HEX
Server: nginx/1.18.0
System: Linux vps-9dcdb12e 5.15.0-176-generic #186-Ubuntu SMP Fri Mar 13 11:01:42 UTC 2026 x86_64
User: ubuntu (1000)
PHP: 8.1.2-1ubuntu2.24
Disabled: exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source
$ pwd: /tmp/
Upload Files
File: //tmp/malware_hunt_result.txt
=== POLOWANIE NA MALWARE OVH Fri Jun 12 17:58:14 UTC 2026 ===

### 1. TINY FILE MANAGER (web file manager RCE) ###
Plików: 8899
Domen: 216
/var/www/3arrow.pl/wp-content/themes/astra/header-pic.php
/var/www/3arrow.pl/wp-content/themes/astra/admin/assets/build/dashboard-app.js
/var/www/3arrow.pl/wp-content/themes/twentytwentyfive/assets/fonts/fira-sans/FiraSans-Medium.woff2
/var/www/3arrow.pl/wp-content/themes/twentytwentyfive/assets/fonts/fira-sans/FiraSans-LightItalic.woff2
/var/www/3arrow.pl/wp-content/themes/twentytwentyfive/assets/fonts/fira-sans/FiraSans-ThinItalic.woff2
/var/www/3arrow.pl/wp-content/themes/twentytwentyfive/assets/fonts/fira-sans/FiraSans-Light.woff2
/var/www/_backup_a.katowice.pl_2025-10-27_1249/wp-content/mu-plugins/ultra-builder-live.php
/var/www/abagraf.com.pl/wp-content/themes/wens-portfolio/screenshot.png
/var/www/abagraf.com.pl/wp-content/themes/moza-blog/assets/img/01.jpg
/var/www/abagraf.com.pl/wp-content/themes/twentytwentyfive/assets/fonts/fira-sans/FiraSans-Medium.woff2
/var/www/abagraf.com.pl/wp-content/themes/twentytwentyfive/assets/fonts/fira-sans/FiraSans-LightItalic.woff2
/var/www/abagraf.com.pl/wp-content/themes/twentytwentyfive/assets/fonts/fira-sans/FiraSans-ThinItalic.woff2
/var/www/abagraf.com.pl/wp-content/themes/twentytwentyfive/assets/fonts/fira-sans/FiraSans-Light.woff2
/var/www/abagraf.com.pl/wp-content/themes/iris-wp/404-ajax-response.php
/var/www/abagraf.com.pl/wp-content/themes/iris-wp/resources/header-presets/images/17914308602_3eddd72aa9_hero.jpg
/var/www/abagraf.com.pl/wp-content/uploads/2023/11/feedback-3653367_1280.png
/var/www/abagraf.com.pl/wp-content/uploads/2023/11/cmyk-4137385_1280-1024x682.jpg
/var/www/abagraf.com.pl/wp-content/uploads/2025/08/720.jpg
/var/www/abagraf.com.pl/wp-content/uploads/2025/06/676.jpg
/var/www/abagraf.com.pl/wp-content/uploads/2025/06/783.jpg
/var/www/abagraf.com.pl/wp-content/uploads/2025/06/297.jpg
/var/www/abagraf.com.pl/wp-content/uploads/2025/06/30.jpg
/var/www/abagraf.com.pl/wp-content/uploads/2025/06/569.jpg
/var/www/abagraf.com.pl/wp-content/uploads/2025/06/561.jpg
/var/www/abagraf.com.pl/wp-content/uploads/2025/06/113.jpg
/var/www/abagraf.com.pl/wp-content/upgrade/wordpress-7.0-no-content/wordpress/wp-includes/css/dashicons.min.css
/var/www/abagraf.com.pl/wp-content/upgrade/wordpress-7.0-no-content/wordpress/wp-includes/css/dashicons.css
/var/www/abagraf.com.pl/wp-content/upgrade/wordpress-7.0-no-content/wordpress/wp-includes/certificates/ca-bundle.crt
/var/www/abagraf.com.pl/wp-content/upgrade/wordpress-7.0-no-content/wordpress/wp-includes/build/routes/connectors-home/content.min.js
/var/www/abagraf.com.pl/wp-content/upgrade/wordpress-7.0-no-content/wordpress/wp-includes/build/routes/connectors-home/content.js
/var/www/abagraf.com.pl/wp-content/plugins/superb-blocks/assets/img/gutenberg-patterns-bg.svg
/var/www/abagraf.com.pl/wp-content/plugins/superb-blocks/assets/img/elementor-illustration-cards-medium.jpg
/var/www/abagraf.com.pl/wp-content/plugins/the-post-grid/assets/images/our-plugins/classified-listing.gif
/var/www/abagraf.com.pl/wp-content/plugins/the-post-grid/assets/images/our-plugins/food-menu.gif
/var/www/abagraf.com.pl/wp-content/plugins/elementor/assets/images/app/onboarding/Illustration_Setup.svg
/var/www/abagraf.com.pl/wp-content/plugins/elementor/assets/images/app/onboarding/Illustration_Account.svg
/var/www/abagraf.com.pl/wp-content/plugins/cookie-law-info/class-autoloader-other.php
/var/www/abagraf.com.pl/wp-content/plugins/cookie-law-info/lite/admin/package-lock.json
/var/www/abdietetyk.pl/wp-content/themes/kadence/offline-session.php
/var/www/abdietetyk.pl/wp-content/themes/twentytwentyfive/assets/fonts/fira-sans/FiraSans-Medium.woff2

