BPS MSCAN LOG
======================
======================


[MScan Scan Start: September 30, 2017 11:21 pm]
Scan Time Calculation: Start Count total files to scan.
Scan Time Calculation: Max File Size Limit to Scan: 400 KB
Scan Time Calculation: Total Website Files: 8850
Scan Time Calculation: Total Skipped Files (larger than 400 KB): 17
Scan Time Calculation: Total WP Core Files to Scan: 1321
Scan Time Calculation: Total non-Image Files to Scan: 3361
Scan Time Calculation: Total Image Files to Scan: 0
Scan Time Calculation: Total Files to Scan (WP Core + non-Image + Image): 4682
Scan Time Calculation: Hosting Account Root Folders to Scan: .qidb, wp-admin, wp-content, wp-includes, wp-snapshots
Scan Time Calculation: WP Hash Time Estimate: +30 Seconds
Scan Time Calculation: WP Core Files Time Estimate: +3 Seconds
Scan Time Calculation: non-Image Files Time Estimate: +124 Seconds
Scan Time Calculation: Image Files Time Estimate: +0 Seconds
Scan Time Calculation: DB Size Time Estimate: +3 Seconds
Scan Time Calculation: Scan Time Estimate: 160 Seconds
Scan Time Calculation Completion Time: 00:00:00
WP Zip File Download: Start wordpress-4.8.2.zip zip file download.
WP Zip File Download Completion Time: 00:00:01
WP Zip File Extraction: Start ZipArchive zip file extraction.
WP Zip File Extraction Completion Time: 00:00:06
WP MD5 File Hash Maker & Cleanup: Start creating the wp-hashes.php file.
WP MD5 File Hash Maker & Cleanup: wp-hashes.php file created.
WP MD5 File Hash Maker & Cleanup: Start /bps-backup/wp-hashes/ folder cleanup.
WP MD5 File Hash Maker & Cleanup: WP wordpress-4.8.2.zip file deleted.
WP MD5 File Hash Maker & Cleanup: Extracted /bps-backup/wp-hashes/wordpress/ folder deleted.
WP MD5 File Hash Maker & Cleanup Completion Time: 00:00:00
Scanning Files: Start scanning files.
Scanning Files: Start WP Core file scan.
Scanning Files: Suspicious|Modified|Unknown WP Core files:
Scanning Files WP Core: No Suspicious|Modified|Unknown WP Core files were found.
Scanning Files: WP Core file scan completed.
Scanning Files: Start non-Image file (php, js, etc) scan.
Scanning Files: Suspicious code pattern matches:
Scanning Files (php, html, etc): File: /home/gregso5/public_html/wp-content/wflogs/rules.php
Scanning Files (php, html, etc): Code Pattern Match: |iframe|
Scanning Files (php, html, etc): File: /home/gregso5/public_html/wp-content/wflogs/ips.php
Scanning Files (php, html, etc): Code Pattern Match: __halt_compiler
Scanning Files (php, html, etc): File: /home/gregso5/public_html/wp-content/wflogs/attack-data.php
Scanning Files (php, html, etc): Code Pattern Match: __halt_compiler
Scanning Files .js: File: /home/gregso5/public_html/wp-content/themes/Divi/js/custom.min.js
Scanning Files .js: Code Pattern Match: visibility:hidden
Scanning Files (php, html, etc): File: /home/gregso5/public_html/wp-content/themes/Divi/core/components/Portability.php
Scanning Files (php, html, etc): Code Pattern Match: base64_decode(
Scanning Files .js: File: /home/gregso5/public_html/wp-content/themes/Divi/includes/builder/scripts/salvattore.min.js
Scanning Files .js: Code Pattern Match: visibility:hidden
Scanning Files .js: File: /home/gregso5/public_html/wp-content/themes/Divi/includes/builder/scripts/ext/jquery.validate.js
Scanning Files .js: Code Pattern Match: %28ty
Scanning Files .js: File: /home/gregso5/public_html/wp-content/themes/Divi/includes/builder/frontend-builder/assets/vendors/plugins/codesample/plugin.min.js
Scanning Files .js: Code Pattern Match: |exec|
Scanning Files .js: File: /home/gregso5/public_html/wp-content/themes/Divi/includes/builder/frontend-builder/assets/vendors/plugins/legacyoutput/plugin.min.js
Scanning Files .js: Code Pattern Match: s||c);r
Scanning Files .js: File: /home/gregso5/public_html/wp-content/themes/Divi/includes/builder/frontend-builder/assets/vendors/plugins/wordcount/plugin.min.js
Scanning Files .js: Code Pattern Match: \x0B
Scanning Files (php, html, etc): File: /home/gregso5/public_html/wp-content/plugins/divi-switch/divi-switch.php
Scanning Files (php, html, etc): Code Pattern Match: base64_decode(
