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:41 +0330] "GET /vxonb.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:42 +0330] "GET /wozxsh.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:42 +0330] "GET /whf.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:43 +0330] "GET /bkxzo.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:43 +0330] "GET /okxoby.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:44 +0330] "GET /error1.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:44 +0330] "GET /xtt.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:45 +0330] "GET /autoload_classmap.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:45 +0330] "GET /wcas.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:46 +0330] "GET /class-db.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:47 +0330] "GET /acp.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:48 +0330] "GET /awh77.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:48 +0330] "GET /nax.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:49 +0330] "GET /wolv2.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:49 +0330] "GET /mtvcrew.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:50 +0330] "GET /twso.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:50 +0330] "GET /144.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:51 +0330] "GET /exhitrgp.php HTTP/1.1" 301 795 "-" "-" 20.243.53.228 - - [20/Nov/2025:17:19:51 +0330] "GET /n3.php HTTP/1.1" 301 795 "-" "-" 162.62.213.187 - - [20/Nov/2025:17:50:17 +0330] "GET / HTTP/1.1" 301 795 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1" 172.207.250.7 - - [20/Nov/2025:19:10:20 +0330] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:21 +0330] "GET /class-t.api.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:22 +0330] "GET /zwso.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:23 +0330] "GET /wp-content/uploads/autoload_classmap.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:24 +0330] "GET /wp-content/plugins/dummyyummy/wp-signup.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:25 +0330] "GET /wp-admin/css/colors/blue/index.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:26 +0330] "GET /admin.php?p= HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:26 +0330] "GET /.well-known/acme-challenge/install.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:27 +0330] "GET /mpvloi.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:28 +0330] "GET /wp-includes/0.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:28 +0330] "GET /randkeyword.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:29 +0330] "GET /fwe.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:30 +0330] "GET /wp-includes/cs.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:30 +0330] "GET /wikindex.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:31 +0330] "GET /images/m.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:31 +0330] "GET /wp-includes/css/kses.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:32 +0330] "GET /jagoan.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:33 +0330] "GET /images/g3.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:33 +0330] "GET /.well-known/zaza.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:34 +0330] "GET /.well-known/acme-challenge/myip.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:34 +0330] "GET /htaccess.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:35 +0330] "GET /readme.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:36 +0330] "GET /Cok.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:37 +0330] "GET /hob.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:37 +0330] "GET /kal.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:38 +0330] "GET /fv.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:38 +0330] "GET /lx.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:39 +0330] "GET /w1w.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:39 +0330] "GET /Contrller.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:40 +0330] "GET /cafe.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:41 +0330] "GET /ww2.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:41 +0330] "GET /ww3.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:42 +0330] "GET /ww4.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:43 +0330] "GET /as.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:43 +0330] "GET /wsd.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:44 +0330] "GET /403.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:44 +0330] "GET /max.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:45 +0330] "GET /m.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:46 +0330] "GET /post.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:47 +0330] "GET /themes.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:47 +0330] "GET /wp-content/themes/astra/inc/ki1k.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:48 +0330] "GET /ALFA_DATA/index.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:49 +0330] "GET /wp-admin/maint/about.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:49 +0330] "GET /wp-admin/network/wp-conflg.php?p= HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:50 +0330] "GET /click.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:50 +0330] "GET /install.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:51 +0330] "GET /lv.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:52 +0330] "GET /simple.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:52 +0330] "GET /13k.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:53 +0330] "GET /css.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:53 +0330] "GET /yellow.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:54 +0330] "GET /cong.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:55 +0330] "GET /fw.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:55 +0330] "GET /bs1.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:56 +0330] "GET /wp-includes/images/wp-login.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:56 +0330] "GET /termps.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:57 +0330] "GET /co.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:58 +0330] "GET /cong.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:59 +0330] "GET /atomlib.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:10:59 +0330] "GET /w.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:00 +0330] "GET /404.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:01 +0330] "GET /ioxi-o.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:01 +0330] "GET /wp-content/product.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:02 +0330] "GET /wp-content/function.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:02 +0330] "GET /0x.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:03 +0330] "GET /css.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:04 +0330] "GET /222.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:04 +0330] "GET /wp-content/index.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:05 +0330] "GET /1.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:05 +0330] "GET /admin.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:06 +0330] "GET /wp-admin/maint/maint.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:07 +0330] "GET /classwithtostring.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:07 +0330] "GET /abcd.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:08 +0330] "GET /dropdown.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:08 +0330] "GET /moon.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:09 +0330] "GET /0x.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:10 +0330] "GET /moon.php?p= HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:10 +0330] "GET /autoload_classmap.php?p= HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:11 +0330] "GET /inputs.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:12 +0330] "GET /default.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:12 +0330] "GET /fm.php?p= HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:13 +0330] "GET /about.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:14 +0330] "GET /alfa.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:14 +0330] "GET /buy.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:15 +0330] "GET /themes/twentytwentytwo/index.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:15 +0330] "GET /wp-admin/js/wp-conflg.php?p= HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:16 +0330] "GET /wp-admin/wp-conflg.php?p= HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:16 +0330] "GET /wp-admin/css/wp-conflg.php?p= HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:17 +0330] "GET /manager.php?p= HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:18 +0330] "GET /js/fm.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:18 +0330] "GET /item.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:19 +0330] "GET /plugins/Cache/footer.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:20 +0330] "GET /404.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:21 +0330] "GET /mail.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:21 +0330] "GET /wp-content/plugins/index.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:22 +0330] "GET /sx.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:23 +0330] "GET /wp-admin/maint/admin.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:23 +0330] "GET /article.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:24 +0330] "GET /alfa.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:25 +0330] "GET /1.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:25 +0330] "GET /403.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:26 +0330] "GET /link.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:27 +0330] "GET /byp.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:27 +0330] "GET /ws.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:28 +0330] "GET /wp-trackback.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:28 +0330] "GET /.well-known/index.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:29 +0330] "GET /wp-includes/certificates/plugins.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:30 +0330] "GET /wp-content/themes/seotheme/mar.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:30 +0330] "GET /wp-admin/network/plugins.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:31 +0330] "GET /wp-admin/about.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:32 +0330] "GET /gmo.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:32 +0330] "GET /wp-includes/ID3/about.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:33 +0330] "GET /css/index.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:33 +0330] "GET /wp-admin/includes/xmrlpc.php?p= HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:34 +0330] "GET /wp-includes/SimplePie/wp-login.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:35 +0330] "GET /wp-content/themes/about.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:35 +0330] "GET /filemanager/dialog.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:36 +0330] "GET /wp-admin/maint/index.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:37 +0330] "GET /wp-includes/Requests/Text/admin.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:37 +0330] "GET /wp-includes/customize/about.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:38 +0330] "GET /index/function.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:39 +0330] "GET /uploads/autoload_classmap.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:39 +0330] "GET /wp-includes/css/dist/preferences/wp-login.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:40 +0330] "GET /wp-includes/style-engine/about.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:40 +0330] "GET /ww1.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:41 +0330] "GET /qqq.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:42 +0330] "GET /about/function.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:42 +0330] "GET /wp-includes/theme-compat/chosen.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:43 +0330] "GET /admin/function.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:44 +0330] "GET /.well-known/acme-challenge/index.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:44 +0330] "GET /css/colors/blue/index.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:45 +0330] "GET /wp-content/plugins/pwnd/as.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:45 +0330] "GET /wp-admin/setup-config.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:46 +0330] "GET /wp-admin/user/about.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:47 +0330] "GET /wp-admin/js/index.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:47 +0330] "GET /wp-content/upgrade/about.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:48 +0330] "GET /wp-includes/assets/index.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:49 +0330] "GET /wp-content/radio.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:50 +0330] "GET /wp-includes/fonts/index.php?p= HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:50 +0330] "GET /.well-known/gecko-litespeed.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:51 +0330] "GET /.well-known/admin.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:52 +0330] "GET /wp-content/admin.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:52 +0330] "GET /wp-content/plugins/admin.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:53 +0330] "GET /wp-content/themes/twentytwentytwo/index.php?p= HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:54 +0330] "GET /.well-known/log.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:55 +0330] "GET /class.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:56 +0330] "GET /bless.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:56 +0330] "GET /wp-includes/js/codemirror/index.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:57 +0330] "GET /wp-includes/block-patterns/index.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:58 +0330] "GET /lock360.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:58 +0330] "GET /bge.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:11:59 +0330] "GET /ifm.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:12:00 +0330] "GET /ww5.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:12:00 +0330] "GET /thxt.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:12:01 +0330] "GET /kairolin.php HTTP/1.1" 301 795 "-" "-" 172.207.250.7 - - [20/Nov/2025:19:12:02 +0330] "GET /siln.php HTTP/1.1" 301 795 "-" "-" 172.172.100.149 - - [20/Nov/2025:19:24:20 +0330] "GET /new4.php HTTP/1.1" 301 795 "https://www.google.fr/" "Mozilla/5.0 (iPhone; CPU iPhone OS 16_6_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:24:21 +0330] "GET /bolt.php HTTP/1.1" 301 795 "https://www.google.com/" "Mozilla/5.0 (Linux; Android 10; LM-Q720) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:21 +0330] "GET /ava.php HTTP/1.1" 301 795 "https://www.google.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_0_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0.1 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:24:22 +0330] "GET /wp-links-opml.php HTTP/1.1" 301 795 "https://duckduckgo.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 16_6_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:24:22 +0330] "GET /pow.php HTTP/1.1" 301 795 "https://www.google.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/119.0.6045.109 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:24:23 +0330] "GET /zuk.php HTTP/1.1" 301 795 "https://www.bing.com/" "Mozilla/5.g (Linux; Android 13; Pixel 7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:23 +0330] "GET /fss.php HTTP/1.1" 301 795 "https://www.google.co.uk/" "Mozilla/5.0 (Linux; Android 13; M2101K6G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:23 +0330] "GET /test1.php HTTP/1.1" 301 795 "https://www.google.co.uk/" "Mozilla/5.0 (iPhone; CPU iPhone OS 15_7_9 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.6.5 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:24:24 +0330] "GET /core.php HTTP/1.1" 301 795 "https://duckduckgo.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:24:24 +0330] "GET /elp.php HTTP/1.1" 301 795 "https://www.google.com/" "Mozilla/5.0 (Linux; Android 13; SM-S908E) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:25 +0330] "GET /new.php HTTP/1.1" 301 795 "https://www.google.com/" "Mozilla/5.0 (Linux; Android 14; Pixel 8 Pro) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:25 +0330] "GET /fox.php HTTP/1.1" 301 795 "https://www.google.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 16_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/118.0 Mobile/15E148 Safari/605.1.15" 172.172.100.149 - - [20/Nov/2025:19:24:25 +0330] "GET /wp-content/plugins/wpsearch/login.php HTTP/1.1" 301 795 "https://www.yahoo.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/119.0.6045.109 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:24:26 +0330] "GET /wso.php HTTP/1.1" 301 795 "https://www.google.fr/" "Mozilla/5.0 (iPhone; CPU iPhone OS 16_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/118.0 Mobile/15E148 Safari/605.1.15" 172.172.100.149 - - [20/Nov/2025:19:24:26 +0330] "GET /sts.php HTTP/1.1" 301 795 "https://www.google.de/" "Mozilla/5.0 (Linux; Android 13; SM-G991U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:26 +0330] "GET /wp-admin/network/index.php HTTP/1.1" 301 795 "https://www.google.co.uk/" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:27 +0330] "GET /1.php HTTP/1.1" 301 795 "https://www.google.fr/" "Mozilla/5.0 (Linux; Android 13; M2101K6G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:27 +0330] "GET /aa.php HTTP/1.1" 301 795 "https://www.yahoo.com/" "Mozilla/5.0 (Linux; Android 12; V2134) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:28 +0330] "GET /about.php HTTP/1.1" 301 795 "https://duckduckgo.com/" "Mozilla/5.0 (Linux; Android 13; SM-G991U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:28 +0330] "GET /admin.php HTTP/1.1" 301 795 "https://www.google.de/" "Mozilla/5.0 (Linux; Android 11; 21081111RG) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:29 +0330] "GET /admin.php?p= HTTP/1.1" 301 795 "https://www.google.co.uk/" "Mozilla/5.0 (Linux; Android 14; Pixel 8 Pro) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:29 +0330] "GET /akc.php?p= HTTP/1.1" 301 795 "https://www.google.com/" "Mozilla/5.0 (Linux; Android 12; V2134) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:29 +0330] "GET /app/webroot/filemanager.php?p= HTTP/1.1" 301 795 "https://duckduckgo.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_0_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0.1 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:24:30 +0330] "GET /asasx.php?p= HTTP/1.1" 301 795 "https://www.google.fr/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:24:30 +0330] "GET /atomlib.php HTTP/1.1" 301 795 "https://www.google.fr/" "Mozilla/5.0 (Linux; Android 12; SM-A525F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:31 +0330] "GET /autoload_classmap.php HTTP/1.1" 301 795 "https://www.bing.com/" "Mozilla/5.0 (iPad; CPU OS 16_7_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:24:31 +0330] "GET /buy.php HTTP/1.1" 301 795 "https://www.google.co.uk/" "Mozilla/5.0 (Linux; Android 11; 21081111RG) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:31 +0330] "GET /chosen.php?p= HTTP/1.1" 301 795 "https://www.google.co.uk/" "Mozilla/5.0 (iPad; CPU OS 17_0_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0.1 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:24:32 +0330] "GET /classwithtostring.php HTTP/1.1" 301 795 "https://duckduckgo.com/" "Mozilla/5.0 (iPad; CPU OS 17_0_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0.1 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:24:32 +0330] "GET /cong.php HTTP/1.1" 301 795 "https://www.yahoo.com/" "Mozilla/5.0 (Linux; Android 13; SM-S908E) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:33 +0330] "GET /default.php HTTP/1.1" 301 795 "https://www.bing.com/" "Mozilla/5.0 (Linux; Android 10; LM-Q720) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:33 +0330] "GET /dropdown.php?p= HTTP/1.1" 301 795 "https://www.bing.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:24:33 +0330] "GET /filemanager/dialog.php HTTP/1.1" 301 795 "https://www.google.fr/" "Mozilla/5.0 (Linux; Android 12; 2201116SG) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:34 +0330] "GET /ioxi-o.php HTTP/1.1" 301 795 "https://www.google.co.uk/" "Mozilla/5.0 (Linux; Android 14; Pixel 8 Pro) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:34 +0330] "GET /item.php HTTP/1.1" 301 795 "https://www.google.de/" "Mozilla/5.0 (Linux; Android 11; CPH2251) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:34 +0330] "GET /makeasmtp.php?p= HTTP/1.1" 301 795 "https://www.bing.com/" "Mozilla/5.0 (Linux; Android 12; V2134) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:35 +0330] "GET /wp-content/uploads/class.api.php HTTP/1.1" 301 795 "https://duckduckgo.com/" "Mozilla/5.0 (Linux; Android 13; SM-G991U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:36 +0330] "GET /abcd.php HTTP/1.1" 301 795 "https://www.google.co.uk/" "Mozilla/5.0 (Linux; Android 14; Pixel 8 Pro) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:36 +0330] "GET /ds.php HTTP/1.1" 301 795 "https://www.yahoo.com/" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:37 +0330] "GET /alfa.php HTTP/1.1" 301 795 "https://www.google.com/" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:37 +0330] "GET /hplfuns.php HTTP/1.1" 301 795 "https://www.bing.com/" "Mozilla/5.0 (iPad; CPU OS 16_7_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:24:38 +0330] "GET /file.php HTTP/1.1" 301 795 "https://duckduckgo.com/" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:38 +0330] "GET /adminfuns.php HTTP/1.1" 301 795 "https://duckduckgo.com/" "Mozilla/5.0 (Linux; Android 13; M2101K6G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:39 +0330] "GET /wp-admin/css/colors/blue/index.php HTTP/1.1" 301 795 "https://www.google.fr/" "Mozilla/5.g (Linux; Android 13; Pixel 7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:39 +0330] "GET /wp-content/index.php HTTP/1.1" 301 795 "https://www.google.de/" "Mozilla/5.0 (iPhone; CPU iPhone OS 16_6_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:24:40 +0330] "GET /wp-content/uploads/index.php HTTP/1.1" 301 795 "https://www.google.co.uk/" "Mozilla/5.g (Linux; Android 13; Pixel 7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:41 +0330] "GET /moon.php HTTP/1.1" 301 795 "https://www.google.fr/" "Mozilla/5.0 (iPhone; CPU iPhone OS 16_6_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:24:41 +0330] "GET /wp-admin/includes HTTP/1.1" 301 795 "https://www.google.co.uk/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/119.0.6045.109 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:24:41 +0330] "GET /goods.php HTTP/1.1" 301 795 "https://www.google.com/" "Mozilla/5.0 (Linux; Android 12; V2134) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:42 +0330] "GET /wp-content/upgrade/index.php HTTP/1.1" 301 795 "https://www.bing.com/" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:42 +0330] "GET /wp-good.php HTTP/1.1" 301 795 "https://www.google.com/" "Mozilla/5.0 (Linux; Android 13; M2101K6G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:43 +0330] "GET /xmrlpc.php HTTP/1.1" 301 795 "https://www.google.de/" "Mozilla/5.0 (Linux; Android 11; CPH2251) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:43 +0330] "GET /info.php HTTP/1.1" 301 795 "https://www.yahoo.com/" "Mozilla/5.g (Linux; Android 13; Pixel 7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:43 +0330] "GET /.__info.php HTTP/1.1" 301 795 "https://www.google.com/" "Mozilla/5.0 (iPad; CPU OS 16_7_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:24:44 +0330] "GET /xmlrpc.php HTTP/1.1" 301 795 "https://duckduckgo.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/119.0.6045.109 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:24:44 +0330] "GET /ALFA_DATA/admin.php HTTP/1.1" 301 795 "https://www.bing.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:24:45 +0330] "GET /aaa.php HTTP/1.1" 301 795 "https://www.bing.com/" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:45 +0330] "GET /admin/admin.php HTTP/1.1" 301 795 "https://www.google.de/" "Mozilla/5.0 (Linux; Android 12; 2201116SG) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:45 +0330] "GET /akcc.php HTTP/1.1" 301 795 "https://www.google.co.uk/" "Mozilla/5.0 (Linux; Android 12; SM-A525F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:46 +0330] "GET /build.php HTTP/1.1" 301 795 "https://duckduckgo.com/" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:46 +0330] "GET /chosen.php HTTP/1.1" 301 795 "https://www.yahoo.com/" "Mozilla/5.0 (Linux; Android 13; M2101K6G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:47 +0330] "GET /filemanager.php HTTP/1.1" 301 795 "https://www.google.de/" "Mozilla/5.0 (Linux; Android 12; 2201116SG) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:47 +0330] "GET /flower.php HTTP/1.1" 301 795 "https://www.bing.com/" "Mozilla/5.0 (Linux; Android 13; SM-S908E) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:47 +0330] "GET /function/function.php HTTP/1.1" 301 795 "https://www.google.de/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/119.0.6045.109 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:24:48 +0330] "GET /images/index.php HTTP/1.1" 301 795 "https://www.yahoo.com/" "Mozilla/5.0 (Linux; Android 10; LM-Q720) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:48 +0330] "GET /images/images/about.php HTTP/1.1" 301 795 "https://www.google.com/" "Mozilla/5.g (Linux; Android 13; Pixel 7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:48 +0330] "GET /mari.php HTTP/1.1" 301 795 "https://www.yahoo.com/" "Mozilla/5.0 (Linux; Android 12; SM-A525F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:49 +0330] "GET /nc4.php HTTP/1.1" 301 795 "https://www.yahoo.com/" "Mozilla/5.0 (Linux; Android 11; 21081111RG) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:49 +0330] "GET /wp-admin/about.php HTTP/1.1" 301 795 "https://www.google.co.uk/" "Mozilla/5.0 (Linux; Android 12; V2134) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:50 +0330] "GET /wp-includes/style-engine/index.php HTTP/1.1" 301 795 "https://www.google.co.uk/" "Mozilla/5.0 (Linux; Android 12; 2201116SG) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:50 +0330] "GET /cgi-bin/ HTTP/1.1" 301 795 "https://www.google.co.uk/" "Mozilla/5.0 (Linux; Android 14; Pixel 8 Pro) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:50 +0330] "GET /xleet.php HTTP/1.1" 301 795 "https://www.google.fr/" "Mozilla/5.0 (iPad; CPU OS 16_7_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:24:51 +0330] "GET /wp-admin/includes/ HTTP/1.1" 301 795 "https://www.bing.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/119.0.6045.109 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:24:51 +0330] "GET /wp-content/uploads/admin.php HTTP/1.1" 301 795 "https://www.google.fr/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_0_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0.1 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:24:52 +0330] "GET /wp-includes/Text/Diff/Renderer/ HTTP/1.1" 301 795 "https://www.google.co.uk/" "Mozilla/5.0 (iPad; CPU OS 16_7_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:24:52 +0330] "GET /wp-includes/style-engine/ HTTP/1.1" 301 795 "https://www.google.de/" "Mozilla/5.0 (iPad; CPU OS 17_0_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0.1 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:24:52 +0330] "GET /asasx.php HTTP/1.1" 301 795 "https://www.google.com/" "Mozilla/5.0 (Linux; Android 12; V2134) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:53 +0330] "GET /file2.php HTTP/1.1" 301 795 "https://www.bing.com/" "Mozilla/5.g (Linux; Android 13; Pixel 7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:53 +0330] "GET /wp-content/plugins/yanierin/akcc.php HTTP/1.1" 301 795 "https://www.google.de/" "Mozilla/5.0 (Linux; Android 13; M2101K6G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:54 +0330] "GET /wp-content/wp-conflg.php HTTP/1.1" 301 795 "https://www.google.co.uk/" "Mozilla/5.0 (iPhone; CPU iPhone OS 15_7_9 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.6.5 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:24:54 +0330] "GET /wp-cron.php HTTP/1.1" 301 795 "https://www.google.co.uk/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/119.0.6045.109 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:24:54 +0330] "GET /wp-includes/IXR/ HTTP/1.1" 301 795 "https://duckduckgo.com/" "Mozilla/5.0 (Linux; Android 12; V2134) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:55 +0330] "GET /wp-includes/block-supports/ HTTP/1.1" 301 795 "https://www.yahoo.