Current File : /home/itiffy/scanreport-itiffy-Mar_30_2023_16h47m.txt

----------- SCAN REPORT -----------
TimeStamp: Thu, 30 Mar 2023 16:47:34 -0400
(/usr/sbin/cxs --background --clamdsock /var/clamd --dbreport --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 50000 --noforce --html --ignore /etc/cxs/cxs.ignore.manual --options mMOLfSGchexdnwZDRru --noprobability --qoptions Mv --report /home/itiffy/scanreport-itiffy-Mar_30_2023_16h47m.txt --sizemax 1000000 --ssl --summary --sversionscan --timemax 30 --unofficial --user itiffy --virusscan --vmrssmax 2000000 --xtra /etc/cxs/cxs.xtra.manual)


Scanning /home/itiffy:

'/home/itiffy/access-logs'
# Symlink to [/etc/apache2/logs/domlogs/itiffy]

'/home/itiffy/.config/dbus/gs-bd'
# Linux Binary/Executable [application/x-executable]

'/home/itiffy/.nc_plugin/hidden'
# World writeable directory

'/home/itiffy/aspenconstructionandpainting.com/wp-content/plugins/w3-total-cache/CdnEngine_Ftp.php'
# Regular expression match = [\n(?!\s*(//|\#|\*)).*\.ssh/]

'/home/itiffy/aspenconstructionandpainting.com/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/AmplifyBackend/AmplifyBackendClient.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/aspenconstructionandpainting.com/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/AmplifyBackend/Exception/AmplifyBackendException.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/aspenconstructionandpainting.com/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/ApiGatewayManagementApi/ApiGatewayManagementApiClient.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/aspenconstructionandpainting.com/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/ApiGatewayManagementApi/Exception/ApiGatewayManagementApiException.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/aspenconstructionandpainting.com/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/ApiGatewayV2/ApiGatewayV2Client.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/aspenconstructionandpainting.com/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/ApiGatewayV2/Exception/ApiGatewayV2Exception.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/aspenconstructionandpainting.com/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/CodeArtifact/CodeArtifactClient.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/aspenconstructionandpainting.com/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/CodeArtifact/Exception/CodeArtifactException.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/aspenconstructionandpainting.com/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/NimbleStudio/NimbleStudioClient.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/aspenconstructionandpainting.com/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/NimbleStudio/Exception/NimbleStudioException.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/aspenconstructionandpainting.com/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/ServerlessApplicationRepository/ServerlessApplicationRepositoryClient.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/aspenconstructionandpainting.com/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/ServerlessApplicationRepository/Exception/ServerlessApplicationRepositoryException.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/aspenconstructionandpainting.com/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/kendra/kendraClient.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/aspenconstructionandpainting.com/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/kendra/Exception/kendraException.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/aspenconstructionandpainting.com/wp-content/themes/astra/admin/includes/class-astra-menu.php'
# Universal decode regex match = [universal decoder]

'/home/itiffy/itiffyproject.com/AEIwiSgMH5J.php'
# ClamAV detected virus = [TO-28694.WEBSHELL.FTXVvwP5zpR_php-encodedpartonly.MD5-e2f03b19052623bd763ba1c0573943a0.size-41568.UNOFFICIAL]

'/home/itiffy/itiffyproject.com/Geeta.php'
# Decode regex match = [decode regex: 1]
# (decoded file [depth: 1]) Known exploit = [Fingerprint Match] [RFI Exploit [P1419]]

'/home/itiffy/itiffyproject.com/Persistence.php'
# Universal decode regex match = [universal decoder]

'/home/itiffy/itiffyproject.com/b2vh3VCUdjK.php'
# ClamAV detected virus = [TO-28694.WEBSHELL.afOkNwqzeL3_php-encodedpartonly.MD5-b0fdf6c5cdd9922a8f9d5483d8e99b3c.size-35798.UNOFFICIAL]

'/home/itiffy/itiffyproject.com/logs.php'
# Decode regex match = [decode regex: 1]

