whoami7 - Manager
:
/
proc
/
self
/
root
/
home
/
papecmvm
/
Upload File:
files >> //proc/self/root/home/papecmvm/scanreport-papecmvm-2023-04-10T09:48:01.869866.txt
----------- SCAN REPORT ----------- TimeStamp: Mon, 10 Apr 2023 05:48:03 -0400 (/usr/sbin/cxs --clamdsock /var/clamd --dbreport --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 50000 --noforce --html --ignore /etc/cxs/cxs.ignore.manual --options mMOLfSGchexdnwZDRru --noprobability --qoptions Mv --report /home/papecmvm/scanreport-papecmvm-2023-04-10T09:48:01.869866.txt --sizemax 1000000 --ssl --summary --sversionscan --timemax 30 --unofficial --user papecmvm --virusscan --vmrssmax 2000000 --xtra /etc/cxs/cxs.xtra.manual) Scanning /home/papecmvm: '/home/papecmvm/access-logs' # Symlink to [/etc/apache2/logs/domlogs/papecmvm] '/home/papecmvm/.nc_plugin/hidden' # World writeable directory '/home/papecmvm/public_html/all_xml/init-load-settings.php' # Universal decode regex match = [universal decoder] '/home/papecmvm/public_html/all_xml/all_xml/all_xml/nhKzcYjDNBPME.jpg' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/all_xml/all_xml/all_xml/all_xml/all_xml/all_xml/all_xml/lhtoOQCDrnRxWYEK.png' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/application/third_party/Classes/PHPExcel/locale/ru/ru/a.tiff' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/application/third_party/aws/aws/aws-sdk-php/src/ApiGatewayManagementApi/ApiGatewayManagementApiClient.php' # Regular expression match = [\*[A-Za-z0-9]{12,130}\*] '/home/papecmvm/public_html/application/third_party/aws/aws/aws-sdk-php/src/ApiGatewayManagementApi/Exception/ApiGatewayManagementApiException.php' # Regular expression match = [\*[A-Za-z0-9]{12,130}\*] '/home/papecmvm/public_html/application/third_party/aws/aws/aws-sdk-php/src/ApiGatewayV2/ApiGatewayV2Client.php' # Regular expression match = [\*[A-Za-z0-9]{12,130}\*] '/home/papecmvm/public_html/application/third_party/aws/aws/aws-sdk-php/src/ApiGatewayV2/Exception/ApiGatewayV2Exception.php' # Regular expression match = [\*[A-Za-z0-9]{12,130}\*] '/home/papecmvm/public_html/application/third_party/aws/aws/aws-sdk-php/src/AutoScalingPlans/AutoScalingPlans/lTuRpSEqMPKVscjg.jpeg' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/application/third_party/aws/aws/aws-sdk-php/src/GuardDuty/Exception/Exception/oZAlSBHPvCnfUapzjdDF.gif' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/application/third_party/aws/aws/aws-sdk-php/src/OpsWorksCM/OpsWorksCM/Ej.png' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/application/third_party/aws/aws/aws-sdk-php/src/ServerlessApplicationRepository/ServerlessApplicationRepositoryClient.php' # Regular expression match = [\*[A-Za-z0-9]{12,130}\*] '/home/papecmvm/public_html/application/third_party/aws/aws/aws-sdk-php/src/ServerlessApplicationRepository/Exception/ServerlessApplicationRepositoryException.php' # Regular expression match = [\*[A-Za-z0-9]{12,130}\*] '/home/papecmvm/public_html/application/third_party/aws/aws/aws-sdk-php/src/data/ecs/2014-11-13/2014-11-13/plBxqKsDQMmvAS.png' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/application/third_party/aws/aws/aws-sdk-php/src/data/mediapackage-vod/2018-11-07/2018-11-07/tHxWzldyEGQSqD.png' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/banners/banners/banners/banners/RWjL.tiff' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/banners/banners/banners/banners/banners/banners/FSarVBiGWeUl.tif' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/banners/banners/banners/banners/banners/banners/banners/VBfcEOLxrYbUjdwSDP.gif' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/banners/banners/banners/banners/banners/banners/banners/uX.jpeg' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/banners/banners/banners/banners/banners/banners/banners/banners/jxk.jpeg' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/banners/banners/banners/banners/banners/banners/banners/banners/xrVyaOpXLl.gif' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/bootstrap/template.jpg' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/bootstrap/css/fonts/fonts/fonts/vezILTjkBMO.png' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/bootstrap/fonts/fonts/ZygDdVlEJAzqxINfbGU.gif' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/bootstrap/vendor/flexslider/fonts/class_api.php' # (decoded file [advanced decoder: 14 (depth: 1)]) Known exploit = [Fingerprint Match] [PHP Exploit [P1900]] '/home/papecmvm/public_html/bootstrap/vendor/owl.carousel/owl.carousel/PlWzojQfSkIwND.jpg' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/cgi-bin/cgi-bin/cgi-bin/MXHtsycVauOmxQh.jpg' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/cgi-bin/cgi-bin/cgi-bin/ezNVhQSBTGgWUiJK.jpeg' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/cgi-bin/cgi-bin/cgi-bin/cgi-bin/OrURQ.jpeg' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/MCSyxvIsbRUpKrEfX.jpeg' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/UwMGxeICAWvbgXiqyf.tiff' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/dxEYbkPIjgi.gif' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/dist/css/css/laFMioEdyukDSXn.png' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/dist/css/css/nlJetTcoQEXmHCD.gif' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/dist/css/css/css/ZmqugKpP.gif' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/dist/img/img/img/Omqfd.jpeg' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/documents/4659_Sanket/2020/b_february/credit/credit/LtbUZYeAzsN.tiff' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/documents/5764_Sanket/2020/e_may/others/recycle/recycle/HfVbg.jpg' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/documents/7727_Rajpara/2020/h_august/bank/inputs.php' # Regular expression match = [\*[A-Za-z0-9]{12,130}\*] '/home/papecmvm/public_html/documents/7727_Rajpara/2020/h_august/bank/security.php' # (decoded file [advanced decoder: 14 (depth: 1)]) Known exploit = [Fingerprint Match] [PHP Exploit [P1900]] '/home/papecmvm/public_html/documents/8897_Nehal/2020/k_november/sales/sales/IdrsTCjtwpaJVSUDZ.jpeg' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/fontcaptcha/fontcaptcha/fontcaptcha/fontcaptcha/fontcaptcha/psOuxWRaNoEtQDbcZk.tiff' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/fontcaptcha/fontcaptcha/fontcaptcha/fontcaptcha/fontcaptcha/slYuKc.tiff' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/fontcaptcha/fontcaptcha/fontcaptcha/fontcaptcha/fontcaptcha/fontcaptcha/Q.jpg' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/fontcaptcha/fontcaptcha/fontcaptcha/fontcaptcha/fontcaptcha/fontcaptcha/fontcaptcha/fontcaptcha/fontcaptcha/fontcaptcha/plIBWSQkKYJn.jpeg' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/images/images/images/images/YsylJTIMS.gif' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/images/images/images/images/q.png' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/images/images/images/images/images/images/yaegGMHbnrPChtWNfLI.jpeg' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/plugins/ckeditor/plugins/forms/forms/goKGvpdxzXZNYBnewyD.tiff' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/plugins/ckeditor/plugins/forms/forms/zsIpUhetNKnBR.png' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/plugins/ckeditor/plugins/liststyle/dialogs/dialogs/VhJBcQmgxSbFdPsnZ.tiff' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/plugins/ckeditor/plugins/pagebreak/images/images/jsPmTubiUfZ.jpeg' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/plugins/imageZoom/phone-codes.php4' # Decode regex match = [decode regex: 1] # (decoded file [depth: 1]) Known exploit = [Fingerprint Match] [PHP Exploit [P1791]] '/home/papecmvm/public_html/plugins/input-mask/phone-codes/phone-codes.php' # Universal decode regex match = [universal decoder] # (decoded file [advanced decoder: 14 (depth: 1)]) Known exploit = [Fingerprint Match] [PHP Exploit [P1900]] '/home/papecmvm/public_html/portfolio_images/portfolio_images/portfolio_images/LIaKJqWUBcnzpNx.jpeg' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/portfolio_images/portfolio_images/portfolio_images/MuApBIqEd.jpeg' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/portfolio_images/portfolio_images/portfolio_images/portfolio_images/DwGnVOfCkMbJrTXi.gif' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/portfolio_images/portfolio_images/portfolio_images/portfolio_images/portfolio_images/LTsIpZCfB.jpg' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/portfolio_images/portfolio_images/portfolio_images/portfolio_images/portfolio_images/mYbaFW.png' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/portfolio_images/portfolio_images/portfolio_images/portfolio_images/portfolio_images/portfolio_images/CaQZAvtmWPgr.jpg' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/portfolio_images/portfolio_images/portfolio_images/portfolio_images/portfolio_images/portfolio_images/portfolio_images/S.jpg' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/public/public/public/public/public/public/PlLEoXIGHTCQdveAw.gif' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/public/public/public/public/public/public/Qka.jpeg' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/public/public/public/public/public/public/uqjSci.tiff' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/public_html/public_html/public_html/public_html/public_html/HE.gif' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/public_html/public_html/public_html/public_html/public_html/public_html/YVHjTwcyls.gif' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/public_html/public_html/public_html/public_html/public_html/public_html/public_html/QmnXWcJDSjrTkOtP.png' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/system/database/drivers/mysqli/mysqli/owM.tif' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/system/libraries/Javascript/Javascript/DeQf.jpeg' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/system/libraries/libraries/UKWntslEDdaxXgG.png' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/uploads/uploads/uploads/CRtvNeph.gif' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/uploads/uploads/uploads/uploads/uploads/uploads/tLGcnHqRW.gif' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/uploads/uploads/uploads/uploads/uploads/uploads/xbLNOtSBeaCnUYrquci.jpeg' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/uploads/uploads/uploads/uploads/uploads/uploads/uploads/jTRMfDUmzy.png' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/uploads/uploads/uploads/uploads/uploads/uploads/uploads/uploads/uploads/zgKJFPauqUW.png' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/uploads/uploads/uploads/uploads/uploads/uploads/uploads/uploads/uploads/uploads/tsbeSFHvoIaAVx.tiff' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/webapp/js/js/PwHlgpdTfWxyEiI.png' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/webapp/js/js/VphfxeBK.tiff' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/webapp/profile/profile/SNXyHM.png' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/webapp/profile/profile/Z.tif' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/webapp/profile/profile/profile/apWVD.tiff' # Suspicious image file (hidden script file) '/home/papecmvm/public_html/webapp/profile/profile/profile/profile/OMPbwLNIudBRHrGtzay.jpeg' # Suspicious image file (hidden script file) ----------- SCAN SUMMARY ----------- Scanned directories: 4485 Scanned files: 9173 Ignored items: 73 Suspicious matches: 86 Viruses found: 0 Fingerprint matches: 4 Data scanned: 153.06 MB Scan peak memory: 262232 kB Scan time/item: 0.027 sec Scan time: 368.639 sec
Copyright ©2021 || Defacer Indonesia