Warning: file_get_contents(https://raw.githubusercontent.com/Den1xxx/Filemanager/master/languages/ru.json): Failed to open stream: HTTP request failed! HTTP/1.1 404 Not Found in /home/thesacih/biosquest.com/site.php on line 107

Warning: Cannot modify header information - headers already sent by (output started at /home/thesacih/biosquest.com/site.php:1) in /home/thesacih/biosquest.com/site.php on line 234

Warning: Cannot modify header information - headers already sent by (output started at /home/thesacih/biosquest.com/site.php:1) in /home/thesacih/biosquest.com/site.php on line 235

Warning: Cannot modify header information - headers already sent by (output started at /home/thesacih/biosquest.com/site.php:1) in /home/thesacih/biosquest.com/site.php on line 236

Warning: Cannot modify header information - headers already sent by (output started at /home/thesacih/biosquest.com/site.php:1) in /home/thesacih/biosquest.com/site.php on line 237

Warning: Cannot modify header information - headers already sent by (output started at /home/thesacih/biosquest.com/site.php:1) in /home/thesacih/biosquest.com/site.php on line 238

Warning: Cannot modify header information - headers already sent by (output started at /home/thesacih/biosquest.com/site.php:1) in /home/thesacih/biosquest.com/site.php on line 239
----------- SCAN REPORT ----------- TimeStamp: Thu, 17 Jul 2025 04:54:33 -0400 (/usr/sbin/cxs --background --clamdsock /var/clamd --dbreport --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 10000 --noforce --html --ignore /etc/cxs/cxs.ignore.manual --options mMOLfSGchexdnwZDRru --noprobability --qoptions Mv --report /home/thesacih/scan_Jul-17-2025 --sizemax 1000000 --ssl --summary --sversionscan --timemax 30 --unofficial --user thesacih --virusscan --vmrssmax 2000000 --waitscan 0 --xtra /etc/cxs/cxs.xtra.manual) Scanning /home/thesacih: '/home/thesacih/.nc_plugin/hidden' # World writeable directory '/home/thesacih/13cabvictoria.com.au/wp-content/cache/tw_optimize/page_cache/www.13cabvictoria.com.au' # Suspicious directory '/home/thesacih/13cabvictoria.com.au/wp-content/themes/astra/admin/includes/class-astra-menu.php' # Universal decode regex match = [universal decoder] '/home/thesacih/barkafencingsolutions.com.au/wp-content/themes/astra/admin/includes/class-astra-menu.php' # Universal decode regex match = [universal decoder] '/home/thesacih/biographyhunk.com/wp-content/plugins/fast-indexing-api/vendor/google/apiclient-services/src/src.css' # Universal decode regex match = [universal decoder] '/home/thesacih/biosdesk.com/.tmb' # World writeable directory '/home/thesacih/biosnest.com/wp-about.php' # (decoded file [depth: 0]) ClamAV detected virus = [TO-27921.WEBSHELL.filemanager2_php_filemanager_without_any_authentication_notags_html.MD5-63f115242a9690ecd364302a8c5108d6-11249.UNOFFICIAL] '/home/thesacih/biosquest.com/site.php' # (decoded file [depth: 0]) ClamAV detected virus = [TO-27921.WEBSHELL.filemanager2_php_filemanager_without_any_authentication_notags_html.MD5-63f115242a9690ecd364302a8c5108d6-11249.UNOFFICIAL] '/home/thesacih/biosquest.com/wp-about.php' # (decoded file [depth: 0]) ClamAV detected virus = [TO-27921.WEBSHELL.filemanager2_php_filemanager_without_any_authentication_notags_html.MD5-63f115242a9690ecd364302a8c5108d6-11249.UNOFFICIAL] '/home/thesacih/biosquest.com/.tmb' # World writeable directory '/home/thesacih/celebrichlist.com/wp-admin/moderation-base.php' # Known exploit = [Fingerprint Match (md5)] [PHP Shell Exploit] '/home/thesacih/celebrichlist.com/wp-content/plugins/disable-everything/index-num.php' # Known exploit = [Fingerprint Match (md5)] [PHP Upload Exploit] '/home/thesacih/celebrichlist.com/wp-content/plugins/fast-indexing-api/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571k1.php' # Universal decode regex match = [universal decoder] '/home/thesacih/celebrichlist.com/wp-content/plugins/fast-indexing-api/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571r1.php' # Universal decode regex match = [universal decoder] '/home/thesacih/celebrichlist.com/wp-content/themes/smart-mag/index-base.php' # Known