----------- SCAN REPORT ----------- TimeStamp: Thu, 14 Nov 2024 06:11:04 -0500 (/usr/sbin/cxs --background --clamdsock /var/clamd --dbreport --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 50000 --noforce --html --ignore /etc/cxs/cxs.ignore.manual --options mMOLfSGchexdnwZDRru --noprobability --qoptions Mv --report /home/growfhjh/scanreport-growfhjh-Nov_14_2024_06h11m.txt --sizemax 1000000 --ssl --summary --sversionscan --timemax 30 --unofficial --user growfhjh --virusscan --vmrssmax 2000000 --waitscan 0 --xtra /etc/cxs/cxs.xtra.manual) Scanning /home/growfhjh: '/home/growfhjh/.nc_plugin/hidden' # World writeable directory '/home/growfhjh/aonerecruitment.com/item.php' # ClamAV detected virus = [TO-27921.WEBSHELL.filemanager2_php_filemanager_without_any_authentication_nocoment_html.MD5-d3918fa0721b43422eb21747fff7dd43-68616.UNOFFICIAL] '/home/growfhjh/aonerecruitment.com/wander.php' # Universal decode regex match = [universal decoder] # Decode regex match = [decode regex: 1] '/home/growfhjh/aonerecruitment.com/wp-confiq.php' # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # (decoded file [depth: 2]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2246]] '/home/growfhjh/aonerecruitment.com/wp-loadscript.php' # Regular expression match = [Adminer - Compact database management] # (decoded file [depth: 0]) Regular expression match = [Adminer - Compact database management] '/home/growfhjh/aonerecruitment.com/wp-admin/images/post-formats-as.png' # Suspicious image file (hidden script file) # Universal decode regex match = [universal decoder] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] '/home/growfhjh/aonerecruitment.com/wp-content/plugins/elementor/assets/svg-paths/WBcRxSGX.php' # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # (decoded file [depth: 2]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2246]] '/home/growfhjh/aonerecruitment.com/wp-includes/themes.php' # Universal decode regex match = [universal decoder] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] '/home/growfhjh/aonerecruitment.com/wp-includes/Text/wp/bJCacGJa.php' # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # (decoded file [depth: 2]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2246]] '/home/growfhjh/aonerecruitment.com/wp-includes/images/smilies/icon_winks.png' # Suspicious image file (hidden script file) # Universal decode regex match = [universal decoder] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] '/home/growfhjh/aonerecruitment.com/wp-includes/js/dist/preferences-persistence.mni.js' # Universal decode regex match = [universal decoder] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] '/home/growfhjh/hypertechpros.com/index.php' # Universal decode regex match = [universal decoder] '/home/growfhjh/hypertechpros.com/wp-loadscript.php' # Regular expression match = [Adminer - Compact database management] # (decoded file [depth: 0]) Regular expression match = [Adminer - Compact database management] '/home/growfhjh/hypertechpros.com/.tmb' # World writeable directory '/home/growfhjh/hypertechpros.com/wp-content/plugins/cwdpq3j3/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/growfhjh/hypertechpros.com/wp-content/plugins/d36dzuu7/kevinAtony.php' # ClamAV detected virus = [TO-35550.WEBSHEL.nc_50_network_javascript_php.MD5-f8931116cc33044f5fa7e4e06816e578.size-38.UNOFFICIAL] '/home/growfhjh/hypertechpros.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clike/index.html' # Suspicious file type [application/x-c] '/home/growfhjh/hypertechpros.com/wp-content/plugins/wp-protect/front/front.jpeg' # Suspicious image file (hidden script file) '/home/growfhjh/hypertechpros.com/wp-content/plugins/wp-protect-1/front/front.jpeg' # Suspicious image file (hidden script file) '/home/growfhjh/hypertechpros.com/wp-content/plugins/xg9yxpvp/kevinAtony.php' # ClamAV detected virus = [TO-35550.WEBSHEL.nc_50_network_javascript_php.MD5-f8931116cc33044f5fa7e4e06816e578.size-38.UNOFFICIAL] '/home/growfhjh/hypertechpros.com/wp-content/themes/cay-van-phong/kevinAtony.php' # ClamAV detected virus = [TO-35550.WEBSHEL.nc_50_network_javascript_php.MD5-f8931116cc33044f5fa7e4e06816e578.size-38.UNOFFICIAL] '/home/growfhjh/hypertechpros.com/wp-content/themes/cwdpq3j3/fooster1337.php' # Decode regex match = [decode regex: 1] '/home/growfhjh/hypertechpros.com/wp-content/themes/d36dzuu7/kevinAtony.php' # ClamAV detected virus = [TO-35550.WEBSHEL.nc_50_network_javascript_php.MD5-f8931116cc33044f5fa7e4e06816e578.size-38.UNOFFICIAL] '/home/growfhjh/hypertechpros.com/wp-content/themes/xg9yxpvp/kevinAtony.php' # ClamAV detected virus = [TO-35550.WEBSHEL.nc_50_network_javascript_php.MD5-f8931116cc33044f5fa7e4e06816e578.size-38.UNOFFICIAL] '/home/growfhjh/hypertechpros.com/wp-includes/sodium_compat/wander.php' # Universal decode regex match = [universal decoder] # Decode regex match = [decode regex: 1] '/home/growfhjh/learntodriveuk.com/.tmb' # World writeable directory '/home/growfhjh/learntodriveuk.com/wp-content/plugins/woocommerce/includes/admin/class-wc-admin-menus.php' # Universal decode regex match = [universal decoder] '/home/growfhjh/learntodriveuk.com/wp-content/plugins/woocommerce/src/Internal/Admin/WcPayWelcomePage.php' # Universal decode regex match = [universal decoder] '/home/growfhjh/learntodriveuk.com/wp-content/plugins/woocommerce/vendor/maxmind-db/reader/ext/maxminddb.c' # Suspicious file type [application/x-c] '/home/growfhjh/learntodriveuk.com/wp-content/plugins/woocommerce-payments/includes/admin/class-wc-payments-admin.php' # Universal decode regex match = [universal decoder] '/home/growfhjh/learntodriveuk.