----------- SCAN REPORT -----------
TimeStamp: Wed, 10 Dec 2025 03:42:25 -0500
(/usr/sbin/cxs --background --clamdsock /var/clamd --dbreport --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 50000 --noforce --html --ignore /etc/cxs/cxs.ignore.manual --options mMOLfSGchexdnwZDRru --noprobability --qoptions Mv --report /home/dubayplm/scanreport-dubayplm-Dec_10_2025_03h42m.txt --sizemax 1000000 --ssl --summary --sversionscan --timemax 30 --unofficial --user dubayplm --virusscan --vmrssmax 2000000 --waitscan 0 --xtra /etc/cxs/cxs.xtra.manual)


Scanning /home/dubayplm:

'/home/dubayplm/access-logs'
# Symlink to [/etc/apache2/logs/domlogs/dubayplm]

'/home/dubayplm/.nc_plugin/hidden'
# World writeable directory
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/7/7e7e4d3e03b22bbe]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/8/7e80da4d56720705]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/8/7e8355754eea6bd0]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/8/7e8360d21501c877]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/8/7e84d7c74ebf335c]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/8/7e86b1705ddec785]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/8/7e8749e4b1722935]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/8/7e88582ab16eaa38]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/8/7e88819d1d1e98f2]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/8/7e89e59d8de0d47b]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/8/7e8b8279933ccbbe]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/8/7e8bf566a5e438b5]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/8/7e8d648dccb979eb]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/8/7e8df1ee81e73183]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/8/7e8eebe110821ef2]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/9/7e91fb4c8c9c8222]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/9/7e94f34ffe41657b]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/9/7e95e2c40763ba5c]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/9/7e985c034d17eeb8]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/9/7e98a205f9bb3c93]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/9/7e9b705450526aa3]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/9/7e9c5f2043e82bc8]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/9/7e9ece12c12dc176]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/9/7e9fb661a5170bc6]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/a/7ea027c7956e1599]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/a/7ea2016c0bc5d96c]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/a/7ea24b53d4e971f3]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/a/7ea25edb5041fa24]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/a/7ea398a4aa17f6e8]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/a/7ea3d5d9f866d6ff]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/a/7ea45ad4fbdde56a]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/a/7ea50675c1ce3d01]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/a/7ea77537f90285b5]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/a/7eaa99751994192d]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/a/7eac19eef9f00339]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/a/7eacc93c653464a4]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/a/7eae62e58d452ffa]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/a/7eae94b80074dc70]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/a/7eaf44593227a0c6]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/b/7eb091f15d2aa617]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/b/7eb4cff0310907f3]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/b/7eb5b1dd0a383f2a]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/b/7eb5cb03183a903f]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/b/7eb8a5eba0df12e7]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/b/7eb95c7cf39b6a66]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/b/7eb9b295ea1b24d1]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/b/7eba4b9ba43fde0c]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/b/7ebb641449669bf3]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/b/7ebb65b009daf1a9]: Connection refused
# Clamd Error for [SCAN /home/dubayplm/lscache/7/e/b/7ebb7b8367a1a517]: Connection refused

'/home/dubayplm/mail/new'
# Skipped - too many resources: 143930 ( > filemax=50000)

'/home/dubayplm/public_html/@LongLink/@LongLink/fsRHgbnmeSKcLkE.gif'
# Suspicious image file (hidden script file)

'/home/dubayplm/public_html/cgi-bin/cgi-bin/vKMrGcXQpkVtJSb.jpeg'
# Suspicious image file (hidden script file)

'/home/dubayplm/public_html/home/home/PfhIHakbvGz.jpeg'
# Suspicious image file (hidden script file)

'/home/dubayplm/public_html/wp-content/plugins/akismet/_inc/img/logo-rsrsnsq.png'
# Suspicious image file (hidden script file)
# Universal decode regex match = [universal decoder]

'/home/dubayplm/public_html/wp-content/plugins/astra-widgets/admin/bsf-analytics/assets/assets.css'
# Universal decode regex match = [universal decoder]

'/home/dubayplm/public_html/wp-content/plugins/fast-indexing-api/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571k1.php'
# Universal decode regex match = [universal decoder]

'/home/dubayplm/public_html/wp-content/plugins/fast-indexing-api/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571r1.php'
# Universal decode regex match = [universal decoder]

'/home/dubayplm/public_html/wp-content/plugins/filester/includes/File_manager/FileManager.php'
# Universal decode regex match = [universal decoder]

'/home/dubayplm/public_html/wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571k1.php'
# Universal decode regex match = [universal decoder]

'/home/dubayplm/public_html/wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571r1.php'
# Universal decode regex match = [universal decoder]

'/home/dubayplm/public_html/wp-content/plugins/royal-elementor-addons/admin/plugin-options.php'
# Universal decode regex match = [universal decoder]

