----------- SCAN REPORT ----------- TimeStamp: Wed, 29 Oct 2025 09:56:34 -0400 (/usr/sbin/cxs --background --clamdsock /var/clamd --dbreport --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 50000 --noforce --html --ignore /etc/cxs/cxs.ignore.manual --options mMOLfSGchexdnwZDRru --noprobability --qoptions Mv --report /home/centgttw/scanreport-centgttw-Oct_29_2025_09h56m.txt --sizemax 1000000 --ssl --summary --sversionscan --timemax 30 --unofficial --user centgttw --virusscan --vmrssmax 2000000 --waitscan 0 --xtra /etc/cxs/cxs.xtra.manual) Scanning /home/centgttw: '/home/centgttw/.local/share/virtualenv/wheel/3.6/image/1/CopyPipInstall/pip-21.3.1-py3-none-any/pip/_vendor/distlib/t32.exe' # MS Windows Binary/Executable [application/x-winexec] '/home/centgttw/.local/share/virtualenv/wheel/3.6/image/1/CopyPipInstall/pip-21.3.1-py3-none-any/pip/_vendor/distlib/t64-arm.exe' # MS Windows Binary/Executable [application/x-winexec] '/home/centgttw/.local/share/virtualenv/wheel/3.6/image/1/CopyPipInstall/pip-21.3.1-py3-none-any/pip/_vendor/distlib/t64.exe' # MS Windows Binary/Executable [application/x-winexec] '/home/centgttw/.local/share/virtualenv/wheel/3.6/image/1/CopyPipInstall/pip-21.3.1-py3-none-any/pip/_vendor/distlib/w32.exe' # MS Windows Binary/Executable [application/x-winexec] '/home/centgttw/.local/share/virtualenv/wheel/3.6/image/1/CopyPipInstall/pip-21.3.1-py3-none-any/pip/_vendor/distlib/w64-arm.exe' # MS Windows Binary/Executable [application/x-winexec] '/home/centgttw/.local/share/virtualenv/wheel/3.6/image/1/CopyPipInstall/pip-21.3.1-py3-none-any/pip/_vendor/distlib/w64.exe' # MS Windows Binary/Executable [application/x-winexec] '/home/centgttw/.local/share/virtualenv/wheel/3.6/image/1/CopyPipInstall/setuptools-59.6.0-py3-none-any/setuptools/cli-32.exe' # MS Windows Binary/Executable [application/x-winexec] '/home/centgttw/.local/share/virtualenv/wheel/3.6/image/1/CopyPipInstall/setuptools-59.6.0-py3-none-any/setuptools/cli-64.exe' # MS Windows Binary/Executable [application/x-winexec] '/home/centgttw/.local/share/virtualenv/wheel/3.6/image/1/CopyPipInstall/setuptools-59.6.0-py3-none-any/setuptools/cli-arm64.exe' # MS Windows Binary/Executable [application/x-winexec] '/home/centgttw/.local/share/virtualenv/wheel/3.6/image/1/CopyPipInstall/setuptools-59.6.0-py3-none-any/setuptools/cli.exe' # MS Windows Binary/Executable [application/x-winexec] '/home/centgttw/.local/share/virtualenv/wheel/3.6/image/1/CopyPipInstall/setuptools-59.6.0-py3-none-any/setuptools/gui-32.exe' # MS Windows Binary/Executable [application/x-winexec] '/home/centgttw/.local/share/virtualenv/wheel/3.6/image/1/CopyPipInstall/setuptools-59.6.0-py3-none-any/setuptools/gui-64.exe' # MS Windows Binary/Executable [application/x-winexec] '/home/centgttw/.local/share/virtualenv/wheel/3.6/image/1/CopyPipInstall/setuptools-59.6.0-py3-none-any/setuptools/gui-arm64.exe' # MS Windows Binary/Executable [application/x-winexec] '/home/centgttw/.local/share/virtualenv/wheel/3.6/image/1/CopyPipInstall/setuptools-59.6.0-py3-none-any/setuptools/gui.exe' # MS Windows Binary/Executable [application/x-winexec] '/home/centgttw/.local/share/virtualenv/wheel/3.9/image/1/CopyPipInstall/pip-23.1-py3-none-any/pip/_vendor/distlib/t32.exe' # MS Windows Binary/Executable [application/x-winexec] '/home/centgttw/.local/share/virtualenv/wheel/3.9/image/1/CopyPipInstall/pip-23.1-py3-none-any/pip/_vendor/distlib/t64-arm.exe' # MS Windows Binary/Executable [application/x-winexec] '/home/centgttw/.local/share/virtualenv/wheel/3.9/image/1/CopyPipInstall/pip-23.1-py3-none-any/pip/_vendor/distlib/t64.exe' # MS Windows Binary/Executable [application/x-winexec] '/home/centgttw/.local/share/virtualenv/wheel/3.9/image/1/CopyPipInstall/pip-23.1-py3-none-any/pip/_vendor/distlib/w32.exe' # MS Windows Binary/Executable [application/x-winexec] '/home/centgttw/.local/share/virtualenv/wheel/3.9/image/1/CopyPipInstall/pip-23.1-py3-none-any/pip/_vendor/distlib/w64-arm.exe' # MS Windows Binary/Executable [application/x-winexec] '/home/centgttw/.local/share/virtualenv/wheel/3.9/image/1/CopyPipInstall/pip-23.1-py3-none-any/pip/_vendor/distlib/w64.exe' # MS Windows Binary/Executable [application/x-winexec] '/home/centgttw/.local/share/virtualenv/wheel/3.9/image/1/CopyPipInstall/setuptools-67.6.1-py3-none-any/setuptools/cli-32.exe' # MS Windows Binary/Executable [application/x-winexec] '/home/centgttw/.local/share/virtualenv/wheel/3.9/image/1/CopyPipInstall/setuptools-67.6.1-py3-none-any/setuptools/cli-64.exe' # MS Windows Binary/Executable [application/x-winexec] '/home/centgttw/.local/share/virtualenv/wheel/3.9/image/1/CopyPipInstall/setuptools-67.6.1-py3-none-any/setuptools/cli-arm64.exe' # MS Windows Binary/Executable [application/x-winexec] '/home/centgttw/.local/share/virtualenv/wheel/3.9/image/1/CopyPipInstall/setuptools-67.6.1-py3-none-any/setuptools/cli.exe' # MS Windows Binary/Executable [application/x-winexec] '/home/centgttw/.local/share/virtualenv/wheel/3.9/image/1/CopyPipInstall/setuptools-67.6.1-py3-none-any/setuptools/gui-32.exe' # MS Windows Binary/Executable [application/x-winexec] '/home/centgttw/.local/share/virtualenv/wheel/3.9/image/1/CopyPipInstall/setuptools-67.6.1-py3-none-any/setuptools/gui-64.exe' # MS Windows Binary/Executable [application/x-winexec] '/home/centgttw/.local/share/virtualenv/wheel/3.9/image/1/CopyPipInstall/setuptools-67.6.1-py3-none-any/setuptools/gui-arm64.exe' # MS Windows Binary/Executable [application/x-winexec] '/home/centgttw/.local/share/virtualenv/wheel/3.9/image/1/CopyPipInstall/setuptools-67.6.1-py3-none-any/setuptools/gui.exe' # MS Windows Binary/Executable [application/x-winexec] '/home/centgttw/.local/share/virtualenv/wheel/house/setuptools-59.6.0-py3-none-any.whl' # (compressed file: setuptools/cli-32.exe [depth: 1]) MS Windows Binary/Executable [application/x-winexec] # (compressed file: setuptools/cli-64.exe [depth: 1]) MS Windows Binary/Executable [application/x-winexec] # (compressed file: setuptools/cli-arm64.exe [depth: 1]) MS Windows Binary/Executable [application/x-winexec] # (compressed file: setuptools/cli.exe [depth: 1]) MS Windows Binary/Executable [application/x-winexec] # (compressed file: setuptools/gui-32.exe [depth: 1]) MS Windows Binary/Executable [application/x-winexec] # (compressed file: setuptools/gui-64.exe [depth: 1]) MS Windows Binary/Executable [application/x-winexec] # (compressed file: setuptools/gui-arm64.exe [depth: 1]) MS Windows Binary/Executable [application/x-winexec] # (compressed file: setuptools/gui.exe [depth: 1]) MS Windows Binary/Executable [application/x-winexec] '/home/centgttw/.nc_plugin/hidden' # World writeable directory '/home/centgttw/.system-php/conf/www.journeyjuction.com.centerpoint-networks.com' # Suspicious directory '/home/centgttw/.system-php/ini/5.6/www.journeyjuction.com.centerpoint-networks.com' # Suspicious directory '/home/centgttw/.system-php/ini/7.0/www.journeyjuction.com.centerpoint-networks.com' # Suspicious directory '/home/centgttw/.system-php/ini/7.1/www.journeyjuction.com.centerpoint-networks.com' # Suspicious directory '/home/centgttw/.system-php/ini/7.2/www.journeyjuction.com.centerpoint-networks.com' # Suspicious directory '/home/centgttw/.system-php/ini/7.3/www.journeyjuction.com.centerpoint-networks.com' # Suspicious directory '/home/centgttw/.system-php/ini/7.4/www.journeyjuction.com.centerpoint-networks.com' # Suspicious directory '/home/centgttw/.system-php/ini/8.0/www.journeyjuction.com.centerpoint-networks.com' # Suspicious directory '/home/centgttw/.system-php/ini/8.1/www.journeyjuction.com.centerpoint-networks.com' # Suspicious directory '/home/centgttw/.system-php/ini/8.2/www.journeyjuction.com.centerpoint-networks.com' # Suspicious directory '/home/centgttw/.system-php/ini/8.3/www.journeyjuction.com.centerpoint-networks.com' # Suspicious directory '/home/centgttw/ageholidays.com/wp-content/plugins/akismet/akismet.php' # Script version check [OLD] [Akismet Anti-spam: Spam Protection v5.3.6 < v5.3.7] '/home/centgttw/ageholidays.com/wp-content/plugins/goodlayers-core/include/images/images/nlxmqh.jpeg' # Suspicious image file (hidden script file) '/home/centgttw/ageholidays.com/wp-content/plugins/tourmaster/include/authorize/vendor/jms/parser-lib/parser-lib/meuMF.jpg' # Suspicious image file (hidden script file) '/home/centgttw/ageholidays.com/wp-content/plugins/tourmaster/include/authorize/vendor/jms/serializer/tests/JMS/Serializer/Tests/Serializer/Serializer/BnRJM.tif' # Suspicious image file (hidden script file) '/home/centgttw/ageholidays.com/wp-content/plugins/wp-google-map-plugin/modules/tools/model.tools.php' # Universal decode regex match = [universal decoder] '/home/centgttw/ageholidays.com/wp-content/uploads/2024' # World writeable directory '/home/centgttw/ageholidays.com/wp-content/uploads/2024/10' # World writeable directory '/home/centgttw/ageholidays.com/wp-content/uploads/2024/11' # World writeable directory '/home/centgttw/ageholidays.com/wp-content/uploads/2024/12' # World writeable directory '/home/centgttw/ageholidays.com/wp-content/uploads/2025/01' # World writeable directory '/home/centgttw/ageholidays.com/wp-content/uploads/2025/02' # World writeable directory '/home/centgttw/ageholidays.com/wp-content/uploads/2025/03' # World writeable directory '/home/centgttw/bhuban.com.np/wp-content/plugins/akismet/akismet.php' # Script version check [OLD] [Akismet Anti-Spam v4.2.4 < v5.3.7] '/home/centgttw/bhuban.com.np/wp-content/plugins/contact-form-7/wp-contact-form-7.php' # Script version check [OLD] [Contact Form 7 v5.6 < v6.0.6] '/home/centgttw/bhuban.com.np/wp-content/plugins/elementor/elementor.php' # Script version check [OLD] [Elementor v3.6.7 < v3.28.4] '/home/centgttw/bhuban.com.np/wp-content/plugins/leadin/leadin.php' # Script version check [OLD] [HubSpot All-In-One Marketing - Forms, Popups, Live Chat v8.13.58 < v11.3.6] '/home/centgttw/bhuban.com.np/wp-content/plugins/wordpress-seo/wp-seo.php' # Script version check [OLD] [Yoast SEO v20.13 < v24.9] '/home/centgttw/bhuban.com.np/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clike/index.html' # Suspicious file type [application/x-c] '/home/centgttw/bhuban.com.np/wp-includes/version.php' # Script version check [OLD] [Wordpress v6.8.1 < v6.8.2] '/home/centgttw/destinationdolpo.com/wp-content/plugins/litespeed-cache/litespeed-cache.php' # Script version