exploit = [Fingerprint Match (md5)] [PHP Upload Exploit] '/home/thesacih/celebrichlist.com/wp-includes/class-wp-block-type-registry-sql.php' # Known exploit = [Fingerprint Match (md5)] [PHP Shell Exploit] '/home/thesacih/celebrichlist.com/wp-includes/css/output_script.php' # Universal decode regex match = [universal decoder] '/home/thesacih/celebshack.com/wp-content/plugins/fast-indexing-api/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571k1.php' # Universal decode regex match = [universal decoder] '/home/thesacih/celebshack.com/wp-content/plugins/fast-indexing-api/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571r1.php' # Universal decode regex match = [universal decoder] '/home/thesacih/celebshack.com/wp-includes/certificates/output_script.php' # Universal decode regex match = [universal decoder] '/home/thesacih/celebshack.com/wp-includes/fonts/output_script.php' # Universal decode regex match = [universal decoder] '/home/thesacih/celebshost.com/wp-about.php' # (decoded file [depth: 0]) ClamAV detected virus = [TO-27921.WEBSHELL.filemanager2_php_filemanager_without_any_authentication_notags_html.MD5-63f115242a9690ecd364302a8c5108d6-11249.UNOFFICIAL] '/home/thesacih/celebshost.com/wp-links-header.php' # (decoded file [depth: 0]) ClamAV detected virus = [TO-27921.WEBSHELL.filemanager2_php_filemanager_without_any_authentication_notags_html.MD5-63f115242a9690ecd364302a8c5108d6-11249.UNOFFICIAL] '/home/thesacih/celebshost.com/.tmb' # World writeable directory '/home/thesacih/celebshost.com/wp-content/plugins/fast-indexing-api/vendor/monolog/monolog/src/Monolog/Attribute/expect.php' # Universal decode regex match = [universal decoder] '/home/thesacih/celebshost.com/wp-content/plugins/fast-indexing-api/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571k1.php' # Universal decode regex match = [universal decoder] '/home/thesacih/celebshost.com/wp-content/plugins/fast-indexing-api/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571r1.php' # Universal decode regex match = [universal decoder] '/home/thesacih/celebshost.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clike/index.html' # Suspicious file type [application/x-c] '/home/thesacih/celebshost.com/wp-includes/certificates/output_script.php' # Universal decode regex match = [universal decoder] '/home/thesacih/celebshost.com/wp-includes/fonts/output_script.php' # Universal decode regex match = [universal decoder] '/home/thesacih/celebzones.com/wp-admin/includes/class-wp-community-events-merge.php' # Known exploit = [Fingerprint Match (md5)] [PHP Shell Exploit] '/home/thesacih/celebzones.com/wp-content/plugins/jetpack-boost-git/vendor/tubalmartin/cssmin/gui/third-party/bootstrap/security.php' # Universal decode regex match = [universal decoder] # (decoded file [advanced decoder: 14 (depth: 1)]) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P1947]] '/home/thesacih/celebzones.com/wp-includes/SimplePie/output_script.php' # Universal decode regex match = [universal decoder] '/home/thesacih/celebzones.com/wp-includes/fonts/output_script.php' # Universal decode regex match = [universal decoder] '/home/thesacih/celebzones.com/wp-includes/html-api/class-wp-html-attribute-token-ajax-response.php' # Known exploit = [Fingerprint Match (md5)] [PHP Shell Exploit] '/home/thesacih/celebzspot.com/wp-links-header.php' # (decoded file [depth: 0]) ClamAV detected virus = [TO-27921.WEBSHELL.filemanager2_php_filemanager_without_any_authentication_notags_html.MD5-63f115242a9690ecd364302a8c5108d6-11249.UNOFFICIAL] '/home/thesacih/celebzspot.com/wp-admin/link-manager-path.php' # Known exploit = [Fingerprint Match (md5)] [PHP Shell Exploit] '/home/thesacih/celebzspot.com/wp-content/plugins/all-in-one-wp-migration-src/loader-condition.php' # Known exploit = [Fingerprint Match (md5)] [PHP Upload Exploit] '/home/thesacih/celebzspot.com/wp-content/themes/newspaperex/functions-alpha.php' # Known exploit = [Fingerprint Match (md5)] [PHP Upload Exploit] '/home/thesacih/celebzspot.com/wp-includes/block-patterns/social-links-shared-background-color-old.php' # Known