AlkantarClanX12

Your IP : 18.221.27.56

Current Path : /home/thanudqk/
Upload File :
Current File : /home/thanudqk/scanreport-thanudqk-2024-09-02T08:45:36.935805.txt

----------- SCAN REPORT -----------
TimeStamp: Mon, 2 Sep 2024 04:45:38 -0400
(/usr/sbin/cxs --clamdsock /var/clamd --dbreport --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 50000 --noforce --html --ignore /etc/cxs/cxs.ignore.manual --options mMOLfSGchexdnwZDRru --noprobability --qoptions Mv --report /home/thanudqk/scanreport-thanudqk-2024-09-02T08:45:36.935805.txt --sizemax 1000000 --ssl --summary --sversionscan --timemax 30 --unofficial --user thanudqk --virusscan --vmrssmax 2000000 --waitscan 0 --xtra /etc/cxs/cxs.xtra.manual)


Scanning /home/thanudqk:

'/home/thanudqk/.nc_plugin/hidden'
# World writeable directory

'/home/thanudqk/128shen.com/index.php'
# Universal decode regex match = [universal decoder]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]
# Decode regex match = [decode regex: 1]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]

'/home/thanudqk/128shen.com/vendor/bootstrap/js/js/JmYWsfrF.jpg'
# Suspicious image file (hidden script file)

'/home/thanudqk/128shen.com/wp-admin/css/colors/ocean/ocean/MHCNlb.jpeg'
# Suspicious image file (hidden script file)

'/home/thanudqk/128shen.com/wp-content/plugins/4dbpusq9/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/128shen.com/wp-content/plugins/6yo4lia6/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/128shen.com/wp-content/plugins/8ofsjabv/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/128shen.com/wp-content/plugins/akismet/akismet.php'
# Script version check [OLD] [Akismet Anti-spam: Spam Protection v5.3.1 < v5.3.2]

'/home/thanudqk/128shen.com/wp-content/plugins/emxli2lc/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/128shen.com/wp-content/plugins/hyoj9hg6/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/128shen.com/wp-content/plugins/jssyeue/index.php'
# (decoded file [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Excess EVAL Exploit [P1924]]

'/home/thanudqk/128shen.com/wp-content/plugins/l0jz373q/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/128shen.com/wp-content/plugins/l16q1f58/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/128shen.com/wp-content/plugins/loginizer/loginizer.php'
# Script version check [OLD] [Loginizer v1.8.3 < v1.8.4]

'/home/thanudqk/128shen.com/wp-content/plugins/m33al91r/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/128shen.com/wp-content/plugins/n9id6xyq/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/128shen.com/wp-content/plugins/now09tjx/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/128shen.com/wp-content/plugins/o017r0ok/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/128shen.com/wp-content/plugins/oyisshc/index.php'
# Known exploit = [Fingerprint Match (fp)] [PHP EVAL Exploit [P2185]]

'/home/thanudqk/128shen.com/wp-content/plugins/qr8mjk0i/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/128shen.com/wp-content/plugins/rj63w32s/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/128shen.com/wp-content/plugins/thegem-blocks/data/data.php'
# Universal decode regex match = [universal decoder]

'/home/thanudqk/128shen.com/wp-content/plugins/thegem-elements/inc/templates/import-data.php'
# Universal decode regex match = [universal decoder]

'/home/thanudqk/128shen.com/wp-content/plugins/w3-total-cache/CdnEngine_Ftp.php'
# Regular expression match = [\n(?!\s*(//|\#|\*)).*\.ssh/]

'/home/thanudqk/128shen.com/wp-content/plugins/w3-total-cache/w3-total-cache.php'
# Script version check [OLD] [W3 Total Cache v2.7.0 < v2.7.2]

'/home/thanudqk/128shen.com/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/SavingsPlans/Exception/Exception/cache.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2223]]

'/home/thanudqk/128shen.com/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/data/config/2014-11-12/2014-11-12/NYkrI.jpeg'
# Suspicious image file (hidden script file)

'/home/thanudqk/128shen.com/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/data/config/2014-11-12/2014-11-12/cache.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2223]]

'/home/thanudqk/128shen.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clike/index.html'
# Suspicious file type [application/x-c]

'/home/thanudqk/128shen.com/wp-content/plugins/wpcode-premium/build/admin-global-pro.css'
# Universal decode regex match = [universal decoder]

