X7ROOT File Manager
Current Path:
/home/stepirbf
home
/
stepirbf
/
ðŸ“
..
ðŸ“
.analytic
ðŸ“
.cagefs
ðŸ“
.caldav
ðŸ“
.cl.selector
📄
.clamavconnector.status
(199 B)
ðŸ“
.clwpos
ðŸ“
.cpanel
ðŸ“
.cphorde
📄
.htaccess
(287 B)
ðŸ“
.htpasswds
📄
.imunify_patch_id
(106 B)
📄
.last.inodes
(8.5 KB)
📄
.lastlogin
(578 B)
📄
.lsphp_restart.txt
(0 B)
📄
.myimunify_id
(102 B)
ðŸ“
.nc_plugin
ðŸ“
.razor
ðŸ“
.softaculous
ðŸ“
.spamassassin
ðŸ“
.subaccounts
ðŸ“
.trash
📄
.wget-hsts
(175 B)
ðŸ“
access-logs
ðŸ“
aujwasafaris.co.ke
ðŸ“
demo.stephnovators.com
ðŸ“
demo2.stephnovators.com
ðŸ“
etc
ðŸ“
hoteldemo.stephnovators.com
📄
hoteldemo.stephnovators.com.zip
(206.19 MB)
ðŸ“
josman.co.ke
ðŸ“
kasulu.nl
📄
kasulu.nl.zip
(521.09 MB)
ðŸ“
logs
ðŸ“
lscache
ðŸ“
lscmData
ðŸ“
mail
ðŸ“
members.stephnovators.com
📄
mikasiadventures.co.ke.zip
(1.09 GB)
ðŸ“
nairobiairportinn.co.ke
📄
nairobiairportinn.co.ke.zip
(313.8 MB)
ðŸ“
naturefriendlysafarisug.com
ðŸ“
neatenterprise.stephnovators.com
ðŸ“
neatenterprise.uk
ðŸ“
public_ftp
ðŸ“
public_html
📄
scanreport-stepirbf-Dec_28_2024_12h44m.txt
(84.93 KB)
ðŸ“
shazsafaris.co.ke
ðŸ“
softaculous_backups
ðŸ“
ssl
📄
theneoresearch.com.zip
(51.13 KB)
ðŸ“
tmp
ðŸ“
toursdemo.stephnovators.com
ðŸ“
wendsafaris.com
ðŸ“
wendsafaris.nl
📄
wendsafaris.nl.zip
(845.63 MB)
📄
wendsafaris.nl2.zip
(838.78 MB)
ðŸ“
wordpress
📄
wordpress-6.6.zip
(24.93 MB)
📄
wordpress-6.7.1.zip
(27.26 MB)
ðŸ“
xprintkenya.com
📄
xprintkenya.com.zip
(792.54 MB)
ðŸ“
yamadacompany.com
ðŸ“
yamadaresearch.com
ðŸ“
ymdcompany.com
Editing: scanreport-stepirbf-Dec_28_2024_12h44m.txt
----------- SCAN REPORT ----------- TimeStamp: Sat, 28 Dec 2024 12:44:20 -0500 (/usr/sbin/cxs --background --clamdsock /var/clamd --dbreport --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 10000 --noforce --html --ignore /etc/cxs/cxs.ignore.manual --options mMOLfSGchexdnwZDRru --noprobability --qoptions Mv --quarantine /opt/cxs/quarantine --report /home/stepirbf/scanreport-stepirbf-Dec_28_2024_12h44m.txt --sizemax 1000000 --ssl --summary --sversionscan --timemax 30 --unofficial --user stepirbf --virusscan --vmrssmax 2000000 --waitscan 0 --xtra /etc/cxs/cxs.xtra.manual) Scanning /home/stepirbf: '/home/stepirbf/access-logs' # Symlink to [/etc/apache2/logs/domlogs/stepirbf] # Scan Timeout (30 secs) while processing: '/home/stepirbf/wordpress-6.7.1.zip' '/home/stepirbf/.cl.selector/admin.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/.clwpos/dropdown.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/.cpanel/doc.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/doc.php.1735407892_1) ClamAV detected virus = [TO-35095.WEBSHELL.nc_about.MD5-a9d51e24058de1cb818c990f70d127dc.size-34267.UNOFFICIAL] '/home/stepirbf/.cpanel/themes.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/.cpanel/nvdata/admin.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/.cphorde/doc.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/doc.php.1735407897_1) ClamAV detected virus = [TO-35095.WEBSHELL.nc_about.MD5-a9d51e24058de1cb818c990f70d127dc.size-34267.UNOFFICIAL] '/home/stepirbf/.cphorde/vfsroot/wp-login.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/.htpasswds/doc.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/doc.php.1735407897_2) ClamAV detected virus = [TO-35095.WEBSHELL.nc_about.MD5-a9d51e24058de1cb818c990f70d127dc.size-34267.UNOFFICIAL] '/home/stepirbf/.nc_plugin/hidden' # World writeable directory '/home/stepirbf/.razor/doc.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/doc.php.1735407898_1) ClamAV detected virus = [TO-35095.WEBSHELL.nc_about.MD5-a9d51e24058de1cb818c990f70d127dc.size-34267.UNOFFICIAL] '/home/stepirbf/.softaculous/doc.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/doc.php.1735407898_2) ClamAV detected virus = [TO-35095.WEBSHELL.nc_about.MD5-a9d51e24058de1cb818c990f70d127dc.size-34267.UNOFFICIAL] '/home/stepirbf/.spamassassin/doc.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/doc.php.1735407900_1) ClamAV detected virus = [TO-35095.WEBSHELL.nc_about.MD5-a9d51e24058de1cb818c990f70d127dc.size-34267.UNOFFICIAL] '/home/stepirbf/.subaccounts/doc.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/doc.php.1735407900_2) ClamAV detected virus = [TO-35095.WEBSHELL.nc_about.MD5-a9d51e24058de1cb818c990f70d127dc.size-34267.UNOFFICIAL] '/home/stepirbf/etc/kasulu.nl/input.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/etc/kasulu.nl/text.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/text.php.1735407902_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatcheckbox_php.MD5-1730e4c64081e66b1e1006e397d93f92.size-1527.UNOFFICIAL] '/home/stepirbf/etc/kasulu.nl/themes.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/etc/kasulu.nl/wp-blog-header.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735407902_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/etc/kasulu.nl/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735407902_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/etc/kasulu.nl/@pwcache/about.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/etc/kasulu.nl/@pwcache/dropdown.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/dropdown.php.1735407902_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatcheckbox_php.MD5-1730e4c64081e66b1e1006e397d93f92.size-1527.UNOFFICIAL] '/home/stepirbf/etc/kasulu.nl/@pwcache/index.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/etc/kasulu.nl/@pwcache/themes.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/etc/kasulu.nl/@pwcache/wp-login.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/etc/mikasiadventures.co.ke/about.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/etc/mikasiadventures.co.ke/admin.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/etc/mikasiadventures.co.ke/index.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/index.php.1735407903_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/etc/mikasiadventures.co.ke/input.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/etc/mikasiadventures.co.ke/text.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/etc/mikasiadventures.co.ke/themes.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/themes.php.1735407904_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatcheckbox_php.MD5-1730e4c64081e66b1e1006e397d93f92.size-1527.UNOFFICIAL] '/home/stepirbf/etc/mikasiadventures.co.ke/wp-blog-header.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735407904_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/etc/mikasiadventures.co.ke/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735407904_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/etc/nairobiairportinn.co.ke/dropdown.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/etc/nairobiairportinn.co.ke/index.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/index.php.1735407904_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/etc/nairobiairportinn.co.ke/wp-blog-header.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735407904_2) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/etc/nairobiairportinn.co.ke/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735407904_2) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/etc/nairobiairportinn.co.ke/@pwcache/checkbox.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/etc/nairobiairportinn.co.ke/@pwcache/themes.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/etc/stephnovators.com/admin.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/etc/stephnovators.com/checkbox.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/etc/stephnovators.com/dropdown.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/etc/stephnovators.com/index.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/index.php.1735407905_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/etc/stephnovators.com/wp-blog-header.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735407905_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/etc/stephnovators.com/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735407905_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/etc/stephnovators.com/@pwcache/about.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/etc/stephnovators.com/@pwcache/dropdown.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/etc/stephnovators.com/@pwcache/input.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/input.php.1735407905_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatcheckbox_php.MD5-1730e4c64081e66b1e1006e397d93f92.size-1527.UNOFFICIAL] '/home/stepirbf/etc/stephnovators.com/@pwcache/text.