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_0_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0.1 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:24:56 +0330] "GET /wp-includes/fonts/ HTTP/1.1" 301 795 "https://www.bing.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_0_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0.1 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:24:56 +0330] "GET /wp-includes/fonts/index.php HTTP/1.1" 301 795 "https://www.google.de/" "Mozilla/5.0 (Linux; Android 12; 2201116SG) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:56 +0330] "GET /wp-includes/js/crop/ HTTP/1.1" 301 795 "https://www.google.co.uk/" "Mozilla/5.0 (iPhone; CPU iPhone OS 16_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/118.0 Mobile/15E148 Safari/605.1.15" 172.172.100.149 - - [20/Nov/2025:19:24:57 +0330] "GET /wp-includes/rest-api/ HTTP/1.1" 301 795 "https://www.yahoo.com/" "Mozilla/5.0 (Linux; Android 13; SM-S908E) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:57 +0330] "GET /wp-includes/widgets/ HTTP/1.1" 301 795 "https://www.google.de/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_0_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0.1 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:24:58 +0330] "GET /f5.php HTTP/1.1" 301 795 "https://www.google.co.uk/" "Mozilla/5.0 (Linux; Android 12; 2201116SG) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:58 +0330] "GET /god4m.php HTTP/1.1" 301 795 "https://duckduckgo.com/" "Mozilla/5.0 (iPad; CPU OS 17_0_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0.1 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:24:58 +0330] "GET /uploads/ HTTP/1.1" 301 795 "https://www.google.fr/" "Mozilla/5.0 (Linux; Android 13; SM-S908E) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:59 +0330] "GET /0.php HTTP/1.1" 301 795 "https://duckduckgo.com/" "Mozilla/5.0 (Linux; Android 13; SM-S908E) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:24:59 +0330] "GET /07.php HTTP/1.1" 301 795 "https://www.google.fr/" "Mozilla/5.0 (iPad; CPU OS 17_0_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0.1 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:25:00 +0330] "GET /dropdown.php HTTP/1.1" 301 795 "https://www.google.co.uk/" "Mozilla/5.0 (Linux; Android 11; CPH2251) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:00 +0330] "GET /makeasmtp.php HTTP/1.1" 301 795 "https://www.google.de/" "Mozilla/5.g (Linux; Android 13; Pixel 7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:00 +0330] "GET /wp-sigunq.php HTTP/1.1" 301 795 "https://duckduckgo.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 15_7_9 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.6.5 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:25:01 +0330] "GET /wso112233.php HTTP/1.1" 301 795 "https://www.yahoo.com/" "Mozilla/5.0 (Linux; Android 12; V2134) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:01 +0330] "GET /alfanew.php HTTP/1.1" 301 795 "https://www.google.de/" "Mozilla/5.0 (Linux; Android 12; SM-A525F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:02 +0330] "GET /fw.php HTTP/1.1" 301 795 "https://www.google.de/" "Mozilla/5.0 (Linux; Android 11; CPH2251) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:02 +0330] "GET /install.php HTTP/1.1" 301 795 "https://www.yahoo.com/" "Mozilla/5.0 (Linux; Android 11; CPH2251) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:02 +0330] "GET /wp-login.php HTTP/1.1" 301 795 "https://www.google.co.uk/" "Mozilla/5.0 (Linux; Android 13; M2101K6G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:03 +0330] "GET /simple.php HTTP/1.1" 301 795 "https://www.bing.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 16_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/118.0 Mobile/15E148 Safari/605.1.15" 172.172.100.149 - - [20/Nov/2025:19:25:03 +0330] "GET /inputs.php HTTP/1.1" 301 795 "https://www.bing.com/" "Mozilla/5.0 (Linux; Android 11; 21081111RG) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:04 +0330] "GET /classsmtps.php HTTP/1.1" 301 795 "https://duckduckgo.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:25:04 +0330] "GET /wp-blog-header.php HTTP/1.1" 301 795 "https://www.google.de/" "Mozilla/5.0 (Linux; Android 11; CPH2251) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:04 +0330] "GET /wp-trackback.php HTTP/1.1" 301 795 "https://www.google.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_0_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0.1 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:25:05 +0330] "GET /wp-signup.php HTTP/1.1" 301 795 "https://www.yahoo.com/" "Mozilla/5.0 (Linux; Android 14; Pixel 8 Pro) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:05 +0330] "GET /wp-comments-post.php HTTP/1.1" 301 795 "https://www.yahoo.com/" "Mozilla/5.0 (Linux; Android 12; 2201116SG) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:05 +0330] "GET /wp-load.php HTTP/1.1" 301 795 "https://www.google.fr/" "Mozilla/5.0 (Linux; Android 14; Pixel 8 Pro) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:06 +0330] "GET /wp-mail.php HTTP/1.1" 301 795 "https://duckduckgo.com/" "Mozilla/5.0 (Linux; Android 13; SM-S908E) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:06 +0330] "GET /wp-activate.php HTTP/1.1" 301 795 "https://www.google.com/" "Mozilla/5.0 (Linux; Android 13; M2101K6G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:07 +0330] "GET /plugins.php HTTP/1.1" 301 795 "https://www.google.com/" "Mozilla/5.0 (Linux; Android 13; SM-S908E) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:07 +0330] "GET /post.php HTTP/1.1" 301 795 "https://www.google.com/" "Mozilla/5.0 (iPad; CPU OS 17_0_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0.1 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:25:07 +0330] "GET /wp-2019.php HTTP/1.1" 301 795 "https://www.yahoo.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/119.0.6045.109 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:25:08 +0330] "GET /geju.php HTTP/1.1" 301 795 "https://www.yahoo.com/" "Mozilla/5.g (Linux; Android 13; Pixel 7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:08 +0330] "GET /wp.php HTTP/1.1" 301 795 "https://www.google.de/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/119.0.6045.109 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:25:09 +0330] "GET /hoot.php HTTP/1.1" 301 795 "https://www.google.de/" "Mozilla/5.g (Linux; Android 13; Pixel 7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:09 +0330] "GET /css.php HTTP/1.1" 301 795 "https://www.yahoo.com/" "Mozilla/5.0 (Linux; Android 14; Pixel 8 Pro) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:09 +0330] "GET /log.php HTTP/1.1" 301 795 "https://www.google.fr/" "Mozilla/5.0 (Linux; Android 12; SM-A525F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:10 +0330] "GET /mail.php HTTP/1.1" 301 795 "https://duckduckgo.com/" "Mozilla/5.0 (Linux; Android 11; 21081111RG) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:10 +0330] "GET /bak.php HTTP/1.1" 301 795 "https://duckduckgo.com/" "Mozilla/5.0 (iPad; CPU OS 17_0_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0.1 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:25:10 +0330] "GET /content.php HTTP/1.1" 301 795 "https://www.bing.com/" "Mozilla/5.0 (Linux; Android 11; 21081111RG) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:11 +0330] "GET /upfile.php HTTP/1.1" 301 795 "https://www.google.com/" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:11 +0330] "GET /wp-conflg.php HTTP/1.1" 301 795 "https://www.google.fr/" "Mozilla/5.0 (Linux; Android 11; CPH2251) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:12 +0330] "GET /bypass.php HTTP/1.1" 301 795 "https://www.google.co.uk/" "Mozilla/5.0 (Linux; Android 13; SM-G991U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:12 +0330] "GET /404.php HTTP/1.1" 301 795 "https://www.google.co.uk/" "Mozilla/5.g (Linux; Android 13; Pixel 7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:13 +0330] "GET /updates.php HTTP/1.1" 301 795 "https://www.google.de/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/119.0.6045.109 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:25:13 +0330] "GET /radio.php HTTP/1.1" 301 795 "https://www.google.co.uk/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:25:14 +0330] "GET /ae.php HTTP/1.1" 301 795 "https://www.google.de/" "Mozilla/5.0 (Linux; Android 11; 21081111RG) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:14 +0330] "GET /blog.php HTTP/1.1" 301 795 "https://www.google.co.uk/" "Mozilla/5.0 (Linux; Android 12; V2134) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:14 +0330] "GET /themes.php HTTP/1.1" 301 795 "https://duckduckgo.com/" "Mozilla/5.0 (Linux; Android 12; 2201116SG) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:16 +0330] "GET /ini.php HTTP/1.1" 301 795 "https://www.yahoo.com/" "Mozilla/5.0 (Linux; Android 12; 2201116SG) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:16 +0330] "GET /as.php HTTP/1.1" 301 795 "https://www.google.com/" "Mozilla/5.0 (Linux; Android 12; V2134) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:17 +0330] "GET /shell.php HTTP/1.1" 301 795 "https://www.google.co.uk/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/119.0.6045.109 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:25:17 +0330] "GET /ws.php HTTP/1.1" 301 795 "https://www.google.de/" "Mozilla/5.0 (Linux; Android 13; SM-G991U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:18 +0330] "GET /123.php HTTP/1.1" 301 795 "https://www.google.co.uk/" "Mozilla/5.0 (Linux; Android 11; 21081111RG) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:18 +0330] "GET /9.php HTTP/1.1" 301 795 "https://duckduckgo.com/" "Mozilla/5.0 (Linux; Android 12; 2201116SG) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:19 +0330] "GET /admin-ajax.php HTTP/1.1" 301 795 "https://www.google.fr/" "Mozilla/5.0 (iPad; CPU OS 17_0_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0.1 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:25:19 +0330] "GET /akc.php HTTP/1.1" 301 795 "https://www.yahoo.com/" "Mozilla/5.g (Linux; Android 13; Pixel 7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:19 +0330] "GET /asd.php HTTP/1.1" 301 795 "https://www.bing.com/" "Mozilla/5.0 (Linux; Android 12; V2134) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:20 +0330] "GET /axx.php HTTP/1.1" 301 795 "https://www.yahoo.com/" "Mozilla/5.0 (Linux; Android 13; SM-G991U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:20 +0330] "GET /berax.php HTTP/1.1" 301 795 "https://www.google.fr/" "Mozilla/5.0 (Linux; Android 12; V2134) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:21 +0330] "GET /checkbox.php HTTP/1.1" 301 795 "https://duckduckgo.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:25:21 +0330] "GET /file4.php HTTP/1.1" 301 795 "https://www.bing.com/" "Mozilla/5.0 (Linux; Android 11; 21081111RG) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:21 +0330] "GET /form.php HTTP/1.1" 301 795 "https://www.google.com/" "Mozilla/5.0 (Linux; Android 13; SM-S908E) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:22 +0330] "GET /gecko.php HTTP/1.1" 301 795 "https://duckduckgo.com/" "Mozilla/5.0 (Linux; Android 13; SM-G991U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:22 +0330] "GET /kyami.php HTTP/1.1" 301 795 "https://www.google.de/" "Mozilla/5.g (Linux; Android 13; Pixel 7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36" 172.172.100.149 - - [20/Nov/2025:19:25:22 +0330] "GET /manager.php HTTP/1.1" 301 795 "https://www.yahoo.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_0_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0.1 Mobile/15E148 Safari/604.1" 172.172.100.149 - - [20/Nov/2025:19:25:23 +0330] "GET /wp-admin.php HTTP/1.1" 301 795 "https://www.bing.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 16_6_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Mobile/15E148 Safari/604.1" 141.98.11.132 - - [20/Nov/2025:19:38:48 +0330] "GET /wp-login.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 141.98.11.132 - - [20/Nov/2025:19:38:48 +0330] "GET /wp-admin/ HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" 141.98.11.132 - - [20/Nov/2025:19:38:48 +0330] "GET /login HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 141.98.11.132 - - [20/Nov/2025:19:38:48 +0330] "GET /admin HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 141.98.11.132 - - [20/Nov/2025:19:38:48 +0330] "GET /wp-login HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 141.98.11.132 - - [20/Nov/2025:19:38:49 +0330] "GET /wordpress/wp-login.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0" 141.98.11.132 - - [20/Nov/2025:19:38:49 +0330] "GET /blog/wp-login.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0" 141.98.11.132 - - [20/Nov/2025:19:38:49 +0330] "GET /wp/wp-login.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" 141.98.11.132 - - [20/Nov/2025:19:38:49 +0330] "GET /cms/wp-login.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0" 23.146.240.24 - - [20/Nov/2025:19:50:23 +0330] "GET /.env HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:19:50 +0330] "GET /wp-content/plugins/google-seo-rank/module.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.107 Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:20:07 +0330] "GET /themes.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.107 Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:20:07 +0330] "GET /admin.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.107 Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:20:18 +0330] "GET /admin.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.107 Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:20:27 +0330] "GET /wp-content/plugins/google-seo-rank/module.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.107 Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:20:30 +0330] "GET /log-mama/function.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.107 Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:21:32 +0330] "GET /admin.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.107 Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:21:40 +0330] "GET /admin.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.107 Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:22:31 +0330] "GET /file.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:22:37 +0330] "GET /wp-content/plugins/hanau/akc.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:22:39 +0330] "GET /aw.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:22:45 +0330] "GET /wp-content/plugins/deu/ms.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:22:49 +0330] "GET /wp-content/plugins/view-ad/ms.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:23:52 +0330] "GET /504.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:24:20 +0330] "GET /wp-content/plugins/work-list/lang.php HTTP/1.1" 301 795 "www.google.com" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:24:22 +0330] "GET /wp-content/plugins/fix/up.php HTTP/1.1" 301 795 "www.google.com" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:20:17 +0330] "GET /first.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.107 Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:20:31 +0330] "GET /bk/index.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.107 Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:21:30 +0330] "GET /themes.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.107 Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:21:39 +0330] "GET /first.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.107 Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:22:05 +0330] "GET /log-mama/function.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.107 Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:22:06 +0330] "GET /bk/index.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.107 Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:22:28 +0330] "GET /ioxi-o.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:22:29 +0330] "GET /file17.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:22:36 +0330] "GET /wp-content/akp.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:22:41 +0330] "GET /wp-content/plugins/geu/geu.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:23:29 +0330] "GET /Mshell.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:25:38 +0330] "GET /ioxi-o.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:25:44 +0330] "GET /file.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:25:53 +0330] "GET /aw.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:26:00 +0330] "GET /.well-known/pki-validation/atomlib.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:26:03 +0330] "GET /chosen.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:26:16 +0330] "GET /wp-admin/css/colors/blue/atomlib.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:25:42 +0330] "GET /file17.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:25:48 +0330] "GET /wp-content/akp.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:25:50 +0330] "GET /wp-content/plugins/hanau/akc.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:25:54 +0330] "GET /wp-content/plugins/geu/geu.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:25:56 +0330] "GET /wp-content/plugins/deu/ms.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:25:57 +0330] "GET /wp-content/plugins/view-ad/ms.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:25:57 +0330] "GET /Mshell.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:26:25 +0330] "GET /.well-known/acme-challenge/atomlib.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:26:36 +0330] "GET /.well-known/acme-challenge/atomlib.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:26:40 +0330] "GET /wp-content/plugins/fix/up.php HTTP/1.1" 301 795 "www.google.com" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:29:13 +0330] "GET /chosen.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:29:19 +0330] "GET /.well-known/pki-validation/atomlib.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:29:24 +0330] "GET /wp-admin/css/colors/blue/atomlib.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:29:32 +0330] "GET /.well-known/acme-challenge/atomlib.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:26:26 +0330] "GET /wp-includes/Requests/atomlib.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:26:38 +0330] "GET /wp-content/plugins/work-list/lang.php HTTP/1.1" 301 795 "www.google.com" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:26:54 +0330] "GET /504.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:29:21 +0330] "GET /.well-known/acme-challenge/atomlib.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:29:28 +0330] "GET /wp-includes/Requests/atomlib.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:32:19 +0330] "GET /wp-includes/rest-api/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:32:21 +0330] "GET /wp-content/languages/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:32:25 +0330] "GET /wp-includes/Text/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:32:26 +0330] "GET /wp-includes/css/dist/niil.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:32:32 +0330] "GET /ws.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:32:34 +0330] "GET /wp-includes/css/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:32:36 +0330] "GET /cgi-bin/wp-login.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:32:37 +0330] "GET /wp-content/cong.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:32:39 +0330] "GET /wp-admin/classwithtostring.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:32:41 +0330] "GET /wp-includes/images/wp-login.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:32:45 +0330] "GET /wp-content/radio.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:32:47 +0330] "GET /wp-admin/dropdown.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:32:49 +0330] "GET /login.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:32:50 +0330] "GET /hehehehe.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:32:52 +0330] "GET /simple.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:32:54 +0330] "GET /wp-includes/fonts/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:32:23 +0330] "GET /wp-content/banners/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:32:28 +0330] "GET /asd.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:32:30 +0330] "GET /1.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:32:42 +0330] "GET /wp-includes/Requests/network.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:32:55 +0330] "GET /wp-content/admin.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:33:07 +0330] "GET /content.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:33:09 +0330] "GET /.well-known/acme-challenge/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:33:11 +0330] "GET /goat.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:33:14 +0330] "GET /.well-known/acme-challenge/admin.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:33:15 +0330] "GET /wp-content/uploads/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:33:19 +0330] "GET /dropdown.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:33:24 +0330] "GET /radio.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:33:31 +0330] "GET /install.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:33:32 +0330] "GET /wp-content/x/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:33:34 +0330] "GET /wp-includes/Requests/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:33:36 +0330] "GET /wp-admin/includes/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:32:58 +0330] "GET /xmlrpc.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:33:00 +0330] "GET /atomlib.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:33:03 +0330] "GET /lv.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:33:05 +0330] "GET /wp-includes/Text/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:33:17 +0330] "GET /wp-admin/maint/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:33:21 +0330] "GET /sad/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:33:26 +0330] "GET /wp-admin/admin.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:33:27 +0330] "GET /wp-includes/IXR/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:33:29 +0330] "GET /classwithtostring.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:33:38 +0330] "GET /wp-login.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:33:40 +0330] "GET /wp-includes/js/jcrop/Jcrop.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:33:42 +0330] "GET /wp-admin/images/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:33:44 +0330] "GET /wp-includes/ID3/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:33:46 +0330] "GET /wp-admin.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:33:53 +0330] "GET /.well-known/content.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:33:55 +0330] "GET /cong.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:33:48 +0330] "GET /wp-includes/assets/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:33:49 +0330] "GET /lock.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:33:52 +0330] "GET /index/function.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:34:01 +0330] "GET /about/function.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:34:07 +0330] "GET /wp-content/themes/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:34:11 +0330] "GET /wp-includes/autoload_classmap.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:34:13 +0330] "GET /themes.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:34:22 +0330] "GET /admin.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:34:24 +0330] "GET /wp-includes/content.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:34:26 +0330] "GET /wp-admin/css/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:34:32 +0330] "GET /wp-includes/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:34:35 +0330] "GET /mah.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:34:41 +0330] "GET /wp-content/plugins/ioxi/alfa-ioxi.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:34:43 +0330] "GET /wp-admin/user/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:34:46 +0330] "GET /wp-includes/plugins.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:34:47 +0330] "GET /wp-includes/js/thickbox/thickbox.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:33:56 +0330] "GET /wp-includes/js/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:33:58 +0330] "GET /wp-content/plugins/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:33:59 +0330] "GET /wp-content/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:34:02 +0330] "GET /wp-includes/customize/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:34:04 +0330] "GET /wp-admin/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:34:09 +0330] "GET /about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:34:15 +0330] "GET /wp-mail.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:34:17 +0330] "GET /cgi-bin/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:34:20 +0330] "GET /wp-content/plugins/admin.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:34:30 +0330] "GET /wp-admin/images/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:34:34 +0330] "GET /wp-content/uploads/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:34:38 +0330] "GET /wp-blog-header.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:34:51 +0330] "GET /wp-includes/certificates/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:34:53 +0330] "GET /.well-known/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:34:55 +0330] "GET /wp-admin/network/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:34:59 +0330] "GET /.well-knownold/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:34:49 +0330] "GET /goat1.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:34:57 +0330] "GET /wp-includes/sitemaps/providers/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:35:03 +0330] "GET /wp-includes/Text/Diff/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:35:07 +0330] "GET /wp-includes/widgets/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:35:14 +0330] "GET /wp-includes/pomo/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:35:48 +0330] "GET /xl2023.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:35:54 +0330] "GET /xl2023x.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:36:00 +0330] "GET /xxl.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:36:05 +0330] "GET /x.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:36:17 +0330] "GET /wp-admin/xl2023.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:36:37 +0330] "GET /wp-admin/includes/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:36:56 +0330] "GET /images/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:37:02 +0330] "GET /wp-admin/user/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:37:20 +0330] "GET /wp-admin/images/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:37:26 +0330] "GET /.well-known/pki-validation/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:37:36 +0330] "GET /admin-heade.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:35:01 +0330] "GET /wp-includes/js/crop/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:35:05 +0330] "GET /images/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:35:10 +0330] "GET /.well-known/pki-validation/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:35:11 +0330] "GET /.well-known/acme-challenge/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:35:13 +0330] "GET /wp-includes/rest-api/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:35:42 +0330] "GET /xleet.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:36:10 +0330] "GET /xl.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:36:23 +0330] "GET /wp-includes/xl2023.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:36:31 +0330] "GET /.well-known/acme-challenge/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:36:43 +0330] "GET /wp-admin/maint/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:36:49 +0330] "GET /wp-content/upgrade/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:37:06 +0330] "GET /wp-admin/js/widgets/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:37:14 +0330] "GET /wp-admin/network/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:37:31 +0330] "GET /xleet-shell.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:37:54 +0330] "GET /wp-content/xl2023.