'/home/thanudqk/128shen.com/wp-content/plugins/y2rrjum3/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/128shen.com/wp-content/themes/4dbpusq9/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/128shen.com/wp-content/themes/6yo4lia6/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/128shen.com/wp-content/themes/8ofsjabv/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/128shen.com/wp-content/themes/emxli2lc/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/128shen.com/wp-content/themes/hyoj9hg6/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/128shen.com/wp-content/themes/l0jz373q/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/128shen.com/wp-content/themes/l16q1f58/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/128shen.com/wp-content/themes/m33al91r/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/128shen.com/wp-content/themes/n9id6xyq/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/128shen.com/wp-content/themes/now09tjx/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/128shen.com/wp-content/themes/o017r0ok/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/128shen.com/wp-content/themes/qr8mjk0i/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/128shen.com/wp-content/themes/rj63w32s/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/128shen.com/wp-content/themes/y2rrjum3/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/128shen.com/wp-content/uploads/2024/08/linkpreview.zip'
# (compressed file: wso.php [depth: 1]) Universal decode regex match = [universal decoder]
# (compressed file: wso.php [depth: 1]) (decoded file [depth: 0]) ClamAV detected virus = [{HEX}php.gzbase64.inject.457.UNOFFICIAL]

'/home/thanudqk/128shen.com/wp-includes/Text/Diff/Engine/dashicons.ttf'
# Universal decode regex match = [universal decoder]
# (decoded file [advanced decoder: 14 (depth: 1)]) Decode regex match = [decode regex: 1]

'/home/thanudqk/128shen.com/wp-includes/images/wpicons-3x.png'
# Suspicious image file (hidden script file)
# Universal decode regex match = [universal decoder]
# (decoded file [advanced decoder: 14 (depth: 1)]) Decode regex match = [decode regex: 1]

'/home/thanudqk/128shen.com/wp-includes/images/xit-3x.gif'
# Suspicious image file (hidden script file)

'/home/thanudqk/img.thanpokertour.com/maps.php'
# Universal decode regex match = [universal decoder]

'/home/thanudqk/public_html/.tmb'
# World writeable directory

'/home/thanudqk/public_html/a8wfdc0'
# World writeable directory

'/home/thanudqk/public_html/click-adu/index.php'
# ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL]

'/home/thanudqk/public_html/flat-ads/index.php'
# ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL]

'/home/thanudqk/public_html/freeroll/index.php'
# ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL]

'/home/thanudqk/public_html/freeroll_legacy/index.php'
# ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL]

'/home/thanudqk/public_html/iv4w'
# World writeable directory

'/home/thanudqk/public_html/staging-landingpage/index.php'
# ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL]

'/home/thanudqk/public_html/wordpress_leaderboard/index.php'
# ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL]

'/home/thanudqk/public_html/wordpress_leaderboard/.tmb'
# World writeable directory

'/home/thanudqk/public_html/wordpress_leaderboard/wp-content/plugins/akismet/akismet.php'
# Script version check [OLD] [Akismet Anti-spam: Spam Protection v5.3.1 < v5.3.2]

'/home/thanudqk/public_html/wordpress_leaderboard/wp-content/plugins/generateblocks/plugin.php'
# Script version check [OLD] [GenerateBlocks v1.8.3 < v1.9.1]

'/home/thanudqk/public_html/wordpress_leaderboard/wp-content/plugins/litespeed-cache/litespeed-cache.php'
# Script version check [OLD] [LiteSpeed Cache v6.1 < v6.2.0.1]

'/home/thanudqk/public_html/wordpress_leaderboard/wp-content/plugins/loginizer/loginizer.php'
# Script version check [OLD] [Loginizer v1.8.3 < v1.8.4]
# Scan Timeout (30 secs) while processing:
'/home/thanudqk/public_html/wordpress_leaderboard/wp-content/plugins/sheets-to-wp-table-live-sync/react/build/index.js.map'

'/home/thanudqk/public_html/wordpress_leaderboard/wp-content/plugins/thegem-blocks/data/data.php'
# Universal decode regex match = [universal decoder]

'/home/thanudqk/public_html/wordpress_leaderboard/wp-content/plugins/thegem-elements/inc/templates/import-data.php'
# Universal decode regex match = [universal decoder]

'/home/thanudqk/public_html/wordpress_leaderboard/wp-content/plugins/visualizer/classes/Visualizer/Module/Admin.php'
# Universal decode regex match = [universal decoder]