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration/lib'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration/lib/controller'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration/lib/model'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration/lib/model/export'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration/lib/model/import'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration/lib/vendor'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/Exceptions'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration/lib/vendor/math'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/command'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/cron'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/database'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/filesystem'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/filter'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/iterator'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration/lib/view'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration/lib/view/assets'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration/lib/view/assets/css'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration/lib/view/assets/font'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration/lib/view/assets/img'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration/lib/view/assets/javascript'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration/lib/view/backups'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration/lib/view/common'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration/lib/view/export'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration/lib/view/import'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration/lib/view/main'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration/lib/view/updater'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/all-in-one-wp-migration/storage'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/easy-wp-smtp/src/Admin/Area.php'
# Universal decode regex match = [universal decoder]

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/easy-wp-smtp/vendor_prefixed/sendinblue/api-v3-sdk/lib/Model/SendSmtpEmail.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce/vendor/maxmind-db/reader/ext/maxminddb.c'
# Suspicious file type [application/x-c]

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/admin'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/admin/admin-pages'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/admin/assets'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/admin/assets/css'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/admin/assets/fonts'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/admin/assets/images'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/admin/assets/js'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/admin/assets/js/chosen'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/admin/assets/js/tipTip'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/admin/classes'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/admin/includes'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/admin/includes/uploader'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/admin/settings'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/admin/settings/comparison-page'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/admin/settings/gridview-style'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/admin/settings/product-page'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/admin/settings/widget-style'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/admin/tabs'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/assets'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/assets/css'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/assets/fonts'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/assets/images'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/assets/js'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/assets/js/fancybox'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/assets/js/fancybox/images'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/assets/js/fancybox/images/fancybox'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/assets/js/fixedcolumntable'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/assets/js/flexigrid'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/assets/js/flexigrid/css'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/assets/js/flexigrid/css/.svn'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/assets/js/flexigrid/css/.svn/text-base'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/assets/js/flexigrid/css/images'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/assets/js/flexigrid/css/images/.svn'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/assets/js/flexigrid/css/images/.svn/prop-base'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/assets/js/flexigrid/css/images/.svn/props'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/assets/js/flexigrid/css/images/.svn/text-base'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/assets/js/flexigrid/js'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/assets/js/flexigrid/js/.svn'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/assets/js/flexigrid/js/.svn/text-base'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/classes'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/classes/data'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/includes'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/includes/updates'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/languages'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/templates'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/tinymce3'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/widgets'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/woocommerce-compare-products-pro/woo-includes'
# World writeable directory

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/wp-media-folder-addon/class/Aws3/Aws/ServerlessApplicationRepository/ServerlessApplicationRepositoryClient.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/itiffyproject.com/wollombi/wp-content/plugins/wp-media-folder-addon/class/Aws3/Aws/ServerlessApplicationRepository/Exception/ServerlessApplicationRepositoryException.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/itiffyproject.com/wollombi/wp-includes/version.php'
# Script version check [OLD] [Wordpress v5.8.6 < v5.9.3]

'/home/itiffy/lifestyle-lending.com.au/2dqhxyi461W.php'
# Known exploit = [Fingerprint Match] [PHP Spammer Exploit [P1305]]

'/home/itiffy/lifestyle-lending.com.au/9rCfgQz2qo3.php'
# ClamAV detected virus = [TO-28694.WEBSHELL.FTXVvwP5zpR_php-encodedpartonly.MD5-e2f03b19052623bd763ba1c0573943a0.size-41568.UNOFFICIAL]

'/home/itiffy/lifestyle-lending.com.au/GLIlnUoNx2w.php'
# ClamAV detected virus = [TO-28694.WEBSHELL.afOkNwqzeL3_php-encodedpartonly.MD5-b0fdf6c5cdd9922a8f9d5483d8e99b3c.size-35798.UNOFFICIAL]

'/home/itiffy/lifestyle-lending.com.au/KLFwOfB1qEZ.php'
# ClamAV detected virus = [TO-28694.WEBSHELL.afOkNwqzeL3_php-encodedpartonly.MD5-b0fdf6c5cdd9922a8f9d5483d8e99b3c.size-35798.UNOFFICIAL]

'/home/itiffy/lifestyle-lending.com.au/ShreeRam.phtml'
# Decode regex match = [decode regex: 1]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]