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/etc/wendsafaris.nl/index.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/index.php.1735407906_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/etc/wendsafaris.nl/themes.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/etc/wendsafaris.nl/wp-blog-header.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735407906_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/etc/wendsafaris.nl/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735407906_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/etc/wendsafaris.nl/@pwcache/about.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/about.php.1735407906_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatcheckbox_php.MD5-1730e4c64081e66b1e1006e397d93f92.size-1527.UNOFFICIAL] '/home/stepirbf/etc/wendsafaris.nl/@pwcache/dropdown.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/etc/wendsafaris.nl/@pwcache/index.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/etc/wendsafaris.nl/@pwcache/input.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/etc/wendsafaris.nl/@pwcache/wp-login.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/etc/xprintkenya.com/checkbox.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/etc/xprintkenya.com/index.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/index.php.1735407907_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/etc/xprintkenya.com/wp-blog-header.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735407907_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/etc/xprintkenya.com/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735407907_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/etc/xprintkenya.com/wp-login.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-login.php.1735407907_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatcheckbox_php.MD5-1730e4c64081e66b1e1006e397d93f92.size-1527.UNOFFICIAL] '/home/stepirbf/etc/xprintkenya.com/@pwcache/dropdown.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/dropdown.php.1735407907_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatcheckbox_php.MD5-1730e4c64081e66b1e1006e397d93f92.size-1527.UNOFFICIAL] '/home/stepirbf/etc/xprintkenya.com/@pwcache/wp-login.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/etc/yamadaresearch.com/about.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/etc/yamadaresearch.com/checkbox.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/etc/yamadaresearch.com/dropdown.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/etc/yamadaresearch.com/index.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/index.php.1735407908_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/etc/yamadaresearch.com/wp-blog-header.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735407908_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/etc/yamadaresearch.com/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735407908_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/etc/yamadaresearch.com/@pwcache/about.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/etc/yamadaresearch.com/@pwcache/dropdown.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/dropdown.php.1735407908_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatcheckbox_php.MD5-1730e4c64081e66b1e1006e397d93f92.size-1527.UNOFFICIAL] '/home/stepirbf/josman.co.ke/.quarantine/checkbox.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/josman.co.ke/.quarantine/text.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/josman.co.ke/.well-known/pki-validation/admin.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/josman.co.ke/wp-admin/wp-blog-header.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735407924_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/josman.co.ke/wp-admin/images/about.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/josman.co.ke/wp-admin/js/index.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/josman.co.ke/wp-admin/maint/checkbox.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/josman.co.ke/wp-content/wp-blog-header.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735407958_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/josman.co.ke/wp-content/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735407958_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] # Scan Timeout (30 secs) while processing: '/home/stepirbf/josman.co.ke/wp-content/plugins/js_composer.zip' '/home/stepirbf/josman.co.ke/wp-content/plugins/click-to-chat-for-whatsapp/new/admin/class-ht-ctc-admin-main-page.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/josman.co.ke/wp-content/plugins/jetpack/jetpack.php' # Script version check [OLD] [Jetpack by WordPress.com v8.6.3 < v13.4.2] '/home/stepirbf/josman.co.ke/wp-content/plugins/meta-box/inc/about/about.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/josman.co.ke/wp-content/plugins/meta-box-builder/vendor/twig/twig/ext/twig/twig.c' # Suspicious file type [application/x-c] '/home/stepirbf/josman.co.ke/wp-content/plugins/smart-slider-3/Nextend/SmartSlider3/Storage.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/josman.co.ke/wp-content/plugins/w3-total-cache/CdnEngine_Ftp.php' # Regular expression match = [\n(?!\s*(//|\#|\*)).*\.ssh/] '/home/stepirbf/josman.co.ke/wp-content/plugins/w3-total-cache/codecov' # Linux Binary/Executable [application/x-executable] '/home/stepirbf/josman.co.ke/wp-content/plugins/woocommerce/includes/admin/class-wc-admin-menus.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/josman.co.ke/wp-content/plugins/woocommerce/src/Internal/Admin/WcPayWelcomePage.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/josman.co.ke/wp-content/plugins/woocommerce/vendor/maxmind-db/reader/ext/maxminddb.c' # Suspicious file type [application/x-c] '/home/stepirbf/josman.co.ke/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clike/index.html' # Suspicious file type [application/x-c] '/home/stepirbf/josman.co.ke/wp-content/upgrade/checkbox.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/josman.co.ke/wp-includes/version.php' # Script version check [OLD] [Wordpress v6.6 < v6.7.1] '/home/stepirbf/josman.co.ke/wp-includes/wp-blog-header.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735409881_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/josman.co.ke/wp-includes/ID3/text.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/josman.co.ke/wp-includes/IXR/index.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/josman.co.ke/wp-includes/PHPMailer/about.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/josman.co.ke/wp-includes/PHPMailer/checkbox.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/josman.co.ke/wp-includes/Requests/dropdown.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/josman.co.ke/wp-includes/block-patterns/index.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/josman.co.ke/wp-includes/block-patterns/text.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/josman.co.ke/wp-includes/images/Pz9zmu.png' # Suspicious image file (hidden script file) '/home/stepirbf/josman.co.ke/wp-includes/php-compat/dropdown.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/josman.co.ke/wp-includes/sitemaps/dropdown.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/josman.co.ke/wp-includes/style-engine/about.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/checkbox.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/randkeyword.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/randkeyword.php.1735409985_1) (decoded file [advanced decoder: 14 (depth: 1)]) ClamAV detected virus = [TO-28313.WEBSHELL.text_php_encoded.MD5-a7d2a400320eaf0c90554c89ac5a9a52.size-49869.UNOFFICIAL] '/home/stepirbf/kasulu.nl/wp-crom.php' # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] '/home/stepirbf/kasulu.nl/.well-known/pki-validation/about.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/.well-known/pki-validation/wp-login.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-admin/text.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-admin/css/about.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-admin/css/input.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-admin/css/wp-login.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-admin/css/colors/index.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-admin/images/index.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-admin/images/post-formats-as.png' # Suspicious image file (hidden script file) # Universal decode regex match = [universal decoder] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] '/home/stepirbf/kasulu.nl/wp-admin/images/wp-login.