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:05 +0330] "GET /wp-content/themes/pridmag/db.php?u HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:05 +0330] "GET /wp-content/plugins/linkpreview/db.php?u HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:06 +0330] "GET /wp-content/themes/gaukingo/db.php?u HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:07 +0330] "GET /wp-content/plugins/seoplugins/db.php?u HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:10 +0330] "GET /wp-content/plugins/wp-file-manager/lib/files/a57bze8931.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:11 +0330] "GET /wp-content/plugins/wp-file-manager/lib/files/abruzi.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:12 +0330] "GET /wp-content/plugins/wp-file-manager/lib/files/king.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:12 +0330] "GET /wp-content/plugins/wp-file-manager/lib/files/xo.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:14 +0330] "GET /wp-content/plugins/superstorefinder-wp/ssf-wp-admin/pages/SSF_WP_UPLOADS_PATH/csv/import/abruzi.php4 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:15 +0330] "GET /wp-content/plugins/superstorefinder-wp/ssf-wp-admin/pages/SSF_WP_UPLOADS_PATH/csv/import/a57bze8931.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:17 +0330] "GET /wp-content/plugins/formcraft/file-upload/server/php/files/king.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:18 +0330] "GET /wp-content/plugins/formcraft/file-upload/server/php/files/abruzi.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:19 +0330] "GET /wp-content/plugins/formcraft/file-upload/server/php/files/xo.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:37:43 +0330] "GET /cgi-bin/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:37:48 +0330] "GET /wp-content/xl2023.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:37:59 +0330] "GET /iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:38:05 +0330] "GET /wp-content/uploads/xl2023.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:04 +0330] "GET /wp-content/themes/seotheme/db.php?u HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:07 +0330] "GET /wp-content/plugins/ioptimization/IOptimize.php?rchk HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:08 +0330] "GET /wp-content/plugins/ioptimizations/IOptimizes.php?hamlorszd HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:09 +0330] "GET /wp-content/uploads/wp_live_chat/abruzi.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:11 +0330] "GET /wp-content/plugins/wp-file-manager/lib/files/abruzi.php4 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:13 +0330] "GET /wp-content/plugins/superstorefinder-wp/ssf-wp-admin/pages/SSF_WP_UPLOADS_PATH/csv/import/king.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:14 +0330] "GET /wp-content/plugins/superstorefinder-wp/ssf-wp-admin/pages/SSF_WP_UPLOADS_PATH/csv/import/xo.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:16 +0330] "GET /wp-content/plugins/superstorefinder-wp/ssf-wp-admin/pages/SSF_WP_UPLOADS_PATH/csv/import/abruzi.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:16 +0330] "GET /wp-content/plugins/formcraft/file-upload/server/php/files/abruzi.php4 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:19 +0330] "GET /wp-content/plugins/ioptimization/king.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:21 +0330] "GET /wp-content/plugins/ioptimization/abruzi.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:21 +0330] "GET /wp-content/plugins/ioptimization/abruzi.php4 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:22 +0330] "GET /wp-content/plugins/apikey/king.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:23 +0330] "GET /wp-content/plugins/apikey/xo.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:25 +0330] "GET /wp-content/plugins/ioptimizations/xo.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:28 +0330] "GET /abruzi.php4 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:29 +0330] "GET /wp-content/plugins/dzs-zoomsounds/king HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:31 +0330] "GET /wp-content/plugins/dzs-zoomsounds/abruzi.php4 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:33 +0330] "GET /king.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:33 +0330] "GET /a57bze8931.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:34 +0330] "GET /wp-content/uploads/typehub/custom/a57bze8931/.__a57bze8931.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:35 +0330] "GET /wp-content/plugins/wp-engine-module/a57bze8931.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:36 +0330] "GET /wp-content/plugins/ioptimizations/a57bze8931.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:20 +0330] "GET /wp-content/plugins/ioptimization/xo.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:23 +0330] "GET /wp-content/plugins/apikey/abruzi.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:24 +0330] "GET /wp-content/plugins/apikey/abruzi.php4 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:25 +0330] "GET /wp-content/plugins/ioptimizations/king.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:26 +0330] "GET /wp-content/plugins/ioptimizations/abruzi.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:27 +0330] "GET /wp-content/plugins/ioptimizations/abruzi.php4 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:27 +0330] "GET /abruzi.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:29 +0330] "GET /wp-content/plugins/dzs-zoomsounds/xo.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:30 +0330] "GET /wp-content/plugins/dzs-zoomsounds/abruzi.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:32 +0330] "GET /xo.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:35 +0330] "GET /wp-content/uploads/kaswara/fonts_icon/a57bze8931/.__a57bze8931.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:39 +0330] "GET /wp-content/plugins/dzs-zoomsounds/savepng.php?location=a57bze8931.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:40 +0330] "GET /wp-content/plugins/cherry-plugin/admin/import-export/a57bze8931.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:42 +0330] "GET /wp-admin/x.php?action=768776e296b6f286f26796e2a72607e2972647 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:37 +0330] "GET /wp-content/plugins/ioptimization/a57bze8931.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:37 +0330] "GET /wp-content/plugins/gatewayapi/inc/a57bze8931.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:39 +0330] "GET /wp-content/plugins/formcraft/file-upload/server/php/files/a57bze8931.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:41 +0330] "GET /wp-content/plugins/apikey/a57bze8931.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:41 +0330] "GET /wp-content/plugins/dzs-zoomsounds/a57bze8931.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:42 +0330] "GET /wp-content/plugins/anttt/simple.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:44 +0330] "GET /modules/mod_simplefileuploadv1.3/elements/i8HQoK6nR.php?action=768776e296b6f286f26796e2a72607e2972647 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:47 +0330] "GET /alfacgiapi/database.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:48 +0330] "GET /wp-includes/database.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:49 +0330] "GET /style.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:51 +0330] "GET /wp-includes/style.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:53 +0330] "GET /simple.php?p=2f686f6d652f7074317464616379696b39722f7075626c69635f68746d6c&tod=6370726573 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:54 +0330] "GET /wp-includes/wp-22.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:55 +0330] "GET /wp-22.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:43 +0330] "GET /.well-known/pki-validation/ssl.php?xsec=blocker HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:44 +0330] "GET /wp-admin/css/colors/blue/uploader.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:45 +0330] "GET /ALFA_DATA/alfacgiapi/database.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:46 +0330] "GET /database.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:46 +0330] "GET /wp-admin/database.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:48 +0330] "GET /wp-content/database.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:50 +0330] "GET /wp-admin/style.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:50 +0330] "GET /wp-content/style.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:52 +0330] "GET /jamal.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:53 +0330] "GET /wp-content/plugins/ubh/up.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:57 +0330] "GET /wp-admin/xl2023.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:59 +0330] "GET /wp-admin/xl2023.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:00 +0330] "GET /wp-content/xl2023.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:00 +0330] "GET /wp-includes/xl2023.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:02 +0330] "GET /wp-content/xleet-shell.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:55 +0330] "GET /wp-content/wp-22.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:56 +0330] "GET /wp-admin/wp-22.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:58 +0330] "GET /.seo.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:39:58 +0330] "GET /xl2023.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:01 +0330] "GET /xleet-shell.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:02 +0330] "GET /wp-admin/xleet-shell.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:06 +0330] "GET /wp-content/index.php?3x=3x HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:08 +0330] "GET /css/colors/blue/ioxi-rex.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:10 +0330] "GET /wp-content/plugins/prenota/alpha.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:10 +0330] "GET /wp-content/wp-links.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:12 +0330] "GET /wp-admin/css/colors/blue/atomlib.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:13 +0330] "GET /.well-known/acme-challenge/atomlib.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:14 +0330] "GET /wp-content/themes/seotheme/mar.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:15 +0330] "GET /mar.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:17 +0330] "GET /wp-content/plugins/hellopress/wp_mna.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:03 +0330] "GET /wp-includes/xleet-shell.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:04 +0330] "GET /index.php?3x=3x HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:04 +0330] "GET /3x.php?3x=3x HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:05 +0330] "GET /wp-admin/index.php?3x=3x HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:06 +0330] "GET /wp-includes/index.php?3x=3x HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:07 +0330] "GET /wp-content/themes/wp.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:08 +0330] "GET /wp-admin/css/colors/blue/ioxi-rex.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:09 +0330] "GET /wp-content/themes/alera/alpha.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:11 +0330] "GET /.well-known/pki-validation/atomlib.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:13 +0330] "GET /wp-includes/Requests/atomlib.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:15 +0330] "GET /wp-content/plugins/seoplugins/mar.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:16 +0330] "GET /marijuana.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:19 +0330] "GET /wp-content/repeater.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:21 +0330] "GET /wp-admin/css/index.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:25 +0330] "GET /wp-includes/IXR/wp-login.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:17 +0330] "GET /wp-admin/css/colors/coffee/index.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:18 +0330] "GET /repeater.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:19 +0330] "GET /wp-admin/repeater.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:20 +0330] "GET /wp-includes/repeater.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:21 +0330] "GET /wp-includes/js/tinymce/plugins/compat3x/css/index.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:22 +0330] "GET /wp-content/updates.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:23 +0330] "GET /wp-admin/maint/wp-login.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:23 +0330] "GET /wp-content/languages/wp-login.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:24 +0330] "GET /wp-includes/fonts/wp-login.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:25 +0330] "GET /wp-content/admin.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:26 +0330] "GET /wp-admin/user/wp-login.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:27 +0330] "GET /wp-admin/includes/wp-login.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:28 +0330] "GET /wp-admin/css/wp-login.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:29 +0330] "GET /wp-includes/pomo/wp-login.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:32 +0330] "GET /wp-content/plugins/revslider/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:32 +0330] "GET /wp-includes/Requests/Text/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:33 +0330] "GET /.well-known/pki-validation/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:34 +0330] "GET /wp-content/plugins/proxy/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:36 +0330] "GET /wp-content/plugins/tex/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:36 +0330] "GET /wp-admin/maint/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:37 +0330] "GET /wp-content/plugins/fox/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:38 +0330] "GET /wp-content/plugins/seofile/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:38 +0330] "GET /wp-content/plugins/project/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:39 +0330] "GET /wp-content/plugins/press/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:39 +0330] "GET /wp-content/plugins/cache/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:40 +0330] "GET /wp-content/plugins/login/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:43 +0330] "GET /wp-content/plugins/editor/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:46 +0330] "GET /adminfuns.php7 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:30 +0330] "GET /wp-admin/network/wp-login.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:30 +0330] "GET /ioxi-rex3.php7 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:31 +0330] "GET /pm.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:34 +0330] "GET /wp-content/plugins/fix/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:35 +0330] "GET /wp-content/plugins/envato/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:41 +0330] "GET /wp-content/plugins/file-edit/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:41 +0330] "GET /wp-content/plugins/project/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:42 +0330] "GET /wp-content/plugins/casper/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:43 +0330] "GET /wp-includes/random_compat/about.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:44 +0330] "GET /404.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:45 +0330] "GET /wp-content/themes/finley/min.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:47 +0330] "GET /ebs.php7 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:48 +0330] "GET /alfanew2.php7 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:49 +0330] "GET /alfa-rex2.php7 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:49 +0330] "GET /about.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:52 +0330] "GET /admin-post.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:54 +0330] "GET /cache-compat.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:54 +0330] "GET /ajax-actions.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:55 +0330] "GET /wp-admin/ajax-actions.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:56 +0330] "GET /yanz.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:57 +0330] "GET /wp-admin/js/about.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:57 +0330] "GET /wp-content/plugins/seoo/wsoyanz.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:59 +0330] "GET /wsoyanz.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:01 +0330] "GET /wp-content/plugins/seoo/alfa-ioxi.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:01 +0330] "GET /wp-content/plugins/classic-editor/wp-login.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:03 +0330] "GET /wp-includes/themes.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:03 +0330] "GET /wp-head.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:04 +0330] "GET /wp-admin/css/colors/blue/ioxi1.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:05 +0330] "GET /wp-content/themes/about.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:07 +0330] "GET /alfanew.php7 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:47 +0330] "GET /ws.php7 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:50 +0330] "GET /admin.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:51 +0330] "GET /about.php7 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:51 +0330] "GET /wp-consar.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:53 +0330] "GET /wp-admin/maint/maint/ajax-actions.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:53 +0330] "GET /wp-content/plugins/seoo/wsoyanz1.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:58 +0330] "GET /wp-p.php7 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:40:59 +0330] "GET /alfanew.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:00 +0330] "GET /ioxi-rex4.php7 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:02 +0330] "GET /wp-admin/css/index.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:05 +0330] "GET /wp-admin/css/index.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:06 +0330] "GET /wp-includes/certificates/about.php7 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:07 +0330] "GET /wp-includes/rest-api/wp-login.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:08 +0330] "GET /images/alfa-rex.php7 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:09 +0330] "GET /wp-content/plugins/Cache/Cache.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:09 +0330] "GET /repeater.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:11 +0330] "GET /wp-includes/repeater.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:12 +0330] "GET /alfa-rex.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:14 +0330] "GET /wp-admin/dropdown.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:15 +0330] "GET /wp-content/dropdown.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:16 +0330] "GET /wp-includes/dropdown.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:16 +0330] "GET /wp-admin/js/widgets/about.php7 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:18 +0330] "GET /wp-admin/user/xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:19 +0330] "GET /well.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:20 +0330] "GET /.well-known/pki-validation/xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:21 +0330] "GET /.well-known/acme-challenge/xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:23 +0330] "GET /xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:23 +0330] "GET /cgi-bin/xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:24 +0330] "GET /css/xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:25 +0330] "GET /wp-admin/user/xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:10 +0330] "GET /wp-admin/repeater.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:11 +0330] "GET /wp-content/repeater.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:13 +0330] "GET /alfa-rex.php7 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:14 +0330] "GET /dropdown.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:17 +0330] "GET /wp-admin/js/widgets/about.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:18 +0330] "GET /style.php?sig=update&domain=51.79.124.111 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:20 +0330] "GET /wp-includes/js/tinymce/skins/lightgray/img/index.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:22 +0330] "GET /wp-admin/network/xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:27 +0330] "GET /wp-admin/images/xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:29 +0330] "GET /wp-admin/css/colors/xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:29 +0330] "GET /wp-admin/includes/xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:31 +0330] "GET /wp-apxupx.php?apx=upx HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:32 +0330] "GET /wp-content/plugins/wordpresss3cll/includes.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:35 +0330] "GET /.well-known/acme-challenge/index.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:25 +0330] "GET /img/xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:26 +0330] "GET /wp-admin/css/colors/coffee/xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:27 +0330] "GET /images/xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:28 +0330] "GET /wp-admin/js/widgets/xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:30 +0330] "GET /wp-admin/css/colors/blue/xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:31 +0330] "GET /wp-admin/xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:33 +0330] "GET /403.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:33 +0330] "GET /wp-content/themes/intense/block-css.php?mode=upload HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:34 +0330] "GET /.well-known/index.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:43:37 +0330] "GET /.well-known/pki-validation/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:43:40 +0330] "GET /cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:43:44 +0330] "GET /wp-admin/css/colors/coffee/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:43:45 +0330] "GET /wp-admin/images/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:43:46 +0330] "GET /images/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:43:52 +0330] "GET /wp-login.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:41:35 +0330] "GET /wp-content/themes/wp-pridmag/up.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:43:38 +0330] "GET /.well-known/acme-challenge/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:43:39 +0330] "GET /wp-admin/network/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:43:41 +0330] "GET /cgi-bin/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:43:42 +0330] "GET /css/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:43:43 +0330] "GET /wp-admin/user/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:43:43 +0330] "GET /img/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:43:47 +0330] "GET /wp-admin/js/widgets/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:43:48 +0330] "GET /wp-admin/css/colors/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:43:49 +0330] "GET /wp-admin/includes/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:43:50 +0330] "GET /wp-admin/css/colors/blue/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:43:51 +0330] "GET /wp-admin/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:43:52 +0330] "GET /wp-cron.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:43:54 +0330] "GET /revision.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:43:56 +0330] "GET /wso-x569.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:43:57 +0330] "GET /fm1.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:43:58 +0330] "GET /4price3.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:00 +0330] "GET /wp-admin/css/colors/blue/ioxi1.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:03 +0330] "GET /wp-content/style-css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:06 +0330] "GET /404.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:06 +0330] "GET /wp-content/themes/twenty/twenty.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:08 +0330] "GET /.well-known/acme-challenge/bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:13 +0330] "GET /wp-content/bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:14 +0330] "GET /wp-includes/bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:16 +0330] "GET /wp-content/themes/bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:17 +0330] "GET /.well-known/bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:18 +0330] "GET /wp-content/themes/shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:19 +0330] "GET /wp-admin/shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:19 +0330] "GET /wp-includes/shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:20 +0330] "GET /wp-content/shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:43:53 +0330] "GET /wp-admin/about.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:43:55 +0330] "GET /max.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:43:59 +0330] "GET /ioxi-rex.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:01 +0330] "GET /ioxi2.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:02 +0330] "GET /wp-includes/js/js.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:04 +0330] "GET /million.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:05 +0330] "GET /4pric.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:07 +0330] "GET /.well-knownold/bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:09 +0330] "GET /.well-known/pkivalidation/bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:10 +0330] "GET /wp-content/plugins/bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:11 +0330] "GET /wp-content/uploads/bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:15 +0330] "GET /wp-admin/bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:22 +0330] "GET /wp-content/plugins/shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:23 +0330] "GET /.well-known/pkivalidation/shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:24 +0330] "GET /.well-known/acme-challenge/shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:21 +0330] "GET /wp-content/uploads/shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:25 +0330] "GET /.well-knownold/shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:30 +0330] "GET /wp-content/uploads/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:32 +0330] "GET /.well-known/pkivalidation/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:34 +0330] "GET /.well-knownold/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:35 +0330] "GET /wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:37 +0330] "GET /about.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:38 +0330] "GET /wp-content/plugins/wordpress-three/miin.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:40 +0330] "GET /wp-load.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:43 +0330] "GET /wp-content/themes/hello-element/footer.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:45 +0330] "GET /edit-form.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:46 +0330] "GET /wp-includes/class-wp-recovery-mode-cookiie-service.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:49 +0330] "GET /images/jinx.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:49 +0330] "GET /images/batm.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:51 +0330] "GET /wp-class.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:26 +0330] "GET /.well-known/shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:27 +0330] "GET /wp-content/themes/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:28 +0330] "GET /wp-admin/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:29 +0330] "GET /wp-includes/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:29 +0330] "GET /wp-content/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:31 +0330] "GET /wp-content/plugins/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:33 +0330] "GET /.well-known/acme-challenge/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:36 +0330] "GET /.well-known/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:38 +0330] "GET /index.php?3x=3x HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:41 +0330] "GET /wp-content/plugins/wp-daft/miin.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:41 +0330] "GET /css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:42 +0330] "GET /wp-content/plugins/column/miin.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:47 +0330] "GET /wp-includes/class-wp-upgrade.