'/home/itiffy/lifestyle-lending.com.au/VH3JGnwQ9C5.php'
# Known exploit = [Fingerprint Match] [PHP Spammer Exploit [P1305]]

'/home/itiffy/lifestyle-lending.com.au/Wxzil4oZmqY.php'
# ClamAV detected virus = [TO-28694.WEBSHELL.FTXVvwP5zpR_php-encodedpartonly.MD5-e2f03b19052623bd763ba1c0573943a0.size-41568.UNOFFICIAL]

'/home/itiffy/lifestyle-lending.com.au/YmgNFqSu1nB.php'
# ClamAV detected virus = [TO-28694.WEBSHELL.FTXVvwP5zpR_php-encodedpartonly.MD5-e2f03b19052623bd763ba1c0573943a0.size-41568.UNOFFICIAL]

'/home/itiffy/lifestyle-lending.com.au/gvVbDzMZQ2c.php'
# ClamAV detected virus = [TO-28694.WEBSHELL.afOkNwqzeL3_php-encodedpartonly.MD5-b0fdf6c5cdd9922a8f9d5483d8e99b3c.size-35798.UNOFFICIAL]

'/home/itiffy/lifestyle-lending.com.au/u2RYQO7mVSM.php'
# Known exploit = [Fingerprint Match] [PHP Spammer Exploit [P1305]]

'/home/itiffy/lifestyle-lending.com.au/.well-known/BlackWSO.phtml'
# Decode regex match = [decode regex: 1]

'/home/itiffy/logs/itiffy.com-Mar-2023.gz'
# ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]

'/home/itiffy/logs/itiffy.com-ssl_log-Jan-2023.gz'
# ClamAV detected virus = [YARA.eval_post.UNOFFICIAL]

'/home/itiffy/mail/.spam/new/1638247920.M330264P930557.premium224.web-hosting.com,S=450819,W=457027'
# ClamAV detected virus = [Win.Dropper.Formbook-9987995-0]

'/home/itiffy/mail/.spam/new/1643193716.M611447P478520.premium224.web-hosting.com,S=833445,W=844889'
# ClamAV detected virus = [Win.Packed.Malwarex-9937660-0]

'/home/itiffy/mail/.spam/new/1643260366.M724142P268318.premium224.web-hosting.com,S=430444,W=436379'
# ClamAV detected virus = [Win.Trojan.Midie-9937874-0]

'/home/itiffy/mail/.spam/new/1645601018.M694345P1213279.premium224.web-hosting.com,S=984814,W=997692'
# ClamAV detected virus = [Win.Dropper.NetWire-9940612-0]

'/home/itiffy/mail/.spam/new/1656652714.M580039P1821754.premium224.web-hosting.com,S=1751462,W=1775488'
# ClamAV detected virus = [Win.Dropper.Nanocore-9968926-0]

'/home/itiffy/mail/.spam/new/1660112902.M758449P1568445.premium224.web-hosting.com,S=1017492,W=1031466'
# ClamAV detected virus = [Win.Dropper.Nanocore-9967048-0]

'/home/itiffy/mail/.spam/new/1662858580.M300882P1476071.premium224.web-hosting.com,S=121541,W=123255'
# ClamAV detected virus = [Doc.Downloader.Redline-9972754-0]

'/home/itiffy/mail/.spam/new/1676951789.M349384P244836.premium224.web-hosting.com,S=1514103,W=1534885'
# ClamAV detected virus = [Email.Phishing.VOF1-6314019-0]

'/home/itiffy/mail/itiffy.com/mail/.spam/new/1657017813.M858892P4028633.premium224.web-hosting.com,S=955440,W=968558'
# ClamAV detected virus = [Win.Trojan.Guloader-9958920-0]

'/home/itiffy/mail/new/1642583879.M804545P608360.premium224.web-hosting.com,S=622807,W=630992'
# ClamAV detected virus = [Win.Packed.Malwarex-9936906-0]

'/home/itiffy/mail/new/1644404703.M993226P1225403.premium224.web-hosting.com,S=1179097,W=1194877'
# ClamAV detected virus = [Win.Packed.Agenttesla-9939066-0]

