ＳＫＹＳＨＥＬＬＭＡＮＡＧＥＲ

📁 ＳＫＹＳＨＥＬＬＭＡＮＡＧＥＲ PHP v8.3.31

Path:root/home/vpadqhdk/vpmarketingagency.com/

Name	Size	Perm	Actions
📁 .well-known	-	0755	🗑️ 🏷️
📁 cgi-bin	-	0755	🗑️ 🏷️
📁 images	-	0755	🗑️ 🏷️
📁 ncsitebuilder	-	0755	🗑️ 🏷️
📁 wp-admin	-	0755	🗑️ 🏷️
📁 wp-content	-	0755	🗑️ 🏷️
📁 wp-includes	-	0755	🗑️ 🏷️
📄 .hcflag	0.03 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 .htaccess	0.19 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 .htaccess.bk	1.99 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 .litespeed_flag	0.29 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 index.php	0.39 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 inputs.php	0.12 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 license.txt	19.44 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 php.ini	0.04 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 readme.html	7.23 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 robots.txt	0.08 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 wp-activate.php	7.2 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 wp-blog-header.php	0.34 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 wp-comments-post.php	2.27 KB	0755	🗑️ 🏷️ ⬇️ ✏️
📄 wp-config-sample.php	3.26 KB	0755	🗑️ 🏷️ ⬇️ ✏️
📄 wp-config.php	3.31 KB	0600	🗑️ 🏷️ ⬇️ ✏️
📄 wp-cron.php	5.49 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 wp-links-opml.php	2.43 KB	0755	🗑️ 🏷️ ⬇️ ✏️
📄 wp-load.php	3.84 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 wp-login.php	50.63 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 wp-mail.php	8.52 KB	0755	🗑️ 🏷️ ⬇️ ✏️
📄 wp-settings.php	31.88 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 wp-signup.php	33.81 KB	0644	🗑️ 🏷️ ⬇️ ✏️
📄 wp-trackback.php	5.09 KB	0755	🗑️ 🏷️ ⬇️ ✏️
📄 xmlrpc.php	3.13 KB	0755	🗑️ 🏷️ ⬇️ ✏️

Edit: scanreport-vpadqhdk-Nov_28_2025_12h45m.txt

----------- SCAN REPORT -----------
TimeStamp: Fri, 28 Nov 2025 12:45:19 -0500
(/usr/sbin/cxs --background --clamdsock /var/clamd --dbreport --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 50000 --noforce --html --ignore /etc/cxs/cxs.ignore.manual --options mMOLfSGchexdnwZDRru --noprobability --qoptions Mv --report /home/vpadqhdk/scanreport-vpadqhdk-Nov_28_2025_12h45m.txt --sizemax 1000000 --ssl --summary --sversionscan --timemax 30 --unofficial --user vpadqhdk --virusscan --vmrssmax 2000000 --waitscan 0 --xtra /etc/cxs/cxs.xtra.manual)

Scanning /home/vpadqhdk:

'/home/vpadqhdk/access-logs'
# Symlink to [/etc/apache2/logs/domlogs/vpadqhdk]

'/home/vpadqhdk/.cache/.9b9bf45c563700ec91d17e3ea74671bab5c18040'
# Universal decode regex match = [universal decoder]

'/home/vpadqhdk/.config/htop/defunct'
# Linux Binary/Executable [application/x-sharedlib]

'/home/vpadqhdk/.nc_plugin/hidden'
# World writeable directory

'/home/vpadqhdk/VPADMINLEADS.COM/old/wp-includes/version.php'
# Script version check [OLD] [Wordpress v5.6 < v6.8.2]

'/home/vpadqhdk/VPADMINLEADS.COM/wp-content/plugins/all-in-one-wp-migration/all-in-one-wp-migration.php'
# Script version check [OLD] [All-in-One WP Migration v7.33 < v7.93]

'/home/vpadqhdk/VPADMINLEADS.COM/wp-content/plugins/classic-editor/classic-editor.php'
# Script version check [OLD] [Classic Editor v1.6 < v1.6.7]

'/home/vpadqhdk/VPADMINLEADS.COM/wp-content/plugins/contact-form-7/wp-contact-form-7.php'
# Script version check [OLD] [Contact Form 7 v5.3.1 < v6.0.6]

'/home/vpadqhdk/VPADMINLEADS.COM/wp-content/plugins/duplicator/duplicator.php'
# Script version check [OLD] [Duplicator v1.3.40.1 < v1.5.12]
# Universal decode regex match = [universal decoder]

