[ad_1]
**/wp-content/themes/intense/block-css.php?mode=upload**
Someone keeps trying to access the above domain on the server, does anyone know what this domain is? I looked up the intense-themed path, but the above file didn’t come out. Is it a web shell by any chance?
You have not posted any domain. You have posted a path with query string. Are you saying requests are being made to that endpoint and showing up in logs? This isn’t uncommon if so. They are looking for something with a known vulnerability probably scanning millions of sites at a time. The number of logs I have with people trying random endpoints is insane, but expected when you are on the public web, especially after your domain builds some credibility.
Now on the other hand if you have never heard of intense theme but suddenly the above path is actually on your server, then you have probably been exploited.
Also, If you are using this intense theme (it appears from a quick search to be a pretty generic fitness theme made by a generic cookie cutter theme company), I would double check that files contents, make sure it matches what is in the original theme file from vendor, there doesn’t appear to be any known exploits for the theme, etc.
Edit: autocorrect update, explored -> exploited but it was probably correct either way.