'/home/thanudqk/public_html/wordpress_leaderboard/wp-content/plugins/w3-total-cache/CdnEngine_Ftp.php'
# Regular expression match = [\n(?!\s*(//|\#|\*)).*\.ssh/]

'/home/thanudqk/public_html/wordpress_leaderboard/wp-content/plugins/w3-total-cache/w3-total-cache.php'
# Script version check [OLD] [W3 Total Cache v2.7.0 < v2.7.2]

'/home/thanudqk/public_html/wordpress_leaderboard/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clike/index.html'
# Suspicious file type [application/x-c]

'/home/thanudqk/public_html/wordpress_leaderboard/wp-content/plugins/wp-reset/wp-reset.php'
# Script version check [OLD] [WP Reset v1.99 < v2.02]

'/home/thanudqk/public_html/wordpress_leaderboard/wp-content/uploads/js_composer'
# World writeable directory

'/home/thanudqk/public_html/wp-content/plugins/akismet/akismet.php'
# Script version check [OLD] [Akismet Anti-spam: Spam Protection v5.3.1 < v5.3.2]

'/home/thanudqk/public_html/wp-content/plugins/litespeed-cache/litespeed-cache.php'
# Script version check [OLD] [LiteSpeed Cache v6.1 < v6.2.0.1]

'/home/thanudqk/public_html/wp-content/plugins/loginizer/loginizer.php'
# Script version check [OLD] [Loginizer v1.8.3 < v1.8.4]

'/home/thanudqk/public_html/wp-content/plugins/olympus-google-fonts/olympus-google-fonts.php'
# Script version check [OLD] [Fonts Plugin | Google Fonts Typography v3.6.0 < v3.6.51]

'/home/thanudqk/public_html/wp-content/plugins/thegem-blocks/data/data.php'
# Universal decode regex match = [universal decoder]

'/home/thanudqk/public_html/wp-content/plugins/thegem-elements/inc/templates/import-data.php'
# Universal decode regex match = [universal decoder]

'/home/thanudqk/public_html/wp-content/plugins/w3-total-cache/CdnEngine_Ftp.php'
# Regular expression match = [\n(?!\s*(//|\#|\*)).*\.ssh/]

'/home/thanudqk/public_html/wp-content/plugins/w3-total-cache/w3-total-cache.php'
# Script version check [OLD] [W3 Total Cache v2.7.0 < v2.7.2]

'/home/thanudqk/public_html/wp-content/plugins/wpcode-premium/build/admin-global-pro.css'
# Universal decode regex match = [universal decoder]

'/home/thanudqk/public_html/wp-content/uploads/js_composer'
# World writeable directory

'/home/thanudqk/public_html/y11n7fq'
# World writeable directory

'/home/thanudqk/public_html/yokuhub/index.php'
# ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL]

'/home/thanudqk/shenpokertour.com/maps.php'
# Universal decode regex match = [universal decoder]

'/home/thanudqk/shenpokertour.com/.tmb'
# World writeable directory

'/home/thanudqk/shenpokertour.com/staging/index.php'
# ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL]

'/home/thanudqk/shenpokertour.com/wp-content/plugins/akismet/akismet.php'
# Script version check [OLD] [Akismet Anti-spam: Spam Protection v5.3.1 < v5.3.2]

'/home/thanudqk/shenpokertour.com/wp-content/plugins/file-manager-advanced/application/library/codemirror/mode/clike/index.html'
# Suspicious file type [application/x-c]

'/home/thanudqk/shenpokertour.com/wp-content/plugins/insert-headers-and-footers/ihaf.php'
# Script version check [OLD] [WPCode Lite v2.1.9 < v2.1.12]

'/home/thanudqk/shenpokertour.com/wp-content/plugins/ktiymog/index.php'
# (decoded file [depth: 0]) ClamAV detected virus = [YARA.eval_post.UNOFFICIAL]

'/home/thanudqk/shenpokertour.com/wp-content/plugins/litespeed-cache/litespeed-cache.php'
# Script version check [OLD] [LiteSpeed Cache v6.1 < v6.2.0.1]

'/home/thanudqk/shenpokertour.com/wp-content/plugins/loginizer/loginizer.php'
# Script version check [OLD] [Loginizer v1.8.3 < v1.8.4]

'/home/thanudqk/shenpokertour.com/wp-content/plugins/thegem-blocks/data/data.php'
# Universal decode regex match = [universal decoder]