'/home/vpadqhdk/VPADMINLEADS.COM/wp-content/plugins/elementor/elementor.php'
# Script version check [OLD] [Elementor v3.0.14 < v3.28.4]

'/home/vpadqhdk/VPADMINLEADS.COM/wp-content/plugins/litespeed-cache/litespeed-cache.php'
# Script version check [OLD] [LiteSpeed Cache v3.6.4 < v7.0.1]

'/home/vpadqhdk/VPADMINLEADS.COM/wp-content/plugins/loginizer/loginizer.php'
# Script version check [OLD] [Loginizer v1.6.5 < v2.0.0]

'/home/vpadqhdk/VPADMINLEADS.COM/wp-content/plugins/sg-cachepress/sg-cachepress.php'
# Script version check [OLD] [SG Optimizer v5.7.11 < v7.7.2]

'/home/vpadqhdk/cruisewithmetravel.com/cgi-bin/cgi-bin/cgi-bin/jpx_68e460ebbe3f8.zip'
# (compressed file: b_68e460ebbe3f8.tmp [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P2189]]

'/home/vpadqhdk/cruisewithmetravel.com/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/UFc.gif'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/cruisewithmetravel.com/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/YrubN.png'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/cruisewithmetravel.com/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/Z.jpeg'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/cruisewithmetravel.com/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/kulSmPpnzGU.png'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/cruisewithmetravel.com/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/zlyXSj.png'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/cruisewithmetravel.com/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/fNSv.jpg'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/cruisewithmetravel.com/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/gcPAV.tif'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/cruisewithmetravel.com/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/S.jpg'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/cruisewithmetravel.com/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/uNHmVlXeK.jpg'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/cruisewithmetravel.com/images/images/images/McYwSrbmT.png'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/cruisewithmetravel.com/images/images/images/swf_6912eb3657f42.zip'
# (compressed file: b_6912eb3657f42.tmp [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P2189]]

'/home/vpadqhdk/cruisewithmetravel.com/images/images/images/images/images/M.jpeg'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/cruisewithmetravel.com/images/images/images/images/images/WBZkN.tif'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/cruisewithmetravel.com/images/images/images/images/images/ZFtgcqYw.tif'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/cruisewithmetravel.com/images/images/images/images/images/avi_68da629a4395e.zip'
# (compressed file: b_68da629a4395e.tmp [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P2189]]

'/home/vpadqhdk/cruisewithmetravel.com/images/images/images/images/images/images/QahEZtBNWUgmjcVGLui.tiff'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/cruisewithmetravel.com/images/images/images/images/images/images/images/images/images/PhaWvMixIfmGZgJRVun.jpg'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/cruisewithmetravel.com/images/images/images/images/images/images/images/images/images/images/JgKQEzaBvtWfZRCc.gif'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/cruisewithmetravel.com/images/images/images/images/images/images/images/images/images/images/u.tif'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/cruisewithmetravel.com/kGFqXYhjg/kGFqXYhjg/kGFqXYhjg/IWu.tif'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/divinecoffeeservice.com/wp-admin/css/colors/light/light/light/Bhi.tif'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/divinecoffeeservice.com/wp-admin/css/colors/ocean/ocean/cIYTetfHl.tif'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/divinecoffeeservice.com/wp-admin/css/colors/sunrise/sunrise/KJmgtGkb.gif'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/divinecoffeeservice.com/wp-content/plugins/akismet/_inc/img/logo-nsnnrnnoqrnsssp.png'
# Suspicious image file (hidden script file)
# Universal decode regex match = [universal decoder]

'/home/vpadqhdk/divinecoffeeservice.com/wp-content/plugins/builderall-cheetah-for-wp/includes/vendor/mailjet/symfony/polyfill-mbstring/Resources/unidata/unidata/HYvSJWjymtp.png'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/divinecoffeeservice.com/wp-content/plugins/builderall-cheetah-for-wp/modules/webinar/app/app/KAjcnVSgwJNmiIyrPQH.png'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/divinecoffeeservice.com/wp-content/plugins/loginizer/assets/js/js/yXwvUTtmQzpKf.png'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/divinecoffeeservice.com/wp-includes/Text/Diff/Engine/nsnnrnnoqrnsssp.ttf'
# Universal decode regex match = [universal decoder]

'/home/vpadqhdk/divinecoffeeservice.com/wp-includes/blocks/cover/style-rel.css'
# Universal decode regex match = [universal decoder]