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-admin/includes/checkbox.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-admin/includes/themes.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-admin/js/text.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-admin/js/wp-login.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-admin/js/widgets/checkbox.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-admin/maint/checkbox.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-admin/maint/index.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-admin/network/83u8UP.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-admin/network/checkbox.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-admin/network/k7p4YH.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-admin/user/themes.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-content/text.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-content/logs/admin.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-content/plugins/all-in-one-seo-pack/all_in_one_seo_pack.php' # Script version check [OLD] [All in One SEO v4.5.2.1 < v4.6.2] '/home/stepirbf/kasulu.nl/wp-content/plugins/all-in-one-seo-pack/app/Common/Views/admin/settings-page.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-content/plugins/aryo-activity-log/aryo-activity-log.php' # Script version check [OLD] [Activity Log v2.9.0 < v2.10.1] '/home/stepirbf/kasulu.nl/wp-content/plugins/bighearts-core/includes/meta-box/inc/about/about.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-content/plugins/click-to-chat-for-whatsapp/new/admin/class-ht-ctc-admin-main-page.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-content/plugins/elementor/elementor.php' # Script version check [OLD] [Elementor v3.18.2 < v3.21.5] '/home/stepirbf/kasulu.nl/wp-content/plugins/give/give.php' # Script version check [OLD] [Give - Donation Plugin v3.2.0 < v3.12.0] '/home/stepirbf/kasulu.nl/wp-content/plugins/give/blocks/components/radio.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/radio.php.1735410409_1) (decoded file [advanced decoder: 14 (depth: 1)]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P1295]] '/home/stepirbf/kasulu.nl/wp-content/plugins/give/includes/misc-functions.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-content/plugins/gtranslate/gtranslate.php' # Script version check [OLD] [GTranslate v3.0.5 < v3.0.6] '/home/stepirbf/kasulu.nl/wp-content/plugins/litespeed-cache/assets/js/NYVILHshT.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/NYVILHshT.php.1735410748_1) ClamAV detected virus = [TO-35095.WEBSHELL.nc_jlqbtZgTN.MD5-92a3abb62b46aa22a439a3993cd65f33.size-22059.UNOFFICIAL] '/home/stepirbf/kasulu.nl/wp-content/plugins/litespeed-cache/lib/css-min/about.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/about.php.1735410749_1) Known exploit = [Fingerprint Match (md5)] [PHP Exploit] '/home/stepirbf/kasulu.nl/wp-content/plugins/litespeed-cache/lib/css-min/about.php7' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/about.php7.1735410749_1) Known exploit = [Fingerprint Match (md5)] [PHP Exploit] '/home/stepirbf/kasulu.nl/wp-content/plugins/litespeed-cache/lib/css-min/alfa-rex.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/alfa-rex.php.1735410749_1) Known exploit = [Fingerprint Match (md5)] [PHP Exploit] '/home/stepirbf/kasulu.nl/wp-content/plugins/litespeed-cache/lib/css-min/alfa-rex.php56' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/alfa-rex.php56.1735410749_1) Known exploit = [Fingerprint Match (md5)] [PHP Exploit] '/home/stepirbf/kasulu.nl/wp-content/plugins/litespeed-cache/lib/css-min/alfa-rex.php7' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/alfa-rex.php7.1735410749_1) Known exploit = [Fingerprint Match (md5)] [PHP Exploit] '/home/stepirbf/kasulu.nl/wp-content/plugins/litespeed-cache/lib/css-min/alfa-rex.php8' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/alfa-rex.php8.1735410749_1) Known exploit = [Fingerprint Match (md5)] [PHP Exploit] '/home/stepirbf/kasulu.nl/wp-content/plugins/litespeed-cache/lib/css-min/wp-login.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-login.php.1735410749_1) Known exploit = [Fingerprint Match (md5)] [PHP Exploit] '/home/stepirbf/kasulu.nl/wp-content/plugins/robin-image-optimizer/robin-image-optimizer.php' # Script version check [OLD] [Robin image optimizer v1.6.6 < v1.6.9] '/home/stepirbf/kasulu.nl/wp-content/plugins/updraftplus/updraftplus.php' # Script version check [OLD] [UpdraftPlus - Backup/Restore v1.23.13 < v1.24.3] '/home/stepirbf/kasulu.nl/wp-content/plugins/woocommerce/woocommerce.php' # Script version check [OLD] [WooCommerce v8.3.1 < v8.8.3] '/home/stepirbf/kasulu.nl/wp-content/plugins/woocommerce/includes/admin/class-wc-admin-menus.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-content/plugins/woocommerce/src/Internal/Admin/WcPayWelcomePage.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-content/plugins/woocommerce/vendor/maxmind-db/reader/ext/maxminddb.c' # Suspicious file type [application/x-c] '/home/stepirbf/kasulu.nl/wp-content/plugins/woocommerce-payments/includes/admin/class-wc-payments-admin.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-content/plugins/wp-mail-smtp/wp_mail_smtp.php' # Script version check [OLD] [WP Mail SMTP v3.10.0 < v4.0.1] '/home/stepirbf/kasulu.nl/wp-content/plugins/wp-mail-smtp/src/Admin/Area.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-content/plugins/wp-mail-smtp/src/Admin/SetupWizard.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-content/plugins/wp-statistics/wp-statistics.php' # Script version check [OLD] [WP Statistics v14.2 < v14.6.4] '/home/stepirbf/kasulu.nl/wp-content/plugins/wp-statistics/includes/vendor/maxmind-db/reader/ext/maxminddb.c' # Suspicious file type [application/x-c] '/home/stepirbf/kasulu.nl/wp-content/plugins/wpforms-lite/wpforms.php' # Script version check [OLD] [WPForms Lite v1.8.5.2 < v1.8.8.3] '/home/stepirbf/kasulu.nl/wp-content/themes/about.php' # Universal decode regex match = [universal decoder] # Scan Timeout (30 secs) while processing: '/home/stepirbf/kasulu.nl/wp-content/themes/bighearts.3.0.2.zip' # Scan Timeout (30 secs) while processing: '/home/stepirbf/kasulu.nl/wp-content/themes/bighearts.zip' '/home/stepirbf/kasulu.nl/wp-content/themes/twentytwentythree/themes.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-content/updraft/admin.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-content/uploads/dropdown.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/dropdown.php.1735411712_1) (decoded file [depth: 1]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P1964]] '/home/stepirbf/kasulu.nl/wp-content/uploads/2022/themes.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-content/uploads/2024/input.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-content/uploads/elementor/wp-login.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-content/uploads/wc-logs/text.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/about.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/admin.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/text.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/themes.php' # Universal decode regex match = [universal decoder] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] '/home/stepirbf/kasulu.nl/wp-includes/ID3/checkbox.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/ID3/themes.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/PHPMailer/about.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/PHPMailer/admin.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/PHPMailer/themes.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/Requests/admin.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/Requests/dropdown.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/SimplePie/checkbox.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/block-patterns/input.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/blocks/about.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/blocks/block/index.php' # Universal decode regex match = [universal decoder] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] '/home/stepirbf/kasulu.nl/wp-includes/blocks/code/admin.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/blocks/query-pagination-next/wp-login.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/blocks/shortcode/admin.