check [OLD] [LiteSpeed Cache v6.0.0.1 < v7.0.1] '/home/centgttw/destinationdolpo.com/wp-content/plugins1/nextgen-gallery/products/photocrati_nextgen/modules/nextgen_addgallery_page/static/plupload-2.1.1/Moxie.xap' # (compressed file: Moxie.dll [depth: 1]) MS Windows Binary/Executable [application/x-winexec] '/home/centgttw/destinationdolpo.com/wp-content/plugins1/woocommerce/includes/admin/class-wc-admin-menus.php' # Universal decode regex match = [universal decoder] '/home/centgttw/destinationdolpo.com/wp-content/plugins1/woocommerce/src/Internal/Admin/WcPayWelcomePage.php' # Universal decode regex match = [universal decoder] '/home/centgttw/destinationdolpo.com/wp-content/plugins1/woocommerce/vendor/maxmind-db/reader/ext/maxminddb.c' # Suspicious file type [application/x-c] '/home/centgttw/destinationdolpo.com/wp-content/plugins1/woocommerce1/vendor/maxmind-db/reader/ext/maxminddb.c' # Suspicious file type [application/x-c] # Scan Timeout (30 secs) while processing: '/home/centgttw/destinationdolpo.com/wp-content/plugins1/wpforms-lite/assets/css/integrations/divi/wpforms-classic-full.css' '/home/centgttw/destinationdolpo.com/wp-includes/version.php' # Script version check [OLD] [Wordpress v6.2 < v6.8.2] '/home/centgttw/expressnepal.com/wp-content/plugins/akismet/akismet.php' # Script version check [OLD] [Akismet Anti-spam: Spam Protection v5.3.1 < v5.3.7] '/home/centgttw/gurkhacashmere.com/.tmb' # World writeable directory '/home/centgttw/helicoptercharterinnepal.com/wp-content/plugins/contact-form-7/wp-contact-form-7.php' # Script version check [OLD] [Contact Form 7 v5.7.6 < v6.0.6] '/home/centgttw/helicoptercharterinnepal.com/wp-content/plugins/elementor/elementor.php' # Script version check [OLD] [Elementor v3.12.2 < v3.28.4] '/home/centgttw/helicoptercharterinnepal.com/wp-content/plugins/meta-box/meta-box.php' # Script version check [OLD] [Meta Box v5.6.18 < v5.10.8] '/home/centgttw/helicoptercharterinnepal.com/wp-content/plugins/meta-box/inc/about/about.php' # Universal decode regex match = [universal decoder] '/home/centgttw/helicoptercharterinnepal.com/wp-content/plugins/really-simple-ssl/rlrsssl-really-simple-ssl.php' # Script version check [OLD] [Really Simple SSL v6.2.4 < v9.3.3] '/home/centgttw/helicoptercharterinnepal.com/wp-content/plugins/redux-framework/redux-framework.php' # Script version check [OLD] [Redux Framework v4.4.1 < v4.5.7] # Scan Timeout (30 secs) while processing: '/home/centgttw/helicoptercharterinnepal.com/wp-content/plugins/redux-framework/redux-core/assets/css/vendor.css' '/home/centgttw/helicoptercharterinnepal.com/wp-content/plugins/woocommerce/woocommerce.php' # Script version check [OLD] [WooCommerce v7.6.1 < v9.8.2] '/home/centgttw/helicoptercharterinnepal.com/wp-content/plugins/woocommerce/includes/admin/class-wc-admin-menus.php' # Universal decode regex match = [universal decoder] '/home/centgttw/helicoptercharterinnepal.com/wp-content/plugins/woocommerce/src/Internal/Admin/WcPayWelcomePage.php' # Universal decode regex match = [universal decoder] '/home/centgttw/helicoptercharterinnepal.com/wp-content/plugins/woocommerce/vendor/maxmind-db/reader/ext/maxminddb.c' # Suspicious file type [application/x-c] '/home/centgttw/helicoptercharterinnepal.com/wp-content/plugins/wordpress-seo/wp-seo.php' # Script version check [OLD] [Yoast SEO v20.7 < v24.9] '/home/centgttw/hub108.com/wp-content/plugins/woocommerce/includes/admin/class-wc-admin-menus.php' # Universal