### 2. WEB SHELLE / eval-RCE (eval z _POST/_GET/_REQUEST/_SERVER, system, shell_exec) ###
Plików: 0

### 3. ZACIEMNIONE LOADERY (eval(base64/gzinflate/str_rot13)) ###
Plików: 3
/var/www/arsmedica.bialystok.pl/wp-content/plugins/akismet/views/views/cache.php
/var/www/brutals.pl/wp-content/plugins/fqfuqrk/admin/assets/search-api/index.php
/var/www/expertoo.pl/wp-content/cache/seraphinite-accelerator/s/m/v/cmn/c/0/s/@/s/@/o/muh1/muh1/cache.php

### 4. PODMIENIONY TYTUL NA KASYNO (vavada/kasyno injection w plikach) ###
Plików: 12
/var/www/activerock.pl/wp-content/uploads/rank-math/rank_math_04ff41a6af1d1dc88dc79376162f74ff.xml
/var/www/activerock.pl/wp-content/uploads/rank-math/rank_math_2081330c94807609266eba7ca9c56b64.xml
/var/www/activerock.pl/wp-content/uploads/rank-math/rank_math_5f093f7eb0e04f44a939b31598594b5f.xml
/var/www/brutals.pl/wp-content/uploads/rank-math/rank_math_5ffa253257d3bcc1c750f8c5bc31d9d0.xml
/var/www/brutals.pl/wp-content/uploads/rank-math/rank_math_442122fc785630530fc615cee07ced17.xml
/var/www/brutals.pl/wp-content/uploads/rank-math/rank_math_b4d98c7706e85212c431c41b3d5b1c01.xml
/var/www/brutals.pl/wp-content/uploads/rank-math/rank_math_1202e30ce6e9dc173e2a345d06663bb6.xml
/var/www/brutals.pl/wp-content/uploads/rank-math/rank_math_fd875faa058af59eca3619db74d3cd8c.xml
/var/www/chwilowki-online-bez-weryfikacji.pl/wp-content/uploads/wpo/logs/cache-b3ad0d7eebe42eb2d241.log
/var/www/chwilowki-online-bez-weryfikacji.pl/wp-content/uploads/rank-math/rank_math_487a8527b06dd8bace31b7692ea52952.xml
/var/www/chwilowki-online-bez-weryfikacji.pl/wp-content/uploads/rank-math/rank_math_555ad47efc53057090d4351e87388454.xml
/var/www/chwilowki-online-bez-weryfikacji.pl/wp-content/litespeed/vpi/.litespeed_conf.dat

### 5. PLIKI IMMUTABLE (chattr +i - backdoor chroni przed usunieciem) ###
Immutable plików (próbka): 0

### 6. PODEJRZANE PLIKI w wp-admin (poza standardem: crows, falls, fox, itp) ###
Niestandardowych katalogów wp-admin: 2
/var/www/dydaktykamuzyka.pl/wp-admin/ID3
/var/www/dydaktykamuzyka.pl/wp-admin/uploads

MALWARE_HUNT_DONE
@ Telegram