'/home/itiffy/mail/new/1645537191.M890758P1772713.premium224.web-hosting.com,S=1131673,W=1146906'
# ClamAV detected virus = [Win.Packed.Pwsx-9939857-0]

'/home/itiffy/mail/new/1661469173.M696055P1782103.premium224.web-hosting.com,S=27999,W=28419'
# ClamAV detected virus = [Doc.Downloader.Redline-9972754-0]

'/home/itiffy/mail/new/1664873320.M326635P929205.premium224.web-hosting.com,S=2531801,W=2566526'
# ClamAV detected virus = [Win.Packed.Msilzilla-9975992-0]

'/home/itiffy/mail/new/1665115043.M603610P4081333.premium224.web-hosting.com,S=3110437,W=3153086'
# ClamAV detected virus = [Win.Packed.Msilzilla-9975992-0]

'/home/itiffy/mywilleasy.com/ShreeRam.phtml'
# Universal decode regex match = [universal decoder]
# Decode regex match = [decode regex: 1]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]

'/home/itiffy/mywilleasy.com/XELk4CuMxen.php'
# ClamAV detected virus = [TO-28694.WEBSHELL.FTXVvwP5zpR_php-encodedpartonly.MD5-e2f03b19052623bd763ba1c0573943a0.size-41568.UNOFFICIAL]

'/home/itiffy/mywilleasy.com/uOqLeGinQdY.php'
# ClamAV detected virus = [TO-28694.WEBSHELL.afOkNwqzeL3_php-encodedpartonly.MD5-b0fdf6c5cdd9922a8f9d5483d8e99b3c.size-35798.UNOFFICIAL]

'/home/itiffy/public_html/Chitoge.php'
# Universal decode regex match = [universal decoder]
# Decode regex match = [decode regex: 1]

'/home/itiffy/public_html/grrgmajf.php'
# ClamAV detected virus = [TO-28406.WEBSHELL.poungoxf_php.MD5-33993f645556198f3724b210b9ad2228.size-25636.UNOFFICIAL]

'/home/itiffy/public_html/jekekzzp.php'
# ClamAV detected virus = [TO-28406.WEBSHELL.poungoxf_php.MD5-33993f645556198f3724b210b9ad2228.size-25636.UNOFFICIAL]

'/home/itiffy/public_html/qyynzmbd.php'
# ClamAV detected virus = [TO-28406.WEBSHELL.poungoxf_php.MD5-33993f645556198f3724b210b9ad2228.size-25636.UNOFFICIAL]

'/home/itiffy/public_html/rayqlmwh.php'
# ClamAV detected virus = [TO-28406.WEBSHELL.poungoxf_php.MD5-33993f645556198f3724b210b9ad2228.size-25636.UNOFFICIAL]

'/home/itiffy/public_html/rss.php'
# ClamAV detected virus = [TO-28406.WEBSHELL.host14_protecegm321.MD5-9296c1012f8f37a81795e3adc6aff82c.size-3362.UNOFFICIAL]

'/home/itiffy/public_html/sitemap.php'
# Universal decode regex match = [universal decoder]
# Decode regex match = [decode regex: 1]

'/home/itiffy/public_html/tesTkvf.php'
# ClamAV detected virus = [TO-28633.WEBSHELL.tesTnek_php.MD5-4271052cb999a7891220e8f9218ffc44.size-1142.UNOFFICIAL]

'/home/itiffy/public_html/tesTydv.php'
# ClamAV detected virus = [TO-28313.WEBSHELL.tesTeud_php.MD5-8bbf442eef915a1f95652d2638687b1f.size-734.UNOFFICIAL]

'/home/itiffy/public_html/unZIPpeRgfi.php'
# ClamAV detected virus = [TO-28633.WEBSHELL.unZIPpeReaq_php.MD5-b6703d14248c486615e1c18f02d86bb2.size-24513.UNOFFICIAL]

'/home/itiffy/public_html/unZIPpeRirq.php'
# ClamAV detected virus = [TO-28633.WEBSHELL.unZIPpeReaq_php.MD5-b6703d14248c486615e1c18f02d86bb2.size-24513.UNOFFICIAL]