'/home/dubayplm/public_html/wp-content/plugins/wp-optimize/includes/class-wp-optimize-admin.php'
# Universal decode regex match = [universal decoder]

'/home/dubayplm/public_html/wp-content/plugins/wpforms-lite/wpforms-lite/ogm_6933d79603963.zip'
# (compressed file: b_6933d79603963.tmp [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P2189]]

'/home/dubayplm/public_html/wp-content/themes/astra/admin/includes/class-astra-menu.php'
# Universal decode regex match = [universal decoder]

'/home/dubayplm/public_html/wp-content/uploads/al_opt_content/CSS/dubaiadventureplus.com'
# World writeable directory

'/home/dubayplm/public_html/wp-content/uploads/al_opt_content/SCRIPT/dubaiadventureplus.com'
# World writeable directory

'/home/dubayplm/public_html/wp-includes/Text/Diff/Engine/rsrsnsq.ttf'
# Universal decode regex match = [universal decoder]

'/home/dubayplm/public_html/wp-includes/blocks/cover/style-rel.css'
# Universal decode regex match = [universal decoder]

'/home/dubayplm/public_html/wp-includes/blocks/navigation-link/content.php'
# Universal decode regex match = [universal decoder]
# (decoded file [advanced decoder: 14 (depth: 1)]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P1425]]

'/home/dubayplm/public_html/wp-includes/images/w-efefafd.gif'
# Suspicious image file (hidden script file)
# Universal decode regex match = [universal decoder]

'/home/dubayplm/public_html/wp-includes/images/wpspin-1x.gif'
# Suspicious image file (hidden script file)

'/home/dubayplm/public_html/wp-includes/images/xit-3x.gif'
# Suspicious image file (hidden script file)

'/home/dubayplm/public_html/wp-includes/images/media/efefafd.png'
# Suspicious image file (hidden script file)
# Universal decode regex match = [universal decoder]

'/home/dubayplm/public_html/wp-includes/js/tinymce/plugins/charmap/charmap/hCLZXcrNqvJVtPkzy.jpg'
# Suspicious image file (hidden script file)

'/home/dubayplm/reddunesafari.dubaiadventureplus.com/cities/razor-bughy/razor-bughy.php'
# Universal decode regex match = [universal decoder]

'/home/dubayplm/reddunesafari.dubaiadventureplus.com/cities/razor-bughy/blue_water_dubai/blue_water_dubai/TGKfMzBVphLsFWatiC.gif'
# Suspicious image file (hidden script file)

'/home/dubayplm/reddunesafari.dubaiadventureplus.com/cities/razor-bughy/jlt_dubai/index.php'
# Universal decode regex match = [universal decoder]
# (decoded file [advanced decoder: 14 (depth: 1)]) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P1900]]

'/home/dubayplm/reddunesafari.dubaiadventureplus.com/images/partners/index.php'
# Universal decode regex match = [universal decoder]

----------- SCAN SUMMARY -----------
Scanned directories: 10717
Scanned files: 78544
Ignored items: 123
Suspicious matches: 36
Viruses found: 0
Fingerprint matches: 3
Data scanned: 5395.36 MB
Scan peak memory: 413692 kB
Scan time/item: 0.021 sec
Scan time: 1917.040 sec

• [D] .cagefs
• [D] .caldav
• [D] .cl.selector
• [D] .clwpos
• [D] .cpanel
• [D] .cphorde
• [D] .htpasswds
• [D] .nc_plugin
• [D] .pki
• [D] .razor
• [D] .softaculous
• [D] .spamassassin
• [D] .trash
• [D] access-logs
• [D] bin
• [D] etc
• [D] logs
• [D] lscache
• [D] lscmData
• [D] mail
• [D] perl5
• [D] php
• [D] public_ftp
• [D] public_html
• [D] reddunesafari.dubaiadventureplus.com
• [D] softaculous_backups
• [D] ssl
• [D] tmp
• [D] www
• [D] xb1-australia.dubaiadventureplus.com
• [F] .bash_logout
  Delete
• [F] .bash_profile
  Delete
• [F] .bashrc
  Delete
• [F] .clamavconnector.status
  Delete
• [F] .contactemail
  Delete
• [F] .dns
  Delete
• [F] .gemrc
  Delete
• [F] .imunify_patch_id
  Delete
• [F] .last.inodes
  Delete
• [F] .lastlogin
  Delete
• [F] .myimunify_id
  Delete
• [F] .pearrc
  Delete
• [F] .spamassassinboxenable
  Delete
• [F] .spamassassinenable
  Delete
• [F] .zshrc
  Delete
• [F] backup-8.30.2023_04-02-36_dubayplm.tar.gz
  Delete
• [F] scanreport-dubayplm-Aug_16_2021_08h19m.txt
  Delete
• [F] scanreport-dubayplm-Dec_10_2025_03h42m.txt
  Delete