exploit = [Fingerprint Match (md5)] [PHP Shell Exploit] '/home/thesacih/celebzspot.com/wp-includes/images/output_script.php' # Universal decode regex match = [universal decoder] '/home/thesacih/celebzspot.com/wp-includes/rest-api/output_script.php' # Universal decode regex match = [universal decoder] '/home/thesacih/ecorenew.uk/wp-admin/includes/theme-other.php' # Known exploit = [Fingerprint Match (md5)] [PHP Shell Exploit] # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/shared-editor-handlers.22c8f376e58bdba40f71.bundle.js]: No response from clamd process # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/shared-editor-handlers.a182e3f9ce3b8b1e4b74.bundle.min.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/shared-frontend-handlers.30dc2f9c080845a413a6.bundle.min.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/shared-frontend-handlers.a82dc0e60728c9cb9860.bundle.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/styleguide-app-initiator.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/styleguide-app-initiator.min.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/styleguide-app-initiator.min.js.LICENSE.txt]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/styleguide-app.51d4579e75a5f39265bc.bundle.min.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/styleguide-app.a6e297c616479b98c03d.bundle.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/styleguide.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/styleguide.min.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/tabs.537e7a0f178447960143.bundle.min.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/tabs.e808857358793ac13db5.bundle.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/text-editor.bd4eccbd156d0b1fc3cf.bundle.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/text-editor.c084ef86600b6f11690d.bundle.min.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/text-path.795be0048f5240994e8b.bundle.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/text-path.b4771a659cee68861d30.bundle.min.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/text-path.b4771a659cee68861d30.bundle.min.js.LICENSE.txt]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/toggle.375da8e2f6fed12731c2.bundle.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/toggle.a6177e2e3c2bc8864bef.bundle.min.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/video.6ebfa2c3f5493cb2eaaf.bundle.min.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/video.d862fafddbe5d05459f3.bundle.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/web-cli.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/web-cli.min.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/web-cli.min.js.LICENSE.txt]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/webpack.runtime.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/wp-audio.c91cab3152c3f241f266.bundle.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/wp-audio.c9624cb6e5dc9de86abd.bundle.min.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/youtube-handler.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/youtube-handler.min.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/packages/editor/editor.asset.php]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/packages/editor/editor.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/packages/editor/editor.js.LICENSE.txt]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/packages/editor/editor.min.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/packages/editor-app-bar/editor-app-bar.asset.php]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/packages/editor-app-bar/editor-app-bar.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/packages/editor-app-bar/editor-app-bar.js.LICENSE.txt]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/packages/editor-app-bar/editor-app-bar.min.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/packages/editor-app-bar/editor-app-bar.strings.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/packages/editor-canvas/editor-canvas.asset.php]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/packages/editor-canvas/editor-canvas.