'/home/itiffy/public_html/blog/wp-content/plugins/akismet/akismet.php'
# Script version check [OLD] [Akismet Anti-Spam v4.0.2 < v4.2.2]

'/home/itiffy/public_html/blog/wp-content/plugins/litespeed-cache/litespeed-cache.php'
# Script version check [OLD] [LiteSpeed Cache v4.4.3 < v4.5.0.1]

'/home/itiffy/public_html/blog/wp-includes/version.php'
# Script version check [OLD] [Wordpress v4.9.3 < v5.9.3]

'/home/itiffy/public_html/vendor/phpspec/prophecy/README.md'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/public_html/vendor/symfony/console/Resources/bin/hiddeninput.exe'
# MS Windows Binary/Executable [application/x-winexec]

'/home/itiffy/public_html/vendor/symfony/debug/Resources/ext/symfony_debug.c'
# Suspicious file type [application/x-c]

'/home/itiffy/rockyjohnsonconcrete.com/OMG43lqfH7h.php'
# ClamAV detected virus = [TO-28694.WEBSHELL.FTXVvwP5zpR_php-encodedpartonly.MD5-e2f03b19052623bd763ba1c0573943a0.size-41568.UNOFFICIAL]

'/home/itiffy/rockyjohnsonconcrete.com/bypass.phtml'
# ClamAV detected virus = [TO-28298.WEBSHELL.php_php-encodedpartonly.MD5-01bbd4eaa51cf127e8d299c1629ad131.size-18220.UNOFFICIAL]

'/home/itiffy/rockyjohnsonconcrete.com/j3b2Z7vEHCq.php'
# ClamAV detected virus = [TO-28694.WEBSHELL.afOkNwqzeL3_php-encodedpartonly.MD5-b0fdf6c5cdd9922a8f9d5483d8e99b3c.size-35798.UNOFFICIAL]

'/home/itiffy/rockyjohnsonconcrete.com/l1LJX4edkET.php'
# Known exploit = [Fingerprint Match] [PHP Spammer Exploit [P1305]]

'/home/itiffy/rockyjohnsonconcrete.com/logs.php'
# Universal decode regex match = [universal decoder]
# Decode regex match = [decode regex: 1]

'/home/itiffy/rockyjohnsonconcrete.com/wp-content/plugins/advanced-custom-fields/acf.php'
# Script version check [OLD] [Advanced Custom Fields v4.4.12 < v5.12]

'/home/itiffy/rockyjohnsonconcrete.com/wp-content/plugins/akismet/akismet.php'
# Script version check [OLD] [Akismet Anti-Spam v4.0.8 < v4.2.2]

'/home/itiffy/rockyjohnsonconcrete.com/wp-content/plugins/all-in-one-wp-migration/all-in-one-wp-migration.php'
# Script version check [OLD] [All-in-One WP Migration v6.72 < v7.56]

'/home/itiffy/rockyjohnsonconcrete.com/wp-content/plugins/contact-form-7/wp-contact-form-7.php'
# Script version check [OLD] [Contact Form 7 v5.0.3 < v5.5.6]

'/home/itiffy/rockyjohnsonconcrete.com/wp-content/plugins/custom-post-type-ui/custom-post-type-ui.php'
# Script version check [OLD] [Custom Post Type UI v1.5.8 < v1.10.2]

'/home/itiffy/rockyjohnsonconcrete.com/wp-content/plugins/smart-slider-3/library/smartslider/libraries/storage.php'
# Universal decode regex match = [universal decoder]

'/home/itiffy/rockyjohnsonconcrete.com/wp-content/plugins/wp-smushit/wp-smush.php'
# Script version check [OLD] [Smush v2.7.9.1 < v3.9.5]

'/home/itiffy/rockyjohnsonconcrete.com/wp-content/plugins/wp-super-cache/wp-cache.php'
# Script version check [OLD] [WP Super Cache v1.6.2 < v1.7.7]

'/home/itiffy/rockyjohnsonconcrete.com/wp-includes/version.php'
# Script version check [OLD] [Wordpress v4.9.22 < v5.9.3]