Scanning Files (php, html, etc): File: /home/gregso5/public_html/wp-content/plugins/divi-switch/plugin-updates/github-checker.php
Scanning Files (php, html, etc): Code Pattern Match: base64_decode(
Scanning Files (php, html, etc): File: /home/gregso5/public_html/wp-content/plugins/divi-switch/plugin-updates/vendor/readme-parser.php
Scanning Files (php, html, etc): Code Pattern Match: \xEF\xBB
Scanning Files (php, html, etc): File: /home/gregso5/public_html/wp-content/plugins/monarch/core/components/Portability.php
Scanning Files (php, html, etc): Code Pattern Match: base64_decode(
Scanning Files (php, html, etc): File: /home/gregso5/public_html/wp-content/plugins/monarch/includes/oauth.php
Scanning Files (php, html, etc): Code Pattern Match: base64_decode(
Scanning Files .js: File: /home/gregso5/public_html/wp-content/plugins/bloom/dashboard/js/tinymce/js/tinymce/tinymce.min.js
Scanning Files .js: Code Pattern Match: \x20\
Scanning Files .js: File: /home/gregso5/public_html/wp-content/plugins/bloom/dashboard/js/tinymce/js/tinymce/plugins/legacyoutput/plugin.min.js
Scanning Files .js: Code Pattern Match: s||c);r
Scanning Files .js: File: /home/gregso5/public_html/wp-content/plugins/bloom/dashboard/js/tinymce/js/tinymce/plugins/wordcount/plugin.min.js
Scanning Files .js: Code Pattern Match: \x27\
Scanning Files (php, html, etc): File: /home/gregso5/public_html/wp-content/plugins/bloom/core/components/Portability.php
Scanning Files (php, html, etc): Code Pattern Match: base64_decode(
Scanning Files (php, html, etc): File: /home/gregso5/public_html/wp-content/plugins/divi-booster/core/fixes/034-import-settings/functions.php
Scanning Files (php, html, etc): Code Pattern Match: gzinflate(
Scanning Files (php, html, etc): File: /home/gregso5/public_html/wp-content/plugins/loginizer/IPv6/BigInteger.php
Scanning Files (php, html, etc): Code Pattern Match: 10000000
Scanning Files (php, html, etc): File: /home/gregso5/public_html/wp-content/plugins/accelerated-mobile-pages/accelerated-moblie-pages.php
Scanning Files (php, html, etc): Code Pattern Match: o0
Scanning Files .js: File: /home/gregso5/public_html/wp-content/plugins/divi-builder/dashboard/js/tinymce/js/tinymce/tinymce.min.js
Scanning Files .js: Code Pattern Match: \x20\
Scanning Files .js: File: /home/gregso5/public_html/wp-content/plugins/divi-builder/dashboard/js/tinymce/js/tinymce/plugins/legacyoutput/plugin.min.js
Scanning Files .js: Code Pattern Match: s||c);r
Scanning Files .js: File: /home/gregso5/public_html/wp-content/plugins/divi-builder/dashboard/js/tinymce/js/tinymce/plugins/wordcount/plugin.min.js
Scanning Files .js: Code Pattern Match: \x27\
Scanning Files .js: File: /home/gregso5/public_html/wp-content/plugins/divi-builder/js/divi-builder.min.js
Scanning Files .js: Code Pattern Match: visibility:hidden
Scanning Files (php, html, etc): File: /home/gregso5/public_html/wp-content/plugins/divi-builder/core/components/Portability.php
Scanning Files (php, html, etc): Code Pattern Match: base64_decode(
Scanning Files .js: File: /home/gregso5/public_html/wp-content/plugins/divi-builder/includes/builder/scripts/salvattore.min.js
Scanning Files .js: Code Pattern Match: visibility:hidden
Scanning Files .js: File: /home/gregso5/public_html/wp-content/plugins/divi-builder/includes/builder/scripts/ext/jquery.validate.js
Scanning Files .js: Code Pattern Match: %28ty
Scanning Files .js: File: /home/gregso5/public_html/wp-content/plugins/divi-builder/includes/builder/frontend-builder/assets/vendors/plugins/codesample/plugin.min.js
Scanning Files .js: Code Pattern Match: |exec|
Scanning Files .js: File: /home/gregso5/public_html/wp-content/plugins/divi-builder/includes/builder/frontend-builder/assets/vendors/plugins/legacyoutput/plugin.min.js
Scanning Files .js: Code Pattern Match: s||c);r
Scanning Files .js: File: /home/gregso5/public_html/wp-content/plugins/divi-builder/includes/builder/frontend-builder/assets/vendors/plugins/wordcount/plugin.min.js
Scanning Files .js: Code Pattern Match: \x0B
Scanning Files .htaccess: No Suspicious .htaccess code pattern matches were found.