'/home/thanudqk/shenpokertour.com/wp-content/plugins/thegem-elements/inc/templates/import-data.php'
# Universal decode regex match = [universal decoder]

'/home/thanudqk/shenpokertour.com/wp-content/plugins/w3-total-cache/CdnEngine_Ftp.php'
# Regular expression match = [\n(?!\s*(//|\#|\*)).*\.ssh/]

'/home/thanudqk/shenpokertour.com/wp-content/plugins/w3-total-cache/w3-total-cache.php'
# Script version check [OLD] [W3 Total Cache v2.7.0 < v2.7.2]

'/home/thanudqk/shenpokertour.com/wp-content/plugins/wpcode-premium/build/admin-global-pro.css'
# Universal decode regex match = [universal decoder]

'/home/thanudqk/shenpokertour.com/wp-content/uploads/js_composer'
# World writeable directory

'/home/thanudqk/siamfreetour.com/.tmb'
# World writeable directory

'/home/thanudqk/siamfreetour.com/ClickADU-freeroll/index.php'
# ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL]

'/home/thanudqk/siamfreetour.com/ClickADU-freeroll_legacy/index.php'
# ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL]

'/home/thanudqk/siamfreetour.com/FlatAds-freeroll/index.php'
# ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL]

'/home/thanudqk/siamfreetour.com/FlatAds-freeroll_legacy/index.php'
# ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL]

'/home/thanudqk/siamfreetour.com/freeroll/index.php'
# ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL]

'/home/thanudqk/siamfreetour.com/freeroll_legacy/index.php'
# ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL]

'/home/thanudqk/siamfreetour.com/goldenticket/index.php'
# ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL]

'/home/thanudqk/siamfreetour.com/siamfans/index.php'
# ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL]

'/home/thanudqk/siamfreetour.com/spkgolden/index.php'
# ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL]

'/home/thanudqk/siamfreetour.com/twitter-freeroll/index.php'
# ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL]

'/home/thanudqk/siamfreetour.com/twitter-freeroll_legacy/index.php'
# ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL]

'/home/thanudqk/siamfreetour.com/wp-content/plugins/0cdjlvou/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/siamfreetour.com/wp-content/plugins/akismet/akismet.php'
# Script version check [OLD] [Akismet Anti-spam: Spam Protection v5.3.1 < v5.3.2]

'/home/thanudqk/siamfreetour.com/wp-content/plugins/bnrgiev/index.php'
# (decoded file [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Excess EVAL Exploit [P1924]]

'/home/thanudqk/siamfreetour.com/wp-content/plugins/cbutmde/index.php'
# (decoded file [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Excess EVAL Exploit [P1924]]

'/home/thanudqk/siamfreetour.com/wp-content/plugins/ctbllbe/index.php'
# Known exploit = [Fingerprint Match (fp)] [PHP EVAL Exploit [P2185]]

'/home/thanudqk/siamfreetour.com/wp-content/plugins/dwbshnl3/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/siamfreetour.com/wp-content/plugins/fdt4z0ta/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/siamfreetour.com/wp-content/plugins/fz89fvvn/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/siamfreetour.com/wp-content/plugins/generateblocks/plugin.php'
# Script version check [OLD] [GenerateBlocks v1.8.3 < v1.9.1]

'/home/thanudqk/siamfreetour.com/wp-content/plugins/hd-quiz/reg.php'
# Universal decode regex match = [universal decoder]

'/home/thanudqk/siamfreetour.com/wp-content/plugins/jbogiyy/index.php'
# (decoded file [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Excess EVAL Exploit [P1924]]

'/home/thanudqk/siamfreetour.com/wp-content/plugins/jpxqrqo/index.php'
# (decoded file [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Excess EVAL Exploit [P1924]]

'/home/thanudqk/siamfreetour.com/wp-content/plugins/jzqowir/index.php'
# (decoded file [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Excess EVAL Exploit [P1924]]

'/home/thanudqk/siamfreetour.com/wp-content/plugins/lightweight-cookie-notice-free/admin/class-daextlwcnf-admin.php'
# Universal decode regex match = [universal decoder]

'/home/thanudqk/siamfreetour.com/wp-content/plugins/lightweight-cookie-notice-free/vendor/maxmind-db/reader/ext/maxminddb.c'
# Suspicious file type [application/x-c]

