AlkantarClanX12
Current Path : /home/thanudqk/ |
Current File : //home/thanudqk/scanreport-thanudqk-2024-09-02T08:45:36.935805.txt |
----------- SCAN REPORT ----------- TimeStamp: Mon, 2 Sep 2024 04:45:38 -0400 (/usr/sbin/cxs --clamdsock /var/clamd --dbreport --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 50000 --noforce --html --ignore /etc/cxs/cxs.ignore.manual --options mMOLfSGchexdnwZDRru --noprobability --qoptions Mv --report /home/thanudqk/scanreport-thanudqk-2024-09-02T08:45:36.935805.txt --sizemax 1000000 --ssl --summary --sversionscan --timemax 30 --unofficial --user thanudqk --virusscan --vmrssmax 2000000 --waitscan 0 --xtra /etc/cxs/cxs.xtra.manual) Scanning /home/thanudqk: '/home/thanudqk/.nc_plugin/hidden' # World writeable directory '/home/thanudqk/128shen.com/index.php' # Universal decode regex match = [universal decoder] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] '/home/thanudqk/128shen.com/vendor/bootstrap/js/js/JmYWsfrF.jpg' # Suspicious image file (hidden script file) '/home/thanudqk/128shen.com/wp-admin/css/colors/ocean/ocean/MHCNlb.jpeg' # Suspicious image file (hidden script file) '/home/thanudqk/128shen.com/wp-content/plugins/4dbpusq9/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/128shen.com/wp-content/plugins/6yo4lia6/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/128shen.com/wp-content/plugins/8ofsjabv/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/128shen.com/wp-content/plugins/akismet/akismet.php' # Script version check [OLD] [Akismet Anti-spam: Spam Protection v5.3.1 < v5.3.2] '/home/thanudqk/128shen.com/wp-content/plugins/emxli2lc/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/128shen.com/wp-content/plugins/hyoj9hg6/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/128shen.com/wp-content/plugins/jssyeue/index.php' # (decoded file [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Excess EVAL Exploit [P1924]] '/home/thanudqk/128shen.com/wp-content/plugins/l0jz373q/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/128shen.com/wp-content/plugins/l16q1f58/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/128shen.com/wp-content/plugins/loginizer/loginizer.php' # Script version check [OLD] [Loginizer v1.8.3 < v1.8.4] '/home/thanudqk/128shen.com/wp-content/plugins/m33al91r/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/128shen.com/wp-content/plugins/n9id6xyq/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/128shen.com/wp-content/plugins/now09tjx/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/128shen.com/wp-content/plugins/o017r0ok/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/128shen.com/wp-content/plugins/oyisshc/index.php' # Known exploit = [Fingerprint Match (fp)] [PHP EVAL Exploit [P2185]] '/home/thanudqk/128shen.com/wp-content/plugins/qr8mjk0i/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/128shen.com/wp-content/plugins/rj63w32s/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/128shen.com/wp-content/plugins/thegem-blocks/data/data.php' # Universal decode regex match = [universal decoder] '/home/thanudqk/128shen.com/wp-content/plugins/thegem-elements/inc/templates/import-data.php' # Universal decode regex match = [universal decoder] '/home/thanudqk/128shen.com/wp-content/plugins/w3-total-cache/CdnEngine_Ftp.php' # Regular expression match = [\n(?!\s*(//|\#|\*)).*\.ssh/] '/home/thanudqk/128shen.com/wp-content/plugins/w3-total-cache/w3-total-cache.php' # Script version check [OLD] [W3 Total Cache v2.7.0 < v2.7.2] '/home/thanudqk/128shen.com/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/SavingsPlans/Exception/Exception/cache.php' # Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2223]] '/home/thanudqk/128shen.com/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/data/config/2014-11-12/2014-11-12/NYkrI.jpeg' # Suspicious image file (hidden script file) '/home/thanudqk/128shen.com/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/data/config/2014-11-12/2014-11-12/cache.php' # Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2223]] '/home/thanudqk/128shen.