Scanning Files: non-Image file (php, js, etc) scan completed.
Scanning Files: Scanning files completed.
Scanning Database: Start database scan.
Scanning Database: Suspicious code pattern matches:
Scanning Database: DB Table: wpbd_posts | Column|Field: post_content | Primary Key ID: 30922
Scanning Database: Code Pattern Match: <iframe
Scanning Database: DB Table: wpbd_posts | Column|Field: post_content | Primary Key ID: 30902
Scanning Database: Code Pattern Match: <iframe
Scanning Database: DB Table: wpbd_posts | Column|Field: post_content | Primary Key ID: 30909
Scanning Database: Code Pattern Match: <iframe
Scanning Database: DB Table: wpbd_posts | Column|Field: post_content | Primary Key ID: 30910
Scanning Database: Code Pattern Match: <iframe
Scanning Database: DB Table: wpbd_posts | Column|Field: post_content | Primary Key ID: 30911
Scanning Database: Code Pattern Match: <iframe
Scanning Database: DB Table: wpbd_posts | Column|Field: post_content | Primary Key ID: 30912
Scanning Database: Code Pattern Match: <iframe
Scanning Database: DB Table: wpbd_posts | Column|Field: post_content | Primary Key ID: 30913
Scanning Database: Code Pattern Match: <iframe
Scanning Database: DB Table: wpbd_posts | Column|Field: post_content | Primary Key ID: 30914
Scanning Database: Code Pattern Match: <iframe
Scanning Database: DB Table: wpbd_posts | Column|Field: post_content | Primary Key ID: 30916
Scanning Database: Code Pattern Match: <iframe
Scanning Database: DB Table: wpbd_posts | Column|Field: post_content | Primary Key ID: 30915
Scanning Database: Code Pattern Match: <iframe
Scanning Database: DB Table: wpbd_posts | Column|Field: post_content | Primary Key ID: 30917
Scanning Database: Code Pattern Match: <iframe
Scanning Database: DB Table: wpbd_posts | Column|Field: post_content | Primary Key ID: 30923
Scanning Database: Code Pattern Match: <iframe
Scanning Database: Database scan completed.
Scanning Files & Database Completion Time: 00:00:02
Delete /tmp Files: tmp files have been deleted.

[MScan Scan Start: September 30, 2017 11:26 pm]
Scan Time Calculation: Start Count total files to scan.
Scan Time Calculation: Skipped File Scan is set to On. Only Skipped files will be scanned.
Scan Time Calculation: Total Skipped Files to Scan: 73
Scan Time Calculation: Hosting Account Root Folders to Scan: .qidb, wp-admin, wp-content, wp-includes, wp-snapshots
Scan Time Calculation: Total Size of all Skipped Files: 59.45 MB
Scan Time Calculation: WP Hash Time Estimate: +0 Seconds
Scan Time Calculation: Skipped Files Time Estimate: 68 Seconds
Scan Time Calculation Completion Time: 00:00:00
WP Zip File Download: The wp-hashes.php file already exists for WordPress 4.8.2. The wordpress-4.8.2.zip was not downloaded again.
WP Zip File Extraction: The wp-hashes.php file already exists for WordPress 4.8.2. The wordpress-4.8.2.zip file does not need to be extracted.
WP MD5 File Hash Maker: The wp-hashes.php file already exists for WordPress 4.8.2. The wp-hashes.php file was not created again.
Scanning Files: Start scanning files.
Scanning Skipped Files: Start Skipped file scan.