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/blocks/social-link/text.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/certificates/dropdown.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/certificates/input.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/css/index.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/css/themes.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/fonts/about.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/fonts/wp-login.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/html-api/text.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/html-api/themes.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/images/ltaf2c.jpg' # Suspicious image file (hidden script file) '/home/stepirbf/kasulu.nl/wp-includes/images/smilies/icon_winks.png' # Suspicious image file (hidden script file) # Universal decode regex match = [universal decoder] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] '/home/stepirbf/kasulu.nl/wp-includes/js/about.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/js/themes.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/js/dist/preferences-persistence.mni.js' # Universal decode regex match = [universal decoder] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] '/home/stepirbf/kasulu.nl/wp-includes/js/swfupload/index.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/php-compat/checkbox.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/pomo/input.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/rest-api/index.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/sitemaps/about.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/sitemaps/text.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/theme-compat/input.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/widgets/latbCm.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/kasulu.nl/wp-includes/widgets/text.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/lscache/wp-blog-header.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735412056_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/lscache/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735412056_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/lscache/priv/wp-blog-header.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735412060_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/lscache/priv/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735412060_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/lscmData/doc.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/doc.php.1735412060_1) ClamAV detected virus = [TO-35095.WEBSHELL.nc_about.MD5-a9d51e24058de1cb818c990f70d127dc.size-34267.UNOFFICIAL] '/home/stepirbf/lscmData/index.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/index.php.1735412060_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/lscmData/text.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/text.php.1735412060_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatcheckbox_php.MD5-1730e4c64081e66b1e1006e397d93f92.size-1527.UNOFFICIAL] '/home/stepirbf/lscmData/wp-blog-header.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735412060_2) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/lscmData/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735412060_2) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/mail/doc.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/doc.php.1735412061_1) ClamAV detected virus = [TO-35095.WEBSHELL.nc_about.MD5-a9d51e24058de1cb818c990f70d127dc.size-34267.UNOFFICIAL] '/home/stepirbf/mail/index.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/index.php.1735412061_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/mail/text.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/text.php.1735412061_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatcheckbox_php.MD5-1730e4c64081e66b1e1006e397d93f92.size-1527.UNOFFICIAL] '/home/stepirbf/mail/wp-blog-header.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735412061_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/mail/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735412062_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/mail/.info@mikasiadventures_co_ke/cur/checkbox.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/.info@mikasiadventures_co_ke/tmp/themes.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/.info@naturefriendlysafaris_com/admin.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/admin.php.1735412062_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatcheckbox_php.MD5-1730e4c64081e66b1e1006e397d93f92.size-1527.UNOFFICIAL] '/home/stepirbf/mail/.info@naturefriendlysafaris_com/checkbox.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/checkbox.php.1735412062_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatcheckbox_php.MD5-1730e4c64081e66b1e1006e397d93f92.size-1527.UNOFFICIAL] '/home/stepirbf/mail/.info@naturefriendlysafaris_com/new/dropdown.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/.info@naturefriendlysafaris_com/new/text.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/.projects@yamadacompany_com/checkbox.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/.projects@yamadacompany_com/cur/text.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/.projects@yamadacompany_com/tmp/text.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/.sales@stephnovators_com/cur/checkbox.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/.sales@stephnovators_com/new/about.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/.sales@stephnovators_com/tmp/index.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/.solutions@stephnovators_com/tmp/index.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/.solutions@stephnovators_com/tmp/themes.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/cur/checkbox.php:2,S' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/cur/index.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/index.php.1735412252_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/mail/cur/input.php:2,S' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/cur/text.php:2,S' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/cur/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735412253_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/mail/kasulu.nl/wp-blog-header.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735412253_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/mail/kasulu.nl/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735412253_2) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/mail/kasulu.nl/info/index.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/index.php.1735412253_1) ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL] '/home/stepirbf/mail/kasulu.nl/info/cur/checkbox.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/checkbox.php.1735412253_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatcheckbox_php.MD5-1730e4c64081e66b1e1006e397d93f92.size-1527.UNOFFICIAL] '/home/stepirbf/mail/kasulu.nl/info/tmp/admin.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/kasulu.nl/info/tmp/dropdown.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/mikasiadventures.co.ke/index.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/index.php.1735412261_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/mail/mikasiadventures.co.ke/wp-blog-header.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735412261_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/mail/mikasiadventures.co.ke/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735412261_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/mail/mikasiadventures.co.ke/info/admin.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/admin.php.1735412261_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatcheckbox_php.MD5-1730e4c64081e66b1e1006e397d93f92.size-1527.UNOFFICIAL] '/home/stepirbf/mail/nairobiairportinn.co.ke/dropdown.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/dropdown.php.1735412263_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatcheckbox_php.MD5-1730e4c64081e66b1e1006e397d93f92.size-1527.UNOFFICIAL] '/home/stepirbf/mail/nairobiairportinn.co.ke/index.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/index.php.1735412263_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/mail/nairobiairportinn.co.ke/wp-blog-header.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735412263_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/mail/nairobiairportinn.co.ke/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735412263_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/mail/nairobiairportinn.co.ke/info/.spam/checkbox.