Current File : /home/itiffy/scanreport-itiffy-2025-01-21T23:38:50.761614.txt

----------- SCAN REPORT -----------
TimeStamp: Tue, 21 Jan 2025 18:38:51 -0500
(/usr/sbin/cxs --clamdsock /var/clamd --dbreport --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 50000 --noforce --html --ignore /etc/cxs/cxs.ignore.manual --options mMOLfSGchexdnwZDRru --noprobability --qoptions Mv --report /home/itiffy/scanreport-itiffy-2025-01-21T23:38:50.761614.txt --sizemax 1000000 --ssl --summary --sversionscan --timemax 30 --unofficial --user itiffy --virusscan --vmrssmax 2000000 --waitscan 0 --xtra /etc/cxs/cxs.xtra.manual)


Scanning /home/itiffy:

'/home/itiffy/.config/dbus/gs-bd'
# Linux Binary/Executable [application/x-executable]

'/home/itiffy/aspenconstructionandpainting.com/wp-blog-header.php'
# Universal decode regex match = [universal decoder]

'/home/itiffy/aspenconstructionandpainting.com/wp-content/plugins/akismet/akismet.php'
# Script version check [OLD] [Akismet Anti-Spam v5.1 < v5.3.5]

'/home/itiffy/aspenconstructionandpainting.com/wp-content/plugins/astra-sites/astra-sites.php'
# Script version check [OLD] [Starter Templates v3.1.27 < v4.4.11]

'/home/itiffy/aspenconstructionandpainting.com/wp-content/plugins/elementor/elementor.php'
# Script version check [OLD] [Elementor v3.12.0 < v3.26.5]

'/home/itiffy/aspenconstructionandpainting.com/wp-content/plugins/elementskit-lite/elementskit-lite.php'
# Script version check [OLD] [ElementsKit Lite v2.8.5 < v3.3.7]

'/home/itiffy/aspenconstructionandpainting.com/wp-content/plugins/loginizer/loginizer.php'
# Script version check [OLD] [Loginizer v1.7.7 < v1.9.6]

'/home/itiffy/aspenconstructionandpainting.com/wp-content/plugins/sticky-header-effects-for-elementor/sticky-header-effects-for-elementor.php'
# Script version check [OLD] [Sticky Header Effects for Elementor v1.6.4 < v1.7.3]

'/home/itiffy/aspenconstructionandpainting.com/wp-content/plugins/unlimited-elements-for-elementor/unlimited_elements.php'
# Script version check [OLD] [Unlimited Elements for Elementor v1.5.58 < v1.5.138]

'/home/itiffy/aspenconstructionandpainting.com/wp-content/themes/astra/admin/includes/class-astra-menu.php'
# Universal decode regex match = [universal decoder]

'/home/itiffy/aspenconstructionandpainting.com/wp-includes/version.php'
# Script version check [OLD] [Wordpress v6.2.2 < v6.7.1]

'/home/itiffy/itiffyproject.com/logs.php'
# Universal decode regex match = [universal decoder]
# Decode regex match = [decode regex: 1]

'/home/itiffy/itiffyproject.com/aspen/wp-content/plugins/akismet/akismet.php'
# Script version check [OLD] [Akismet Anti-Spam v5.0.2 < v5.3.5]

'/home/itiffy/itiffyproject.com/aspen/wp-content/plugins/litespeed-cache/litespeed-cache.php'
# Script version check [OLD] [LiteSpeed Cache v5.7.0.1 < v6.5.4]

'/home/itiffy/itiffyproject.com/aspen/wp-content/plugins/loginizer/loginizer.php'
# Script version check [OLD] [Loginizer v1.7.7 < v1.9.6]

'/home/itiffy/itiffyproject.com/aspen/wp-includes/version.php'
# Script version check [OLD] [Wordpress v6.3.2 < v6.7.1]

'/home/itiffy/itiffyproject.com/rockjc/wp-includes/version.php'
# Script version check [OLD] [Wordpress v6.2.6 < v6.7.1]

'/home/itiffy/lifestyle-lending.com.au/ShreeRam.phtml'
# Universal decode regex match = [universal decoder]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]
# Decode regex match = [decode regex: 1]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]

'/home/itiffy/lifestyle-lending.com.au/theme-inscldw.php'
# Known exploit = [Fingerprint Match (md5)] [PHP Upload Exploit]

'/home/itiffy/lifestyle-lending.com.au/theme-inscrqf.php'
# Known exploit = [Fingerprint Match (md5)] [PHP Upload Exploit]

'/home/itiffy/lifestyle-lending.com.au/theme-insqboh.php'
# Known exploit = [Fingerprint Match (md5)] [PHP Upload Exploit]

'/home/itiffy/lifestyle-lending.com.au/theme-insyrhn.php'
# Known exploit = [Fingerprint Match (md5)] [PHP Upload Exploit]

'/home/itiffy/lifestyle-lending.com.au/theme-insyzvx.php'
# Known exploit = [Fingerprint Match (md5)] [PHP Upload Exploit]