'/home/vpadqhdk/divinecoffeeservice.com/wp-includes/blocks/post-navigation-link/post-navigation-link/jpc_691124d35fcbb.zip'
# (compressed file: b_691124d35fcbb.tmp [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2195]]

'/home/vpadqhdk/divinecoffeeservice.com/wp-includes/blocks/pullquote/pullquote/XKftYSPcCHxvgAh.png'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/divinecoffeeservice.com/wp-includes/css/dist/block-library/block-library/f4v_68f4a3bea3134.zip'
# (compressed file: b_68f4a3bea3134.tmp [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P2189]]

'/home/vpadqhdk/divinecoffeeservice.com/wp-includes/images/w-afaaeaabdeafffc.gif'
# Suspicious image file (hidden script file)
# Universal decode regex match = [universal decoder]

'/home/vpadqhdk/divinecoffeeservice.com/wp-includes/images/wpspin-1x.gif'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/divinecoffeeservice.com/wp-includes/images/xit-3x.gif'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/divinecoffeeservice.com/wp-includes/images/media/afaaeaabdeafffc.png'
# Suspicious image file (hidden script file)
# Universal decode regex match = [universal decoder]

'/home/vpadqhdk/homedigitalsuccess.com/index.php'
# Universal decode regex match = [universal decoder]

'/home/vpadqhdk/meekmiracleointment.com/MvIhBFSxCUaK/MvIhBFSxCUaK/MvIhBFSxCUaK/xAreGvhtn.tiff'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/meekmiracleointment.com/PqFvAaC/PqFvAaC/PqFvAaC/TlzQfKAjeEnqiGaPvBC.tiff'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/meekmiracleointment.com/PqFvAaC/PqFvAaC/PqFvAaC/nhINKyS.tif'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/meekmiracleointment.com/PqFvAaC/PqFvAaC/PqFvAaC/PqFvAaC/tiff_69134ae29c338.zip'
# (compressed file: b_69134ae29c338.tmp [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2195]]

'/home/vpadqhdk/meekmiracleointment.com/admin/templates/analytics/analytics.css'
# Universal decode regex match = [universal decoder]

'/home/vpadqhdk/meekmiracleointment.com/captcha/captcha/captcha/NJxPVenivWucwt.jpeg'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/meekmiracleointment.com/captcha/captcha/captcha/YgJFBhpHXsP.tiff'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/meekmiracleointment.com/cartsearch/fonts/glyphs/glyphs/glyphs/ytTeVvxB.jpg'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/meekmiracleointment.com/cgi-bin/upgrade/upgrade/upgrade/qhQRgTCtPpsV.png'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/meekmiracleointment.com/imemail/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cXybpANPmIZQRiKnFL.tiff'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/meekmiracleointment.com/imemail/cgi-bin/cgi-bin/cgi-bin/cgi-bin/xbm_68f733c838e29.zip'
# (compressed file: b_68f733c838e29.tmp [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P2189]]

'/home/vpadqhdk/meekmiracleointment.com/meekmira/images/images/ai.jpeg'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/meekmiracleointment.com/meekmira/images/images/images/images/m4v_68e2927462aae.zip'
# (compressed file: b_68e2927462aae.tmp [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2195]]

'/home/vpadqhdk/meekmiracleointment.com/pcss/meekmira/meekmira/meekmira/meekmira/RPsJmjhAKZwC.png'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/meekmiracleointment.com/res/emailtemplates/emailtemplates/wma_68d352e99c410.zip'
# (compressed file: b_68d352e99c410.tmp [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2202]]

'/home/vpadqhdk/meekmiracleointment.com/res/emailtemplates/emailtemplates/emailtemplates/iP.tif'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/meekmiracleointment.com/res/emailtemplates/images/images/aPIbmzU.jpeg'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/meekmiracleointment.com/videos/videos/videos/videos/videos/jp2_690260cc1eddc.zip'
# (compressed file: b_690260cc1eddc.tmp [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2195]]

'/home/vpadqhdk/meekmiracleointment.com/wp-admin/css/colors/sunrise/sunrise/kKAntXWpBmzZMibG.jpg'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/meekmiracleointment.com/wp-admin/js/js/tRC.gif'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/meekmiracleointment.com/wp-content/plugins/akismet/_inc/img/logo-srrsrsnpsspsrs.png'
# Suspicious image file (hidden script file)
# Universal decode regex match = [universal decoder]

'/home/vpadqhdk/meekmiracleointment.com/wp-content/plugins/google-listings-and-ads/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571k1.php'
# Universal decode regex match = [universal decoder]