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/nairobiairportinn.co.ke/info/cur/admin.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/nairobiairportinn.co.ke/info/cur/index.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/nairobiairportinn.co.ke/info/cur/index.php:2,S' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/naturefriendlysafaris.com/index.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/index.php.1735412265_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/mail/naturefriendlysafaris.com/wp-blog-header.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735412265_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/mail/naturefriendlysafaris.com/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735412265_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/mail/new/checkbox.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/new/index.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/index.php.1735412385_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/mail/new/input.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/new/text.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/new/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735412385_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/mail/stephnovators.com/index.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/index.php.1735412385_2) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/mail/stephnovators.com/wp-blog-header.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735412385_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/mail/stephnovators.com/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735412385_2) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] # Scan Timeout (30 secs) while processing: '/home/stepirbf/mail/stephnovators.com/solutions/new/1731432867.M260504P2637290.premium220.web-hosting.com,S=47813501,W=48434559' '/home/stepirbf/mail/tinjotours.co.ke/dropdown.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/dropdown.php.1735412519_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatcheckbox_php.MD5-1730e4c64081e66b1e1006e397d93f92.size-1527.UNOFFICIAL] '/home/stepirbf/mail/tinjotours.co.ke/index.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/index.php.1735412519_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/mail/tinjotours.co.ke/wp-blog-header.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735412519_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/mail/tinjotours.co.ke/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735412519_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/mail/tmp/index.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/index.php.1735412519_2) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/mail/tmp/wp-blog-header.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735412519_2) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/mail/tmp/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735412519_2) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/mail/wendsafaris.nl/index.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/index.php.1735412520_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/mail/wendsafaris.nl/wp-blog-header.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735412520_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/mail/wendsafaris.nl/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735412520_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/mail/wendsafaris.nl/info/text.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/text.php.1735412520_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatcheckbox_php.MD5-1730e4c64081e66b1e1006e397d93f92.size-1527.UNOFFICIAL] '/home/stepirbf/mail/wendsafaris.nl/info/.Junk/checkbox.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/wendsafaris.nl/info/tmp/input.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/xprintkenya.com/about.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/xprintkenya.com/index.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/index.php.1735412685_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/mail/xprintkenya.com/wp-blog-header.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735412685_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/mail/xprintkenya.com/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735412685_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/mail/xprintkenya.com/info/index.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/xprintkenya.com/info/input.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/xprintkenya.com/info/.Drafts/checkbox.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/checkbox.php.1735412686_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatcheckbox_php.MD5-1730e4c64081e66b1e1006e397d93f92.size-1527.UNOFFICIAL] '/home/stepirbf/mail/xprintkenya.com/info/.spam/checkbox.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/xprintkenya.com/info/new/1714970722.M211630P272830.premium220.web-hosting.com,S=1209792,W=1226409' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/1714970722.M211630P272830.premium220.web-hosting.com,S=1209792,W=1226409.1735412770_1) ClamAV detected virus = [Win.Packed.Pwsx-10029429-0] '/home/stepirbf/mail/xprintkenya.com/info/new/1716566171.M204962P3085309.premium220.web-hosting.com,S=897010,W=908772' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/1716566171.M204962P3085309.premium220.web-hosting.com,S=897010,W=908772.1735412840_1) ClamAV detected virus = [Win.Packed.Msilzilla-10032826-0] '/home/stepirbf/mail/xprintkenya.com/info/new/1717739034.M14066P1884751.premium220.web-hosting.com,S=818901,W=830143' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/1717739034.M14066P1884751.premium220.web-hosting.com,S=818901,W=830143.1735412852_1) ClamAV detected virus = [Win.Packed.Powershell-10033182-0] '/home/stepirbf/mail/xprintkenya.com/info/new/1717995760.M605432P753522.premium220.web-hosting.com,S=965225,W=978471' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/1717995760.M605432P753522.premium220.web-hosting.com,S=965225,W=978471.1735412858_1) ClamAV detected virus = [Win.Packed.Powershell-10032150-0] '/home/stepirbf/mail/xprintkenya.com/info/new/1718144910.M687343P1659274.premium220.web-hosting.com,S=844088,W=855270' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/1718144910.M687343P1659274.premium220.web-hosting.com,S=844088,W=855270.1735412867_1) ClamAV detected virus = [Win.Packed.Powershell-10032150-0] '/home/stepirbf/mail/xprintkenya.com/info/new/1718634999.M494583P2093078.premium220.web-hosting.com,S=817346,W=828569' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/1718634999.M494583P2093078.premium220.web-hosting.com,S=817346,W=828569.1735412874_1) ClamAV detected virus = [Win.Packed.Injuke-10032098-0] '/home/stepirbf/mail/xprintkenya.com/info/new/1722435767.M208413P2349435.premium220.web-hosting.com,S=2595341,W=2630960' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/1722435767.M208413P2349435.premium220.web-hosting.com,S=2595341,W=2630960.1735412900_1) ClamAV detected virus = [Win.Trojan.Generic-10034319-0] '/home/stepirbf/mail/xprintkenya.com/info/new/1723517950.M648718P4065744.premium220.web-hosting.com,S=1063171,W=1077762' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/1723517950.M648718P4065744.premium220.web-hosting.com,S=1063171,W=1077762.1735412905_1) ClamAV detected virus = [Win.Packed.Remcos-10036256-0] '/home/stepirbf/mail/xprintkenya.com/info/new/1724220016.M851298P3612151.premium220.web-hosting.com,S=977114,W=990557' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/1724220016.M851298P3612151.premium220.web-hosting.com,S=977114,W=990557.1735412916_1) ClamAV detected virus = [Win.Packed.Pwsx-10034960-0] '/home/stepirbf/mail/xprintkenya.com/info/new/1725868814.M137372P2380735.premium220.web-hosting.com,S=1165281,W=1180532' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/1725868814.M137372P2380735.premium220.web-hosting.com,S=1165281,W=1180532.1735412962_1) ClamAV detected virus = [Win.Packed.Gamarue-10035986-0] '/home/stepirbf/mail/xprintkenya.com/info/new/1734947633.M696589P3778446.premium220.web-hosting.com,S=1238792,W=1255789' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/1734947633.M696589P3778446.premium220.web-hosting.com,S=1238792,W=1255789.1735413021_1) ClamAV detected virus = [Win.Packed.Genie8dn-10040863-0] '/home/stepirbf/mail/yamadacompany.com/index.