----------- SCAN REPORT -----------
TimeStamp: Wed, 24 Dec 2025 02:41:51 -0500
(/usr/sbin/cxs --background --clamdsock /var/clamd --dbreport --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 50000 --noforce --html --ignore /etc/cxs/cxs.ignore.manual --options mMOLfSGchexdnwZDRru --noprobability --qoptions Mv --report /home/idolaotomotif/scanreport-idolaotomotif-Dec_24_2025_02h41m.txt --sizemax 1000000 --ssl --summary --sversionscan --timemax 30 --unofficial --user idolaotomotif --virusscan --vmrssmax 2000000 --waitscan 0 --xtra /etc/cxs/cxs.xtra.manual)


Scanning /home/idolaotomotif:

'/home/idolaotomotif/access-logs'
# Symlink to [/etc/apache2/logs/domlogs/idolaotomotif]

'/home/idolaotomotif/kineva.net/V2_xml.php'
# Suspicious image file (hidden script file)

'/home/idolaotomotif/kineva.net/wp-content/plugins/classic-editor/classic-editor.php'
# Script version check [OLD] [Classic Editor v1.5 < v1.6.7]

'/home/idolaotomotif/kineva.net/wp-includes/version.php'
# Script version check [OLD] [Wordpress v5.3.10 < v6.8.2]

'/home/idolaotomotif/mail/new'
# Skipped - too many resources: 174304 ( > filemax=50000)

'/home/idolaotomotif/membuatwebsite.biz/V2_xml.php'
# Suspicious image file (hidden script file)

'/home/idolaotomotif/membuatwebsite.biz/images/images/images/images/png_69474251c779a.zip'
# (compressed file: b_69474251c779a.tmp [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P2189]]

'/home/idolaotomotif/membuatwebsite.biz/images/images/images/images/images/ZrThsLAqgfQRBClcE.jpg'
# Suspicious image file (hidden script file)

'/home/idolaotomotif/membuatwebsite.biz/images/images/images/images/images/images/images/xbm_69487e1f29f8f.zip'
# (compressed file: b_69487e1f29f8f.tmp [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2202]]

'/home/idolaotomotif/membuatwebsite.biz/wp-admin/js/widgets/widgets/CFlVHPkNIAUjQyxrZa.tiff'
# Suspicious image file (hidden script file)

'/home/idolaotomotif/membuatwebsite.biz/wp-content/plugins/akismet/_inc/img/logo-ososrqrnprnqrso.png'
# Suspicious image file (hidden script file)
# Universal decode regex match = [universal decoder]

'/home/idolaotomotif/membuatwebsite.biz/wp-includes/ltkyqw.php'
# Universal decode regex match = [universal decoder]

'/home/idolaotomotif/membuatwebsite.biz/wp-includes/Text/Diff/Engine/ososrqrnprnqrso.ttf'
# Universal decode regex match = [universal decoder]

'/home/idolaotomotif/membuatwebsite.biz/wp-includes/blocks/cover/style-rel.css'
# Universal decode regex match = [universal decoder]

'/home/idolaotomotif/membuatwebsite.biz/wp-includes/blocks/verse/verse/ZLisMnguSjGv.tif'
# Suspicious image file (hidden script file)

'/home/idolaotomotif/membuatwebsite.biz/wp-includes/css/dist/preferences/xnuzxl.php'
# Universal decode regex match = [universal decoder]

'/home/idolaotomotif/membuatwebsite.biz/wp-includes/images/w-bfbfedeaceadefb.gif'
# Suspicious image file (hidden script file)
# Universal decode regex match = [universal decoder]

'/home/idolaotomotif/membuatwebsite.biz/wp-includes/images/wpspin-1x.gif'
# Suspicious image file (hidden script file)

'/home/idolaotomotif/membuatwebsite.biz/wp-includes/images/xit-3x.gif'
# Suspicious image file (hidden script file)

'/home/idolaotomotif/membuatwebsite.biz/wp-includes/images/media/bfbfedeaceadefb.png'
# Suspicious image file (hidden script file)
# Universal decode regex match = [universal decoder]

'/home/idolaotomotif/membuatwebsite.biz/wp-includes/sodium_compat/src/Core/ChaCha20/ChaCha20/gif_693a3e8637c2f.zip'
# (compressed file: b_693a3e8637c2f.tmp [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P2189]]