'/home/vpadqhdk/meekmiracleointment.com/wp-content/plugins/google-listings-and-ads/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571r1.php'
# Universal decode regex match = [universal decoder]

'/home/vpadqhdk/meekmiracleointment.com/wp-content/plugins/woocommerce/includes/admin/class-wc-admin-menus.php'
# Universal decode regex match = [universal decoder]

'/home/vpadqhdk/meekmiracleointment.com/wp-content/plugins/woocommerce/src/Internal/Admin/Settings/PaymentsController.php'
# Universal decode regex match = [universal decoder]

'/home/vpadqhdk/meekmiracleointment.com/wp-content/plugins/woocommerce/vendor/maxmind-db/reader/ext/maxminddb.c'
# Suspicious file type [application/x-c]

'/home/vpadqhdk/meekmiracleointment.com/wp-content/plugins/woocommerce-payments/includes/admin/class-wc-payments-admin.php'
# Universal decode regex match = [universal decoder]

'/home/vpadqhdk/meekmiracleointment.com/wp-content/themes/Divi/ai-app/ai-app.php'
# Universal decode regex match = [universal decoder]

'/home/vpadqhdk/meekmiracleointment.com/wp-content/themes/Divi/includes/builder/framework.php'
# Universal decode regex match = [universal decoder]

'/home/vpadqhdk/meekmiracleointment.com/wp-includes/Text/Diff/Engine/srrsrsnpsspsrs.ttf'
# Universal decode regex match = [universal decoder]

'/home/vpadqhdk/meekmiracleointment.com/wp-includes/blocks/cover/style-rel.css'
# Universal decode regex match = [universal decoder]

'/home/vpadqhdk/meekmiracleointment.com/wp-includes/images/w-feefefacffcfef.gif'
# Suspicious image file (hidden script file)
# Universal decode regex match = [universal decoder]

'/home/vpadqhdk/meekmiracleointment.com/wp-includes/images/wpspin-1x.gif'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/meekmiracleointment.com/wp-includes/images/xit-3x.gif'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/meekmiracleointment.com/wp-includes/images/media/feefefacffcfef.png'
# Suspicious image file (hidden script file)
# Universal decode regex match = [universal decoder]

'/home/vpadqhdk/public_html/wp-content/plugins/elementor/elementor.php'
# Script version check [OLD] [Elementor v3.0.12 < v3.28.4]

'/home/vpadqhdk/public_html/wp-content/plugins/litespeed-cache/litespeed-cache.php'
# Script version check [OLD] [LiteSpeed Cache v3.6.4 < v7.0.1]

'/home/vpadqhdk/public_html/wp-content/plugins/loginizer/loginizer.php'
# Script version check [OLD] [Loginizer v1.6.4 < v2.0.0]

'/home/vpadqhdk/public_html/wp-content/plugins/wordpress-importer/wordpress-importer.php'
# Script version check [OLD] [WordPress Importer v0.7 < v0.8.4]

'/home/vpadqhdk/public_html/wp-content/themes/Divi/core/components/data/init.php'
# Universal decode regex match = [universal decoder]

'/home/vpadqhdk/public_html/wp-content/themes/Divi/includes/builder/framework.php'
# Universal decode regex match = [universal decoder]

'/home/vpadqhdk/rightontimenotary.com/wp-content/plugins/litespeed-cache/litespeed-cache.php'
# Script version check [OLD] [LiteSpeed Cache v6.5.4 < v7.0.1]

'/home/vpadqhdk/rightontimenotary.com/wp-content/plugins/loginizer/loginizer.php'
# Script version check [OLD] [Loginizer v1.9.8 < v2.0.0]

'/home/vpadqhdk/var/cpanel/styled/current_style'
# Symlink to [/usr/local/cpanel/base/frontend/paper_lantern/styled/light]

'/home/vpadqhdk/vpmarketingagency.com/ncsitebuilder/css/flag-icon-css/css/css/fQ.png'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/vpmarketingagency.com/ncsitebuilder/css/flag-icon-css/flags/1x1/1x1.css'
# Universal decode regex match = [universal decoder]

'/home/vpadqhdk/vpmarketingagency.com/ncsitebuilder/dat/dat/M.jpeg'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/vpmarketingagency.com/ncsitebuilder/phpseclib/Crypt/Crypt/KVhAIuENpmtUWyX.gif'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/vpmarketingagency.com/ncsitebuilder/phpseclib/Crypt/Crypt/Crypt/MZhNxqzQWnyLuejEPb.tiff'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/vpmarketingagency.com/wp-admin/network/network/network/baXey.tiff'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/vpmarketingagency.com/wp-content/themes/Divi/ai-app/ai-app.php'
# Universal decode regex match = [universal decoder]