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/index.php.1735413025_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/mail/yamadacompany.com/text.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/text.php.1735413025_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatcheckbox_php.MD5-1730e4c64081e66b1e1006e397d93f92.size-1527.UNOFFICIAL] '/home/stepirbf/mail/yamadacompany.com/wp-blog-header.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735413025_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/mail/yamadacompany.com/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735413026_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/mail/yamadacompany.com/projects/input.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/input.php.1735413026_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatcheckbox_php.MD5-1730e4c64081e66b1e1006e397d93f92.size-1527.UNOFFICIAL] '/home/stepirbf/mail/yamadaresearch.com/index.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/index.php.1735413026_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/mail/yamadaresearch.com/wp-blog-header.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735413026_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/mail/yamadaresearch.com/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735413026_2) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/mail/yamadaresearch.com/kunchai/.Junk/about.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/yamadaresearch.com/kunchai/.Trash/dropdown.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/yamadaresearch.com/kunchai/.spam/checkbox.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/yamadaresearch.com/kunchai/.spam/themes.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/mail/yamadaresearch.com/kunchai/cur/themes.php' # Universal decode regex match = [universal decoder] # Scan Timeout (30 secs) while processing: '/home/stepirbf/nairobiairportinn.co.ke/wp-content/plugins/revslider.zip' '/home/stepirbf/nairobiairportinn.co.ke/wp-content/plugins/woocommerce2/includes/admin/class-wc-admin-menus.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/nairobiairportinn.co.ke/wp-content/plugins/woocommerce2/src/Internal/Admin/WcPayWelcomePage.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/nairobiairportinn.co.ke/wp-content/plugins/woocommerce2/vendor/maxmind-db/reader/ext/maxminddb.c' # Suspicious file type [application/x-c] '/home/stepirbf/nairobiairportinn.co.ke/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clike/index.html' # Suspicious file type [application/x-c] '/home/stepirbf/nairobiairportinn.co.ke/wp-content/plugins/wp-mail-smtp/src/Admin/Area.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/nairobiairportinn.co.ke/wp-content/plugins/wp-mail-smtp/src/Admin/SetupWizard.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/nairobiairportinn.co.ke/wp-content/plugins/wp-mail-smtp/vendor_prefixed/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571k1.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/nairobiairportinn.co.ke/wp-content/plugins/wp-mail-smtp/vendor_prefixed/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571r1.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/nairobiairportinn.co.ke/wp-includes/version.php' # Script version check [OLD] [Wordpress v6.4.5 < v6.7.1] '/home/stepirbf/nairobiairportinn.co.ke/wp-includes/images/CSusuQ.png' # Suspicious image file (hidden script file) '/home/stepirbf/public_ftp/doc.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/doc.php.1735415024_1) ClamAV detected virus = [TO-35095.WEBSHELL.nc_about.MD5-a9d51e24058de1cb818c990f70d127dc.size-34267.UNOFFICIAL] '/home/stepirbf/public_ftp/index.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/index.php.1735415024_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/public_ftp/text.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/text.php.1735415024_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatcheckbox_php.MD5-1730e4c64081e66b1e1006e397d93f92.size-1527.UNOFFICIAL] '/home/stepirbf/public_ftp/wp-blog-header.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735415024_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/public_ftp/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735415024_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/public_ftp/incoming/index.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/index.php.1735415024_2) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/public_ftp/incoming/wp-blog-header.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735415024_2) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/public_ftp/incoming/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735415024_2) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/public_html/wp-content/logs/checkbox.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/public_html/wp-content/logs/dropdown.php' # Universal decode regex match = [universal decoder] # Scan Timeout (30 secs) while processing: '/home/stepirbf/public_html/wp-content/plugins/elementor-pro_v3.18.1.zip' '/home/stepirbf/public_html/wp-content/plugins/autoptimize/autoptimize.php' # Script version check [OLD] [Autoptimize v3.1.10 < v3.1.11] '/home/stepirbf/public_html/wp-content/plugins/click-to-chat-for-whatsapp/click-to-chat.php' # Script version check [OLD] [Click to Chat v3.31 < v4.2] '/home/stepirbf/public_html/wp-content/plugins/click-to-chat-for-whatsapp/new/admin/class-ht-ctc-admin-main-page.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/public_html/wp-content/plugins/essential-addons-for-elementor-lite/essential_adons_elementor.php' # Script version check [OLD] [Essential Addons for Elementor v5.9.2 < v5.9.21] '/home/stepirbf/public_html/wp-content/plugins/google-site-kit/google-site-kit.php' # Script version check [OLD] [Site Kit by Google v1.116.0 < v1.126.0] '/home/stepirbf/public_html/wp-content/plugins/gravityforms/gravityforms.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/public_html/wp-content/plugins/jetpack/jetpack.php' # Script version check [OLD] [Jetpack v12.9.3 < v13.4.2] '/home/stepirbf/public_html/wp-content/plugins/jetpack/modules/masterbar/admin-menu/class-admin-menu.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/public_html/wp-content/plugins/loginizer/loginizer.php' # Script version check [OLD] [Loginizer v1.8.3 < v1.8.4] '/home/stepirbf/public_html/wp-content/plugins/mailchimp-for-wp/mailchimp-for-wp.php' # Script version check [OLD] [MC4WP: Mailchimp for WordPress v4.9.10 < v4.9.13] '/home/stepirbf/public_html/wp-content/plugins/one-click-demo-import/one-click-demo-import.php' # Script version check [OLD] [One Click Demo Import v3.2.0 < v3.2.1] '/home/stepirbf/public_html/wp-content/plugins/robin-image-optimizer/robin-image-optimizer.php' # Script version check [OLD] [Robin image optimizer v1.6.6 < v1.6.9] '/home/stepirbf/public_html/wp-content/plugins/updraftplus/updraftplus.php' # Script version check [OLD] [UpdraftPlus - Backup/Restore v1.23.16 < v1.24.3] '/home/stepirbf/public_html/wp-content/plugins/wordpress-importer/wordpress-importer.php' # Script version check [OLD] [WordPress Importer v0.8.1 < v0.8.2] '/home/stepirbf/public_html/wp-content/plugins/wordpress-seo/wp-seo.php' # Script version check [OLD] [Yoast SEO v21.7 < v22.7] '/home/stepirbf/public_html/wp-content/plugins/wp-reset/wp-reset.php' # Script version check [OLD] [WP Reset v1.98 < v2.02] '/home/stepirbf/public_html/wp-content/plugins/wp-statistics/wp-statistics.php' # Script version check [OLD] [WP Statistics v14.3.2 < v14.6.4] '/home/stepirbf/public_html/wp-content/plugins/wp-statistics/includes/vendor/maxmind-db/reader/ext/maxminddb.c' # Suspicious file type [application/x-c] '/home/stepirbf/public_html/wp-content/themes/haptic/themes.php' # Universal decode regex match = [universal decoder] # Scan Timeout (30 secs) while processing: '/home/stepirbf/public_html/wp-content/updraft/backup_2024-01-17-1345_Stephnovators_Digital_Solutions_18c93d694df5-others.zip' # Scan Timeout (30 secs) while processing: '/home/stepirbf/public_html/wp-content/updraft/backup_2024-01-17-1345_Stephnovators_Digital_Solutions_18c93d694df5-plugins.zip' '/home/stepirbf/public_html/wp-content/uploads/wpforms/about.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/softaculous_backups/wp-blog-header.