'/home/thanudqk/siamfreetour.com/wp-content/plugins/litespeed-cache/litespeed-cache.php'
# Script version check [OLD] [LiteSpeed Cache v6.1 < v6.2.0.1]

'/home/thanudqk/siamfreetour.com/wp-content/plugins/loginizer/loginizer.php'
# Script version check [OLD] [Loginizer v1.8.3 < v1.8.4]

'/home/thanudqk/siamfreetour.com/wp-content/plugins/mqfxnnt/index.php'
# (decoded file [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Excess EVAL Exploit [P1924]]

'/home/thanudqk/siamfreetour.com/wp-content/plugins/thegem-blocks/data/data.php'
# Universal decode regex match = [universal decoder]

'/home/thanudqk/siamfreetour.com/wp-content/plugins/thegem-elements/inc/templates/import-data.php'
# Universal decode regex match = [universal decoder]

'/home/thanudqk/siamfreetour.com/wp-content/plugins/uhqtlt9j/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/siamfreetour.com/wp-content/plugins/w3-total-cache/CdnEngine_Ftp.php'
# Regular expression match = [\n(?!\s*(//|\#|\*)).*\.ssh/]

'/home/thanudqk/siamfreetour.com/wp-content/plugins/w3-total-cache/w3-total-cache.php'
# Script version check [OLD] [W3 Total Cache v2.7.0 < v2.7.2]

'/home/thanudqk/siamfreetour.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clike/index.html'
# Suspicious file type [application/x-c]

'/home/thanudqk/siamfreetour.com/wp-content/plugins/wpcode-premium/build/admin-global-pro.css'
# Universal decode regex match = [universal decoder]

'/home/thanudqk/siamfreetour.com/wp-content/themes/0cdjlvou/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/siamfreetour.com/wp-content/themes/digital-download/up.php'
# Decode regex match = [decode regex: 1]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]

'/home/thanudqk/siamfreetour.com/wp-content/themes/digital-download-1/up.php'
# Decode regex match = [decode regex: 1]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]

'/home/thanudqk/siamfreetour.com/wp-content/themes/dwbshnl3/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/siamfreetour.com/wp-content/themes/fdt4z0ta/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/siamfreetour.com/wp-content/themes/fz89fvvn/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/siamfreetour.com/wp-content/themes/hrdnaeox/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/siamfreetour.com/wp-content/themes/uhqtlt9j/fooster1337.php'
# Decode regex match = [decode regex: 1]

'/home/thanudqk/siamfreetour.com/wp-content/uploads/js_composer'
# World writeable directory

'/home/thanudqk/siampokernew.org/maps.php'
# Universal decode regex match = [universal decoder]

'/home/thanudqk/siampokernew.org/.tmb'
# World writeable directory

'/home/thanudqk/siampokernew.org/wp-content/plugins/all-in-one-wp-migration/all-in-one-wp-migration.php'
# Script version check [OLD] [All-in-One WP Migration v7.31 < v7.81]

'/home/thanudqk/siampokernew.org/wp-content/plugins/elementor/elementor.php'
# Script version check [OLD] [Elementor v3.1.1 < v3.21.5]

'/home/thanudqk/siampokernew.org/wp-content/plugins/wordpress-seo/wp-seo.php'
# Script version check [OLD] [Yoast SEO v15.8 < v22.7]

'/home/thanudqk/siampokernew.org/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clike/index.html'
# Suspicious file type [application/x-c]

'/home/thanudqk/siampokernew.org/wp-content/plugins/wp-optimize/wp-optimize.php'
# Script version check [OLD] [WP-Optimize - Clean, Compress, Cache v3.1.4 < v3.3.2]
# Universal decode regex match = [universal decoder]

'/home/thanudqk/siampokernew.org/wp-includes/version.php'
# Script version check [OLD] [Wordpress v5.5.15 < v6.6.1]

'/home/thanudqk/siamtest.siamfreetour.com/maps.php'
# Universal decode regex match = [universal decoder]
# Scan Timeout (30 secs) while processing:
'/home/thanudqk/siamtest.siamfreetour.com/siam-backup.zip'
# Scan Timeout (30 secs) while processing:
'/home/thanudqk/siamtest.siamfreetour.com/backup/assets.zip'

'/home/thanudqk/siamtest.siamfreetour.com/backup/index.php'
# ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL]

'/home/thanudqk/staging.avgteq.com/index.php'
# Universal decode regex match = [universal decoder]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]
# Decode regex match = [decode regex: 1]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]