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clike/index.html' # Suspicious file type [application/x-c] '/home/thanudqk/128shen.com/wp-content/plugins/wpcode-premium/build/admin-global-pro.css' # Universal decode regex match = [universal decoder] '/home/thanudqk/128shen.com/wp-content/plugins/y2rrjum3/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/128shen.com/wp-content/themes/4dbpusq9/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/128shen.com/wp-content/themes/6yo4lia6/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/128shen.com/wp-content/themes/8ofsjabv/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/128shen.com/wp-content/themes/emxli2lc/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/128shen.com/wp-content/themes/hyoj9hg6/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/128shen.com/wp-content/themes/l0jz373q/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/128shen.com/wp-content/themes/l16q1f58/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/128shen.com/wp-content/themes/m33al91r/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/128shen.com/wp-content/themes/n9id6xyq/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/128shen.com/wp-content/themes/now09tjx/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/128shen.com/wp-content/themes/o017r0ok/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/128shen.com/wp-content/themes/qr8mjk0i/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/128shen.com/wp-content/themes/rj63w32s/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/128shen.com/wp-content/themes/y2rrjum3/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/128shen.com/wp-content/uploads/2024/08/linkpreview.zip' # (compressed file: wso.php [depth: 1]) Universal decode regex match = [universal decoder] # (compressed file: wso.php [depth: 1]) (decoded file [depth: 0]) ClamAV detected virus = [{HEX}php.gzbase64.inject.457.UNOFFICIAL] '/home/thanudqk/128shen.com/wp-includes/Text/Diff/Engine/dashicons.ttf' # Universal decode regex match = [universal decoder] # (decoded file [advanced decoder: 14 (depth: 1)]) Decode regex match = [decode regex: 1] '/home/thanudqk/128shen.com/wp-includes/images/wpicons-3x.png' # Suspicious image file (hidden script file) # Universal decode regex match = [universal decoder] # (decoded file [advanced decoder: 14 (depth: 1)]) Decode regex match = [decode regex: 1] '/home/thanudqk/128shen.com/wp-includes/images/xit-3x.gif' # Suspicious image file (hidden script file) '/home/thanudqk/img.thanpokertour.com/maps.php' # Universal decode regex match = [universal decoder] '/home/thanudqk/public_html/.tmb' # World writeable directory '/home/thanudqk/public_html/a8wfdc0' # World writeable directory '/home/thanudqk/public_html/click-adu/index.php' # ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL] '/home/thanudqk/public_html/flat-ads/index.php' # ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL] '/home/thanudqk/public_html/freeroll/index.php' # ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL] '/home/thanudqk/public_html/freeroll_legacy/index.php' # ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL] '/home/thanudqk/public_html/iv4w' # World writeable directory '/home/thanudqk/public_html/staging-landingpage/index.php' # ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL] '/home/thanudqk/public_html/wordpress_leaderboard/index.php' # ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL] '/home/thanudqk/public_html/wordpress_leaderboard/.tmb' # World writeable directory '/home/thanudqk/public_html/wordpress_leaderboard/wp-content/plugins/akismet/akismet.php' # Script version check [OLD] [Akismet Anti-spam: Spam Protection v5.3.1 < v5.3.2] '/home/thanudqk/public_html/wordpress_leaderboard/wp-content/plugins/generateblocks/plugin.php' # Script version check [OLD] [GenerateBlocks v1.8.3 < v1.9.1] '/home/thanudqk/public_html/wordpress_leaderboard/wp-content/plugins/litespeed-cache/litespeed-cache.php' # Script version check [OLD] [LiteSpeed Cache v6.1 < v6.2.0.1] '/home/thanudqk/public_html/wordpress_leaderboard/wp-content/plugins/loginizer/loginizer.php' # Script version check [OLD] [Loginizer v1.8.3 < v1.8.4] # Scan Timeout (30 secs) while processing: '/home/thanudqk/public_html/wordpress_leaderboard/wp-content/plugins/sheets-to-wp-table-live-sync/react/build/index.js.map' '/home/thanudqk/public_html/wordpress_leaderboard/wp-content/plugins/thegem-blocks/data/data.php' # Universal decode regex match = [universal decoder] '/home/thanudqk/public_html/wordpress_leaderboard/wp-content/plugins/thegem-elements/inc/templates/import-data.php' # Universal decode regex match = [universal decoder] '/home/thanudqk/public_html/wordpress_leaderboard/wp-content/plugins/visualizer/classes/Visualizer/Module/Admin.php' # Universal decode regex match = [universal decoder] '/home/thanudqk/public_html/wordpress_leaderboard/wp-content/plugins/w3-total-cache/CdnEngine_Ftp.php' # Regular expression match = [\n(?!\s*(//|\#|\*)).*\.ssh/] '/home/thanudqk/public_html/wordpress_leaderboard/wp-content/plugins/w3-total-cache/w3-total-cache.php' # Script version check [OLD] [W3 Total Cache v2.7.0 < v2.7.2] '/home/thanudqk/public_html/wordpress_leaderboard/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clike/index.html' # Suspicious file type [application/x-c] '/home/thanudqk/public_html/wordpress_leaderboard/wp-content/plugins/wp-reset/wp-reset.php' # Script version check [OLD] [WP Reset v1.99 < v2.02] '/home/thanudqk/public_html/wordpress_leaderboard/wp-content/uploads/js_composer' # World writeable directory '/home/thanudqk/public_html/wp-content/plugins/akismet/akismet.php' # Script version check [OLD] [Akismet Anti-spam: Spam Protection v5.3.1 < v5.3.2] '/home/thanudqk/public_html/wp-content/plugins/litespeed-cache/litespeed-cache.php' # Script version check [OLD] [LiteSpeed Cache v6.1 < v6.2.0.1] '/home/thanudqk/public_html/wp-content/plugins/loginizer/loginizer.php' # Script version check [OLD] [Loginizer v1.8.3 < v1.8.4] '/home/thanudqk/public_html/wp-content/plugins/olympus-google-fonts/olympus-google-fonts.php' # Script version check [OLD] [Fonts Plugin | Google Fonts Typography v3.6.0 < v3.6.51] '/home/thanudqk/public_html/wp-content/plugins/thegem-blocks/data/data.php' # Universal decode regex match = [universal decoder] '/home/thanudqk/public_html/wp-content/plugins/thegem-elements/inc/templates/import-data.php' # Universal decode regex match = [universal decoder] '/home/thanudqk/public_html/wp-content/plugins/w3-total-cache/CdnEngine_Ftp.php' # Regular expression match = [\n(?!\s*(//|\#|\*)).*\.ssh/] '/home/thanudqk/public_html/wp-content/plugins/w3-total-cache/w3-total-cache.php' # Script version check [OLD] [W3 Total Cache v2.7.0 < v2.7.2] '/home/thanudqk/public_html/wp-content/plugins/wpcode-premium/build/admin-global-pro.css' # Universal decode regex match = [universal decoder] '/home/thanudqk/public_html/wp-content/uploads/js_composer' # World writeable directory '/home/thanudqk/public_html/y11n7fq' # World writeable directory '/home/thanudqk/public_html/yokuhub/index.php' # ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL] '/home/thanudqk/shenpokertour.com/maps.php' # Universal decode regex match = [universal decoder] '/home/thanudqk/shenpokertour.com/.tmb' # World writeable directory '/home/thanudqk/shenpokertour.com/staging/index.php' # ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL] '/home/thanudqk/shenpokertour.com/wp-content/plugins/akismet/akismet.php' # Script version check [OLD] [Akismet Anti-spam: Spam Protection v5.3.1 < v5.3.2] '/home/thanudqk/shenpokertour.com/wp-content/plugins/file-manager-advanced/application/library/codemirror/mode/clike/index.html' # Suspicious file type [application/x-c] '/home/thanudqk/shenpokertour.com/wp-content/plugins/insert-headers-and-footers/ihaf.php' # Script version check [OLD] [WPCode Lite v2.1.9 < v2.1.12] '/home/thanudqk/shenpokertour.com/wp-content/plugins/ktiymog/index.php' # (decoded file [depth: 0]) ClamAV detected virus = [YARA.eval_post.UNOFFICIAL] '/home/thanudqk/shenpokertour.com/wp-content/plugins/litespeed-cache/litespeed-cache.php' # Script version check [OLD] [LiteSpeed Cache v6.1 < v6.2.0.1] '/home/thanudqk/shenpokertour.com/wp-content/plugins/loginizer/loginizer.php' # Script version check [OLD] [Loginizer v1.8.3 < v1.8.4] '/home/thanudqk/shenpokertour.com/wp-content/plugins/thegem-blocks/data/data.php' # Universal decode regex match = [universal decoder] '/home/thanudqk/shenpokertour.com/wp-content/plugins/thegem-elements/inc/templates/import-data.php' # Universal decode regex match = [universal decoder] '/home/thanudqk/shenpokertour.com/wp-content/plugins/w3-total-cache/CdnEngine_Ftp.php' # Regular expression match = [\n(?!