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:48 +0330] "GET /images/horuxshell2.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:53 +0330] "GET /wp-content/plugins/TOPXOH/wDR.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:55 +0330] "GET /radio.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:56 +0330] "GET /wp-includes/wp-class.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:57 +0330] "GET /xltavrat.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:59 +0330] "GET /wp-admin/maint/wso.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:02 +0330] "GET /wp-admin/css/fw.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:03 +0330] "GET /images/fw.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:03 +0330] "GET /ALFA_DATA/alfacgiapi/fw.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:05 +0330] "GET /wp-includes/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:06 +0330] "GET /wp-admin/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:08 +0330] "GET /cgi-bin/wp-2019.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:09 +0330] "GET /ALFA_DATA/wp-2019.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:11 +0330] "GET /wp-includes/wp-2019.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:12 +0330] "GET /wp-admin/wp-2019.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:13 +0330] "GET /wp-content/wp-2019.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:15 +0330] "GET /images/wp-2019.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:51 +0330] "GET /wp-content/plugins/sid/sidwso.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:52 +0330] "GET /libraries/phpmailer/updates.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:54 +0330] "GET /batm.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:44:58 +0330] "GET /wp-commentin.php?pass=f0aab4595a024d626315fb786dce8282 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:00 +0330] "GET /wp-admin/css/wso.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:01 +0330] "GET /images/wso.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:04 +0330] "GET /wp-content/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:07 +0330] "GET /wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:10 +0330] "GET /.well-known/wp-2019.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:14 +0330] "GET /wp-2019.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:18 +0330] "GET /wp-admin/wp-atom.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:19 +0330] "GET /bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:20 +0330] "GET /ws.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:21 +0330] "GET /ws.php7 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:22 +0330] "GET /shell.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:16 +0330] "GET /wp-includes/wp-atom.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:16 +0330] "GET /wp-content/wp-atom.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:17 +0330] "GET /wp-atom.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:24 +0330] "GET /shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:26 +0330] "GET /wso.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:27 +0330] "GET /wp-admin/wso.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:28 +0330] "GET /wp-content/wso.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:28 +0330] "GET /wp-includes/wso.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:29 +0330] "GET /wp-content/fw.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:31 +0330] "GET /wp-admin/fw.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:33 +0330] "GET /wp-content/class.api.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:34 +0330] "GET /class.api.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:35 +0330] "GET /simple.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:36 +0330] "GET /wp-content/updates.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:41 +0330] "GET /wp-content/plugins/ango/sett.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:23 +0330] "GET /shells.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:25 +0330] "GET /fw.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:30 +0330] "GET /wp-includes/fw.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:32 +0330] "GET /wp-admin/includes/class.api.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:37 +0330] "GET /site/rindex.php?action=add HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:38 +0330] "GET /wp/rindex.php?action=add HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:39 +0330] "GET /blog/rindex.php?action=add HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:40 +0330] "GET /rindex.php?action=add HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:42 +0330] "GET /wp-content/cong.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:43 +0330] "GET /wp-includes/fonts/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:45 +0330] "GET /wp-admin/wp-1ogin_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:47 +0330] "GET /wpconfig_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:50 +0330] "GET /wp-includes/wp-1ogin_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:51 +0330] "GET /wp-includes/wpconfig_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:53 +0330] "GET /wp-includes/fonts/wp-1ogin_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:43 +0330] "GET /wp-includes/css/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:44 +0330] "GET /wp-admin/wpconfig_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:46 +0330] "GET /wp-1ogin_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:48 +0330] "GET /wp-includes/images/wp-1ogin_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:49 +0330] "GET /wp-includes/images/wpconfig_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:51 +0330] "GET /wp-content/wp-1ogin_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:52 +0330] "GET /wp-content/wpconfig_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:55 +0330] "GET /Panels.txt HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:57 +0330] "GET /wp-includes/Panels.txt HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:58 +0330] "GET /wp-admin/Panels.txt HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:59 +0330] "GET /xleet.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:00 +0330] "GET /.well-known/leafmailer.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:01 +0330] "GET /.well-known/leafmailer2.8.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:01 +0330] "GET /xl2023.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:03 +0330] "GET /leaf_mailer.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:54 +0330] "GET /wp-includes/fonts/wpconfig_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:56 +0330] "GET /wp-content/Panels.txt HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:45:59 +0330] "GET /.well-known/leaf.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:02 +0330] "GET /leaf.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:03 +0330] "GET /leaf_php.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:05 +0330] "GET /leafmailer.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:07 +0330] "GET /images/leafmailer.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:09 +0330] "GET /wp-admin/css/colors/coffee/leaf.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:09 +0330] "GET /x.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:10 +0330] "GET /wp-admin/css/leafmailer.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:11 +0330] "GET /wp-admin/includes/leaf.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:12 +0330] "GET /wp-admin/includes/leafmailer.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:12 +0330] "GET /wp-admin/leaf.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:13 +0330] "GET /wp-admin/leafmailer.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:16 +0330] "GET /wp-content/leaf.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:04 +0330] "GET /xl2023x.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:05 +0330] "GET /leafmailer2.8.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:06 +0330] "GET /images/leaf.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:07 +0330] "GET /xxl.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:08 +0330] "GET /images/leafmailer2.8.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:12 +0330] "GET /xl.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:15 +0330] "GET /wp-admin/leafmailer2.8.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:15 +0330] "GET /wp-admin/xl2023.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:16 +0330] "GET /wp-admin/maint/leaf.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:24 +0330] "GET /wp-content/leafmailer2.8.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:26 +0330] "GET /wp-includes/leafmailer.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:26 +0330] "GET /.well-known/acme-challenge/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:26 +0330] "GET /wp-admin/css/colors/coffee/palka_m.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:27 +0330] "GET /palka_m.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:28 +0330] "GET /wp-admin/includes/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:31 +0330] "GET /wp-admin/maint/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:33 +0330] "GET /wp-content/plugins/revslider/includes/external/page/index.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:34 +0330] "GET /wp-content/upgrade/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:34 +0330] "GET /gel4y.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:35 +0330] "GET /api.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:36 +0330] "GET /images/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:36 +0330] "GET /wp-admin/network/moon.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:38 +0330] "GET /wp-admin/includes/moon.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:38 +0330] "GET /wp-admin/user/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:40 +0330] "GET /includes/certificates/moon.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:17 +0330] "GET /wp-includes/xl2023.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:23 +0330] "GET /wp-content/leafmailer.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:25 +0330] "GET /wp-includes/leaf.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:28 +0330] "GET /wp-admin/css/colors/coffee/XXxxX.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:29 +0330] "GET /XXxxX.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:30 +0330] "GET /xmlrpc.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:31 +0330] "GET /S.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:32 +0330] "GET /8.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:37 +0330] "GET /wp-includes/IXR/moon.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:39 +0330] "GET /moon.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:41 +0330] "GET /wp-admin/js/widgets/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:42 +0330] "GET /wp-admin/network/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:44 +0330] "GET /wp-content/upgrade/moon.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:44 +0330] "GET /wp-admin/images/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:46 +0330] "GET /cgi-bin/moon.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:48 +0330] "GET /wp-admin/images/moon.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:49 +0330] "GET /.well-known/acme-challenge/moon.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:50 +0330] "GET /.tmb/moon.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:52 +0330] "GET /cgi-bin/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:53 +0330] "GET /M1.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:54 +0330] "GET /wp-content/xl2023.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:56 +0330] "GET /chosen.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:56 +0330] "GET /wp-content/xl2023.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:57 +0330] "GET /wp-includes/images/include.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:57 +0330] "GET /iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:58 +0330] "GET /wp-content/plugins/include.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:41 +0330] "GET /wp-includes/ID3/moon.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:42 +0330] "GET /wp-admin/maint/moon.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:43 +0330] "GET /wp-admin/js/widgets/moon.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:45 +0330] "GET /wp-admin/user/moon.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:47 +0330] "GET /.well-known/pki-validation/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:47 +0330] "GET /wp-content/plugins/moon.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:48 +0330] "GET /xleet-shell.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:50 +0330] "GET /admin-heade.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:51 +0330] "GET /cjfuns.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:52 +0330] "GET /Mshell.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:54 +0330] "GET /defaul1.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:55 +0330] "GET /wp-admin/css/colors/blue/defaul1.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:47:00 +0330] "GET /wp-includes/widgets/include.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:47:01 +0330] "GET /wp-content/plugins/core-plugin/include.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:16 +0330] "GET /wp-includes/css/dist/niil.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:58 +0330] "GET /wp-content/uploads/xl2023.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:46:59 +0330] "GET /wp-content/themes/include.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:47:03 +0330] "GET /wp-content/plugins/WordPressCore/include.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:12 +0330] "GET /wp-includes/rest-api/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:13 +0330] "GET /wp-content/languages/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:14 +0330] "GET /wp-content/banners/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:15 +0330] "GET /wp-includes/Text/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:17 +0330] "GET /asd.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:20 +0330] "GET /wp-includes/css/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:21 +0330] "GET /cgi-bin/wp-login.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:22 +0330] "GET /wp-content/cong.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:28 +0330] "GET /login.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:30 +0330] "GET /simple.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:31 +0330] "GET /wp-includes/fonts/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:32 +0330] "GET /xmlrpc.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:34 +0330] "GET /lv.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:18 +0330] "GET /1.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:19 +0330] "GET /ws.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:23 +0330] "GET /wp-admin/classwithtostring.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:24 +0330] "GET /wp-includes/images/wp-login.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:25 +0330] "GET /wp-includes/Requests/network.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:26 +0330] "GET /wp-content/radio.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:27 +0330] "GET /wp-admin/dropdown.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:29 +0330] "GET /hehehehe.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:31 +0330] "GET /wp-content/admin.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:33 +0330] "GET /atomlib.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:36 +0330] "GET /content.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:38 +0330] "GET /goat.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:39 +0330] "GET /.well-known/acme-challenge/admin.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:40 +0330] "GET /wp-content/uploads/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:41 +0330] "GET /wp-admin/maint/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:43 +0330] "GET /sad/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:44 +0330] "GET /radio.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:46 +0330] "GET /classwithtostring.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:47 +0330] "GET /install.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:49 +0330] "GET /wp-includes/Requests/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:36 +0330] "GET /wp-includes/Text/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:37 +0330] "GET /.well-known/acme-challenge/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:42 +0330] "GET /dropdown.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:45 +0330] "GET /wp-admin/admin.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:45 +0330] "GET /wp-includes/IXR/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:21:51:48 +0330] "GET /wp-content/x/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:03:27 +0330] "GET /wp-content/plugins/google-seo-rank/module.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.107 Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:03:48 +0330] "GET /themes.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.107 Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:04:20 +0330] "GET /admin.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.107 Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:06:44 +0330] "GET /wp-content/akp.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:06:54 +0330] "GET /aw.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:07:06 +0330] "GET /wp-content/plugins/geu/geu.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:07:13 +0330] "GET /wp-content/plugins/deu/ms.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:07:17 +0330] "GET /wp-content/plugins/view-ad/ms.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:09:10 +0330] "GET /wp-content/plugins/work-list/lang.php HTTP/1.1" 301 795 "www.google.com" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:09:57 +0330] "GET /Mshell.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:07 +0330] "GET /wp-content/themes/seotheme/db.php?u HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:08 +0330] "GET /wp-content/themes/pridmag/db.php?u HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:10 +0330] "GET /wp-content/themes/gaukingo/db.php?u HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:12 +0330] "GET /wp-content/plugins/ioptimization/IOptimize.php?rchk HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:13 +0330] "GET /wp-content/uploads/wp_live_chat/abruzi.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:03:50 +0330] "GET /admin.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.107 Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:04:05 +0330] "GET /first.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.107 Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:04:06 +0330] "GET /admin.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.107 Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:04:19 +0330] "GET /first.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.107 Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:04:40 +0330] "GET /log-mama/function.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.107 Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:04:46 +0330] "GET /bk/index.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.107 Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:06:35 +0330] "GET /ioxi-o.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:06:37 +0330] "GET /file17.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:06:41 +0330] "GET /file.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:06:51 +0330] "GET /wp-content/plugins/hanau/akc.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:09:23 +0330] "GET /wp-content/plugins/fix/up.php HTTP/1.1" 301 795 "www.google.com" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:10:12 +0330] "GET /504.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:10 +0330] "GET /wp-content/plugins/linkpreview/db.php?u HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:11 +0330] "GET /wp-content/plugins/seoplugins/db.php?u HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:12 +0330] "GET /wp-content/plugins/ioptimizations/IOptimizes.php?hamlorszd HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:15 +0330] "GET /wp-content/plugins/wp-file-manager/lib/files/abruzi.php4 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:14 +0330] "GET /wp-content/plugins/wp-file-manager/lib/files/a57bze8931.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:16 +0330] "GET /wp-content/plugins/wp-file-manager/lib/files/king.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:17 +0330] "GET /wp-content/plugins/wp-file-manager/lib/files/xo.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:18 +0330] "GET /wp-content/plugins/superstorefinder-wp/ssf-wp-admin/pages/SSF_WP_UPLOADS_PATH/csv/import/king.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:18 +0330] "GET /wp-content/plugins/superstorefinder-wp/ssf-wp-admin/pages/SSF_WP_UPLOADS_PATH/csv/import/xo.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:20 +0330] "GET /wp-content/plugins/superstorefinder-wp/ssf-wp-admin/pages/SSF_WP_UPLOADS_PATH/csv/import/a57bze8931.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:22 +0330] "GET /wp-content/plugins/formcraft/file-upload/server/php/files/king.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:26 +0330] "GET /wp-content/plugins/ioptimization/abruzi.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:27 +0330] "GET /wp-content/plugins/apikey/king.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:29 +0330] "GET /wp-content/plugins/apikey/abruzi.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:30 +0330] "GET /wp-content/plugins/ioptimizations/king.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:31 +0330] "GET /wp-content/plugins/ioptimizations/xo.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:31 +0330] "GET /wp-content/plugins/ioptimizations/abruzi.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:15 +0330] "GET /wp-content/plugins/wp-file-manager/lib/files/abruzi.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:19 +0330] "GET /wp-content/plugins/superstorefinder-wp/ssf-wp-admin/pages/SSF_WP_UPLOADS_PATH/csv/import/abruzi.php4 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:20 +0330] "GET /wp-content/plugins/superstorefinder-wp/ssf-wp-admin/pages/SSF_WP_UPLOADS_PATH/csv/import/abruzi.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:21 +0330] "GET /wp-content/plugins/formcraft/file-upload/server/php/files/abruzi.php4 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:23 +0330] "GET /wp-content/plugins/formcraft/file-upload/server/php/files/abruzi.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:24 +0330] "GET /wp-content/plugins/formcraft/file-upload/server/php/files/xo.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:24 +0330] "GET /wp-content/plugins/ioptimization/king.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:25 +0330] "GET /wp-content/plugins/ioptimization/xo.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:27 +0330] "GET /wp-content/plugins/ioptimization/abruzi.php4 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:28 +0330] "GET /wp-content/plugins/apikey/xo.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:29 +0330] "GET /wp-content/plugins/apikey/abruzi.php4 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:32 +0330] "GET /wp-content/plugins/ioptimizations/abruzi.php4 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:33 +0330] "GET /abruzi.php4 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:36 +0330] "GET /wp-content/plugins/dzs-zoomsounds/abruzi.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:37 +0330] "GET /xo.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:38 +0330] "GET /king.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:39 +0330] "GET /a57bze8931.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:40 +0330] "GET /wp-content/uploads/kaswara/fonts_icon/a57bze8931/.__a57bze8931.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:43 +0330] "GET /wp-content/plugins/gatewayapi/inc/a57bze8931.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:44 +0330] "GET /wp-content/plugins/formcraft/file-upload/server/php/files/a57bze8931.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:45 +0330] "GET /wp-content/plugins/dzs-zoomsounds/savepng.php?location=a57bze8931.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:47 +0330] "GET /wp-content/plugins/dzs-zoomsounds/a57bze8931.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:49 +0330] "GET /wp-admin/x.php?action=768776e296b6f286f26796e2a72607e2972647 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:49 +0330] "GET /.well-known/pki-validation/ssl.php?xsec=blocker HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:50 +0330] "GET /wp-admin/css/colors/blue/uploader.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:51 +0330] "GET /modules/mod_simplefileuploadv1.3/elements/i8HQoK6nR.php?action=768776e296b6f286f26796e2a72607e2972647 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:52 +0330] "GET /ALFA_DATA/alfacgiapi/database.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:33 +0330] "GET /abruzi.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:34 +0330] "GET /wp-content/plugins/dzs-zoomsounds/king HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:35 +0330] "GET /wp-content/plugins/dzs-zoomsounds/xo.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:37 +0330] "GET /wp-content/plugins/dzs-zoomsounds/abruzi.php4 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:40 +0330] "GET /wp-content/uploads/typehub/custom/a57bze8931/.__a57bze8931.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:41 +0330] "GET /wp-content/plugins/wp-engine-module/a57bze8931.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:42 +0330] "GET /wp-content/plugins/ioptimizations/a57bze8931.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:43 +0330] "GET /wp-content/plugins/ioptimization/a57bze8931.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:46 +0330] "GET /wp-content/plugins/cherry-plugin/admin/import-export/a57bze8931.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:46 +0330] "GET /wp-content/plugins/apikey/a57bze8931.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:48 +0330] "GET /wp-content/plugins/anttt/simple.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:53 +0330] "GET /wp-admin/database.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:54 +0330] "GET /wp-content/database.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:55 +0330] "GET /wp-includes/database.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:52 +0330] "GET /database.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:54 +0330] "GET /alfacgiapi/database.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:56 +0330] "GET /style.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:57 +0330] "GET /wp-content/style.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:59 +0330] "GET /simple.php?p=2f686f6d652f7074317464616379696b39722f7075626c69635f68746d6c&tod=6370726573 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:01 +0330] "GET /wp-includes/wp-22.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:02 +0330] "GET /wp-22.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:04 +0330] "GET /wp-admin/xl2023.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:05 +0330] "GET /.seo.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:06 +0330] "GET /xl2023.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:06 +0330] "GET /wp-admin/xl2023.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:07 +0330] "GET /wp-content/xl2023.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:08 +0330] "GET /wp-includes/xl2023.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:10 +0330] "GET /wp-admin/xleet-shell.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:11 +0330] "GET /wp-includes/xleet-shell.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:57 +0330] "GET /wp-admin/style.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:58 +0330] "GET /wp-includes/style.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:11:59 +0330] "GET /jamal.