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735416381_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/softaculous_backups/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735416381_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] # Scan Timeout (30 secs) while processing: '/home/stepirbf/softaculous_backups/wp.26_91356.2024-12-03_16-31-22.tar.gz' # Scan Timeout (30 secs) while processing: '/home/stepirbf/softaculous_backups/wp66.26_37597.2024-12-01_16-23-28.tar.gz' # Scan Timeout (30 secs) while processing: '/home/stepirbf/softaculous_backups/wp66.26_37597.2024-12-04_16-39-59.tar.gz' # Scan Timeout (30 secs) while processing: '/home/stepirbf/softaculous_backups/wp66.26_91945.2024-11-30_16-23-51.tar.gz' # Scan Timeout (30 secs) while processing: '/home/stepirbf/softaculous_backups/wp66.26_91945.2024-12-04_16-39-38.tar.gz' '/home/stepirbf/softaculous_backups/tmp/wp-blog-header.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735416724_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/softaculous_backups/tmp/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735416724_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/ssl/doc.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/doc.php.1735416724_1) ClamAV detected virus = [TO-35095.WEBSHELL.nc_about.MD5-a9d51e24058de1cb818c990f70d127dc.size-34267.UNOFFICIAL] '/home/stepirbf/ssl/index.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/index.php.1735416724_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/ssl/text.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/text.php.1735416724_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatcheckbox_php.MD5-1730e4c64081e66b1e1006e397d93f92.size-1527.UNOFFICIAL] '/home/stepirbf/ssl/wp-blog-header.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735416724_2) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/ssl/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735416724_2) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/ssl/certs/admin.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/ssl/certs/dropdown.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/ssl/certs/index.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/index.php.1735416725_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/ssl/certs/input.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/ssl/certs/text.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/ssl/certs/themes.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/ssl/certs/wp-blog-header.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735416726_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/ssl/certs/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735416726_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/ssl/csrs/admin.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/admin.php.1735416726_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatcheckbox_php.MD5-1730e4c64081e66b1e1006e397d93f92.size-1527.UNOFFICIAL] '/home/stepirbf/ssl/csrs/checkbox.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/ssl/csrs/dropdown.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/dropdown.php.1735416726_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatcheckbox_php.MD5-1730e4c64081e66b1e1006e397d93f92.size-1527.UNOFFICIAL] '/home/stepirbf/ssl/csrs/index.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/index.php.1735416727_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/ssl/csrs/input.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/ssl/csrs/text.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/ssl/csrs/wp-blog-header.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735416727_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/ssl/csrs/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735416727_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/ssl/keys/admin.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/ssl/keys/checkbox.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/ssl/keys/dropdown.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/ssl/keys/index.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/index.php.1735416728_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/ssl/keys/wp-blog-header.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735416728_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/ssl/keys/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735416728_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/tmp/wp-blog-header.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735416757_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/tmp/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735416757_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/tmp/analog/checkbox.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/tmp/analog/dropdown.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/tmp/analog/themes.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/tmp/analog/wp-blog-header.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735416758_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/tmp/analog/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735416758_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/tmp/pma_template_compiles_stepirbf/admin.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/tmp/pma_template_compiles_stepirbf/checkbox.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/tmp/pma_template_compiles_stepirbf/wp-blog-header.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735416758_2) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/tmp/pma_template_compiles_stepirbf/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735416758_2) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/tmp/pma_template_compiles_stepirbf/twig/about.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/tmp/pma_template_compiles_stepirbf/twig/admin.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/tmp/pma_template_compiles_stepirbf/twig/checkbox.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/tmp/pma_template_compiles_stepirbf/twig/dropdown.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/tmp/pma_template_compiles_stepirbf/twig/input.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/tmp/pma_template_compiles_stepirbf/twig/text.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/tmp/pma_template_compiles_stepirbf/twig/wp-login.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/tmp/webalizer/about.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/tmp/webalizer/checkbox.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/tmp/webalizer/dropdown.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/tmp/webalizer/wp-blog-header.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735416773_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/tmp/webalizer/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735416773_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/tmp/webalizerftp/about.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/tmp/webalizerftp/admin.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/tmp/webalizerftp/text.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/tmp/webalizerftp/wp-blog-header.php' # Universal decode regex match = [universal decoder] # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-blog-header.php.1735416774_1) (decoded file [advanced decoder: 14 (depth: 2)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2227]] '/home/stepirbf/tmp/webalizerftp/wp-cron.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/wp-cron.php.1735416774_1) ClamAV detected virus = [TO-33761.WEBSHEL.nc_compatindex_php.MD5-14d444f47417f104c4d2e51685099cb8.size-4737.UNOFFICIAL] '/home/stepirbf/wendsafaris.nl/wp-content/languages/admin.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/wendsafaris.nl/wp-content/logs/checkbox.php' # Universal decode regex match = [universal decoder] # Scan Timeout (30 secs) while processing: '/home/stepirbf/wendsafaris.nl/wp-content/plugins/elementor-pro.zip' # Scan Timeout (30 secs) while processing: '/home/stepirbf/wendsafaris.nl/wp-content/plugins/elementor.3.26.1.zip' '/home/stepirbf/wendsafaris.nl/wp-content/plugins/click-to-chat-for-whatsapp/new/admin/class-ht-ctc-admin-main-page.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/wendsafaris.nl/wp-content/plugins/wp-asset-clean-up/templates/meta-box-loaded-assets/view-by-location.