decode regex match = [universal decoder] '/home/centgttw/hub108.com/wp-content/plugins/woocommerce/src/Internal/Admin/WcPayWelcomePage.php' # Universal decode regex match = [universal decoder] '/home/centgttw/hub108.com/wp-content/plugins/woocommerce/src/Internal/Admin/Settings/PaymentsController.php' # Universal decode regex match = [universal decoder] '/home/centgttw/hub108.com/wp-content/plugins/woocommerce/vendor/maxmind-db/reader/ext/maxminddb.c' # Suspicious file type [application/x-c] '/home/centgttw/journeyjuction.com/wp-content/plugins/litespeed-cache/litespeed-cache.php' # Script version check [OLD] [LiteSpeed Cache v7.0.0.1 < v7.0.1] '/home/centgttw/journeyjuction.com/wp-content/plugins/newsletter/plugin.php' # Script version check [OLD] [Newsletter v8.7.5 < v8.7.9] '/home/centgttw/journeyjuction.com/wp-content/plugins/wordpress-seo/wp-seo.php' # Script version check [OLD] [Yoast SEO v24.7 < v24.9] '/home/centgttw/journeyjuction.com/wp-content/plugins/wp-google-map-plugin/modules/tools/model.tools.php' # Universal decode regex match = [universal decoder] '/home/centgttw/journeyjuction.com/wp-content/plugins/wp-mail-smtp/src/Admin/Area.php' # Universal decode regex match = [universal decoder] '/home/centgttw/journeyjuction.com/wp-content/plugins/wp-mail-smtp/src/Admin/SetupWizard.php' # Universal decode regex match = [universal decoder] '/home/centgttw/journeyjuction.com/wp-content/themes/astra/admin/includes/class-astra-menu.php' # Universal decode regex match = [universal decoder] '/home/centgttw/kundcoffee.com/wp-content/plugins/woocommerce/includes/admin/class-wc-admin-menus.php' # Universal decode regex match = [universal decoder] '/home/centgttw/kundcoffee.com/wp-content/plugins/woocommerce/src/Internal/Admin/Settings/PaymentsController.php' # Universal decode regex match = [universal decoder] '/home/centgttw/kundcoffee.com/wp-content/plugins/woocommerce/vendor/maxmind-db/reader/ext/maxminddb.c' # Suspicious file type [application/x-c] '/home/centgttw/lscache/e/c/3/ec3fdc51e712186c' # ClamAV detected virus = [{HEX}php.malware.magento.599.UNOFFICIAL] '/home/centgttw/marketing108.com/wp-content/plugins/akismet/akismet.php' # Script version check [OLD] [Akismet Anti-spam: Spam Protection v5.3.3 < v5.3.7] '/home/centgttw/marketing108.com/wp-content/plugins/all-in-one-seo-pack/all_in_one_seo_pack.php' # Script version check [OLD] [All in One SEO v4.7.4.2 < v4.8.1.1] '/home/centgttw/marketing108.com/wp-content/plugins/all-in-one-seo-pack/app/Common/Views/admin/settings-page.php' # Universal decode regex match = [universal decoder] '/home/centgttw/marketing108.com/wp-content/plugins/elementor/elementor.php' # Script version check [OLD] [Elementor v3.24.5 < v3.28.4] '/home/centgttw/marketing108.com/wp-content/plugins/ga-google-analytics/ga-google-analytics.php' # Script version check [OLD] [GA Google Analytics v20241102 < v20250326] '/home/centgttw/marketing108.com/wp-content/plugins/google-analytics-for-wordpress/includes/helpers.php' # Universal decode regex match = [universal decoder] '/home/centgttw/marketing108.com/wp-content/plugins/optinmonster/optin-monster-wp-api.php' # Script version check [OLD] [OptinMonster v2.16.8 < v2.16.19] '/home/centgttw/marketing108.com/wp-content/plugins/wordpress-seo/wp-seo.php' # Script version check [OLD] [Yoast SEO v24.3 < v24.9] '/home/centgttw/marketing108.com/wp-content/plugins/wpforms-lite/wpforms.php' # Script version check [OLD] [WPForms Lite