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:00 +0330] "GET /wp-content/plugins/ubh/up.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:02 +0330] "GET /wp-content/wp-22.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:04 +0330] "GET /wp-admin/wp-22.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:09 +0330] "GET /xleet-shell.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:09 +0330] "GET /wp-content/xleet-shell.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:12 +0330] "GET /3x.php?3x=3x HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:13 +0330] "GET /wp-admin/index.php?3x=3x HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:14 +0330] "GET /wp-content/index.php?3x=3x HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:15 +0330] "GET /wp-content/themes/wp.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:16 +0330] "GET /wp-admin/css/colors/blue/ioxi-rex.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:18 +0330] "GET /wp-content/plugins/prenota/alpha.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:19 +0330] "GET /wp-content/wp-links.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:12 +0330] "GET /index.php?3x=3x HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:14 +0330] "GET /wp-includes/index.php?3x=3x HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:16 +0330] "GET /css/colors/blue/ioxi-rex.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:17 +0330] "GET /wp-content/themes/alera/alpha.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:19 +0330] "GET /.well-known/pki-validation/atomlib.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:23 +0330] "GET /wp-content/plugins/seoplugins/mar.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:24 +0330] "GET /mar.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:25 +0330] "GET /wp-content/plugins/hellopress/wp_mna.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:28 +0330] "GET /wp-admin/repeater.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:30 +0330] "GET /wp-includes/js/tinymce/plugins/compat3x/css/index.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:31 +0330] "GET /wp-admin/css/index.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:32 +0330] "GET /wp-admin/maint/wp-login.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:36 +0330] "GET /wp-content/admin.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:37 +0330] "GET /wp-admin/includes/wp-login.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:20 +0330] "GET /wp-admin/css/colors/blue/atomlib.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:21 +0330] "GET /wp-includes/Requests/atomlib.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:22 +0330] "GET /.well-known/acme-challenge/atomlib.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:22 +0330] "GET /wp-content/themes/seotheme/mar.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:25 +0330] "GET /marijuana.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:26 +0330] "GET /wp-admin/css/colors/coffee/index.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:27 +0330] "GET /repeater.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:28 +0330] "GET /wp-content/repeater.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:29 +0330] "GET /wp-includes/repeater.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:31 +0330] "GET /wp-content/updates.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:33 +0330] "GET /wp-content/languages/wp-login.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:34 +0330] "GET /wp-includes/fonts/wp-login.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:35 +0330] "GET /wp-includes/IXR/wp-login.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:37 +0330] "GET /wp-admin/user/wp-login.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:39 +0330] "GET /wp-includes/pomo/wp-login.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:42 +0330] "GET /pm.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:42 +0330] "GET /wp-content/plugins/revslider/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:44 +0330] "GET /.well-known/pki-validation/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:45 +0330] "GET /wp-content/plugins/proxy/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:47 +0330] "GET /wp-admin/maint/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:48 +0330] "GET /wp-content/plugins/fox/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:49 +0330] "GET /wp-content/plugins/seofile/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:49 +0330] "GET /wp-content/plugins/project/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:52 +0330] "GET /wp-content/plugins/login/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:53 +0330] "GET /wp-content/plugins/project/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:54 +0330] "GET /wp-content/plugins/casper/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:55 +0330] "GET /wp-content/plugins/editor/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:56 +0330] "GET /wp-includes/random_compat/about.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:58 +0330] "GET /adminfuns.php7 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:38 +0330] "GET /wp-admin/css/wp-login.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:40 +0330] "GET /wp-admin/network/wp-login.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:41 +0330] "GET /ioxi-rex3.php7 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:43 +0330] "GET /wp-includes/Requests/Text/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:44 +0330] "GET /wp-content/plugins/fix/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:46 +0330] "GET /wp-content/plugins/envato/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:47 +0330] "GET /wp-content/plugins/tex/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:50 +0330] "GET /wp-content/plugins/press/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:51 +0330] "GET /wp-content/plugins/cache/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:52 +0330] "GET /wp-content/plugins/file-edit/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:56 +0330] "GET /404.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:57 +0330] "GET /wp-content/themes/finley/min.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:12:59 +0330] "GET /ebs.php7 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:00 +0330] "GET /ws.php7 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:00 +0330] "GET /alfanew2.php7 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:01 +0330] "GET /alfa-rex2.php7 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:02 +0330] "GET /admin.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:03 +0330] "GET /about.php7 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:04 +0330] "GET /wp-consar.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:05 +0330] "GET /wp-admin/maint/maint/ajax-actions.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:06 +0330] "GET /wp-content/plugins/seoo/wsoyanz1.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:07 +0330] "GET /cache-compat.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:08 +0330] "GET /ajax-actions.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:09 +0330] "GET /yanz.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:11 +0330] "GET /wp-content/plugins/seoo/wsoyanz.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:13 +0330] "GET /alfanew.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:14 +0330] "GET /ioxi-rex4.php7 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:15 +0330] "GET /wp-content/plugins/classic-editor/wp-login.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:16 +0330] "GET /wp-admin/css/index.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:16 +0330] "GET /wp-includes/themes.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:02 +0330] "GET /about.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:05 +0330] "GET /admin-post.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:08 +0330] "GET /wp-admin/ajax-actions.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:10 +0330] "GET /wp-admin/js/about.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:11 +0330] "GET /wp-p.php7 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:12 +0330] "GET /wsoyanz.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:14 +0330] "GET /wp-content/plugins/seoo/alfa-ioxi.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:19 +0330] "GET /wp-admin/css/index.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:21 +0330] "GET /wp-includes/rest-api/wp-login.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:22 +0330] "GET /alfanew.php7 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:23 +0330] "GET /images/alfa-rex.php7 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:23 +0330] "GET /wp-content/plugins/Cache/Cache.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:26 +0330] "GET /wp-content/repeater.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:27 +0330] "GET /alfa-rex.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:30 +0330] "GET /wp-content/dropdown.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:17 +0330] "GET /wp-head.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:18 +0330] "GET /wp-admin/css/colors/blue/ioxi1.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:19 +0330] "GET /wp-content/themes/about.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:20 +0330] "GET /wp-includes/certificates/about.php7 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:24 +0330] "GET /repeater.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:25 +0330] "GET /wp-admin/repeater.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:26 +0330] "GET /wp-includes/repeater.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:28 +0330] "GET /alfa-rex.php7 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:29 +0330] "GET /dropdown.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:29 +0330] "GET /wp-admin/dropdown.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:34 +0330] "GET /wp-admin/user/xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:35 +0330] "GET /wp-includes/js/tinymce/skins/lightgray/img/index.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:36 +0330] "GET /.well-known/pki-validation/xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:38 +0330] "GET /xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:40 +0330] "GET /css/xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:31 +0330] "GET /wp-includes/dropdown.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:31 +0330] "GET /wp-admin/js/widgets/about.php7 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:32 +0330] "GET /wp-admin/js/widgets/about.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:33 +0330] "GET /style.php?sig=update&domain=51.79.124.111 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:34 +0330] "GET /well.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:37 +0330] "GET /.well-known/acme-challenge/xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:38 +0330] "GET /wp-admin/network/xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:39 +0330] "GET /cgi-bin/xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:40 +0330] "GET /wp-admin/user/xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:42 +0330] "GET /wp-admin/css/colors/coffee/xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:43 +0330] "GET /wp-admin/images/xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:44 +0330] "GET /wp-admin/js/widgets/xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:46 +0330] "GET /wp-admin/css/colors/blue/xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:47 +0330] "GET /wp-admin/xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:49 +0330] "GET /403.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:49 +0330] "GET /chosen.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:52 +0330] "GET /wp-content/themes/wp-pridmag/up.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:14:43 +0330] "GET /wp-admin/css/colors/blue/atomlib.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:14:58 +0330] "GET /.well-known/acme-challenge/atomlib.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:41 +0330] "GET /img/xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:43 +0330] "GET /images/xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:45 +0330] "GET /wp-admin/css/colors/xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:45 +0330] "GET /wp-admin/includes/xmrlpc.php?p= HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:47 +0330] "GET /wp-apxupx.php?apx=upx HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:48 +0330] "GET /wp-content/plugins/wordpresss3cll/includes.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:50 +0330] "GET /wp-content/themes/intense/block-css.php?mode=upload HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:50 +0330] "GET /.well-known/index.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:13:51 +0330] "GET /.well-known/acme-challenge/index.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:14:08 +0330] "GET /.well-known/pki-validation/atomlib.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:15:19 +0330] "GET /wp-includes/Requests/atomlib.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:15:58 +0330] "GET /.well-known/acme-challenge/atomlib.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:21:03 +0330] "GET /wp-includes/rest-api/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:21:04 +0330] "GET /wp-content/languages/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:21:08 +0330] "GET /wp-content/banners/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:21:10 +0330] "GET /wp-includes/Text/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:21:14 +0330] "GET /wp-includes/css/dist/niil.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:21:17 +0330] "GET /asd.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:21:25 +0330] "GET /wp-includes/css/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:21:33 +0330] "GET /wp-content/cong.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:21:41 +0330] "GET /wp-includes/images/wp-login.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:21:48 +0330] "GET /wp-content/radio.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:21:56 +0330] "GET /hehehehe.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:21:58 +0330] "GET /simple.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:22:01 +0330] "GET /wp-includes/fonts/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:22:04 +0330] "GET /wp-content/admin.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:22:09 +0330] "GET /atomlib.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:22:11 +0330] "GET /lv.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:21:21 +0330] "GET /1.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:21:23 +0330] "GET /ws.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:21:29 +0330] "GET /cgi-bin/wp-login.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:21:39 +0330] "GET /wp-admin/classwithtostring.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:21:45 +0330] "GET /wp-includes/Requests/network.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:21:51 +0330] "GET /wp-admin/dropdown.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:21:53 +0330] "GET /login.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:22:07 +0330] "GET /xmlrpc.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:22:16 +0330] "GET /.well-known/acme-challenge/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:22:19 +0330] "GET /goat.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:22:38 +0330] "GET /radio.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:22:42 +0330] "GET /wp-includes/IXR/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:22:44 +0330] "GET /classwithtostring.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:22:48 +0330] "GET /install.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:22:58 +0330] "GET /wp-admin/includes/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:23:06 +0330] "GET /wp-admin/images/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:22:13 +0330] "GET /wp-includes/Text/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:22:14 +0330] "GET /content.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:22:20 +0330] "GET /.well-known/acme-challenge/admin.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:22:24 +0330] "GET /wp-content/uploads/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:22:27 +0330] "GET /wp-admin/maint/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:22:30 +0330] "GET /dropdown.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:22:33 +0330] "GET /sad/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:22:40 +0330] "GET /wp-admin/admin.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:22:53 +0330] "GET /wp-content/x/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:22:55 +0330] "GET /wp-includes/Requests/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:23:00 +0330] "GET /wp-login.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:23:02 +0330] "GET /wp-includes/js/jcrop/Jcrop.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:23:09 +0330] "GET /wp-includes/ID3/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:23:13 +0330] "GET /wp-includes/assets/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:23:15 +0330] "GET /lock.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:23:18 +0330] "GET /.well-known/content.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:23:10 +0330] "GET /wp-admin.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:23:17 +0330] "GET /index/function.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:23:21 +0330] "GET /cong.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:23:23 +0330] "GET /wp-includes/js/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:23:30 +0330] "GET /wp-content/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:23:32 +0330] "GET /about/function.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:23:36 +0330] "GET /wp-admin/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:23:45 +0330] "GET /wp-includes/Text/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:23:46 +0330] "GET /wp-includes/autoload_classmap.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:23:50 +0330] "GET /asd.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:23:52 +0330] "GET /1.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:23:56 +0330] "GET /cgi-bin/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:00 +0330] "GET /wp-content/plugins/admin.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:04 +0330] "GET /wp-content/cong.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:06 +0330] "GET /wp-includes/content.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:08 +0330] "GET /wp-admin/classwithtostring.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:23:27 +0330] "GET /wp-content/plugins/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:23:33 +0330] "GET /wp-includes/customize/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:23:37 +0330] "GET /wp-includes/rest-api/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:23:38 +0330] "GET /wp-content/themes/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:23:39 +0330] "GET /about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:23:41 +0330] "GET /wp-content/languages/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:23:44 +0330] "GET /wp-content/banners/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:23:47 +0330] "GET /wp-includes/css/dist/niil.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:23:49 +0330] "GET /themes.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:23:53 +0330] "GET /wp-mail.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:23:56 +0330] "GET /ws.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:23:59 +0330] "GET /wp-includes/css/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:02 +0330] "GET /admin.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:03 +0330] "GET /cgi-bin/wp-login.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:11 +0330] "GET /wp-includes/Requests/network.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:14 +0330] "GET /wp-content/uploads/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:08 +0330] "GET /wp-admin/css/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:09 +0330] "GET /wp-includes/images/wp-login.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:10 +0330] "GET /wp-admin/images/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:13 +0330] "GET /wp-includes/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:14 +0330] "GET /wp-content/radio.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:22 +0330] "GET /wp-admin/user/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:23 +0330] "GET /simple.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:29 +0330] "GET /goat1.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:34 +0330] "GET /wp-content/admin.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:37 +0330] "GET /xmlrpc.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:37 +0330] "GET /wp-admin/network/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:39 +0330] "GET /atomlib.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:39 +0330] "GET /.well-known/pki-validation/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:40 +0330] "GET /.well-known/acme-challenge/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:44 +0330] "GET /cgi-bin/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:45 +0330] "GET /wp-includes/Text/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:16 +0330] "GET /mah.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:16 +0330] "GET /wp-admin/dropdown.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:18 +0330] "GET /login.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:19 +0330] "GET /wp-blog-header.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:20 +0330] "GET /wp-content/plugins/ioxi/alfa-ioxi.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:22 +0330] "GET /hehehehe.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:24 +0330] "GET /wp-includes/plugins.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:26 +0330] "GET /wp-includes/js/thickbox/thickbox.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:30 +0330] "GET /wp-includes/fonts/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:32 +0330] "GET /wp-includes/certificates/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:36 +0330] "GET /.well-known/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:40 +0330] "GET /wp-includes/sitemaps/providers/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:41 +0330] "GET /lv.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:41 +0330] "GET /wp-admin/network/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:42 +0330] "GET /.well-knownold/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:43 +0330] "GET /cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:47 +0330] "GET /content.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:47 +0330] "GET /wp-includes/Text/Diff/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:48 +0330] "GET /img/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:50 +0330] "GET /wp-admin/css/colors/coffee/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:51 +0330] "GET /images/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:51 +0330] "GET /wp-admin/images/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:54 +0330] "GET /goat.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:54 +0330] "GET /wp-admin/js/widgets/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:56 +0330] "GET /.well-known/acme-challenge/admin.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:57 +0330] "GET /wp-admin/css/colors/blue/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:58 +0330] "GET /.well-known/pki-validation/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:58 +0330] "GET /wp-admin/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:59 +0330] "GET /wp-login.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:00 +0330] "GET /wp-cron.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:01 +0330] "GET /.well-known/acme-challenge/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:45 +0330] "GET /wp-includes/js/crop/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:46 +0330] "GET /css/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:47 +0330] "GET /wp-admin/user/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:49 +0330] "GET /.well-known/acme-challenge/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:52 +0330] "GET /images/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:55 +0330] "GET /wp-admin/css/colors/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:55 +0330] "GET /wp-includes/widgets/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:24:56 +0330] "GET /wp-admin/includes/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:05 +0330] "GET /wso-x569.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:10 +0330] "GET /wp-admin/css/colors/blue/ioxi1.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:12 +0330] "GET /wp-includes/js/js.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:13 +0330] "GET /wp-content/style-css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:15 +0330] "GET /4pric.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:17 +0330] "GET /404.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:17 +0330] "GET /dropdown.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:01 +0330] "GET /wp-admin/about.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:02 +0330] "GET /revision.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:03 +0330] "GET /max.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:05 +0330] "GET /wp-includes/rest-api/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:06 +0330] "GET /wp-content/uploads/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:06 +0330] "GET /fm1.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:07 +0330] "GET /4price3.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:08 +0330] "GET /ioxi-rex.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:11 +0330] "GET /ioxi2.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:12 +0330] "GET /wp-includes/pomo/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:12 +0330] "GET /wp-admin/maint/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:14 +0330] "GET /million.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:19 +0330] "GET /.well-knownold/bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:21 +0330] "GET /sad/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:21 +0330] "GET /.well-known/pkivalidation/bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:18 +0330] "GET /wp-content/themes/twenty/twenty.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:20 +0330] "GET /.well-known/acme-challenge/bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:22 +0330] "GET /wp-content/plugins/bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:23 +0330] "GET /radio.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:25 +0330] "GET /wp-content/bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:27 +0330] "GET /wp-admin/bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:28 +0330] "GET /wp-content/themes/bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:29 +0330] "GET /.well-known/bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:33 +0330] "GET /wp-content/shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:33 +0330] "GET /wp-includes/IXR/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:34 +0330] "GET /wp-content/uploads/shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:35 +0330] "GET /wp-content/plugins/shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:36 +0330] "GET /classwithtostring.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:38 +0330] "GET /.well-known/acme-challenge/shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:39 +0330] "GET /.well-knownold/shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:23 +0330] "GET /wp-content/uploads/bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:26 +0330] "GET /wp-includes/bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:27 +0330] "GET /wp-admin/admin.