'/home/thanudqk/staging.avgteq.com/maps.php'
# Universal decode regex match = [universal decoder]

'/home/thanudqk/staging.avgteq.com/assets/css/css/cache.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2223]]

'/home/thanudqk/staging.avgteq.com/assets/vendor/waypoints/waypoints/cache.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2223]]

'/home/thanudqk/staging.avgteq.com/avteq/.vscode/.vscode/WYijXfCBEKnAla.tif'
# Suspicious image file (hidden script file)

'/home/thanudqk/staging.avgteq.com/avteq/.vscode/.vscode/.vscode/.vscode/YBxStQnU.jpg'
# Suspicious image file (hidden script file)

'/home/thanudqk/staging.avgteq.com/avteq/.vscode/.vscode/.vscode/.vscode/cache.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2223]]

'/home/thanudqk/staging.avgteq.com/cgi-bin/cgi-bin/cache.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2223]]

'/home/thanudqk/staging.avgteq.com/cgi-bin/cgi-bin/cgi-bin/cache.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2223]]

'/home/thanudqk/staging.avgteq.com/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cache.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2223]]

'/home/thanudqk/staging.avgteq.com/cgi-bin/cgi-bin/cgi-bin/cgi-bin/index.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2195]]

'/home/thanudqk/staging.avgteq.com/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cache.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2223]]

'/home/thanudqk/staging.avgteq.com/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cache.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2223]]

'/home/thanudqk/staging.avgteq.com/forms/forms/forms/cache.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2223]]

'/home/thanudqk/staging.avgteq.com/forms/forms/forms/index.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2202]]

'/home/thanudqk/staging.avgteq.com/images/images/images/images/VSNFUK.jpg'
# Suspicious image file (hidden script file)

'/home/thanudqk/staging.avgteq.com/images/images/images/images/images/cache.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2223]]

'/home/thanudqk/test.siampoker.org/maps.php'
# Universal decode regex match = [universal decoder]

'/home/thanudqk/thanpokertour.com/maps.php'
# Universal decode regex match = [universal decoder]

'/home/thanudqk/thanpokertour.com/freeroll/index.php'
# ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL]

'/home/thanudqk/thepball.com/maps.php'
# Universal decode regex match = [universal decoder]
# Scan Timeout (30 secs) while processing:
'/home/thanudqk/thepball.com/wordpress-5.5.3.zip'

'/home/thanudqk/thepball.com/.tmb'
# World writeable directory

'/home/thanudqk/thepball.com/wp-content/plugins/elementor/elementor.php'
# Script version check [OLD] [Elementor v3.2.4 < v3.21.5]

'/home/thanudqk/thepball.com/wp-content/plugins/google-site-kit/google-site-kit.php'
# Script version check [OLD] [Site Kit by Google v1.33.0 < v1.126.0]

'/home/thanudqk/thepball.com/wp-content/plugins/hummingbird-performance/wp-hummingbird.php'
# Script version check [OLD] [Hummingbird v2.7.4 < v3.8.1]

'/home/thanudqk/thepball.com/wp-content/plugins/ml-slider/ml-slider.php'
# Script version check [OLD] [MetaSlider v3.20.3 < v3.80.0]

'/home/thanudqk/thepball.com/wp-content/plugins/wordpress-seo/wp-seo.php'
# Script version check [OLD] [Yoast SEO v15.5 < v22.7]

'/home/thanudqk/thepball.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clike/index.html'
# Suspicious file type [application/x-c]

'/home/thanudqk/thepball.com/wp-content/plugins/wp-smushit/wp-smush.php'
# Script version check [OLD] [Smush v3.8.2 < v3.16.2]
# Scan Timeout (30 secs) while processing:
'/home/thanudqk/thepball.com/wp-content/themes/Dewabet.zip'

'/home/thanudqk/thepball.com/wp-content/wphb-cache/cache/www.thepball.com'
# Suspicious directory

'/home/thanudqk/thepball.com/wp-includes/version.php'
# Script version check [OLD] [Wordpress v5.7.8 < v6.6.1]

'/home/thanudqk/yokuhub.com/index.php'
# Universal decode regex match = [universal decoder]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]
# Decode regex match = [decode regex: 1]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]

'/home/thanudqk/yokuhub.com/assets/vendor/bootstrap/css/UsXqtLT.php'
# Universal decode regex match = [universal decoder]