v1.9.2.1 < v1.9.4.2] # Scan Timeout (30 secs) while processing: '/home/centgttw/marketing108.com/wp-content/plugins/wpforms-lite/assets/css/frontend/modern/wpforms-full.css' # Scan Timeout (30 secs) while processing: '/home/centgttw/marketing108.com/wp-content/plugins/wpforms-lite/assets/css/integrations/divi/wpforms-base.css' '/home/centgttw/marketing108.com/wp-content/themes/noxiy/assets/sass/default' # World writeable directory '/home/centgttw/marketing108.com/wp-content/themes/noxiy/assets/sass/section' # World writeable directory '/home/centgttw/marketing108.com/wp-content/themes/noxiy/inc/admin/assets' # World writeable directory '/home/centgttw/marketing108.com/wp-content/themes/noxiy/inc/admin/assets/css' # World writeable directory '/home/centgttw/marketing108.com/wp-content/themes/noxiy/inc/admin/assets/img' # World writeable directory '/home/centgttw/marketing108.com/wp-content/themes/noxiy/inc/demo-content/dark' # World writeable directory '/home/centgttw/marketing108.com/wp-content/themes/noxiy/inc/demo-content/light' # World writeable directory '/home/centgttw/marketing108.com/wp-content/themes/noxiy/inc/tgm/plugins' # World writeable directory '/home/centgttw/marrontrading.com/system/core/CodeIgniter.php' # Script version check [OLD] [CodeIgniter v2.2.0 < v4.6.1] '/home/centgttw/midlandyatra.com/.tmb' # World writeable directory '/home/centgttw/midlandyatra.com/images/images/vCpGrRimy.jpeg' # Suspicious image file (hidden script file) '/home/centgttw/midlandyatra.com/wp-content/cache/supercache/www.midlandyatra.com' # Suspicious directory '/home/centgttw/midlandyatra.com/wp-content/plugins/akismet/akismet.php' # Script version check [OLD] [Akismet Anti-spam: Spam Protection v5.3.2 < v5.3.7] '/home/centgttw/midlandyatra.com/wp-content/plugins/all-in-one-wp-migration/all-in-one-wp-migration.php' # Script version check [OLD] [All-in-One WP Migration v6.77 < v7.93] '/home/centgttw/midlandyatra.com/wp-content/plugins/filester/includes/File_manager/FileManager.php' # Universal decode regex match = [universal decoder] '/home/centgttw/midlandyatra.com/wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571k1.php' # Universal decode regex match = [universal decoder] '/home/centgttw/midlandyatra.com/wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571r1.php' # Universal decode regex match = [universal decoder] '/home/centgttw/midlandyatra.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clike/index.html' # Suspicious file type [application/x-c] '/home/centgttw/midlandyatra.com/wp-content/plugins/wp-google-map-plugin/modules/tools/model.tools.php' # Universal decode regex match = [universal decoder] '/home/centgttw/monalisanepal.com/.tmb' # World writeable directory '/home/centgttw/monalisanepal.com/old/wp-includes/version.php' # Script version check [OLD] [Wordpress v6.2.2 < v6.8.2] '/home/centgttw/monalisanepal.com/wp-content/plugins/jetpack/jetpack.php' # Script version check [OLD] [Jetpack v14.1 < v14.5] '/home/centgttw/monalisanepal.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-masterbar/src/admin-menu/class-admin-menu.php' # Universal decode regex match = [universal decoder] '/home/centgttw/monalisanepal.