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:30 +0330] "GET /wp-content/themes/shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:31 +0330] "GET /wp-admin/shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:32 +0330] "GET /wp-includes/shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:36 +0330] "GET /.well-known/pkivalidation/shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:40 +0330] "GET /.well-known/shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:41 +0330] "GET /wp-content/themes/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:42 +0330] "GET /wp-admin/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:44 +0330] "GET /wp-content/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:49 +0330] "GET /.well-known/acme-challenge/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:50 +0330] "GET /.well-knownold/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:51 +0330] "GET /wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:53 +0330] "GET /about.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:40 +0330] "GET /install.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:43 +0330] "GET /wp-includes/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:43 +0330] "GET /wp-content/x/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:45 +0330] "GET /wp-content/uploads/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:46 +0330] "GET /wp-content/plugins/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:48 +0330] "GET /.well-known/pkivalidation/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:48 +0330] "GET /wp-includes/Requests/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:51 +0330] "GET /wp-admin/includes/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:52 +0330] "GET /.well-known/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:56 +0330] "GET /wp-load.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:57 +0330] "GET /wp-includes/js/jcrop/Jcrop.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:59 +0330] "GET /wp-content/plugins/column/miin.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:00 +0330] "GET /wp-content/themes/hello-element/footer.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:00 +0330] "GET /wp-admin/images/about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:02 +0330] "GET /wp-includes/class-wp-recovery-mode-cookiie-service.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:54 +0330] "GET /wp-login.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:54 +0330] "GET /index.php?3x=3x HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:55 +0330] "GET /wp-content/plugins/wordpress-three/miin.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:57 +0330] "GET /wp-content/plugins/wp-daft/miin.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:25:58 +0330] "GET /css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:01 +0330] "GET /edit-form.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:03 +0330] "GET /wp-includes/class-wp-upgrade.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:04 +0330] "GET /wp-includes/ID3/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:05 +0330] "GET /images/batm.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:07 +0330] "GET /wp-admin.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:08 +0330] "GET /libraries/phpmailer/updates.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:09 +0330] "GET /wp-content/plugins/TOPXOH/wDR.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:11 +0330] "GET /lock.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:11 +0330] "GET /radio.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:12 +0330] "GET /wp-includes/wp-class.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:04 +0330] "GET /images/horuxshell2.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:04 +0330] "GET /images/jinx.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:06 +0330] "GET /wp-class.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:08 +0330] "GET /wp-content/plugins/sid/sidwso.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:09 +0330] "GET /wp-includes/assets/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:10 +0330] "GET /batm.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:13 +0330] "GET /xltavrat.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:14 +0330] "GET /wp-commentin.php?pass=f0aab4595a024d626315fb786dce8282 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:15 +0330] "GET /wp-admin/maint/wso.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:19 +0330] "GET /images/fw.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:19 +0330] "GET /.well-known/content.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:20 +0330] "GET /ALFA_DATA/alfacgiapi/fw.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:21 +0330] "GET /wp-content/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:23 +0330] "GET /cong.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:24 +0330] "GET /wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:16 +0330] "GET /index/function.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:17 +0330] "GET /wp-admin/css/wso.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:18 +0330] "GET /images/wso.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:19 +0330] "GET /wp-admin/css/fw.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:22 +0330] "GET /wp-includes/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:23 +0330] "GET /wp-admin/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:26 +0330] "GET /wp-includes/js/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:26 +0330] "GET /ALFA_DATA/wp-2019.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:27 +0330] "GET /wp-content/plugins/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:28 +0330] "GET /wp-includes/wp-2019.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:29 +0330] "GET /wp-admin/wp-2019.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:34 +0330] "GET /images/wp-2019.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:35 +0330] "GET /wp-includes/wp-atom.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:36 +0330] "GET /about/function.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:37 +0330] "GET /wp-atom.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:25 +0330] "GET /cgi-bin/wp-2019.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:27 +0330] "GET /.well-known/wp-2019.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:32 +0330] "GET /wp-content/wp-2019.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:33 +0330] "GET /wp-2019.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:34 +0330] "GET /wp-content/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:36 +0330] "GET /wp-content/wp-atom.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:41 +0330] "GET /wp-admin/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:43 +0330] "GET /shells.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:44 +0330] "GET /fw.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:45 +0330] "GET /wso.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:46 +0330] "GET /about.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:47 +0330] "GET /wp-content/wso.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:48 +0330] "GET /wp-content/fw.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:49 +0330] "GET /wp-includes/autoload_classmap.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:49 +0330] "GET /wp-includes/fw.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:38 +0330] "GET /wp-admin/wp-atom.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:38 +0330] "GET /wp-includes/customize/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:39 +0330] "GET /bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:40 +0330] "GET /ws.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:41 +0330] "GET /ws.php7 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:42 +0330] "GET /shell.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:43 +0330] "GET /shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:44 +0330] "GET /wp-content/themes/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:46 +0330] "GET /wp-admin/wso.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:48 +0330] "GET /wp-includes/wso.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:53 +0330] "GET /class.api.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:53 +0330] "GET /wp-mail.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:55 +0330] "GET /wp-content/updates.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:55 +0330] "GET /cgi-bin/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:57 +0330] "GET /wp/rindex.php?action=add HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:50 +0330] "GET /wp-admin/fw.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:51 +0330] "GET /wp-admin/includes/class.api.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:51 +0330] "GET /themes.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:52 +0330] "GET /wp-content/class.api.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:54 +0330] "GET /simple.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:56 +0330] "GET /site/rindex.php?action=add HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:57 +0330] "GET /wp-content/plugins/admin.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:59 +0330] "GET /admin.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:00 +0330] "GET /wp-content/plugins/ango/sett.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:00 +0330] "GET /wp-content/cong.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:02 +0330] "GET /wp-includes/css/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:03 +0330] "GET /wp-admin/wpconfig_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:04 +0330] "GET /wp-admin/wp-1ogin_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:05 +0330] "GET /wp-1ogin_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:09 +0330] "GET /wp-includes/wp-1ogin_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:58 +0330] "GET /blog/rindex.php?action=add HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:26:59 +0330] "GET /rindex.php?action=add HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:01 +0330] "GET /wp-includes/fonts/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:02 +0330] "GET /wp-includes/content.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:06 +0330] "GET /wpconfig_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:07 +0330] "GET /wp-includes/images/wp-1ogin_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:08 +0330] "GET /wp-includes/images/wpconfig_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:09 +0330] "GET /wp-admin/css/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:11 +0330] "GET /wp-content/wp-1ogin_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:12 +0330] "GET /wp-content/wpconfig_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:13 +0330] "GET /wp-includes/fonts/wp-1ogin_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:13 +0330] "GET /wp-includes/fonts/wpconfig_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:15 +0330] "GET /wp-includes/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:17 +0330] "GET /wp-includes/Panels.txt HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:19 +0330] "GET /.well-known/leaf.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:10 +0330] "GET /wp-includes/wpconfig_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:12 +0330] "GET /wp-admin/images/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:15 +0330] "GET /Panels.txt HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:16 +0330] "GET /wp-content/Panels.txt HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:18 +0330] "GET /wp-admin/Panels.txt HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:22 +0330] "GET /mah.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:26 +0330] "GET /leafmailer2.8.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:27 +0330] "GET /images/leaf.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:28 +0330] "GET /images/leafmailer.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:29 +0330] "GET /wp-admin/user/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:30 +0330] "GET /wp-admin/css/leafmailer.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:32 +0330] "GET /wp-admin/includes/leafmailer.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:33 +0330] "GET /wp-includes/plugins.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:33 +0330] "GET /wp-admin/leaf.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:33 +0330] "GET /wp-admin/leafmailer.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:20 +0330] "GET /.well-known/leafmailer.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:20 +0330] "GET /wp-content/uploads/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:21 +0330] "GET /.well-known/leafmailer2.8.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:22 +0330] "GET /leaf.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:23 +0330] "GET /leaf_mailer.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:24 +0330] "GET /leaf_php.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:25 +0330] "GET /leafmailer.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:26 +0330] "GET /wp-blog-header.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:28 +0330] "GET /wp-content/plugins/ioxi/alfa-ioxi.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:28 +0330] "GET /images/leafmailer2.8.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:29 +0330] "GET /wp-admin/css/colors/coffee/leaf.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:31 +0330] "GET /wp-admin/includes/leaf.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:34 +0330] "GET /wp-admin/leafmailer2.8.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:35 +0330] "GET /wp-admin/maint/leaf.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:36 +0330] "GET /wp-content/leaf.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:37 +0330] "GET /wp-content/leafmailer.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:38 +0330] "GET /wp-content/leafmailer2.8.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:39 +0330] "GET /wp-includes/leaf.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:41 +0330] "GET /palka_m.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:42 +0330] "GET /wp-admin/css/colors/coffee/XXxxX.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:44 +0330] "GET /xmlrpc.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:46 +0330] "GET /8.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:48 +0330] "GET /gel4y.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:49 +0330] "GET /wp-admin/network/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:50 +0330] "GET /wp-includes/IXR/moon.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:51 +0330] "GET /wp-admin/includes/moon.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:52 +0330] "GET /moon.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:53 +0330] "GET /includes/certificates/moon.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:54 +0330] "GET /.well-knownold/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:54 +0330] "GET /wp-admin/maint/moon.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:34 +0330] "GET /wp-includes/js/thickbox/thickbox.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:37 +0330] "GET /goat1.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:40 +0330] "GET /wp-includes/leafmailer.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:40 +0330] "GET /wp-includes/certificates/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:40 +0330] "GET /wp-admin/css/colors/coffee/palka_m.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:42 +0330] "GET /.well-known/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:43 +0330] "GET /XXxxX.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:45 +0330] "GET /S.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:47 +0330] "GET /wp-content/plugins/revslider/includes/external/page/index.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:49 +0330] "GET /api.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:49 +0330] "GET /wp-admin/network/moon.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:52 +0330] "GET /wp-includes/sitemaps/providers/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:54 +0330] "GET /wp-includes/ID3/moon.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:55 +0330] "GET /wp-admin/js/widgets/moon.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:57 +0330] "GET /wp-admin/user/moon.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:56 +0330] "GET /wp-content/upgrade/moon.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:56 +0330] "GET /wp-includes/js/crop/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:59 +0330] "GET /wp-content/plugins/moon.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:59 +0330] "GET /wp-includes/Text/Diff/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:28:00 +0330] "GET /wp-admin/images/moon.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:28:01 +0330] "GET /.tmb/moon.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:28:03 +0330] "GET /Mshell.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:28:05 +0330] "GET /defaul1.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:28:06 +0330] "GET /.well-known/pki-validation/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:28:10 +0330] "GET /.well-known/acme-challenge/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:28:11 +0330] "GET /wp-includes/rest-api/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:28:14 +0330] "GET /wp-includes/pomo/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:08 +0330] "GET /wp-content/themes/pridmag/db.php?u HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:09 +0330] "GET /wp-content/plugins/linkpreview/db.php?u HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:11 +0330] "GET /wp-content/plugins/ioptimization/IOptimize.php?rchk HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:27:58 +0330] "GET /cgi-bin/moon.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:28:00 +0330] "GET /.well-known/acme-challenge/moon.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:28:01 +0330] "GET /images/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:28:02 +0330] "GET /cjfuns.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:28:04 +0330] "GET /wp-includes/widgets/index.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:28:04 +0330] "GET /M1.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:28:06 +0330] "GET /wp-admin/css/colors/blue/defaul1.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:07 +0330] "GET /wp-content/themes/seotheme/db.php?u HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:09 +0330] "GET /wp-content/themes/gaukingo/db.php?u HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:10 +0330] "GET /wp-content/plugins/seoplugins/db.php?u HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:12 +0330] "GET /wp-content/plugins/ioptimizations/IOptimizes.php?hamlorszd HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:13 +0330] "GET /wp-content/plugins/wp-file-manager/lib/files/a57bze8931.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:14 +0330] "GET /wp-content/plugins/wp-file-manager/lib/files/abruzi.php4 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:14 +0330] "GET /wp-content/plugins/wp-file-manager/lib/files/abruzi.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:12 +0330] "GET /wp-content/uploads/wp_live_chat/abruzi.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:17 +0330] "GET /wp-content/plugins/superstorefinder-wp/ssf-wp-admin/pages/SSF_WP_UPLOADS_PATH/csv/import/xo.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:18 +0330] "GET /wp-content/plugins/superstorefinder-wp/ssf-wp-admin/pages/SSF_WP_UPLOADS_PATH/csv/import/abruzi.php4 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:20 +0330] "GET /wp-content/plugins/formcraft/file-upload/server/php/files/abruzi.php4 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:22 +0330] "GET /wp-content/plugins/formcraft/file-upload/server/php/files/xo.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:24 +0330] "GET /wp-content/plugins/ioptimization/xo.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:24 +0330] "GET /wp-content/plugins/ioptimization/abruzi.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:25 +0330] "GET /wp-content/plugins/ioptimization/abruzi.php4 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:27 +0330] "GET /wp-content/plugins/apikey/xo.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:28 +0330] "GET /wp-content/plugins/apikey/abruzi.php4 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:30 +0330] "GET /wp-content/plugins/ioptimizations/abruzi.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:31 +0330] "GET /wp-content/plugins/ioptimizations/abruzi.php4 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:32 +0330] "GET /abruzi.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:15 +0330] "GET /wp-content/plugins/wp-file-manager/lib/files/king.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:16 +0330] "GET /wp-content/plugins/wp-file-manager/lib/files/xo.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:16 +0330] "GET /wp-content/plugins/superstorefinder-wp/ssf-wp-admin/pages/SSF_WP_UPLOADS_PATH/csv/import/king.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:19 +0330] "GET /wp-content/plugins/superstorefinder-wp/ssf-wp-admin/pages/SSF_WP_UPLOADS_PATH/csv/import/a57bze8931.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:19 +0330] "GET /wp-content/plugins/superstorefinder-wp/ssf-wp-admin/pages/SSF_WP_UPLOADS_PATH/csv/import/abruzi.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:21 +0330] "GET /wp-content/plugins/formcraft/file-upload/server/php/files/king.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:21 +0330] "GET /wp-content/plugins/formcraft/file-upload/server/php/files/abruzi.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:23 +0330] "GET /wp-content/plugins/ioptimization/king.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:26 +0330] "GET /wp-content/plugins/apikey/king.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:27 +0330] "GET /wp-content/plugins/apikey/abruzi.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:29 +0330] "GET /wp-content/plugins/ioptimizations/king.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:29 +0330] "GET /wp-content/plugins/ioptimizations/xo.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:32 +0330] "GET /abruzi.php4 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:33 +0330] "GET /wp-content/plugins/dzs-zoomsounds/king HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:35 +0330] "GET /wp-content/plugins/dzs-zoomsounds/abruzi.php4 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:36 +0330] "GET /xo.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:36:17 +0330] "GET /xxl.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:36:39 +0330] "GET /x.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:34 +0330] "GET /wp-content/plugins/dzs-zoomsounds/xo.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:35 +0330] "GET /wp-content/plugins/dzs-zoomsounds/abruzi.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:29:37 +0330] "GET /king.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:34:07 +0330] "GET /xleet.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:34:52 +0330] "GET /xl2023.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:35:27 +0330] "GET /xl2023x.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 45.138.16.150 - - [20/Nov/2025:22:36:50 +0330] "POST /ALFA_DATA/alfacgiapi/perl.alfa HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 45.138.16.150 - - [20/Nov/2025:22:36:50 +0330] "POST /wp-plain.php HTTP/1.1" 301 795 "www.google.com" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 45.138.16.150 - - [20/Nov/2025:22:36:51 +0330] "POST /alfacgiapi/perl.alfa HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:37:44 +0330] "GET /wp-admin/xl2023.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:38:45 +0330] "GET /.well-known/acme-challenge/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:39:12 +0330] "GET /wp-admin/includes/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:39:40 +0330] "GET /wp-admin/maint/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:40:03 +0330] "GET /wp-content/upgrade/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:40:41 +0330] "GET /wp-admin/user/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:40:58 +0330] "GET /wp-admin/js/widgets/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:41:32 +0330] "GET /wp-admin/images/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:41:50 +0330] "GET /.well-known/pki-validation/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:42:21 +0330] "GET /admin-heade.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:42:36 +0330] "GET /cgi-bin/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 45.138.16.150 - - [20/Nov/2025:22:36:50 +0330] "GET /wp-content/themes/seotheme/db.php?u HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 45.138.16.150 - - [20/Nov/2025:22:36:50 +0330] "GET / HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 45.138.16.150 - - [20/Nov/2025:22:36:50 +0330] "GET /wp-content/plugins/fix/up.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:37:13 +0330] "GET /xl.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:38:17 +0330] "GET /wp-includes/xl2023.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:40:22 +0330] "GET /images/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:41:11 +0330] "GET /wp-admin/network/iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:42:06 +0330] "GET /xleet-shell.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:42:50 +0330] "GET /wp-content/xl2023.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:43:03 +0330] "GET /wp-content/xl2023.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:43:16 +0330] "GET /iR7SzrsOUEP.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:43:29 +0330] "GET /wp-content/uploads/xl2023.php HTTP/1.1" 301 795 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 45.134.79.144 - - [20/Nov/2025:22:58:34 +0330] "GET //leaf.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" 45.134.79.144 - - [20/Nov/2025:22:58:35 +0330] "GET //leafmailer2.8.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" 45.134.79.144 - - [20/Nov/2025:22:58:35 +0330] "GET //bb.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" 45.134.79.144 - - [20/Nov/2025:22:58:36 +0330] "GET //m.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" 45.134.79.144 - - [20/Nov/2025:22:58:38 +0330] "GET //shell.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" 45.134.79.144 - - [20/Nov/2025:22:58:38 +0330] "GET //up.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" 45.134.79.144 - - [20/Nov/2025:22:58:39 +0330] "GET //vuln.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:58:45 +0330] "GET /.well-known/pki-validation/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:58:46 +0330] "GET /.well-known/acme-challenge/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:58:48 +0330] "GET /wp-admin/network/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:58:51 +0330] "GET /css/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:58:52 +0330] "GET /wp-admin/user/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:58:58 +0330] "GET /wp-admin/js/widgets/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:01 +0330] "GET /wp-admin/includes/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:02 +0330] "GET /wp-admin/css/colors/blue/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:03 +0330] "GET /wp-admin/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 45.134.79.144 - - [20/Nov/2025:22:57:50 +0330] "GET //x.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" 45.134.79.144 - - [20/Nov/2025:22:58:24 +0330] "GET //wso.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" 45.134.79.144 - - [20/Nov/2025:22:58:25 +0330] "GET //srx.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" 45.134.79.144 - - [20/Nov/2025:22:58:26 +0330] "GET //1337.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" 45.134.79.144 - - [20/Nov/2025:22:58:27 +0330] "GET //xx.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:58:49 +0330] "GET /cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:58:50 +0330] "GET /cgi-bin/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:58:54 +0330] "GET /img/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:58:55 +0330] "GET /wp-admin/css/colors/coffee/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:58:56 +0330] "GET /wp-admin/images/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:58:57 +0330] "GET /images/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:58:59 +0330] "GET /wp-admin/css/colors/cloud.