\s*(//|\#|\*)).*\.ssh/] '/home/thanudqk/shenpokertour.com/wp-content/plugins/w3-total-cache/w3-total-cache.php' # Script version check [OLD] [W3 Total Cache v2.7.0 < v2.7.2] '/home/thanudqk/shenpokertour.com/wp-content/plugins/wpcode-premium/build/admin-global-pro.css' # Universal decode regex match = [universal decoder] '/home/thanudqk/shenpokertour.com/wp-content/uploads/js_composer' # World writeable directory '/home/thanudqk/siamfreetour.com/.tmb' # World writeable directory '/home/thanudqk/siamfreetour.com/ClickADU-freeroll/index.php' # ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL] '/home/thanudqk/siamfreetour.com/ClickADU-freeroll_legacy/index.php' # ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL] '/home/thanudqk/siamfreetour.com/FlatAds-freeroll/index.php' # ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL] '/home/thanudqk/siamfreetour.com/FlatAds-freeroll_legacy/index.php' # ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL] '/home/thanudqk/siamfreetour.com/freeroll/index.php' # ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL] '/home/thanudqk/siamfreetour.com/freeroll_legacy/index.php' # ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL] '/home/thanudqk/siamfreetour.com/goldenticket/index.php' # ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL] '/home/thanudqk/siamfreetour.com/siamfans/index.php' # ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL] '/home/thanudqk/siamfreetour.com/spkgolden/index.php' # ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL] '/home/thanudqk/siamfreetour.com/twitter-freeroll/index.php' # ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL] '/home/thanudqk/siamfreetour.com/twitter-freeroll_legacy/index.php' # ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL] '/home/thanudqk/siamfreetour.com/wp-content/plugins/0cdjlvou/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/siamfreetour.com/wp-content/plugins/akismet/akismet.php' # Script version check [OLD] [Akismet Anti-spam: Spam Protection v5.3.1 < v5.3.2] '/home/thanudqk/siamfreetour.com/wp-content/plugins/bnrgiev/index.php' # (decoded file [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Excess EVAL Exploit [P1924]] '/home/thanudqk/siamfreetour.com/wp-content/plugins/cbutmde/index.php' # (decoded file [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Excess EVAL Exploit [P1924]] '/home/thanudqk/siamfreetour.com/wp-content/plugins/ctbllbe/index.php' # Known exploit = [Fingerprint Match (fp)] [PHP EVAL Exploit [P2185]] '/home/thanudqk/siamfreetour.com/wp-content/plugins/dwbshnl3/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/siamfreetour.com/wp-content/plugins/fdt4z0ta/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/siamfreetour.com/wp-content/plugins/fz89fvvn/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/siamfreetour.com/wp-content/plugins/generateblocks/plugin.php' # Script version check [OLD] [GenerateBlocks v1.8.3 < v1.9.1] '/home/thanudqk/siamfreetour.com/wp-content/plugins/hd-quiz/reg.php' # Universal decode regex match = [universal decoder] '/home/thanudqk/siamfreetour.com/wp-content/plugins/jbogiyy/index.php' # (decoded file [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Excess EVAL Exploit [P1924]] '/home/thanudqk/siamfreetour.com/wp-content/plugins/jpxqrqo/index.php' # (decoded file [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Excess EVAL Exploit [P1924]] '/home/thanudqk/siamfreetour.com/wp-content/plugins/jzqowir/index.php' # (decoded file [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Excess EVAL Exploit [P1924]] '/home/thanudqk/siamfreetour.com/wp-content/plugins/lightweight-cookie-notice-free/admin/class-daextlwcnf-admin.php' # Universal decode regex match = [universal decoder] '/home/thanudqk/siamfreetour.com/wp-content/plugins/lightweight-cookie-notice-free/vendor/maxmind-db/reader/ext/maxminddb.c' # Suspicious file type [application/x-c] '/home/thanudqk/siamfreetour.com/wp-content/plugins/litespeed-cache/litespeed-cache.php' # Script version check [OLD] [LiteSpeed Cache v6.1 < v6.2.0.1] '/home/thanudqk/siamfreetour.com/wp-content/plugins/loginizer/loginizer.php' # Script version check [OLD] [Loginizer v1.8.3 < v1.8.4] '/home/thanudqk/siamfreetour.com/wp-content/plugins/mqfxnnt/index.php' # (decoded file [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Excess EVAL Exploit [P1924]] '/home/thanudqk/siamfreetour.com/wp-content/plugins/thegem-blocks/data/data.php' # Universal decode regex match = [universal decoder] '/home/thanudqk/siamfreetour.com/wp-content/plugins/thegem-elements/inc/templates/import-data.php' # Universal decode regex match = [universal decoder] '/home/thanudqk/siamfreetour.com/wp-content/plugins/uhqtlt9j/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/siamfreetour.com/wp-content/plugins/w3-total-cache/CdnEngine_Ftp.php' # Regular expression match = [\n(?!\s*(//|\#|\*)).*\.ssh/] '/home/thanudqk/siamfreetour.com/wp-content/plugins/w3-total-cache/w3-total-cache.php' # Script version check [OLD] [W3 Total Cache v2.7.0 < v2.7.2] '/home/thanudqk/siamfreetour.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clike/index.html' # Suspicious file type [application/x-c] '/home/thanudqk/siamfreetour.com/wp-content/plugins/wpcode-premium/build/admin-global-pro.css' # Universal decode regex match = [universal decoder] '/home/thanudqk/siamfreetour.com/wp-content/themes/0cdjlvou/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/siamfreetour.com/wp-content/themes/digital-download/up.php' # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] '/home/thanudqk/siamfreetour.com/wp-content/themes/digital-download-1/up.php' # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] '/home/thanudqk/siamfreetour.com/wp-content/themes/dwbshnl3/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/siamfreetour.com/wp-content/themes/fdt4z0ta/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/siamfreetour.com/wp-content/themes/fz89fvvn/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/siamfreetour.com/wp-content/themes/hrdnaeox/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/siamfreetour.com/wp-content/themes/uhqtlt9j/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/thanudqk/siamfreetour.com/wp-content/uploads/js_composer' # World writeable directory '/home/thanudqk/siampokernew.org/maps.php' # Universal decode regex match = [universal decoder] '/home/thanudqk/siampokernew.org/.tmb' # World writeable directory '/home/thanudqk/siampokernew.org/wp-content/plugins/all-in-one-wp-migration/all-in-one-wp-migration.php' # Script version check [OLD] [All-in-One WP Migration v7.31 < v7.81] '/home/thanudqk/siampokernew.org/wp-content/plugins/elementor/elementor.php' # Script version check [OLD] [Elementor v3.1.1 < v3.21.5] '/home/thanudqk/siampokernew.org/wp-content/plugins/wordpress-seo/wp-seo.php' # Script version check [OLD] [Yoast SEO v15.8 < v22.7] '/home/thanudqk/siampokernew.org/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clike/index.html' # Suspicious file type [application/x-c] '/home/thanudqk/siampokernew.org/wp-content/plugins/wp-optimize/wp-optimize.php' # Script version check [OLD] [WP-Optimize - Clean, Compress, Cache v3.1.4 < v3.3.2] # Universal decode regex match = [universal decoder] '/home/thanudqk/siampokernew.org/wp-includes/version.php' # Script version check [OLD] [Wordpress v5.5.15 < v6.6.1] '/home/thanudqk/siamtest.siamfreetour.com/maps.php' # Universal decode regex match = [universal decoder] # Scan Timeout (30 secs) while processing: '/home/thanudqk/siamtest.siamfreetour.com/siam-backup.zip' # Scan Timeout (30 secs) while processing: '/home/thanudqk/siamtest.siamfreetour.com/backup/assets.zip' '/home/thanudqk/siamtest.siamfreetour.com/backup/index.php' # ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL] '/home/thanudqk/staging.avgteq.com/index.php' # Universal decode regex