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clike/index.html' # Suspicious file type [application/x-c] '/home/centgttw/muktinathyatra.com/seo/config/sp-config.php' # Script version check [OLD] [Seo Panel v3.13.0 < v4.11.0] '/home/centgttw/muktinathyatra.com/uploads/general_images' # World writeable directory '/home/centgttw/muktinathyatra.com/uploads/general_imagesfile' # World writeable directory '/home/centgttw/muktinathyatra.com/uploads/general_imagesflash' # World writeable directory '/home/centgttw/muktinathyatra.com/uploads/general_imagesimage' # World writeable directory '/home/centgttw/muktinathyatra.com/uploads/general_imagesimage/all images' # World writeable directory '/home/centgttw/muktinathyatra.com/uploads/general_imagesimage/dhaulagiri himal' # World writeable directory '/home/centgttw/muktinathyatra.com/uploads/general_imagesmedia' # World writeable directory '/home/centgttw/nepalsnowjewel.com/wp-content/plugins/akismet/akismet.php' # Script version check [OLD] [Akismet Anti-Spam v5.1 < v5.3.7] '/home/centgttw/nepalsnowjewel.com/wp-content/plugins/all-in-one-wp-migration/all-in-one-wp-migration.php' # Script version check [OLD] [All-in-One WP Migration v7.72 < v7.93] '/home/centgttw/nepalsnowjewel.com/wp-content/plugins/contact-form-7/wp-contact-form-7.php' # Script version check [OLD] [Contact Form 7 v5.7.4 < v6.0.6] '/home/centgttw/nepalsnowjewel.com/wp-content/plugins/duplicate-page/duplicatepage.php' # Script version check [OLD] [Duplicate Page v4.5.1 < v4.5.4] '/home/centgttw/nepalsnowjewel.com/wp-content/plugins/newsletter/plugin.php' # Script version check [OLD] [Newsletter v7.6.8 < v8.7.9] '/home/centgttw/nepalsnowjewel.com/wp-content/plugins/one-click-demo-import/one-click-demo-import.php' # Script version check [OLD] [One Click Demo Import v3.1.2 < v3.3.0] '/home/centgttw/nepalsnowjewel.com/wp-content/plugins/wordpress-seo/wp-seo.php' # Script version check [OLD] [Yoast SEO v20.3 < v24.9] '/home/centgttw/nepalsnowjewel.com/wp-includes/version.php' # Script version check [OLD] [Wordpress v6.1.9 < v6.8.2] '/home/centgttw/nepaltravelportal.com/wp-content/plugins/akismet/akismet.php' # Script version check [OLD] [Akismet Anti-spam: Spam Protection v5.3.1 < v5.3.7] '/home/centgttw/nepaltravelportal.com/wp-content/plugins/all-in-one-wp-migration/all-in-one-wp-migration.php' # Script version check [OLD] [All-in-One WP Migration v7.81 < v7.93] '/home/centgttw/nepaltravelportal.com/wp-content/plugins/astra-sites/astra-sites.php' # Script version check [OLD] [Starter Templates v4.1.1 < v4.4.19] '/home/centgttw/nepaltravelportal.com/wp-content/plugins/collectchat/collect.php' # Universal decode regex match = [universal decoder] '/home/centgttw/nepaltravelportal.com/wp-content/plugins/elementor/elementor.php' # Script version check [OLD] [Elementor v3.20.2 < v3.28.4] '/home/centgttw/nepaltravelportal.com/wp-content/plugins/unlimited-elements-for-elementor/unlimited_elements.php' # Script version check [OLD] [Unlimited Elements for Elementor v1.5.100 < v1.5.145] '/home/centgttw/nepaltravelportal.com/wp-content/plugins/wpforms-lite/wpforms.php' # Script version check [OLD] [WPForms Lite v1.8.7.2 < v1.9.4.2] # Scan Timeout (30 secs) while processing: '/home/centgttw/nepaltravelportal.com/wp-content/plugins/wpforms-lite/assets/css/frontend/modern/wpforms-full.css' # Scan Timeout (30 secs) while processing: '/home/centgttw/nepaltravelportal.com/wp-content/plugins/wpforms-lite/assets/css/integrations/divi/wpforms-classic-base.css' # Scan Timeout (30 secs) while processing: '/home/centgttw/nepaltravelportal.com/wp-content/plugins/wpforms-lite/assets/css/integrations/divi/wpforms-classic-full.css' '/home/centgttw/nepaltravelportal.com/wp-content/themes/astra/admin/includes/class-astra-menu.php' # Universal