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/packages/editor-canvas/editor-canvas.js.LICENSE.txt]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/packages/editor-canvas/editor-canvas.min.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/packages/editor-canvas/editor-canvas.min.js.LICENSE.txt]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/packages/editor-canvas/editor-canvas.strings.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/packages/editor-controls/editor-controls.asset.php]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/packages/editor-controls/editor-controls.js]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/packages/editor-controls/editor-controls.js.LICENSE.txt]: Connection refused # Clamd Error for [SCAN /home/thesacih/ecorenew.uk/wp-content/plugins/elementor/assets/js/packages/editor-controls/editor-controls.min.js]: Connection refused '/home/thesacih/ecorenew.uk/wp-content/themes/astra/admin/includes/class-astra-menu.php' # Universal decode regex match = [universal decoder] '/home/thesacih/ecorenew.uk/wp-includes/class-wp-user-meta-session-tokens-exception.php' # Known exploit = [Fingerprint Match (md5)] [PHP Shell Exploit] '/home/thesacih/ecorenew.uk/wp-includes/version.php' # Script version check [OLD] [Wordpress v6.8.1 < v6.8.2] '/home/thesacih/ecorenew.uk/wp-includes/images/output_script.php' # Universal decode regex match = [universal decoder] '/home/thesacih/ecorenew.uk/wp-includes/rest-api/output_script.php' # Universal decode regex match = [universal decoder] '/home/thesacih/famehubs.com/wp-links-header.php' # (decoded file [depth: 0]) ClamAV detected virus = [TO-27921.WEBSHELL.filemanager2_php_filemanager_without_any_authentication_notags_html.MD5-63f115242a9690ecd364302a8c5108d6-11249.UNOFFICIAL] '/home/thesacih/famehubs.com/wp-admin/includes/revision-function.php' # Known exploit = [Fingerprint Match (md5)] [PHP Shell Exploit] '/home/thesacih/famehubs.com/wp-content/themes/nostalgic-blog/archive-query.php' # Known exploit = [Fingerprint Match (md5)] [PHP Upload Exploit] '/home/thesacih/famehubs.com/wp-includes/script-loader-constructor.php' # Known exploit = [Fingerprint Match (md5)] [PHP Shell Exploit] '/home/thesacih/famehubs.com/wp-includes/sitemaps/output_script.php' # Universal decode regex match = [universal decoder] '/home/thesacih/famehubs.com/wp-includes/sodium_compat/output_script.php' # Universal decode regex match = [universal decoder] '/home/thesacih/figurespoint.com/wp-content/plugins/fast-indexing-api/vendor/google/apiclient-services/src/Indexing/Indexing.css' # Universal decode regex match = [universal decoder] '/home/thesacih/figurespoint.com/wp-content/plugins/fast-indexing-api/vendor/google/apiclient-services/src/Indexing/Resource/option.php' # Universal decode regex match = [universal decoder] # (decoded file [advanced decoder: 14 (depth: 1)]) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P1947]] '/home/thesacih/fortunehubs.com/.tmb' # World writeable directory '/home/thesacih/fortunehubs.com/wp-admin/includes/class-automatic-upgrader-skin-framework.php' # Known exploit = [Fingerprint Match (md5)] [PHP Shell Exploit] '/home/thesacih/fortunehubs.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clike/index.html' # Suspicious file type [application/x-c] '/home/thesacih/fortunehubs.com/wp-content/themes/twentytwentyfour/functions-core.php' # Known exploit = [Fingerprint Match (md5)] [PHP Upload Exploit] '/home/thesacih/fortunehubs.com/wp-includes/IXR/class-IXR-message-http.php' # Known exploit = [Fingerprint Match (md5)] [PHP Shell Exploit] '/home/thesacih/fortunehubs.com/wp-includes/images/output_script.php' # Universal decode regex match = [universal decoder] '/home/thesacih/fortunehubs.com/wp-includes/l10n/output_script.php' # Universal decode regex match = [universal decoder] '/home/thesacih/greatteamnames.com/wp-admin/network/site-users-branch.php' # Known exploit = [Fingerprint Match (md5)] [PHP Shell