'/home/itiffy/lifestyle-lending.com.au/theme-inszkuc.php'
# Known exploit = [Fingerprint Match (md5)] [PHP Upload Exploit]

'/home/itiffy/lifestyle-lending.com.au/.well-known/BlackWSO.phtml'
# Decode regex match = [decode regex: 1]
# Scan Timeout (30 secs) while processing:
'/home/itiffy/mail/.spam/cur/1705218770.M711666P3995261.premium223.web-hosting.com,S=1026904,W=1041050:2,'
# Scan Timeout (30 secs) while processing:
'/home/itiffy/mail/.spam/cur/1705299286.M52379P1100072.premium223.web-hosting.com,S=1045124,W=1059520:2,'
# Scan Timeout (30 secs) while processing:
'/home/itiffy/mail/.spam/cur/1705926774.M203640P2677151.premium223.web-hosting.com,S=903400,W=915831:2,'
# Scan Timeout (30 secs) while processing:
'/home/itiffy/mail/.spam/cur/1705938597.M868090P3583404.premium223.web-hosting.com,S=860951,W=872801:2,'

'/home/itiffy/mail/.spam/new/1733122517.M901827P1443522.premium223.web-hosting.com,S=1522566,W=1543472'
# ClamAV detected virus = [Win.Packed.Malwarex-10038365-0]

'/home/itiffy/mail/.spam/new/1733735653.M878868P3308234.premium223.web-hosting.com,S=1393844,W=1412986'
# ClamAV detected virus = [Win.Packed.Crypterx-10038718-0]

'/home/itiffy/mail/cur'
# Skipped - too many resources: 172836 ( > filemax=50000)

'/home/itiffy/mail/new'
# Skipped - too many resources: 53895 ( > filemax=50000)
# Scan Timeout (30 secs) while processing:
'/home/itiffy/mail/rockyjohnsonconcrete.com/info/cur/1558979112.M789371P30053.server1.itiffy.com,S=37957623,W=38450664:2,S'

'/home/itiffy/mywilleasy.com/ShreeRam.phtml'
# Universal decode regex match = [universal decoder]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]
# Decode regex match = [decode regex: 1]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]

'/home/itiffy/public_html/Chitoge.php'
# Universal decode regex match = [universal decoder]
# Decode regex match = [decode regex: 1]

'/home/itiffy/public_html/GEAR5.php'
# Regular expression match = [system\(\"cd \/tmp]

'/home/itiffy/public_html/_0x0_.php'
# Regular expression match = [system\(\"cd \/tmp]

'/home/itiffy/public_html/sitemap.php'
# Universal decode regex match = [universal decoder]
# Decode regex match = [decode regex: 1]

'/home/itiffy/public_html/sucury-cleanup.php'
# Regular expression match = [system\(\"cd \/tmp]

'/home/itiffy/public_html/wp-log.php'
# Universal decode regex match = [universal decoder]
# Decode regex match = [decode regex: 1]

'/home/itiffy/public_html/blog/wp-content/plugins/litespeed-cache/litespeed-cache.php'
# Script version check [OLD] [LiteSpeed Cache v4.4.3 < v6.5.4]

'/home/itiffy/public_html/blog/wp-includes/version.php'
# Script version check [OLD] [Wordpress v4.9.3 < v6.7.1]

'/home/itiffy/public_html/vendor/symfony/console/Resources/bin/hiddeninput.exe'
# MS Windows Binary/Executable [application/x-winexec]

'/home/itiffy/public_html/vendor/symfony/debug/Resources/ext/symfony_debug.c'
# Suspicious file type [application/x-c]

'/home/itiffy/public_html/well-known/acme-challenge/c/d/g/b/cm/cm.pl'
# Universal decode regex match = [universal decoder]

'/home/itiffy/rockyjohnsonconcrete.com/BlackWSO.phtml'
# Decode regex match = [decode regex: 1]

'/home/itiffy/rockyjohnsonconcrete.com/ShreeRam.phtml'
# Universal decode regex match = [universal decoder]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]
# Decode regex match = [decode regex: 1]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]

'/home/itiffy/rockyjohnsonconcrete.com/logs.php'
# Universal decode regex match = [universal decoder]
# Decode regex match = [decode regex: 1]

'/home/itiffy/rockyjohnsonconcrete.com/wp-admin/GreyWasHere.phtml'
# Decode regex match = [decode regex: 1]

'/home/itiffy/rockyjohnsonconcrete.com/wp-content/plugins/advanced-custom-fields/acf.php'
# Script version check [OLD] [Advanced Custom Fields v4.4.12 < v6.3.11]

'/home/itiffy/rockyjohnsonconcrete.com/wp-content/plugins/akismet/akismet.php'
# Script version check [OLD] [Akismet Anti-Spam v4.0.8 < v5.3.5]