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clike/index.html' # Suspicious file type [application/x-c] '/home/growfhjh/lineagemind.hypertechpros.com/.tmb' # World writeable directory '/home/growfhjh/lineagemind.hypertechpros.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clike/index.html' # Suspicious file type [application/x-c] '/home/growfhjh/public_html/beton.php' # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] '/home/growfhjh/public_html/index.php' # Universal decode regex match = [universal decoder] # Decode regex match = [decode regex: 1] '/home/growfhjh/public_html/wp-crom.php' # Universal decode regex match = [universal decoder] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] '/home/growfhjh/public_html/wp-admin/images/post-formats-as.png' # Suspicious image file (hidden script file) # Universal decode regex match = [universal decoder] # Decode regex match = [decode regex: 1] '/home/growfhjh/public_html/wp-content/plugins/elementor/assets/js/packages/schema/about.php' # Universal decode regex match = [universal decoder] # Decode regex match = [decode regex: 1] '/home/growfhjh/public_html/wp-content/plugins/elementor/assets/js/packages/schema/about.php7' # Universal decode regex match = [universal decoder] # Decode regex match = [decode regex: 1] '/home/growfhjh/public_html/wp-content/plugins/elementor/assets/js/packages/schema/alfa-rex.php' # Universal decode regex match = [universal decoder] # Decode regex match = [decode regex: 1] '/home/growfhjh/public_html/wp-content/plugins/elementor/assets/js/packages/schema/alfa-rex.php56' # Universal decode regex match = [universal decoder] # Decode regex match = [decode regex: 1] '/home/growfhjh/public_html/wp-content/plugins/elementor/assets/js/packages/schema/alfa-rex.php7' # Universal decode regex match = [universal decoder] # Decode regex match = [decode regex: 1] '/home/growfhjh/public_html/wp-content/plugins/elementor/assets/js/packages/schema/alfa-rex.php8' # Universal decode regex match = [universal decoder] # Decode regex match = [decode regex: 1] '/home/growfhjh/public_html/wp-content/plugins/elementor/assets/js/packages/schema/wp-login.php' # Universal decode regex match = [universal decoder] # Decode regex match = [decode regex: 1] '/home/growfhjh/public_html/wp-content/plugins/elementor/core/files/dJikxOf.php' # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # (decoded file [depth: 2]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2246]] '/home/growfhjh/public_html/wp-includes/themes.php' # Universal decode regex match = [universal decoder] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] '/home/growfhjh/public_html/wp-includes/version.php' # Script version check [OLD] [Wordpress v6.6.2 < v6.7] '/home/growfhjh/public_html/wp-includes/Requests/wp/WdWeSnZqAb.php' # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # (decoded file [depth: 2]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2246]] '/home/growfhjh/public_html/wp-includes/images/smilies/icon_winks.png' # Suspicious image file (hidden script file) # Universal decode regex match = [universal decoder] # Decode regex match = [decode regex: 1] '/home/growfhjh/public_html/wp-includes/js/dist/preferences-persistence.mni.js' # Universal decode regex match = [universal decoder] # Decode regex match = [decode regex: 1] # Scan Timeout (30 secs) while processing: '/home/growfhjh/softaculous_backups/wp.26_62204.2024-11-03_18-50-51.tar.gz' # Scan Timeout (30 secs) while processing: '/home/growfhjh/softaculous_backups/wp.26_64598.2024-11-11_19-06-28.tar.gz' # Scan Timeout (30 secs) while processing: '/home/growfhjh/softaculous_backups/wp.26_64598.2024-11-13_20-12-29.tar.gz' # Scan Timeout (30 secs) while processing: '/home/growfhjh/softaculous_backups/wp.26_84576.2024-10-28_18-59-07.tar.gz' # Scan Timeout (30 secs) while processing: '/home/growfhjh/softaculous_backups/wp.26_84576.2024-10-29_20-10-24.tar.gz' # Scan Timeout (30 secs) while processing: '/home/growfhjh/softaculous_backups/wp.26_84576.2024-11-03_18-50-50.tar.gz' '/home/growfhjh/stylotrends.store/beton.php' # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Decode regex match = [decode regex: 1] '/home/growfhjh/stylotrends.store/.tmb' # World writeable directory '/home/growfhjh/stylotrends.store/wp-content/plugins/woocommerce/includes/admin/class-wc-admin-menus.php' # Universal decode regex match = [universal decoder] '/home/growfhjh/stylotrends.store/wp-content/plugins/woocommerce/src/Internal/Admin/WcPayWelcomePage.php' # Universal decode regex match = [universal decoder] '/home/growfhjh/stylotrends.store/wp-content/plugins/woocommerce/vendor/maxmind-db/reader/ext/maxminddb.c' # Suspicious file type [application/x-c] '/home/growfhjh/stylotrends.store/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clike/index.html' # Suspicious file type [application/x-c] # Scan Timeout (30 secs) while processing: '/home/growfhjh/stylotrends.store/wp-content/uploads/2024/09/neytiri-modern-woocommerce-theme-2024-07-12-08-15-29-utc.zip' ----------- SCAN SUMMARY ----------- Scanned directories: 16084 Scanned files: 82711 Ignored items: 447 Suspicious matches: 102 Viruses found: 6 Fingerprint matches: 5 Data scanned: 2621.29 MB Scan peak memory: 417044 kB Scan time/item: 0.032 sec Scan time: 3131.445 sec