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/wendsafaris.nl/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clike/index.html' # Suspicious file type [application/x-c] '/home/stepirbf/wendsafaris.nl/wp-content/plugins/wp-file-manager/lib/themes/windows - 10' # World writeable directory '/home/stepirbf/wendsafaris.nl/wp-content/plugins/wp-file-manager/lib/themes/windows - 10/css' # World writeable directory '/home/stepirbf/wendsafaris.nl/wp-content/plugins/wp-file-manager/lib/themes/windows - 10/images' # World writeable directory '/home/stepirbf/wendsafaris.nl/wp-content/plugins/wp-file-manager/lib/themes/windows - 10/images/16px' # World writeable directory '/home/stepirbf/wendsafaris.nl/wp-content/plugins/wp-file-manager/lib/themes/windows - 10/images/48px' # World writeable directory '/home/stepirbf/wendsafaris.nl/wp-content/plugins/wp-file-manager/lib/themes/windows - 10/js' # World writeable directory '/home/stepirbf/wendsafaris.nl/wp-content/plugins/wp-mail-smtp/src/Admin/Area.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/wendsafaris.nl/wp-content/plugins/wp-mail-smtp/src/Admin/SetupWizard.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/wendsafaris.nl/wp-content/plugins/wp-mail-smtp/vendor_prefixed/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571k1.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/wendsafaris.nl/wp-content/plugins/wp-mail-smtp/vendor_prefixed/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571r1.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/wendsafaris.nl/wp-content/plugins/wp-optimize/includes/class-wp-optimize-admin.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/wendsafaris.nl/wp-content/uploads/smack_uci_uploads/wp-login.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/wendsafaris.nl/wp-content/uploads/wpallimport/admin.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/wendsafaris.nl/wp-content/uploads/wpcf7_uploads/themes.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/xprintkenya.com/wp-content/cspt-css/checkbox.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/xprintkenya.com/wp-content/fonts/playfair-display/themes.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/xprintkenya.com/wp-content/plugins/advanced-custom-fields/acf.php' # Script version check [OLD] [Advanced Custom Fields v6.2.3 < v6.2.9] '/home/stepirbf/xprintkenya.com/wp-content/plugins/breadcrumb-navxt/breadcrumb-navxt.php' # Script version check [OLD] [Breadcrumb NavXT v7.2.0 < v7.3.0] '/home/stepirbf/xprintkenya.com/wp-content/plugins/elementor/elementor.php' # Script version check [OLD] [Elementor v3.17.3 < v3.21.5] '/home/stepirbf/xprintkenya.com/wp-content/plugins/gravityforms/gravityforms.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/xprintkenya.com/wp-content/plugins/kirki/kirki.php' # Script version check [OLD] [Kirki Customizer Framework v5.0.0 < v5.1.0] '/home/stepirbf/xprintkenya.com/wp-content/plugins/litespeed-cache/litespeed-cache.php' # Script version check [OLD] [LiteSpeed Cache v5.7.0.1 < v6.2.0.1] '/home/stepirbf/xprintkenya.com/wp-content/plugins/loginizer/loginizer.php' # Script version check [OLD] [Loginizer v1.8.2 < v1.8.4] '/home/stepirbf/xprintkenya.com/wp-content/plugins/mailchimp-for-wp/mailchimp-for-wp.php' # Script version check [OLD] [MC4WP: Mailchimp for WordPress v4.9.10 < v4.9.13] '/home/stepirbf/xprintkenya.com/wp-content/plugins/w3-total-cache/CdnEngine_Ftp.php' # Regular expression match = [\n(?!\s*(//|\#|\*)).*\.ssh/] '/home/stepirbf/xprintkenya.com/wp-content/plugins/w3-total-cache/w3-total-cache.php' # Script version check [OLD] [W3 Total Cache v2.6.0 < v2.7.2] '/home/stepirbf/xprintkenya.com/wp-content/plugins/w3-total-cache/lib/Aws/Aws/Handler/211441a6.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/211441a6.php.1735419448_1) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P1994]] '/home/stepirbf/xprintkenya.com/wp-content/plugins/w3-total-cache/lib/Aws/Aws/Handler/61302287.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/61302287.php.1735419449_1) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P1994]] '/home/stepirbf/xprintkenya.com/wp-content/plugins/w3-total-cache/pub/0b8a280b.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/0b8a280b.php.1735419499_1) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P1994]] '/home/stepirbf/xprintkenya.com/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/CloudTrailData/9025c1ae.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/9025c1ae.php.1735419521_1) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P1994]] '/home/stepirbf/xprintkenya.com/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/ElastiCache/Exception/630cadac.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/630cadac.php.1735419537_1) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P1994]] '/home/stepirbf/xprintkenya.com/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/KinesisVideo/aa56ccef.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/aa56ccef.php.1735419550_1) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P1994]] '/home/stepirbf/xprintkenya.com/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/MTurk/Exception/1ea126b2.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/1ea126b2.php.1735419553_1) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P1994]] '/home/stepirbf/xprintkenya.com/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/MedicalImaging/f5643070.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/f5643070.php.1735419557_1) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P1994]] '/home/stepirbf/xprintkenya.com/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/QLDB/63e795bc.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/63e795bc.php.1735419564_1) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P1994]] '/home/stepirbf/xprintkenya.com/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/VoiceID/Exception/76deafd9.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/76deafd9.php.1735419583_1) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P1994]] '/home/stepirbf/xprintkenya.com/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/data/kafka/2018-11-14/a61d0f35.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/a61d0f35.php.1735419688_1) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P1994]] '/home/stepirbf/xprintkenya.com/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/data/managedblockchain-query/2023-05-04/fc83b702.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/fc83b702.php.1735419700_1) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P1994]] '/home/stepirbf/xprintkenya.com/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/data/runtime.lex/061e0942.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/061e0942.php.1735419742_1) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P1994]] '/home/stepirbf/xprintkenya.com/wp-content/plugins/w3-total-cache/vendor/microsoft/azure-storage-common/0811fa60.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/0811fa60.php.1735419796_1) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P1994]] '/home/stepirbf/xprintkenya.com/wp-content/plugins/w3-total-cache/vendor/nikic/php-parser/lib/PhpParser/Internal/673f63fc.php' # (quarantined to /opt/cxs/quarantine/cxsuser/stepirbf/673f63fc.php.1735419805_1) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P1994]] '/home/stepirbf/xprintkenya.com/wp-content/plugins/wp-smushit/wp-smush.php' # Script version check [OLD] [Smush v3.15.1 < v3.16.2] '/home/stepirbf/xprintkenya.com/wp-content/themes/twentytwentytwo/Xs.js.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/xprintkenya.com/wp-content/themes/twentytwentytwo/input.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/xprintkenya.com/wp-content/uploads/2017/text.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/xprintkenya.com/wp-content/uploads/2018/12/index.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/xprintkenya.com/wp-content/uploads/2022/05/index.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/xprintkenya.com/wp-content/uploads/revslider/index.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/xprintkenya.com/wp-content/w3tc-config/input.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/xprintkenya.com/wp-content/w3tc-config/text.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/xprintkenya.com/wp-content/w3tc-config/wp-login.php' # Universal decode regex match = [universal decoder] '/home/stepirbf/xprintkenya.com/wp-content/wflogs/input.php' # Universal decode regex match = [universal decoder] ----------- SCAN SUMMARY ----------- Scanned directories: 31109 Scanned files: 226947 Ignored items: 1998 Suspicious matches: 529 Viruses found: 106 Fingerprint matches: 69 Data scanned: 19330.68 MB Scan peak memory: 419972 kB Scan time/item: 0.048 sec Scan time: 12479.161 sec
Upload File
Create Folder