'/home/idolaotomotif/public_ftp/incoming'
# World writeable directory

'/home/idolaotomotif/public_html/V2_xml.php'
# Suspicious image file (hidden script file)

'/home/idolaotomotif/public_html/images/images/TtUSEnhgM.tiff'
# Suspicious image file (hidden script file)

'/home/idolaotomotif/public_html/images/images/images/images/images/images/images/images/iJWwcHslMrn.tiff'
# Suspicious image file (hidden script file)

'/home/idolaotomotif/public_html/images/images/images/images/images/images/images/images/images/mp3_694a32c01bd6e.zip'
# (compressed file: b_694a32c01bd6e.tmp [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2202]]

'/home/idolaotomotif/public_html/wp-admin/css/colors/modern/modern/modern/cache.php'
# Known exploit = [Fingerprint Match (fp)] [PHP Injection Attack [P1261]]

'/home/idolaotomotif/public_html/wp-content/plugins/akismet/_inc/img/logo-sqrnoqpnooorrp.png'
# Suspicious image file (hidden script file)

'/home/idolaotomotif/public_html/wp-content/plugins/disable-comments/languages/languages/avi_6932d127d1566.zip'
# (compressed file: b_6932d127d1566.tmp [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P2189]]

'/home/idolaotomotif/public_html/wp-content/plugins/wordfence/models/models/MC.png'
# Suspicious image file (hidden script file)

'/home/idolaotomotif/public_html/wp-includes/images/w-fdeabdcabbbeec.gif'
# Suspicious image file (hidden script file)

'/home/idolaotomotif/public_html/wp-includes/images/wpspin-1x.gif'
# Suspicious image file (hidden script file)

'/home/idolaotomotif/public_html/wp-includes/images/xit-3x.gif'
# Suspicious image file (hidden script file)

'/home/idolaotomotif/public_html/wp-includes/images/media/fdeabdcabbbeec.png'
# Suspicious image file (hidden script file)

'/home/idolaotomotif/public_html/wp-includes/js/dist/script-modules/script-modules/XwMukUiFnRxT.jpg'
# Suspicious image file (hidden script file)

'/home/idolaotomotif/resepsehat.biz/wp-content/plugins/classic-editor/classic-editor.php'
# Script version check [OLD] [Classic Editor v1.6 < v1.6.7]

'/home/idolaotomotif/resepsehat.biz/wp-content/plugins/disable-comments/disable-comments.php'
# Script version check [OLD] [Disable Comments v2.1.0 < v2.4.7]

'/home/idolaotomotif/resepsehat.biz/wp-content/plugins/wordpress-seo/wp-seo.php'
# Script version check [OLD] [Yoast SEO v16.0.2 < v24.9]

'/home/idolaotomotif/resepsehat.biz/wp-content/uploads/js_composer'
# World writeable directory

'/home/idolaotomotif/resepsehat.biz/wp-includes/version.php'
# Script version check [OLD] [Wordpress v5.7.10 < v6.8.2]

'/home/idolaotomotif/totalcard.biz/V2_xml.php'
# Suspicious image file (hidden script file)

'/home/idolaotomotif/totalcard.biz/images/images/images/images/images/images/jpeg_69422b4ad1f50.zip'
# (compressed file: b_69422b4ad1f50.tmp [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2202]]

'/home/idolaotomotif/totalcard.biz/wordpress/wordpress/wordpress/jpeg_692e7ee282649.zip'
# (compressed file: b_692e7ee282649.tmp [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2202]]

'/home/idolaotomotif/totalcard.biz/wp-admin/css/colors/midnight/midnight/mzwBLaQ.jpeg'
# Suspicious image file (hidden script file)

'/home/idolaotomotif/totalcard.biz/wp-content/plugins/akismet/_inc/img/logo-oorrsprqon.png'
# Suspicious image file (hidden script file)
# Universal decode regex match = [universal decoder]

'/home/idolaotomotif/totalcard.biz/wp-content/plugins/blossomthemes-email-newsletter/vendor/getresponse/sdk-php/src/Operation/ClickTracks/ClickTracks/xgf.gif'
# Suspicious image file (hidden script file)