decode regex match = [universal decoder] '/home/centgttw/nepaltravelportal.com/wp-includes/version.php' # Script version check [OLD] [Wordpress v6.7.2 < v6.8.2] '/home/centgttw/nepalwrestling.org.np/wp-content/plugins/akismet/akismet.php' # Script version check [OLD] [Akismet Anti-spam: Spam Protection v5.3.2 < v5.3.7] '/home/centgttw/nepalwrestling.org.np/wp-content/plugins/duplicate-page/duplicatepage.php' # Script version check [OLD] [Duplicate Page v4.5.3 < v4.5.4] '/home/centgttw/nepalwrestling.org.np/wp-content/plugins/elementor/elementor.php' # Script version check [OLD] [Elementor v3.21.8 < v3.28.4] '/home/centgttw/nepalwrestling.org.np/wp-content/plugins/essential-addons-for-elementor-lite/essential_adons_elementor.php' # Script version check [OLD] [Essential Addons for Elementor v5.9.22 < v6.1.11] '/home/centgttw/nepalwrestling.org.np/wp-content/plugins/foogallery/foogallery.php' # Script version check [OLD] [FooGallery v2.4.16 < v2.4.30] '/home/centgttw/nepalwrestling.org.np/wp-content/plugins/foogallery/includes/admin/class-gallery-datasources.php' # Universal decode regex match = [universal decoder] '/home/centgttw/nepalwrestling.org.np/wp-content/plugins/templately/templately.php' # Script version check [OLD] [Templately v3.0.8 < v3.2.5] '/home/centgttw/newsadle.org.np/wp-content/plugins/akismet/akismet.php' # Script version check [OLD] [Akismet Anti-Spam v4.2.5 < v5.3.7] '/home/centgttw/newsadle.org.np/wp-content/plugins/contact-form-7/wp-contact-form-7.php' # Script version check [OLD] [Contact Form 7 v5.6.2 < v6.0.6] '/home/centgttw/newsadle.org.np/wp-content/plugins/elementor/elementor.php' # Script version check [OLD] [Elementor v3.7.2 < v3.28.4] '/home/centgttw/newsadle.org.np/wp-content/plugins/really-simple-ssl/rlrsssl-really-simple-ssl.php' # Script version check [OLD] [Really Simple SSL v6.2.4 < v9.3.3] '/home/centgttw/newsadle.org.np/wp-content/plugins/sticky-menu-or-anything-on-scroll/sticky-menu-or-anything.php' # Script version check [OLD] [Sticky Menu (or Anything!) on Scroll v2.32 < v2.33] '/home/centgttw/safarsouthasia.org/images/images/images/NwX.tiff' # Suspicious image file (hidden script file) '/home/centgttw/safarsouthasia.org/wp-content/plugins/akismet/akismet.php' # Script version check [OLD] [Akismet Anti-Spam v5.1 < v5.3.7] '/home/centgttw/safarsouthasia.org/wp-content/plugins/elementor/elementor.php' # Script version check [OLD] [Elementor v3.15.0 < v3.28.4] '/home/centgttw/safarsouthasia.org/wp-content/plugins/nextgen-gallery/nggallery.php' # Script version check [OLD] [NextGEN Gallery v3.35 < v3.59.11] '/home/centgttw/safarsouthasia.org/wp-content/plugins/wpforms-lite/wpforms.php' # Script version check [OLD] [WPForms Lite v1.8.2.3 < v1.9.4.2] '/home/centgttw/safarsouthasia.org/wp-includes/version.php' # Script version check [OLD] [Wordpress v6.2.8 < v6.8.2] '/home/centgttw/yalaadventure.com/vendor/symfony/console/Resources/bin/hiddeninput.exe' # MS Windows Binary/Executable [application/x-winexec] '/home/centgttw/yalaadventure.com/vendor/symfony/debug/Resources/ext/symfony_debug.c' # Suspicious file type [application/x-c] ----------- SCAN SUMMARY ----------- Scanned directories: 51805 Scanned files: 1288581 Ignored items: 1769 Suspicious matches: 180 Viruses found: 1 Fingerprint matches: 0 Data scanned: 34892.87 MB Scan peak memory: 435200 kB Scan time/item: 0.025 sec Scan time: 33145.302 sec