'/home/itiffy/silverservice.melbourne/wp-admin/mn6OJRZyAUM.php'
# ClamAV detected virus = [TO-28694.WEBSHELL.afOkNwqzeL3_php-encodedpartonly.MD5-b0fdf6c5cdd9922a8f9d5483d8e99b3c.size-35798.UNOFFICIAL]
# Scan Timeout (30 secs) while processing:
'/home/itiffy/silverservice.melbourne/wp-content/plugins-20-5-22.zip'

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib/controller'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib/model'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib/model/export'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib/model/import'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib/vendor'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib/vendor/bandar/bandar/lib/Exceptions'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib/vendor/math'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/archiver'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/command'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/cron'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/database'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/filesystem'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/filter'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/iterator'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib/view'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib/view/assets'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib/view/assets/css'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib/view/assets/font'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib/view/assets/img'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib/view/assets/javascript'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib/view/backups'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib/view/common'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib/view/export'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib/view/import'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib/view/main'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/lib/view/updater'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/all-in-one-wp-migration/storage'
# World writeable directory

'/home/itiffy/silverservice.melbourne/wp-content/plugins/easy-wp-smtp/vendor_prefixed/sendinblue/api-v3-sdk/lib/Model/SendSmtpEmail.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/silverservice.melbourne/wp-content/plugins/w3-total-cache/CdnEngine_Ftp.php'
# Regular expression match = [\n(?!\s*(//|\#|\*)).*\.ssh/]

'/home/itiffy/silverservice.melbourne/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/AmplifyBackend/AmplifyBackendClient.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/silverservice.melbourne/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/AmplifyBackend/Exception/AmplifyBackendException.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/silverservice.melbourne/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/ApiGatewayManagementApi/ApiGatewayManagementApiClient.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/silverservice.melbourne/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/ApiGatewayManagementApi/Exception/ApiGatewayManagementApiException.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/silverservice.melbourne/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/ApiGatewayV2/ApiGatewayV2Client.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/silverservice.melbourne/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/ApiGatewayV2/Exception/ApiGatewayV2Exception.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/silverservice.melbourne/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/CodeArtifact/CodeArtifactClient.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/silverservice.melbourne/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/CodeArtifact/Exception/CodeArtifactException.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/silverservice.melbourne/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/NimbleStudio/NimbleStudioClient.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/silverservice.melbourne/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/NimbleStudio/Exception/NimbleStudioException.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/silverservice.melbourne/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/ServerlessApplicationRepository/ServerlessApplicationRepositoryClient.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/silverservice.melbourne/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/ServerlessApplicationRepository/Exception/ServerlessApplicationRepositoryException.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/silverservice.melbourne/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/kendra/kendraClient.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/silverservice.melbourne/wp-content/plugins/w3-total-cache/vendor/aws/aws-sdk-php/src/kendra/Exception/kendraException.php'
# Regular expression match = [\*[A-Za-z0-9]{12,130}\*]

'/home/itiffy/silverservice.melbourne/wp-includes/KACyfi7SWvx.php'
# ClamAV detected virus = [TO-28694.WEBSHELL.FTXVvwP5zpR_php-encodedpartonly.MD5-e2f03b19052623bd763ba1c0573943a0.size-41568.UNOFFICIAL]

'/home/itiffy/tmp/awstats/ssl/awstats032023.itiffy.com.txt'
# ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]

'/home/itiffy/tmp/awstats/ssl/awstats062022.itiffy.com.txt'
# ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]

'/home/itiffy/tmp/awstats/ssl/awstats072022.itiffy.com.txt'
# ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]

'/home/itiffy/tmp/awstats/ssl/awstats122021.itiffy.com.txt'
# ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]

'/home/itiffy/tmp/webalizer/index.php'
# ClamAV detected virus = [{HEX}php.generic.malware.442.UNOFFICIAL]

----------- SCAN SUMMARY -----------
Scanned directories: 15344
Scanned files: 99423
Ignored items: 399
Suspicious matches: 237
Viruses found: 46
Fingerprint matches: 5
Data scanned: 7418.48 MB
Scan peak memory: 283788 kB
Scan time/item: 0.023 sec
Scan time: 2653.530 sec