172.192.65.163 - - [08/Oct/2025:07:35:40 -0600] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:40 -0600] "GET /atomlib.php HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:40 -0600] "GET /a.php HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:40 -0600] "GET /v.php HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:40 -0600] "GET /d2.php HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:41 -0600] "GET /xc.php HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:41 -0600] "GET /g.php HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:41 -0600] "GET /gmo.php HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:41 -0600] "GET /11.php HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:41 -0600] "GET /20.php HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:41 -0600] "GET /f35.php HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:41 -0600] "GET /1.php HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:42 -0600] "GET /c.php HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:42 -0600] "GET /build.php HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:42 -0600] "GET /bless.php HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:42 -0600] "GET /admin/upload/css.php HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:42 -0600] "GET /lock360.php HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:42 -0600] "GET /4.php?p= HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:43 -0600] "GET /about.php HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:43 -0600] "GET /r.php HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:43 -0600] "GET /v4.php HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:43 -0600] "GET /wp-22.php HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:43 -0600] "GET /makeasmtp.php?p= HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:43 -0600] "GET /system_log.php HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:44 -0600] "GET /NewFile.php HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:44 -0600] "GET /t.php?p= HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:44 -0600] "GET /ee.php HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:44 -0600] "GET /2.php HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:44 -0600] "GET //gmo.php HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:44 -0600] "GET /6.php HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:45 -0600] "GET /12.php HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:45 -0600] "GET /0.php HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:45 -0600] "GET /wp-admin/css/wp-conflg.php?p= HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:45 -0600] "GET /wp-includes/js/codemirror/index.php HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:45 -0600] "GET /02.php HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:45 -0600] "GET /w.php HTTP/1.1" 200 - "-" "-" 172.192.65.163 - - [08/Oct/2025:07:35:46 -0600] "GET /go.php?p= HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:08 -0600] "GET / HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:09 -0600] "GET /wordpress HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:09 -0600] "GET /wp-admin/setup-config.php HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:09 -0600] "GET /wp-admin/install.php HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:09 -0600] "GET /wp HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:09 -0600] "GET /blog HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:10 -0600] "GET /new HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:10 -0600] "GET / HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:10 -0600] "GET / HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:10 -0600] "GET /old HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:10 -0600] "GET / HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:10 -0600] "GET / HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:10 -0600] "GET /newsite HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:10 -0600] "GET /wordpress HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:10 -0600] "GET /wordpress HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:10 -0600] "GET /test HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:10 -0600] "GET /wp-admin/setup-config.php HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:10 -0600] "GET /wp-admin/setup-config.php HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:10 -0600] "GET /main HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:10 -0600] "GET /wp-admin/install.php HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:10 -0600] "GET /testing HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:10 -0600] "GET /wp-admin/install.php HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:11 -0600] "GET /wp HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:11 -0600] "GET /wp HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:11 -0600] "GET /site HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:11 -0600] "GET /blog HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:11 -0600] "GET /backup HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:11 -0600] "GET /blog HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:11 -0600] "GET /new HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:11 -0600] "GET /new HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:11 -0600] "GET /demo HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:11 -0600] "GET /old HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:11 -0600] "GET /old HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:11 -0600] "GET /home HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:11 -0600] "GET /newsite HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:11 -0600] "GET /newsite HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:11 -0600] "GET /tmp HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:11 -0600] "GET /test HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:12 -0600] "GET /dev HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:12 -0600] "GET /test HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:12 -0600] "GET /main HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:12 -0600] "GET /cms HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:12 -0600] "GET /main HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:12 -0600] "GET /testing HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:12 -0600] "GET /portal HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:12 -0600] "GET /testing HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:12 -0600] "GET /site HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:12 -0600] "GET /web HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:12 -0600] "GET /site HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:12 -0600] "GET /backup HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:12 -0600] "GET /backup HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:12 -0600] "GET /demo HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:12 -0600] "GET /demo HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:12 -0600] "GET /home HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:13 -0600] "GET /home HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:13 -0600] "GET /tmp HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:13 -0600] "GET /tmp HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:13 -0600] "GET /dev HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:13 -0600] "GET /dev HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:13 -0600] "GET /cms HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:13 -0600] "GET /cms HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:13 -0600] "GET /portal HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:13 -0600] "GET /portal HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:13 -0600] "GET /web HTTP/1.1" 200 - "-" "-" 196.251.83.100 - - [08/Oct/2025:09:19:13 -0600] "GET /web HTTP/1.1" 200 - "-" "-" 191.101.61.195 - - [08/Oct/2025:09:41:38 -0600] "GET /.env HTTP/1.1" 403 10369 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" 84.247.184.73 - - [08/Oct/2025:11:03:48 -0600] "GET /wp-admin/css/ HTTP/1.1" 200 - "binance.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" 185.71.90.166 - - [09/Oct/2025:01:32:29 -0600] "GET /administrator/ HTTP/1.1" 200 - "-" "Mozilla/5.0 (Linux; Android 12; SAMSUNG SM-N9750) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/21.0 Chrome/110.0.5481.154 Mobile Safari/537.36" 185.71.90.166 - - [09/Oct/2025:01:32:29 -0600] "GET /administrator/index.php HTTP/1.1" 200 - "http://ver.btlconsultants.com.mx/administrator/" "Mozilla/5.0 (Linux; Android 12; SAMSUNG SM-N9750) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/21.0 Chrome/110.0.5481.154 Mobile Safari/537.36" 185.71.90.166 - - [09/Oct/2025:01:32:30 -0600] "GET /wp-login.php HTTP/1.1" 200 - "-" "Mozilla/5.0 (Linux; Android 12; SAMSUNG SM-N9750) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/21.0 Chrome/110.0.5481.154 Mobile Safari/537.36" 185.71.90.166 - - [09/Oct/2025:01:32:30 -0600] "GET /phpmyadmin/ HTTP/1.1" 200 - "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 14_5_1 like Mac OS X) AppleWebKit/605.1.10 (KHTML, like Gecko) Mobile/15E948 Safari Line/14.21.0" 185.71.90.166 - - [09/Oct/2025:01:32:30 -0600] "GET /wp-admin/ HTTP/1.1" 200 - "http://ver.btlconsultants.com.mx/wp-login.php" "Mozilla/5.0 (Linux; Android 12; SAMSUNG SM-N9750) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/21.0 Chrome/110.0.5481.154 Mobile Safari/537.36" 185.71.90.166 - - [09/Oct/2025:01:32:30 -0600] "GET /phpMyAdmin/ HTTP/1.1" 200 - "-" "Mozilla/5.0 (X11; CrOS x86_64 12239.92.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.136 Safari/537.36" 185.71.90.166 - - [09/Oct/2025:01:32:30 -0600] "GET /admin.php HTTP/1.1" 200 - "-" "Mozilla/5.0 (Linux; Android 12; SAMSUNG SM-N9750) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/21.0 Chrome/110.0.5481.154 Mobile Safari/537.36" 185.71.90.166 - - [09/Oct/2025:01:32:31 -0600] "GET /PhpMyAdmin/ HTTP/1.1" 200 - "-" "Mozilla/5.0 (X31; U; Linux x86_64; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/7.5.544.0 Safari/534.10" 185.71.90.166 - - [09/Oct/2025:01:32:31 -0600] "GET /admin HTTP/1.1" 200 - "-" "Mozilla/5.0 (Linux; Android 12; SAMSUNG SM-N9750) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/21.0 Chrome/110.0.5481.154 Mobile Safari/537.36" 185.71.90.166 - - [09/Oct/2025:01:32:31 -0600] "GET /pma/ HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20000101 Firefox/101.0" 185.71.90.166 - - [09/Oct/2025:01:32:31 -0600] "GET /admin HTTP/1.1" 200 - "-" "Mozilla/5.0 (Linux; Android 12; SAMSUNG SM-N9750) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/21.0 Chrome/110.0.5481.154 Mobile Safari/537.36" 185.71.90.166 - - [09/Oct/2025:01:32:31 -0600] "GET /admin/ HTTP/1.1" 200 - "-" "Mozilla/5.0 (Linux; Android 12; SAMSUNG SM-N9750) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/21.0 Chrome/110.0.5481.154 Mobile Safari/537.36" 109.70.100.3 - - [09/Oct/2025:01:32:44 -0600] "GET /administrator/ HTTP/1.1" 200 - "-" "Mozilla/5.0 (Linux; Android 12; SAMSUNG SM-N9750) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/21.0 Chrome/110.0.5481.154 Mobile Safari/537.36" 109.70.100.3 - - [09/Oct/2025:01:32:44 -0600] "GET /administrator/index.php HTTP/1.1" 200 - "http://ver.btlconsultants.com.mx/administrator/" "Mozilla/5.0 (Linux; Android 12; SAMSUNG SM-N9750) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/21.0 Chrome/110.0.5481.154 Mobile Safari/537.36" 37.114.50.18 - - [09/Oct/2025:01:32:45 -0600] "GET /wp-login.php HTTP/1.1" 200 - "-" "Mozilla/5.0 (Linux; Android 12; SAMSUNG SM-N9750) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/21.0 Chrome/110.0.5481.154 Mobile Safari/537.36" 37.114.50.18 - - [09/Oct/2025:01:32:45 -0600] "GET /wp-admin/ HTTP/1.1" 200 - "http://ver.btlconsultants.com.mx/wp-login.php" "Mozilla/5.0 (Linux; Android 12; SAMSUNG SM-N9750) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/21.0 Chrome/110.0.5481.154 Mobile Safari/537.36" 45.84.107.174 - - [09/Oct/2025:01:32:46 -0600] "GET /admin.php HTTP/1.1" 200 - "-" "Mozilla/5.0 (Linux; Android 12; SAMSUNG SM-N9750) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/21.0 Chrome/110.0.5481.154 Mobile Safari/537.36" 45.84.107.174 - - [09/Oct/2025:01:32:46 -0600] "GET /admin HTTP/1.1" 200 - "-" "Mozilla/5.0 (Linux; Android 12; SAMSUNG SM-N9750) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/21.0 Chrome/110.0.5481.154 Mobile Safari/537.36" 185.241.208.82 - - [09/Oct/2025:01:32:57 -0600] "GET /admin HTTP/1.1" 200 - "-" "Mozilla/5.0 (Linux; Android 12; SAMSUNG SM-N9750) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/21.0 Chrome/110.0.5481.154 Mobile Safari/537.36" 109.71.252.97 - - [09/Oct/2025:01:33:11 -0600] "GET /admin/ HTTP/1.1" 200 - "-" "Mozilla/5.0 (Linux; Android 12; SAMSUNG SM-N9750) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/21.0 Chrome/110.0.5481.154 Mobile Safari/537.36"