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:04 +0330] "GET /wp-login.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:06 +0330] "GET /wp-admin/about.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:07 +0330] "GET /revision.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:08 +0330] "GET /max.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:05 +0330] "GET /wp-cron.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:11 +0330] "GET /4price3.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:12 +0330] "GET /ioxi-rex.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:13 +0330] "GET /wp-admin/css/colors/blue/ioxi1.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:14 +0330] "GET /ioxi2.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:15 +0330] "GET /wp-includes/js/js.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:17 +0330] "GET /million.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:18 +0330] "GET /4pric.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:21 +0330] "GET /.well-knownold/bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:22 +0330] "GET /.well-known/acme-challenge/bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:23 +0330] "GET /.well-known/pkivalidation/bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:24 +0330] "GET /wp-content/plugins/bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:25 +0330] "GET /wp-content/uploads/bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:27 +0330] "GET /wp-includes/bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:30 +0330] "GET /.well-known/bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:09 +0330] "GET /wso-x569.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:10 +0330] "GET /fm1.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:16 +0330] "GET /wp-content/style-css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:19 +0330] "GET /404.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:20 +0330] "GET /wp-content/themes/twenty/twenty.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:26 +0330] "GET /wp-content/bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:28 +0330] "GET /wp-admin/bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:29 +0330] "GET /wp-content/themes/bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:32 +0330] "GET /wp-admin/shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:33 +0330] "GET /wp-includes/shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:35 +0330] "GET /wp-content/uploads/shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:37 +0330] "GET /.well-known/pkivalidation/shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:42 +0330] "GET /wp-admin/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:47 +0330] "GET /wp-content/plugins/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:48 +0330] "GET /.well-known/pkivalidation/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:31 +0330] "GET /wp-content/themes/shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:34 +0330] "GET /wp-content/shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:36 +0330] "GET /wp-content/plugins/shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:38 +0330] "GET /.well-known/acme-challenge/shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:39 +0330] "GET /.well-knownold/shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:40 +0330] "GET /.well-known/shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:41 +0330] "GET /wp-content/themes/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:44 +0330] "GET /wp-includes/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:45 +0330] "GET /wp-content/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:46 +0330] "GET /wp-content/uploads/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:51 +0330] "GET /wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:53 +0330] "GET /.well-known/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:54 +0330] "GET /about.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:55 +0330] "GET /index.php?3x=3x HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:58 +0330] "GET /wp-content/plugins/wp-daft/miin.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:49 +0330] "GET /.well-known/acme-challenge/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:50 +0330] "GET /.well-knownold/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:56 +0330] "GET /wp-content/plugins/wordpress-three/miin.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:57 +0330] "GET /wp-load.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:22:59:59 +0330] "GET /css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:00 +0330] "GET /wp-content/plugins/column/miin.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:02 +0330] "GET /edit-form.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:03 +0330] "GET /wp-includes/class-wp-recovery-mode-cookiie-service.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:04 +0330] "GET /wp-includes/class-wp-upgrade.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:05 +0330] "GET /images/horuxshell2.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:08 +0330] "GET /wp-class.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:09 +0330] "GET /wp-content/plugins/sid/sidwso.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:10 +0330] "GET /libraries/phpmailer/updates.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:11 +0330] "GET /wp-content/plugins/TOPXOH/wDR.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:12 +0330] "GET /batm.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:01 +0330] "GET /wp-content/themes/hello-element/footer.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:06 +0330] "GET /images/jinx.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:07 +0330] "GET /images/batm.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:13 +0330] "GET /radio.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:15 +0330] "GET /wp-includes/wp-class.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:16 +0330] "GET /xltavrat.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:17 +0330] "GET /wp-commentin.php?pass=f0aab4595a024d626315fb786dce8282 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:18 +0330] "GET /wp-admin/maint/wso.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:19 +0330] "GET /wp-admin/css/wso.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:25 +0330] "GET /wp-content/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:26 +0330] "GET /wp-includes/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:28 +0330] "GET /wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:29 +0330] "GET /cgi-bin/wp-2019.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:31 +0330] "GET /.well-known/wp-2019.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:32 +0330] "GET /wp-includes/wp-2019.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:21 +0330] "GET /images/wso.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:22 +0330] "GET /wp-admin/css/fw.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:23 +0330] "GET /images/fw.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:24 +0330] "GET /ALFA_DATA/alfacgiapi/fw.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:27 +0330] "GET /wp-admin/wso112233.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:30 +0330] "GET /ALFA_DATA/wp-2019.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:34 +0330] "GET /wp-admin/wp-2019.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:35 +0330] "GET /wp-content/wp-2019.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:38 +0330] "GET /images/wp-2019.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:40 +0330] "GET /wp-includes/wp-atom.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:42 +0330] "GET /wp-atom.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:43 +0330] "GET /wp-admin/wp-atom.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:45 +0330] "GET /ws.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:47 +0330] "GET /ws.php7 HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:48 +0330] "GET /shell.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:36 +0330] "GET /wp-2019.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:41 +0330] "GET /wp-content/wp-atom.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:44 +0330] "GET /bala.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:49 +0330] "GET /shells.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:51 +0330] "GET /fw.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:52 +0330] "GET /wso.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:54 +0330] "GET /wp-content/wso.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:55 +0330] "GET /wp-includes/wso.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:03 +0330] "GET /simple.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:04 +0330] "GET /wp-content/updates.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:06 +0330] "GET /wp/rindex.php?action=add HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:08 +0330] "GET /rindex.php?action=add HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:13 +0330] "GET /wp-includes/css/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:17 +0330] "GET /wp-admin/wp-1ogin_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:19 +0330] "GET /wp-1ogin_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:50 +0330] "GET /shell20211028.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:53 +0330] "GET /wp-admin/wso.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:57 +0330] "GET /wp-content/fw.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:57 +0330] "GET /wp-includes/fw.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:00:59 +0330] "GET /wp-admin/fw.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:00 +0330] "GET /wp-admin/includes/class.api.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:01 +0330] "GET /wp-content/class.api.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:02 +0330] "GET /class.api.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:05 +0330] "GET /site/rindex.php?action=add HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:07 +0330] "GET /blog/rindex.php?action=add HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:10 +0330] "GET /wp-content/plugins/ango/sett.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:11 +0330] "GET /wp-content/cong.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:12 +0330] "GET /wp-includes/fonts/css.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:14 +0330] "GET /wp-admin/wpconfig_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:19 +0330] "GET /wpconfig_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:22 +0330] "GET /wp-includes/images/wp-1ogin_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:24 +0330] "GET /wp-includes/wp-1ogin_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:26 +0330] "GET /wp-content/wp-1ogin_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:28 +0330] "GET /wp-content/wpconfig_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:29 +0330] "GET /wp-includes/fonts/wp-1ogin_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:30 +0330] "GET /wp-includes/fonts/wpconfig_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:34 +0330] "GET /wp-includes/Panels.txt HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:35 +0330] "GET /wp-admin/Panels.txt HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:36 +0330] "GET /.well-known/leaf.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:38 +0330] "GET /.well-known/leafmailer2.8.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:41 +0330] "GET /leaf_php.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:45 +0330] "GET /images/leaf.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:46 +0330] "GET /images/leafmailer.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:48 +0330] "GET /wp-admin/css/colors/coffee/leaf.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:49 +0330] "GET /wp-admin/css/leafmailer.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:23 +0330] "GET /wp-includes/images/wpconfig_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:25 +0330] "GET /wp-includes/wpconfig_bak.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:31 +0330] "GET /Panels.txt HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:33 +0330] "GET /wp-content/Panels.txt HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:37 +0330] "GET /.well-known/leafmailer.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:39 +0330] "GET /leaf.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:40 +0330] "GET /leaf_mailer.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:43 +0330] "GET /leafmailer.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:44 +0330] "GET /leafmailer2.8.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:47 +0330] "GET /images/leafmailer2.8.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:50 +0330] "GET /wp-admin/includes/leaf.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:51 +0330] "GET /wp-admin/includes/leafmailer.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:52 +0330] "GET /wp-admin/leaf.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:56 +0330] "GET /wp-admin/maint/leaf.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:56 +0330] "GET /wp-content/uploads/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:54 +0330] "GET /wp-admin/leafmailer.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:55 +0330] "GET /wp-admin/leafmailer2.8.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:57 +0330] "GET /wp-includes/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:58 +0330] "GET /wp-includes/css/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:00 +0330] "GET /wp-includes/IXR/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:01 +0330] "GET /wp-includes/Requests/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:02 +0330] "GET /wp-includes/SimplePie/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:03 +0330] "GET /wp-content/mu-plugins-old/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:04 +0330] "GET /wp-content/themes/classic/inc/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:05 +0330] "GET /wp-content/plugins/ninja-forms/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:08 +0330] "GET /wp-includes/blocks/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:09 +0330] "GET /wp-includes/certificates/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:11 +0330] "GET /wp-includes/fonts/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:12 +0330] "GET /wp-includes/images/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:13 +0330] "GET /.well-known/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:57 +0330] "GET /wp-content/leaf.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:01:59 +0330] "GET /wp-includes/ID3/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:02 +0330] "GET /wp-includes/Text/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:06 +0330] "GET /wp-content/mu-plugins/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:07 +0330] "GET /wp-includes/Text/Diff/Renderer/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:09 +0330] "GET /wp-includes/customize/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:15 +0330] "GET /.well-known/acme-challenge/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:20 +0330] "GET /.well-known/acme-challenge/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:25 +0330] "GET /upload/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:28 +0330] "GET /admin/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:29 +0330] "GET /images/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:30 +0330] "GET /assets/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:32 +0330] "GET /assets/%3Cahref=%22/assets/index-20251103130457.php%22%3E%3Cimgclass=%22icon%22src=%22/_autoindex/assets/icons/file-text.svg%22alt=%22%5BTXT%5D%22%3Eindex-20251103130457.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:34 +0330] "GET /vendor/phpunit/phpunit/src/Util/PHP/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:39 +0330] "GET /modules/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 170.106.73.216 - - [20/Nov/2025:23:02:40 +0330] "GET / HTTP/1.1" 301 795 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1" 160.178.27.203 - - [20/Nov/2025:23:02:40 +0330] "GET /Site/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:36 +0330] "GET /assets/images/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:37 +0330] "GET /vendor/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:14 +0330] "GET /ALFA_DATA/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:14 +0330] "GET /.well-knownold/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:16 +0330] "GET /.well-known/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:17 +0330] "GET /cgi-bin/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:18 +0330] "GET /ALFA_DATA/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:19 +0330] "GET /.well-knownold/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:21 +0330] "GET /.well-known/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:22 +0330] "GET /uploads/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:26 +0330] "GET /admin/uploads/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:27 +0330] "GET /Admin/uploads/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:31 +0330] "GET /assets/%3Cahref=%22/assets/index-20251103130457-20251104012130.php%22%3E%3Cimgclass=%22icon%22src=%22/_autoindex/assets/icons/file-text.svg%22alt=%22%5BTXT%5D%22%3Eindex-20251103130457-20251104012130.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:35 +0330] "GET /upload/image/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:37 +0330] "GET /Public/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:38 +0330] "GET /local/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:42 +0330] "GET /template/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:43 +0330] "GET /shop/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:44 +0330] "GET /files/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:46 +0330] "GET /include/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:48 +0330] "GET /plugins/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:55 +0330] "GET /wp-includes/certificates/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:56 +0330] "GET /wp-includes/SimplePie/Cache/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:57 +0330] "GET /wp-includes/SimplePie/Content/Type/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:59 +0330] "GET /wp-includes/SimplePie/Content/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:00 +0330] "GET /wp-includes/rest-api/endpoints/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:03 +0330] "GET /wp-includes/Requests/Proxy/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:03 +0330] "GET /wp-includes/Requests/Response/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:04 +0330] "GET /wp-includes/Requests/Transport/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:05 +0330] "GET /wp-includes/Requests/Utility/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:06 +0330] "GET /wp-includes/js/codemirror/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:41 +0330] "GET /system/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:45 +0330] "GET /admin/editor/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:47 +0330] "GET /Assets/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:48 +0330] "GET /images/stories/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:49 +0330] "GET /php/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:50 +0330] "GET /wp-includes/assets/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:51 +0330] "GET /wp-includes/Text/Diff/Engine/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:52 +0330] "GET /wp-includes/block-patterns/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:53 +0330] "GET /wp-includes/Text/Diff/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:54 +0330] "GET /wp-includes/block-supports/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:54 +0330] "GET /wp-includes/blocks/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:02:58 +0330] "GET /wp-includes/css/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:01 +0330] "GET /wp-includes/rest-api/fields/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:02 +0330] "GET /wp-includes/Requests/Cookie/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:08 +0330] "GET /wp-includes/js/crop/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:07 +0330] "GET /wp-includes/Requests/Exception/HTTP/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:09 +0330] "GET /wp-includes/images/crystal/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:11 +0330] "GET /wp-includes/images/smilies/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:12 +0330] "GET /wp-includes/images/wlw/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:13 +0330] "GET /wp-includes/rest-api/search/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:15 +0330] "GET /wp-includes/Requests/Auth/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:17 +0330] "GET /wp-includes/sitemaps/providers/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:18 +0330] "GET /wp-includes/Text/Diff/Engine/Engine/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:20 +0330] "GET /wp-includes/fonts/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:21 +0330] "GET /wp-includes/ID3/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:23 +0330] "GET /wp-includes/IXR/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:25 +0330] "GET /wp-includes/js/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:26 +0330] "GET /wp-includes/php-compat/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:26 +0330] "GET /wp-includes/PHPMailer/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:29 +0330] "GET /wp-includes/random_compat/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:10 +0330] "GET /wp-includes/images/media/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:14 +0330] "GET /wp-includes/Requests/Exception/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:16 +0330] "GET /wp-includes/sodium_compat/src/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:19 +0330] "GET /wp-includes/customize/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:21 +0330] "GET /wp-includes/html-api/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:22 +0330] "GET /wp-includes/images/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:27 +0330] "GET /wp-includes/pomo/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:37 +0330] "GET /wp-includes/SimplePie/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:38 +0330] "GET /wp-includes/sitemaps/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:39 +0330] "GET /wp-includes/sodium_compat/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:41 +0330] "GET /wp-includes/Text/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:42 +0330] "GET /wp-includes/theme-compat/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:47 +0330] "GET /admin/images/slider/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:48 +0330] "GET /admin/fckeditor/editor/filemanager/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:49 +0330] "GET /sites/default/files/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:32 +0330] "GET /wp-includes/Requests/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:33 +0330] "GET /wp-includes/rest-api/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:40 +0330] "GET /wp-includes/style-engine/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:43 +0330] "GET /wp-includes/widgets/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:44 +0330] "GET /wp-admin/css/colors/ectoplasm/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:45 +0330] "GET /wp-admin/css/colors/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:52 +0330] "GET /components/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:56 +0330] "GET /wp-includes/pomo/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:57 +0330] "GET /wp-includes/rest-api/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:58 +0330] "GET /wp-includes/widgets/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:04:02 +0330] "GET /wp-admin/maint/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:04:04 +0330] "GET /wp-admin/user/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:04:06 +0330] "GET /wp-content/plugins/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:04:07 +0330] "GET /wp-content/themes/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:04:08 +0330] "GET /wp-admin/includes/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:04:09 +0330] "GET /wp-admin/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:50 +0330] "GET /admin/controller/extension/extension/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:51 +0330] "GET /modules/mod_simplefileuploadv1.3/elements/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:53 +0330] "GET /admin/uploads/images/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:55 +0330] "GET /wp-includes/js/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:03:59 +0330] "GET /wp-admin/css/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:04:01 +0330] "GET /wp-admin/images/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:04:02 +0330] "GET /wp-admin/meta/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:04:04 +0330] "GET /wp-admin/network/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:04:05 +0330] "GET /wp-content/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:04:11 +0330] "GET /wp-content/upgrade/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:27:57 +0330] "GET /smtp.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:02 +0330] "GET /admin.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:06 +0330] "GET /raw.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:09 +0330] "GET /wp-content/themes/fitnessbase/dev.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:10 +0330] "GET /wp-content/themes/fitnessbase/send.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:11 +0330] "GET /wp-content/themes/fitnessbase/upup.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:13 +0330] "GET /themes/seotheme/mar.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:17 +0330] "GET /wp-content/wso.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:21 +0330] "GET /wp-content/wso2.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:23 +0330] "GET /wp-content/uploads/wso.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:25 +0330] "GET /wp-content/uploads/alfa.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:26 +0330] "GET /wp-content/uploads/shell.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:29 +0330] "GET /wp-content/uploads/up.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:31 +0330] "GET /wp-content/uploads/uploader.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:33 +0330] "GET /wp-content/uploads/index.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:41 +0330] "GET /alfashell.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:42 +0330] "GET /shellalfa.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:44 +0330] "GET /x.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:45 +0330] "GET /file.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:46 +0330] "GET /files.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:49 +0330] "GET /ups.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:50 +0330] "GET /ru.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:54 +0330] "GET /fw.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:27:58 +0330] "GET /wp-includes/Text/mar.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:27:59 +0330] "GET /themes.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:00 +0330] "GET /wp-includes/css/controllers.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:07 +0330] "GET /wp-content/plugins/revslider/includes/external/page/index.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:14 +0330] "GET /wp-content/plugins/ango/cong.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:15 +0330] "GET /wp-content/plugins/ango/sett.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:18 +0330] "GET /wp-content/alfa.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:20 +0330] "GET /wp-content/shell.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:22 +0330] "GET /wp-content//wso1.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:27 +0330] "GET /wp-content/uploads/wso2.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:28 +0330] "GET /wp-content/uploads/wso1.