Exploit] '/home/thesacih/greatteamnames.com/wp-content/plugins/sphere-core/components/adblock-detect/style.php' # ClamAV detected virus = [TO-33761.WEBSHEL.nc_style_php.MD5-2c683bfc1886f5382b0baa1f7b2f9f61.size-13847.UNOFFICIAL] '/home/thesacih/greatteamnames.com/wp-content/themes/smart-mag/single-less.php' # Known exploit = [Fingerprint Match (md5)] [PHP Upload Exploit] '/home/thesacih/greatteamnames.com/wp-includes/block-supports/shadow-event.php' # Known exploit = [Fingerprint Match (md5)] [PHP Shell Exploit] '/home/thesacih/greatteamnames.com/wp-includes/js/output_script.php' # Universal decode regex match = [universal decoder] '/home/thesacih/greatteamnames.com/wp-includes/sodium_compat/output_script.php' # Universal decode regex match = [universal decoder] '/home/thesacih/inappropriatenames.com/wp-content/plugins/fast-indexing-api/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571k1.php' # Universal decode regex match = [universal decoder] '/home/thesacih/inappropriatenames.com/wp-content/plugins/fast-indexing-api/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571r1.php' # Universal decode regex match = [universal decoder] '/home/thesacih/inappropriatenames.com/wp-includes/js/output_script.php' # Universal decode regex match = [universal decoder] '/home/thesacih/inappropriatenames.com/wp-includes/style-engine/output_script.php' # Universal decode regex match = [universal decoder] '/home/thesacih/inch-dia.com/.tmb' # World writeable directory '/home/thesacih/inch-dia.com/wp-admin/includes/class-wp-application-passwords-list-table-boolean.php' # Known exploit = [Fingerprint Match (md5)] [PHP Shell Exploit] '/home/thesacih/inch-dia.com/wp-content/plugins/fast-indexing-api/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571k1.php' # Universal decode regex match = [universal decoder] '/home/thesacih/inch-dia.com/wp-content/plugins/fast-indexing-api/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571r1.php' # Universal decode regex match = [universal decoder] '/home/thesacih/inch-dia.com/wp-content/themes/smart-mag/functions-variable.php' # Known exploit = [Fingerprint Match (md5)] [PHP Upload Exploit] '/home/thesacih/inch-dia.com/wp-content/themes/smart-mag/inc/core/assets/css/index.php' # Regular expression match = [\b(system|exec|passthru|shell_exec)\s*\(\s*\$_(GET|POST|GLOBALS|SERVER|REQUEST|SESSION|ENV|COOKIE)\[] # Universal decode regex match = [universal decoder] # (decoded file [depth: 0]) Regular expression match = [\b(system|exec|passthru|shell_exec)\s*\(\s*\$_(GET|POST|GLOBALS|SERVER|REQUEST|SESSION|ENV|COOKIE)\[] '/home/thesacih/inch-dia.com/wp-includes/class-wp-plugin-dependencies-dns.php' # Known exploit = [Fingerprint Match (md5)] [PHP Shell Exploit] '/home/thesacih/inch-dia.com/wp-includes/Requests/output_script.php' # Universal decode regex match = [universal decoder] '/home/thesacih/inch-dia.com/wp-includes/images/output_script.php' # Universal decode regex match = [universal decoder] '/home/thesacih/inch-dia.com/wp-includes/images/smilies/index.php' # Universal decode regex match = [universal decoder] # (decoded file [advanced decoder: 14 (depth: 11)]) ClamAV detected virus = [{HEX}php.cmdshell.byp2.222.UNOFFICIAL] '/home/thesacih/legendhunk.com/wp-content/plugins/fast-indexing-api/vendor/google/apiclient-services/src/src.css' # Universal decode regex match = [universal decoder] '/home/thesacih/legendhunk.com/wp-content/plugins/fast-indexing-api/vendor/google/apiclient-services/src/Indexing/Indexing.css' # Universal decode regex match = [universal decoder] '/home/thesacih/legendhunk.com/wp-content/plugins/fast-indexing-api/vendor/google/apiclient-services/src/Indexing/Resource/lib.php' # Universal decode regex match = [universal decoder] '/home/thesacih/mail/new' # Skipped - too many resources: 12359 ( > filemax=10000) '/home/thesacih/newzjournal.com/wp-content/plugins/all-in-one-seo-pack-stable/app/Common/Views/admin/settings-page.php' # Universal decode regex match = [universal decoder] '/home/thesacih/newzjournal.com/wp-content/plugins/fast-indexing-api/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571k1.php' # Universal