'/home/vpadqhdk/vpmarketingagency.com/wp-content/themes/Divi/core/admin/fonts/modules/base/base/Zmzv.png'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/vpmarketingagency.com/wp-content/themes/Divi/includes/builder/framework.php'
# Universal decode regex match = [universal decoder]

'/home/vpadqhdk/vpmarketingagency.com/wp-includes/SimplePie/src/XML/XML/VSPEIjJBqscTCxMKnpa.png'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/vpmarketingagency.com/wp-includes/Text/Diff/Engine/oqsorpqp.ttf'
# Universal decode regex match = [universal decoder]

'/home/vpadqhdk/vpmarketingagency.com/wp-includes/blocks/cover/style-rel.css'
# Universal decode regex match = [universal decoder]

'/home/vpadqhdk/vpmarketingagency.com/wp-includes/images/w-bdfbecdc.gif'
# Suspicious image file (hidden script file)
# Universal decode regex match = [universal decoder]

'/home/vpadqhdk/vpmarketingagency.com/wp-includes/images/wpspin-1x.gif'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/vpmarketingagency.com/wp-includes/images/xit-3x.gif'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/vpmarketingagency.com/wp-includes/images/media/bdfbecdc.png'
# Suspicious image file (hidden script file)
# Universal decode regex match = [universal decoder]

'/home/vpadqhdk/vpmarketingagency.com/wp-includes/js/tinymce/utils/utils/KRMCYVSaszXuyQA.tiff'
# Suspicious image file (hidden script file)

'/home/vpadqhdk/vpmarketingagency.com/wp-includes/rest-api/fields/fields/xbm_68d6d05f6d9e6.zip'
# (compressed file: b_68d6d05f6d9e6.tmp [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P2189]]

'/home/vpadqhdk/vpmarketingmadness.com/wp-content/plugins/litespeed-cache/litespeed-cache.php'
# Script version check [OLD] [LiteSpeed Cache v5.2.1 < v7.0.1]

'/home/vpadqhdk/vpmarketingmadness.com/wp-content/plugins/loginizer/loginizer.php'
# Script version check [OLD] [Loginizer v1.7.4 < v2.0.0]

'/home/vpadqhdk/vpmarketingmadness.com/wp-content/plugins/wordpress-importer/wordpress-importer.php'
# Script version check [OLD] [WordPress Importer v0.8 < v0.8.4]

'/home/vpadqhdk/vpmarketingmadness.com/wp-content/themes/Divi/core/components/data/init.php'
# Universal decode regex match = [universal decoder]

'/home/vpadqhdk/vpmarketingmadness.com/wp-content/themes/Divi/includes/builder/framework.php'
# Universal decode regex match = [universal decoder]

'/home/vpadqhdk/vpmarketingmadness.com/wp-includes/version.php'
# Script version check [OLD] [Wordpress v6.1 < v6.8.2]

'/home/vpadqhdk/www.vpmarketingmobi.com'
# Suspicious directory

----------- SCAN SUMMARY -----------
Scanned directories: 18008
Scanned files: 331865
Ignored items: 630
Suspicious matches: 129
Viruses found: 0
Fingerprint matches: 11
Data scanned: 10113.23 MB
Scan peak memory: 441352 kB
Scan time/item: 0.035 sec
Scan time: 12384.692 sec

Fatal error: Uncaught Error: Call to undefined function wp_check_php_mysql_versions() in /home/vpadqhdk/vpmarketingagency.com/wp-settings.php:40 Stack trace: #0 /home/vpadqhdk/vpmarketingagency.com/wp-config.php(249): require_once() #1 /home/vpadqhdk/vpmarketingagency.com/wp-load.php(50): require_once('/home/vpadqhdk/...') #2 /home/vpadqhdk/vpmarketingagency.com/wp-blog-header.php(13): require_once('/home/vpadqhdk/...') #3 /home/vpadqhdk/vpmarketingagency.com/index.php(17): require('/home/vpadqhdk/...') #4 {main} thrown in /home/vpadqhdk/vpmarketingagency.com/wp-settings.php on line 40

📁 ＳＫＹＳＨＥＬＬ ＭＡＮＡＧＥＲ PHP v8.3.31

Edit: scanreport-vpadqhdk-Nov_28_2025_12h45m.txt

📁 ＳＫＹＳＨＥＬＬＭＡＮＡＧＥＲ PHP v8.3.31