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:32 +0330] "GET /wp-content/vuln.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:34 +0330] "GET /1index.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:35 +0330] "GET /wso.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:37 +0330] "GET /ws.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:38 +0330] "GET /wso2.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:39 +0330] "GET /2022.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:40 +0330] "GET /2021.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:48 +0330] "GET /shell4.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:51 +0330] "GET /if.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:52 +0330] "GET /vuln.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:55 +0330] "GET /skipper.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:02 +0330] "GET /inje3ctor.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:04 +0330] "GET /wso.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:08 +0330] "GET /uploader.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:11 +0330] "GET /up.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:13 +0330] "GET /hacked.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:16 +0330] "GET /priv8.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:18 +0330] "GET /cmd13.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:19 +0330] "GET /inc20k1.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:20 +0330] "GET /1index.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:21 +0330] "GET /404.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:22 +0330] "GET /swm.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:24 +0330] "GET /wp.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:25 +0330] "GET /doc.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:26 +0330] "GET /shx.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:27 +0330] "GET /ws.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:28 +0330] "GET /m.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:29 +0330] "GET /edit-form.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:30 +0330] "GET /LEAF.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:31 +0330] "GET /leafmailer.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:32 +0330] "GET /mailer.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:36 +0330] "GET /leaf.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:37 +0330] "GET /x.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:38 +0330] "GET /srx.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:40 +0330] "GET /1337.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:42 +0330] "GET /wp-content/uploads/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:28:56 +0330] "GET /skippershell.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:57 +0330] "GET /tttt.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:28:59 +0330] "GET /tshop.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:00 +0330] "GET /alfa.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:01 +0330] "GET /shell.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:03 +0330] "GET /saudi.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:06 +0330] "GET /alfashell.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:07 +0330] "GET /my_alfa.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:14 +0330] "GET /c99.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:17 +0330] "GET /Navir.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:33 +0330] "GET /leafmailer2.8.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:35 +0330] "GET /Leaf.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:41 +0330] "GET /xx.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:42 +0330] "GET /wp-includes/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:29:43 +0330] "GET /lf.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:43 +0330] "GET /wp-includes/css/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:29:44 +0330] "GET /wp-includes/ID3/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:29:46 +0330] "GET /marijuana.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:47 +0330] "GET /gaza.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:48 +0330] "GET /wp-admin.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:51 +0330] "GET /wp-content/mu-plugins/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:29:44 +0330] "GET /alex.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:45 +0330] "GET /new.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:45 +0330] "GET /wp-includes/IXR/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:29:46 +0330] "GET /wp-includes/Requests/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:29:47 +0330] "GET /wp-includes/SimplePie/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:29:48 +0330] "GET /wp-includes/Text/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:29:49 +0330] "GET /wp-content/mu-plugins-old/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:29:49 +0330] "GET /wp-content/themes/classic/inc/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:29:50 +0330] "GET /3index.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:50 +0330] "GET /wp-content/plugins/ninja-forms/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:29:51 +0330] "GET /wikindex.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:52 +0330] "GET /wso1.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:53 +0330] "GET /bb.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:54 +0330] "GET /wp-includes/certificates/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:29:54 +0330] "GET /Lux.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:55 +0330] "GET /haxor.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:55 +0330] "GET /wp-includes/fonts/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:29:56 +0330] "GET /wp-includes/images/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:29:52 +0330] "GET /wp-includes/Text/Diff/Renderer/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:29:53 +0330] "GET /wp-includes/blocks/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:29:54 +0330] "GET /wp-includes/customize/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:29:59 +0330] "GET /.well-knownold/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:29:59 +0330] "GET /ru.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:00 +0330] "GET /.well-known/acme-challenge/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:00 +0330] "GET /if.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:00 +0330] "GET /.well-known/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:01 +0330] "GET /cgi-bin/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:01 +0330] "GET /vuln.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:02 +0330] "GET /ALFA_DATA/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:02 +0330] "GET /fw.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:04 +0330] "GET /.well-known/acme-challenge/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:06 +0330] "GET /tttt.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:07 +0330] "GET /tshop.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:07 +0330] "GET /admin/uploads/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:08 +0330] "GET /alfa.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:08 +0330] "GET /Admin/uploads/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:29:56 +0330] "GET /shell4.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:57 +0330] "GET /.well-known/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:29:57 +0330] "GET /ups.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:29:58 +0330] "GET /ALFA_DATA/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:03 +0330] "GET /.well-knownold/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:04 +0330] "GET /skipper.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:05 +0330] "GET /.well-known/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:05 +0330] "GET /skippershell.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:05 +0330] "GET /uploads/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:06 +0330] "GET /upload/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:09 +0330] "GET /shell.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:10 +0330] "GET /images/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:11 +0330] "GET /assets/%3Cahref=%22/assets/index-20251103130457-20251104012130.php%22%3E%3Cimgclass=%22icon%22src=%22/_autoindex/assets/icons/file-text.svg%22alt=%22%5BTXT%5D%22%3Eindex-20251103130457-20251104012130.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:13 +0330] "GET /assets/%3Cahref=%22/assets/index-20251103130457.php%22%3E%3Cimgclass=%22icon%22src=%22/_autoindex/assets/icons/file-text.svg%22alt=%22%5BTXT%5D%22%3Eindex-20251103130457.php HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:17 +0330] "GET /my_alfa.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:18 +0330] "GET /uploader.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:18 +0330] "GET /assets/images/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:09 +0330] "GET /admin/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:10 +0330] "GET /inje3ctor.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:10 +0330] "GET /assets/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:11 +0330] "GET /saudi.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:13 +0330] "GET /wso.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:14 +0330] "GET /alfashell.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:16 +0330] "GET /vendor/phpunit/phpunit/src/Util/PHP/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:18 +0330] "GET /upload/image/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:19 +0330] "GET /up.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:22 +0330] "GET /c99.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:23 +0330] "GET /Site/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:23 +0330] "GET /priv8.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:24 +0330] "GET /Navir.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:25 +0330] "GET /shop/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:26 +0330] "GET /cmd13.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:26 +0330] "GET /files/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:27 +0330] "GET /inc20k1.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:27 +0330] "GET /admin/editor/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:28 +0330] "GET /include/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:19 +0330] "GET /Public/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:20 +0330] "GET /vendor/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:21 +0330] "GET /hacked.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:21 +0330] "GET /local/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:22 +0330] "GET /modules/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:24 +0330] "GET /system/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:25 +0330] "GET /template/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:29 +0330] "GET /Assets/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:30 +0330] "GET /plugins/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:31 +0330] "GET /wp.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:33 +0330] "GET /wp-includes/Text/Diff/Engine/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:34 +0330] "GET /php.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:37 +0330] "GET /root.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:37 +0330] "GET /wp-includes/certificates/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:39 +0330] "GET /wp-includes/SimplePie/Content/Type/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:40 +0330] "GET /bot.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:40 +0330] "GET /wp-includes/SimplePie/Content/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:41 +0330] "GET /doc.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:28 +0330] "GET /1index.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:29 +0330] "GET /404.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:29 +0330] "GET /images/stories/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:30 +0330] "GET /swm.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:31 +0330] "GET /php/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:32 +0330] "GET /wp-includes/assets/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:32 +0330] "GET /mini.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:34 +0330] "GET /wp-includes/block-patterns/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:35 +0330] "GET /wp-includes/Text/Diff/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:35 +0330] "GET /gif.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:35 +0330] "GET /wp-includes/block-supports/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:36 +0330] "GET /simple.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:36 +0330] "GET /wp-includes/blocks/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:38 +0330] "GET /wp-includes/SimplePie/Cache/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:38 +0330] "GET /toor.pho HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:40 +0330] "GET /wp-includes/css/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:41 +0330] "GET /wp-includes/rest-api/endpoints/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:42 +0330] "GET /wp-includes/rest-api/fields/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:42 +0330] "GET /shx.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:43 +0330] "GET /wp-includes/Requests/Cookie/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:45 +0330] "GET /m.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:45 +0330] "GET /wp-includes/Requests/Response/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:46 +0330] "GET /edit-form.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:46 +0330] "GET /wp-includes/Requests/Utility/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:47 +0330] "GET /LEAF.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:48 +0330] "GET /leafmailer.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:48 +0330] "GET /wp-includes/Requests/Exception/HTTP/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:49 +0330] "GET /mailer.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:50 +0330] "GET /wp-includes/images/crystal/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:50 +0330] "GET /leafmailer2.8.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:51 +0330] "GET /wp-includes/images/media/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:51 +0330] "GET /php_sender.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:52 +0330] "GET /wp-includes/images/smilies/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:52 +0330] "GET /wp-includes/images/wlw/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:53 +0330] "GET /wp-includes/rest-api/search/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:54 +0330] "GET /wp-includes/Requests/Exception/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:55 +0330] "GET /leaf_php.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:55 +0330] "GET /wp-includes/Requests/Auth/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:56 +0330] "GET /wp-includes/sodium_compat/src/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:57 +0330] "GET /wp-includes/sitemaps/providers/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:57 +0330] "GET /leaf_mailer.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:58 +0330] "GET /wp-includes/Text/Diff/Engine/Engine/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:58 +0330] "GET /Leaf.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:59 +0330] "GET /leaf.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:59 +0330] "GET /wp-includes/fonts/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:03 +0330] "GET /1337.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:03 +0330] "GET /wp-includes/IXR/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:04 +0330] "GET /wp-includes/php-compat/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:05 +0330] "GET /wp-includes/PHPMailer/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:06 +0330] "GET /lf.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:07 +0330] "GET /alex.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:07 +0330] "GET /wp-includes/random_compat/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:08 +0330] "GET /wp-includes/Requests/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:08 +0330] "GET /new.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:43 +0330] "GET /ws.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:44 +0330] "GET /wp-includes/Requests/Proxy/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:46 +0330] "GET /wp-includes/Requests/Transport/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:47 +0330] "GET /wp-includes/js/codemirror/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:49 +0330] "GET /wp-includes/js/crop/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:30:53 +0330] "GET /phpsender.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:54 +0330] "GET /smtp.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:56 +0330] "GET /php.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:30:59 +0330] "GET /wp-includes/customize/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:00 +0330] "GET /wp-includes/html-api/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:00 +0330] "GET /x.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:01 +0330] "GET /wp-includes/ID3/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:01 +0330] "GET /srx.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:02 +0330] "GET /wp-includes/images/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:04 +0330] "GET /wp-includes/js/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:04 +0330] "GET /xx.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:06 +0330] "GET /wp-includes/pomo/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:09 +0330] "GET /marijuana.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:10 +0330] "GET /wp-includes/sitemaps/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:11 +0330] "GET /wp-includes/sodium_compat/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:12 +0330] "GET /wp-includes/style-engine/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:13 +0330] "GET /wp-includes/theme-compat/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:14 +0330] "GET /wso1.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:14 +0330] "GET /wp-includes/widgets/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:15 +0330] "GET /wp-admin/css/colors/ectoplasm/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:16 +0330] "GET /wp-admin/css/colors/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:16 +0330] "GET /Lux.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:17 +0330] "GET /haxor.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:19 +0330] "GET /wp-content/plugins/wp-diambar/includes/loadme.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:20 +0330] "GET /admin/controller/extension/extension/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:20 +0330] "GET /wp-content/plugins/zaen/includes/loadme.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:23 +0330] "GET /modules/mod_simplefileuploadv1.3/elements/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:25 +0330] "GET /components/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:27 +0330] "GET /admin/uploads/images/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:28 +0330] "GET /wp-content/wp.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:09 +0330] "GET /wp-includes/rest-api/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:09 +0330] "GET /wp-includes/SimplePie/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:10 +0330] "GET /gaza.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:11 +0330] "GET /wp-admin.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:12 +0330] "GET /3index.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:13 +0330] "GET /wp-includes/Text/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:13 +0330] "GET /wikindex.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:15 +0330] "GET /bb.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:17 +0330] "GET /admin/images/slider/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:18 +0330] "GET /admin/fckeditor/editor/filemanager/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:19 +0330] "GET /sites/default/files/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:27 +0330] "GET /wp-content/plugins/zedd/1.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:27 +0330] "GET /wp-content/plugins/cakil/up.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:28 +0330] "GET /wp-includes/js/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:30 +0330] "GET /wp-includes/rest-api/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:30 +0330] "GET /wp-includes/widgets/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:31 +0330] "GET /wp-admin/css/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:29 +0330] "GET /wp-includes/pomo/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:29 +0330] "GET /wp-content/plugins/ubh/con.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:31 +0330] "GET /wp-content/plugins/cache-wordpress/payment.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:32 +0330] "GET /wp-content/plugins/cekidot/mr.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:33 +0330] "GET /black.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:35 +0330] "GET /wp-admin/network/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:36 +0330] "GET /wp-admin/user/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:36 +0330] "GET /wp-content/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:37 +0330] "GET /wp-content/plugins/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:38 +0330] "GET /blog/fw.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:39 +0330] "GET /wordpress/fw.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:39 +0330] "GET /wp-admin/includes/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:40 +0330] "GET /wp-admin/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:43 +0330] "GET /f0x.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:44 +0330] "GET /wp-admin/f0x.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:47 +0330] "GET /wp-includes/f0x.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:48 +0330] "GET /alfa.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:49 +0330] "GET /wp-admin/alfa.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:50 +0330] "GET /wp-content/alfa.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:53 +0330] "GET /wp-class.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:32 +0330] "GET /wp-admin/images/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:33 +0330] "GET /wp-admin/maint/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:34 +0330] "GET /wp-admin/meta/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:34 +0330] "GET /wp-content/plugins/wp-freeform/black2llleaf.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:35 +0330] "GET /wpvitamins.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:36 +0330] "GET /fw.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:38 +0330] "GET /wp-content/themes/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:40 +0330] "GET /wp-admin/fw.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:40 +0330] "GET /wp-content/upgrade/ HTTP/1.1" 301 795 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 160.178.27.203 - - [20/Nov/2025:23:31:41 +0330] "GET /wp-content/fw.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:42 +0330] "GET /wp-includes/fw.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:45 +0330] "GET /wp-content/f0x.ph HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:51 +0330] "GET /wp-includes/alfa.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:52 +0330] "GET /wp-blog.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:54 +0330] "GET /module.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:55 +0330] "GET /Init.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:03 +0330] "GET /ms.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:08 +0330] "GET /alex.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:10 +0330] "GET /wp-0.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:11 +0330] "GET /wp-1.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:15 +0330] "GET /Bulle.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:57 +0330] "GET /wp-includes/wp-class.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:31:58 +0330] "GET /shx.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:00 +0330] "GET /kil.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:01 +0330] "GET /ovshell.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:02 +0330] "GET /alfanibos.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:04 +0330] "GET /message.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:06 +0330] "GET /wp-mails.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:07 +0330] "GET /wikiindex.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:09 +0330] "GET /shx.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:12 +0330] "GET /xindex.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:13 +0330] "GET /wiki-index.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:18 +0330] "GET /wso.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:20 +0330] "GET /c99.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:23 +0330] "GET /plugins.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:25 +0330] "GET /1.aspx HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:27 +0330] "GET /a.aspx HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:35 +0330] "GET /av.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:38 +0330] "GET /upl.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:39 +0330] "GET /login.phtml HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:42 +0330] "GET /darkshell.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:45 +0330] "GET /contacts.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:48 +0330] "GET //wp-content/fm.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:54 +0330] "GET /images/mar.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:55 +0330] "GET /images/1.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:16 +0330] "GET /srx.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:17 +0330] "GET /wp-content/plugins/owfsmac/mar.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:21 +0330] "GET /tersembunyi.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:22 +0330] "GET /lab.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:26 +0330] "GET /shell.aspx HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:28 +0330] "GET /wp-raze.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:30 +0330] "GET /wp-init.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:32 +0330] "GET /lyda.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:34 +0330] "GET /alfashell.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:36 +0330] "GET /goods.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:40 +0330] "GET /fox.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:41 +0330] "GET /gelay.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:44 +0330] "GET /gel4y.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:46 +0330] "GET /xmlrpc.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:47 +0330] "GET /yo.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:49 +0330] "GET //wp-content/a.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:51 +0330] "GET //images/sym.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:52 +0330] "GET /images/shell.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:53 +0330] "GET /images/mini.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:57 +0330] "GET /images/upload.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:32:59 +0330] "GET /images/up.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:33:03 +0330] "GET /images/alfa.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:33:05 +0330] "GET /images/gelay.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0" 160.178.27.203 - - [20/Nov/2025:23:33:06 +0330] "GET /images/byps.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0"

| ver. 1.4 | Github | . | PHP 8.1.33 | Генерация страницы: 0.03 | proxy | phpinfo | Настройка