decode regex match = [universal decoder] '/home/thesacih/newzjournal.com/wp-content/plugins/fast-indexing-api/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571r1.php' # Universal decode regex match = [universal decoder] '/home/thesacih/newzjournal.com/wp-includes/interactivity-api/output_script.php' # Universal decode regex match = [universal decoder] '/home/thesacih/newzjournal.com/wp-includes/php-compat/output_script.php' # Universal decode regex match = [universal decoder] '/home/thesacih/richstarz.com/wp-content/plugins/fast-indexing-api/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571k1.php' # Universal decode regex match = [universal decoder] '/home/thesacih/richstarz.com/wp-content/plugins/fast-indexing-api/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571r1.php' # Universal decode regex match = [universal decoder] '/home/thesacih/richstarz.com/wp-includes/version.php' # Script version check [OLD] [Wordpress v6.8 < v6.8.2] '/home/thesacih/scopebiography.com/wp-content/plugins/fast-indexing-api/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571k1.php' # Universal decode regex match = [universal decoder] '/home/thesacih/scopebiography.com/wp-content/plugins/fast-indexing-api/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571r1.php' # Universal decode regex match = [universal decoder] '/home/thesacih/scopebiography.com/wp-includes/PHPMailer/output_script.php' # Universal decode regex match = [universal decoder] '/home/thesacih/scopebiography.com/wp-includes/html-api/output_script.php' # Universal decode regex match = [universal decoder] '/home/thesacih/shiningicons.com/wp-admin/admin-functions-stat.php' # Known exploit = [Fingerprint Match (md5)] [PHP Shell Exploit] '/home/thesacih/shiningicons.com/wp-content/plugins/all-in-one-wp-migration-src/uninstall-stack.php' # Known exploit = [Fingerprint Match (md5)] [PHP Upload Exploit] '/home/thesacih/shiningicons.com/wp-content/themes/pubnews/header-alpha.php' # Known exploit = [Fingerprint Match (md5)] [PHP Upload Exploit] '/home/thesacih/shiningicons.com/wp-includes/class-wp-user-framework.php' # Known exploit = [Fingerprint Match (md5)] [PHP Shell Exploit] '/home/thesacih/shiningicons.com/wp-includes/rest-api/output_script.php' # Universal decode regex match = [universal decoder] '/home/thesacih/shiningicons.com/wp-includes/sitemaps/output_script.php' # Universal decode regex match = [universal decoder] '/home/thesacih/showbizprofiles.com/good.php' # Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P1974]] '/home/thesacih/showbizprofiles.com/index.php' # Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P1974]] '/home/thesacih/showbizprofiles.com/wp-content/plugins/fast-indexing-api/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571k1.php' # Universal decode regex match = [universal decoder] '/home/thesacih/showbizprofiles.com/wp-content/plugins/fast-indexing-api/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571r1.php' # Universal decode regex match = [universal decoder] '/home/thesacih/showbizprofiles.com/wp-includes/version.php' # Script version check [OLD] [Wordpress v6.8 < v6.8.2] '/home/thesacih/usabiographies.com/wp-content/plugins/bunyad-demo-import/vendor/awesomemotive/awesomemotive.css' # Universal decode regex match = [universal decoder] '/home/thesacih/usabiographies.com/wp-content/plugins/bunyad-demo-import/vendor/composer/composer.css' # Universal decode regex match = [universal decoder] '/home/thesacih/usabiographies.com/wp-content/plugins/fast-indexing-api/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571k1.php' # Universal decode regex match = [universal decoder] '/home/thesacih/usabiographies.com/wp-content/plugins/fast-indexing-api/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571r1.php' # Universal decode regex match = [universal decoder] '/home/thesacih/usafurtune.com/config-main.php' # Decode regex match = [decode regex: 1] '/home/thesacih/usafurtune.com/.tmb' # World writeable directory '/home/thesacih/usafurtune.com/wp-content/plugins/bunyad-demo-import/vendor/awesomemotive/wp-content-importer-v2/wp-content-importer-v2.css' # Universal