'/home/idolaotomotif/totalcard.biz/wp-content/plugins/blossomthemes-email-newsletter/vendor/getresponse/sdk-php/src/Operation/RssNewsletters/CreateRssNewsletter/CreateRssNewsletter/FncHg.gif'
# Suspicious image file (hidden script file)

'/home/idolaotomotif/totalcard.biz/wp-content/plugins/wordpress-seo/src/user-meta/infrastructure/infrastructure/AtKrVuShnpHBWZ.png'
# Suspicious image file (hidden script file)

'/home/idolaotomotif/totalcard.biz/wp-includes/Requests/src/Utility/Utility/uGithasg.gif'
# Suspicious image file (hidden script file)

'/home/idolaotomotif/totalcard.biz/wp-includes/Text/Diff/Engine/oorrsprqon.ttf'
# Universal decode regex match = [universal decoder]

'/home/idolaotomotif/totalcard.biz/wp-includes/assets/assets/FEMxJwkShy.jpg'
# Suspicious image file (hidden script file)

'/home/idolaotomotif/totalcard.biz/wp-includes/blocks/cover/style-rel.css'
# Universal decode regex match = [universal decoder]

'/home/idolaotomotif/totalcard.biz/wp-includes/css/dist/commands/commands/tzTUnFyBRcAqeYk.png'
# Suspicious image file (hidden script file)

'/home/idolaotomotif/totalcard.biz/wp-includes/images/w-bbeefcedba.gif'
# Suspicious image file (hidden script file)
# Universal decode regex match = [universal decoder]

'/home/idolaotomotif/totalcard.biz/wp-includes/images/wpspin-1x.gif'
# Suspicious image file (hidden script file)

'/home/idolaotomotif/totalcard.biz/wp-includes/images/xit-3x.gif'
# Suspicious image file (hidden script file)

'/home/idolaotomotif/totalcard.biz/wp-includes/images/media/bbeefcedba.png'
# Suspicious image file (hidden script file)
# Universal decode regex match = [universal decoder]

'/home/idolaotomotif/webcool.biz/wp-includes/version.php'
# Script version check [OLD] [Wordpress v6.4.6 < v6.8.2]

----------- SCAN SUMMARY -----------
Scanned directories: 8084
Scanned files: 90327
Ignored items: 432
Suspicious matches: 64
Viruses found: 0
Fingerprint matches: 8
Data scanned: 4220.17 MB
Scan peak memory: 412232 kB
Scan time/item: 0.028 sec
Scan time: 2730.248 sec

• [D] .cache
• [D] .cagefs
• [D] .caldav
• [D] .cl.selector
• [D] .clwpos
• [D] .cpaddons
• [D] .cpanel
• [D] .cphorde
• [D] .htpasswds
• [D] .pki
• [D] .razor
• [D] .softaculous
• [D] .spamassassin
• [D] .subaccounts
• [D] .trash
• [D] _wildcard_.idolaotomotif.com
• [D] access-logs
• [D] cache
• [D] etc
• [D] idolatekno.com
• [D] kineva.net
• [D] logs
• [D] mail
• [D] membuatwebsite.biz
• [D] parawisata.us
• [D] public_ftp
• [D] public_html
• [D] resepsehat.biz
• [D] softaculous_backups
• [D] ssl
• [D] tmp
• [D] totalcard.biz
• [D] webcool.biz
• [D] www
• [F] .bash_logout
  Delete
• [F] .bash_profile
  Delete
• [F] .bashrc
  Delete
• [F] .clamavconnector.scan
  Delete
• [F] .clamavconnector.status
  Delete
• [F] .contactemail
  Delete
• [F] .ftpquota
  Delete
• [F] .gemrc
  Delete
• [F] .imunify_patch_id
  Delete
• [F] .last.inodes
  Delete
• [F] .lastlogin
  Delete
• [F] .myimunify_id
  Delete
• [F] .spamassassinboxenable
  Delete
• [F] .spamassassinenable
  Delete
• [F] .wget-hsts
  Delete
• [F] .zshrc
  Delete
• [F] scan_report-2025-09-23_23-53
  Delete
• [F] scanreport-idolaotomotif-Dec_24_2025_02h41m.txt
  Delete