'/home/thanudqk/yokuhub.com/assets/vendor/remixicon/CEpKokAdw.php'
# Universal decode regex match = [universal decoder]
# (decoded file [advanced decoder: 14 (depth: 4)]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P1939]]

'/home/thanudqk/yokuhub.com/wp-admin/images/post-formats-as.png'
# Suspicious image file (hidden script file)
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]
# Decode regex match = [decode regex: 1]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]

'/home/thanudqk/yokuhub.com/wp-includes/certificates/maint/fonts/wp/QsZIy.php'
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]
# Decode regex match = [decode regex: 1]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]

'/home/thanudqk/yokuhub.com/wp-includes/images/smilies/icon_winks.png'
# Suspicious image file (hidden script file)
# Universal decode regex match = [universal decoder]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]
# Decode regex match = [decode regex: 1]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]

'/home/thanudqk/yokuhub.com/wp-includes/js/dist/preferences-persistence.mni.js'
# Universal decode regex match = [universal decoder]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]
# Decode regex match = [decode regex: 1]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]

'/home/thanudqk/yokuhub.com/yokubet/index.php'
# ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL]

'/home/thanudqk/yokuyes.com/index.php'
# Universal decode regex match = [universal decoder]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]
# Decode regex match = [decode regex: 1]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]

'/home/thanudqk/yokuyes.com/wp-crom.php'
# Universal decode regex match = [universal decoder]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]
# Decode regex match = [decode regex: 1]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]

'/home/thanudqk/yokuyes.com/wp-admin/images/post-formats-as.png'
# Suspicious image file (hidden script file)
# Universal decode regex match = [universal decoder]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]
# Decode regex match = [decode regex: 1]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]

'/home/thanudqk/yokuyes.com/wp-admin/images/tmnmsKl.php'
# Universal decode regex match = [universal decoder]

'/home/thanudqk/yokuyes.com/wp-admin/includes/SxBrjZgoK.php'
# Universal decode regex match = [universal decoder]

'/home/thanudqk/yokuyes.com/wp-admin/includes/blocks/user/cwpEYztFq.php'
# Universal decode regex match = [universal decoder]

'/home/thanudqk/yokuyes.com/wp-admin/js/widgets/MPtOjDpdHJ.php'
# Universal decode regex match = [universal decoder]
# (decoded file [advanced decoder: 14 (depth: 4)]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P1939]]

'/home/thanudqk/yokuyes.com/wp-admin/maint/RrXMUb.php'
# (decoded file [advanced decoder: 14 (depth: 4)]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P1939]]

'/home/thanudqk/yokuyes.com/wp-admin/user/euDUM.php'
# Universal decode regex match = [universal decoder]
# (decoded file [advanced decoder: 14 (depth: 4)]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P1939]]

'/home/thanudqk/yokuyes.com/wp-includes/themes.php'
# Universal decode regex match = [universal decoder]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]
# Decode regex match = [decode regex: 1]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]

'/home/thanudqk/yokuyes.com/wp-includes/blocks/wp/AXALjJKsV.php'
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]
# Decode regex match = [decode regex: 1]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]

'/home/thanudqk/yokuyes.com/wp-includes/certificates/SimplePie/pomo/wp/LKkIHi.php'
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]
# Decode regex match = [decode regex: 1]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]

'/home/thanudqk/yokuyes.com/wp-includes/css/dist/components/radio.php'
# Universal decode regex match = [universal decoder]
# (decoded file [advanced decoder: 14 (depth: 1)]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P1425]]

'/home/thanudqk/yokuyes.com/wp-includes/customize/wp/eGicAQ.php'
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]
# Decode regex match = [decode regex: 1]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]

'/home/thanudqk/yokuyes.com/wp-includes/images/smilies/icon_winks.png'
# Suspicious image file (hidden script file)
# Universal decode regex match = [universal decoder]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]
# Decode regex match = [decode regex: 1]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]

'/home/thanudqk/yokuyes.com/wp-includes/js/dist/preferences-persistence.mni.js'
# Universal decode regex match = [universal decoder]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]
# Decode regex match = [decode regex: 1]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]

----------- SCAN SUMMARY -----------
Scanned directories: 23096
Scanned files: 176426
Ignored items: 1122
Suspicious matches: 268
Viruses found: 24
Fingerprint matches: 28
Data scanned: 5756.50 MB
Scan peak memory: 423080 kB
Scan time/item: 0.036 sec
Scan time: 7244.478 sec