'/home/itiffy/rockyjohnsonconcrete.com/wp-content/plugins/all-in-one-wp-migration/all-in-one-wp-migration.php'
# Script version check [OLD] [All-in-One WP Migration v6.72 < v7.88]
# Scan Timeout (30 secs) while processing:
'/home/itiffy/rockyjohnsonconcrete.com/wp-content/plugins/all-in-one-wp-migration/storage/8dv07nizpiot/itiffyprojects.com-dev-rockyjohnson-20180806-115149-559.wpress'

'/home/itiffy/rockyjohnsonconcrete.com/wp-content/plugins/contact-form-7/wp-contact-form-7.php'
# Script version check [OLD] [Contact Form 7 v5.0.3 < v6.0.3]

'/home/itiffy/rockyjohnsonconcrete.com/wp-content/plugins/custom-post-type-ui/custom-post-type-ui.php'
# Script version check [OLD] [Custom Post Type UI v1.5.8 < v1.17.2]

'/home/itiffy/rockyjohnsonconcrete.com/wp-content/plugins/smart-slider-3/library/smartslider/libraries/storage.php'
# Universal decode regex match = [universal decoder]

'/home/itiffy/rockyjohnsonconcrete.com/wp-content/plugins/smart-slider-3/library/smartslider/models/Install.php'
# Universal decode regex match = [universal decoder]

'/home/itiffy/rockyjohnsonconcrete.com/wp-content/plugins/smart-slider-3/library/smartslider/plugins/widget/bullet/bullet.php'
# Universal decode regex match = [universal decoder]

'/home/itiffy/rockyjohnsonconcrete.com/wp-content/plugins/smart-slider-3/library/smartslider/plugins/widgetarrow/image/image.php'
# Universal decode regex match = [universal decoder]

'/home/itiffy/rockyjohnsonconcrete.com/wp-content/plugins/smart-slider-3/library/smartslider/plugins/widgetautoplay/image/image.php'
# Universal decode regex match = [universal decoder]

'/home/itiffy/rockyjohnsonconcrete.com/wp-content/plugins/smart-slider-3/library/smartslider/plugins/widgetbar/horizontal/horizontal.php'
# Universal decode regex match = [universal decoder]

'/home/itiffy/rockyjohnsonconcrete.com/wp-content/plugins/smart-slider-3/library/smartslider/plugins/widgetbullet/transition/transition.php'
# Universal decode regex match = [universal decoder]

'/home/itiffy/rockyjohnsonconcrete.com/wp-content/plugins/smart-slider-3/library/smartslider/plugins/widgetthumbnail/default/default.php'
# Universal decode regex match = [universal decoder]
# Scan Timeout (30 secs) while processing:
'/home/itiffy/rockyjohnsonconcrete.com/wp-content/plugins/smart-slider-3/library/wordpress/plugins/generator/posts/sources/posts.php'

'/home/itiffy/rockyjohnsonconcrete.com/wp-content/plugins/wp-smushit/wp-smush.php'
# Script version check [OLD] [Smush v2.7.9.1 < v3.16.6]
# Scan Timeout (30 secs) while processing:
'/home/itiffy/rockyjohnsonconcrete.com/wp-content/plugins/wp-smushit/assets/shared-ui-2/images/plugins-defender-icon@2x.png'
# Scan Timeout (30 secs) while processing:
'/home/itiffy/rockyjohnsonconcrete.com/wp-content/uploads/2018/07/commercial-concrete-14-150x150.jpg'
# Scan Timeout (30 secs) while processing:
'/home/itiffy/rockyjohnsonconcrete.com/wp-content/uploads/2018/07/gallery-27.jpg'
# Scan Timeout (30 secs) while processing:
'/home/itiffy/rockyjohnsonconcrete.com/wp-content/uploads/2018/07/gallery-63-400x750.jpg'
# Scan Timeout (30 secs) while processing:
'/home/itiffy/rockyjohnsonconcrete.com/wp-content/uploads/2018/07/landscaping-concrete-04.jpg'
# Scan Timeout (30 secs) while processing:
'/home/itiffy/rockyjohnsonconcrete.com/wp-content/uploads/2018/07/slide-04-768x247.jpg'
# Scan Timeout (30 secs) while processing:
'/home/itiffy/rockyjohnsonconcrete.com/wp-content/uploads/2018/08/IMG_20180517_1555219-400x1000.jpg'

'/home/itiffy/rockyjohnsonconcrete.com/wp-includes/version.php'
# Script version check [OLD] [Wordpress v4.9.22 < v6.7.1]

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib/view'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib/view/assets'
# World writeable directory

'/home/itiffy/tmp/analog/ssl/itiffy.com/cache'
# ClamAV detected virus = [{HEX}php.cmdshell.fx29.273.UNOFFICIAL]

'/home/itiffy/tmp/webalizer/index.php'
# ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL]

----------- SCAN SUMMARY -----------
Scanned directories: 23176
Scanned files: 52805
Ignored items: 1508
Suspicious matches: 80
Viruses found: 4
Fingerprint matches: 6
Data scanned: 4976.14 MB
Scan peak memory: 431312 kB
Scan time/item: 0.063 sec
Scan time: 4759.182 sec