match = [universal decoder] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] '/home/thanudqk/staging.avgteq.com/maps.php' # Universal decode regex match = [universal decoder] '/home/thanudqk/staging.avgteq.com/assets/css/css/cache.php' # Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2223]] '/home/thanudqk/staging.avgteq.com/assets/vendor/waypoints/waypoints/cache.php' # Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2223]] '/home/thanudqk/staging.avgteq.com/avteq/.vscode/.vscode/WYijXfCBEKnAla.tif' # Suspicious image file (hidden script file) '/home/thanudqk/staging.avgteq.com/avteq/.vscode/.vscode/.vscode/.vscode/YBxStQnU.jpg' # Suspicious image file (hidden script file) '/home/thanudqk/staging.avgteq.com/avteq/.vscode/.vscode/.vscode/.vscode/cache.php' # Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2223]] '/home/thanudqk/staging.avgteq.com/cgi-bin/cgi-bin/cache.php' # Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2223]] '/home/thanudqk/staging.avgteq.com/cgi-bin/cgi-bin/cgi-bin/cache.php' # Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2223]] '/home/thanudqk/staging.avgteq.com/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cache.php' # Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2223]] '/home/thanudqk/staging.avgteq.com/cgi-bin/cgi-bin/cgi-bin/cgi-bin/index.php' # Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2195]] '/home/thanudqk/staging.avgteq.com/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cache.php' # Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2223]] '/home/thanudqk/staging.avgteq.com/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cache.php' # Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2223]] '/home/thanudqk/staging.avgteq.com/forms/forms/forms/cache.php' # Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2223]] '/home/thanudqk/staging.avgteq.com/forms/forms/forms/index.php' # Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2202]] '/home/thanudqk/staging.avgteq.com/images/images/images/images/VSNFUK.jpg' # Suspicious image file (hidden script file) '/home/thanudqk/staging.avgteq.com/images/images/images/images/images/cache.php' # Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2223]] '/home/thanudqk/test.siampoker.org/maps.php' # Universal decode regex match = [universal decoder] '/home/thanudqk/thanpokertour.com/maps.php' # Universal decode regex match = [universal decoder] '/home/thanudqk/thanpokertour.com/freeroll/index.php' # ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL] '/home/thanudqk/thepball.com/maps.php' # Universal decode regex match = [universal decoder] # Scan Timeout (30 secs) while processing: '/home/thanudqk/thepball.com/wordpress-5.5.3.zip' '/home/thanudqk/thepball.com/.tmb' # World writeable directory '/home/thanudqk/thepball.com/wp-content/plugins/elementor/elementor.php' # Script version check [OLD] [Elementor v3.2.4 < v3.21.5] '/home/thanudqk/thepball.com/wp-content/plugins/google-site-kit/google-site-kit.php' # Script version check [OLD] [Site Kit by Google v1.33.0 < v1.126.0] '/home/thanudqk/thepball.com/wp-content/plugins/hummingbird-performance/wp-hummingbird.php' # Script version check [OLD] [Hummingbird v2.7.4 < v3.8.1] '/home/thanudqk/thepball.com/wp-content/plugins/ml-slider/ml-slider.php' # Script version check [OLD] [MetaSlider v3.20.3 < v3.80.0] '/home/thanudqk/thepball.com/wp-content/plugins/wordpress-seo/wp-seo.php' # Script version check [OLD] [Yoast SEO v15.5 < v22.7] '/home/thanudqk/thepball.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clike/index.html' # Suspicious file type [application/x-c] '/home/thanudqk/thepball.com/wp-content/plugins/wp-smushit/wp-smush.php' # Script version check [OLD] [Smush v3.8.2 < v3.16.2] # Scan Timeout (30 secs) while processing: '/home/thanudqk/thepball.com/wp-content/themes/Dewabet.zip' '/home/thanudqk/thepball.com/wp-content/wphb-cache/cache/www.thepball.com' # Suspicious directory '/home/thanudqk/thepball.com/wp-includes/version.php' # Script version check [OLD] [Wordpress v5.7.8 < v6.6.1] '/home/thanudqk/yokuhub.com/index.php' # Universal decode regex match = [universal