decode regex match = [universal decoder] '/home/thesacih/usafurtune.com/wp-content/plugins/bunyad-demo-import/vendor/awesomemotive/wp-content-importer-v2/src/src.css' # Universal decode regex match = [universal decoder] '/home/thesacih/usafurtune.com/wp-content/plugins/fast-indexing-api/vendor/google/apiclient/src/AccessToken/AccessToken.css' # Universal decode regex match = [universal decoder] '/home/thesacih/usafurtune.com/wp-content/plugins/fast-indexing-api/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571k1.php' # Universal decode regex match = [universal decoder] '/home/thesacih/usafurtune.com/wp-content/plugins/fast-indexing-api/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571r1.php' # Universal decode regex match = [universal decoder] '/home/thesacih/usafurtune.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clike/index.html' # Suspicious file type [application/x-c] '/home/thesacih/usafurtune.com/wp-includes/IXR/output_script.php' # Universal decode regex match = [universal decoder] '/home/thesacih/usafurtune.com/wp-includes/fonts/output_script.php' # Universal decode regex match = [universal decoder] '/home/thesacih/usapersonalities.com/wp-content/plugins/fast-indexing-api/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571k1.php' # Universal decode regex match = [universal decoder] '/home/thesacih/usapersonalities.com/wp-content/plugins/fast-indexing-api/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571r1.php' # Universal decode regex match = [universal decoder] '/home/thesacih/usapersonalities.com/wp-content/plugins/wp-console/lib/php-7.4/vendor/symfony/console/Resources/bin/hiddeninput.exe' # MS Windows Binary/Executable [application/x-winexec] '/home/thesacih/usapersonalities.com/wp-content/plugins/wp-console/lib/php-8.0/vendor/symfony/console/Resources/bin/hiddeninput.exe' # MS Windows Binary/Executable [application/x-winexec] '/home/thesacih/usapersonalities.com/wp-includes/SimplePie/output_script.php' # Universal decode regex match = [universal decoder] '/home/thesacih/usapersonalities.com/wp-includes/php-compat/output_script.php' # Universal decode regex match = [universal decoder] '/home/thesacih/wealthyhack.com/wp-content/plugins/ad-inserter/includes/google-api/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571k1.php' # Universal decode regex match = [universal decoder] '/home/thesacih/wealthyhack.com/wp-content/plugins/ad-inserter/includes/google-api/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571r1.php' # Universal decode regex match = [universal decoder] '/home/thesacih/wealthyhack.com/wp-content/plugins/ad-inserter/includes/google-api-8/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571k1.php' # Universal decode regex match = [universal decoder] '/home/thesacih/wealthyhack.com/wp-content/plugins/ad-inserter/includes/google-api-8/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571r1.php' # Universal decode regex match = [universal decoder] '/home/thesacih/wealthyhack.com/wp-content/plugins/fast-indexing-api/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571k1.php' # Universal decode regex match = [universal decoder] '/home/thesacih/wealthyhack.com/wp-content/plugins/fast-indexing-api/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571r1.php' # Universal decode regex match = [universal decoder] '/home/thesacih/wealthyhack.com/wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571k1.php' # Universal decode regex match = [universal decoder] '/home/thesacih/wealthyhack.com/wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571r1.php' # Universal decode regex match = [universal decoder] '/home/thesacih/wealthyhack.com/wp-includes/version.php' # Script version check [OLD] [Wordpress v6.7.2 < v6.8.2] ----------- SCAN SUMMARY ----------- Scanned directories: 33919 Scanned files: 204350 Ignored items: 788 Suspicious matches: 144 Viruses found: 9 Fingerprint matches: 32 Data scanned: 10645.97 MB Scan peak memory: 418308 kB Scan time/item: 0.021 sec Scan time: 5029.724 sec