decoder] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] '/home/thanudqk/yokuhub.com/assets/vendor/bootstrap/css/UsXqtLT.php' # Universal decode regex match = [universal decoder] '/home/thanudqk/yokuhub.com/assets/vendor/remixicon/CEpKokAdw.php' # Universal decode regex match = [universal decoder] # (decoded file [advanced decoder: 14 (depth: 4)]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P1939]] '/home/thanudqk/yokuhub.com/wp-admin/images/post-formats-as.png' # Suspicious image file (hidden script file) # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] '/home/thanudqk/yokuhub.com/wp-includes/certificates/maint/fonts/wp/QsZIy.php' # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] '/home/thanudqk/yokuhub.com/wp-includes/images/smilies/icon_winks.png' # Suspicious image file (hidden script file) # Universal decode regex match = [universal decoder] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] '/home/thanudqk/yokuhub.com/wp-includes/js/dist/preferences-persistence.mni.js' # Universal decode regex match = [universal decoder] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] '/home/thanudqk/yokuhub.com/yokubet/index.php' # ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL] '/home/thanudqk/yokuyes.com/index.php' # Universal decode regex match = [universal decoder] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] '/home/thanudqk/yokuyes.com/wp-crom.php' # Universal decode regex match = [universal decoder] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] '/home/thanudqk/yokuyes.com/wp-admin/images/post-formats-as.png' # Suspicious image file (hidden script file) # Universal decode regex match = [universal decoder] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] '/home/thanudqk/yokuyes.com/wp-admin/images/tmnmsKl.php' # Universal decode regex match = [universal decoder] '/home/thanudqk/yokuyes.com/wp-admin/includes/SxBrjZgoK.php' # Universal decode regex match = [universal decoder] '/home/thanudqk/yokuyes.com/wp-admin/includes/blocks/user/cwpEYztFq.php' # Universal decode regex match = [universal decoder] '/home/thanudqk/yokuyes.com/wp-admin/js/widgets/MPtOjDpdHJ.php' # Universal decode regex match = [universal decoder] # (decoded file [advanced decoder: 14 (depth: 4)]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P1939]] '/home/thanudqk/yokuyes.com/wp-admin/maint/RrXMUb.php' # (decoded file [advanced decoder: 14 (depth: 4)]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P1939]] '/home/thanudqk/yokuyes.com/wp-admin/user/euDUM.php' # Universal decode regex match = [universal decoder] # (decoded file [advanced decoder: 14 (depth: 4)]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P1939]] '/home/thanudqk/yokuyes.com/wp-includes/themes.php' # Universal decode regex match = [universal decoder] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] '/home/thanudqk/yokuyes.com/wp-includes/blocks/wp/AXALjJKsV.php' # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] '/home/thanudqk/yokuyes.com/wp-includes/certificates/SimplePie/pomo/wp/LKkIHi.php' # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] '/home/thanudqk/yokuyes.com/wp-includes/css/dist/components/radio.php' # Universal decode regex match = [universal decoder] # (decoded file [advanced decoder: 14 (depth: 1)]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P1425]] '/home/thanudqk/yokuyes.com/wp-includes/customize/wp/eGicAQ.php' # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] '/home/thanudqk/yokuyes.com/wp-includes/images/smilies/icon_winks.png' # Suspicious image file (hidden script file) # Universal decode regex match = [universal decoder] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] '/home/thanudqk/yokuyes.com/wp-includes/js/dist/preferences-persistence.mni.js' # Universal decode regex match = [universal decoder] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] ----------- SCAN SUMMARY ----------- Scanned directories: 23096 Scanned files: 176426 Ignored items: 1122 Suspicious matches: 268 Viruses found: 24 Fingerprint matches: 28 Data scanned: 5756.50 MB Scan peak memory: 423080 kB Scan time/item: 0.036 sec Scan time: 7244.478 sec