Scanning Skipped Files: Suspicious code pattern matches:
Scanning Skipped Files (php, html, etc): File: /home/gregso5/public_html/wp-content/wflogs/config.php
Scanning Skipped Files (php, html, etc): Code Pattern Match: __halt_compiler
Scanning Skipped Files .js: File: /home/gregso5/public_html/wp-content/themes/Divi/includes/builder/frontend-builder/assets/vendors/tinymce.min.js
Scanning Skipped Files .js: Code Pattern Match: \x20\
Scanning Skipped Files .js: File: /home/gregso5/public_html/wp-content/themes/Divi/includes/builder/frontend-builder/bundle.js
Scanning Skipped Files .js: Code Pattern Match: visibility:hidden
Scanning Skipped Files .js: File: /home/gregso5/public_html/wp-content/plugins/divi-builder/includes/builder/frontend-builder/assets/vendors/tinymce.min.js
Scanning Skipped Files .js: Code Pattern Match: \x20\
Scanning Skipped Files .js: File: /home/gregso5/public_html/wp-content/plugins/divi-builder/includes/builder/frontend-builder/bundle.js
Scanning Skipped Files .js: Code Pattern Match: visibility:hidden
Scanning Skipped Files (php, html, etc): File: /home/gregso5/public_html/wp-snapshots/20170803_gregsonstudios_3d519cc9cad46d7b7291170803172319_installer.php
Scanning Skipped Files (php, html, etc): Code Pattern Match: base64_decode(
Scanning Skipped Files (php, html, etc): File: /home/gregso5/public_html/wp-snapshots/20170803_gregsonstudios_795489ec5fa76dfe6876170823055231_installer.php
Scanning Skipped Files (php, html, etc): Code Pattern Match: base64_decode(
Scanning Skipped Files .htaccess: No Suspicious .htaccess code pattern matches were found.
Scanning Skipped Files (png, jpg, etc): No Suspicious code (Stegosploit|Exif Hack) was found in any image files.
Scanning Skipped Files: Skipped file scan completed.
Scanning Skipped Files Completion Time: 00:00:01
Delete /tmp Files: tmp files have been deleted.

[MScan Scan Start: September 30, 2017 11:28 pm]
Scan Time Calculation: Start Count total files to scan.
Scan Time Calculation: Skipped File Scan is set to On. Only Skipped files will be scanned.
Scan Time Calculation: Total Skipped Files to Scan: 73
Scan Time Calculation: Hosting Account Root Folders to Scan: .qidb, wp-admin, wp-content, wp-includes, wp-snapshots
Scan Time Calculation: Total Size of all Skipped Files: 59.45 MB
Scan Time Calculation: WP Hash Time Estimate: +0 Seconds
Scan Time Calculation: Skipped Files Time Estimate: 68 Seconds
Scan Time Calculation Completion Time: 00:00:00
WP Zip File Download: The wp-hashes.php file already exists for WordPress 4.8.2. The wordpress-4.8.2.zip was not downloaded again.
WP Zip File Extraction: The wp-hashes.php file already exists for WordPress 4.8.2. The wordpress-4.8.2.zip file does not need to be extracted.
WP MD5 File Hash Maker: The wp-hashes.php file already exists for WordPress 4.8.2. The wp-hashes.php file was not created again.
Scanning Files: Start scanning files.
Scanning Skipped Files: Start Skipped file scan.
Scanning Skipped Files: Suspicious code pattern matches:
Scanning Skipped Files (php, html, etc): File: /home/gregso5/public_html/wp-content/wflogs/config.php
Scanning Skipped Files (php, html, etc): Code Pattern Match: __halt_compiler
Scanning Skipped Files .js: File: /home/gregso5/public_html/wp-content/themes/Divi/includes/builder/frontend-builder/assets/vendors/tinymce.min.js
Scanning Skipped Files .js: Code Pattern Match: \x20\
Scanning Skipped Files .js: File: /home/gregso5/public_html/wp-content/themes/Divi/includes/builder/frontend-builder/bundle.js
Scanning Skipped Files .js: Code Pattern Match: visibility:hidden
Scanning Skipped Files .js: File: /home/gregso5/public_html/wp-content/plugins/divi-builder/includes/builder/frontend-builder/assets/vendors/tinymce.min.js
Scanning Skipped Files .js: Code Pattern Match: \x20\
Scanning Skipped Files .js: File: /home/gregso5/public_html/wp-content/plugins/divi-builder/includes/builder/frontend-builder/bundle.js
Scanning Skipped Files .js: Code Pattern Match: visibility:hidden
Scanning Skipped Files (php, html, etc): File: /home/gregso5/public_html/wp-snapshots/20170803_gregsonstudios_3d519cc9cad46d7b7291170803172319_installer.php
Scanning Skipped Files (php, html, etc): Code Pattern Match: base64_decode(
Scanning Skipped Files (php, html, etc): File: /home/gregso5/public_html/wp-snapshots/20170803_gregsonstudios_795489ec5fa76dfe6876170823055231_installer.php
Scanning Skipped Files (php, html, etc): Code Pattern Match: base64_decode(
Scanning Skipped Files .htaccess: No Suspicious .htaccess code pattern matches were found.
Scanning Skipped Files (png, jpg, etc): No Suspicious code (Stegosploit|Exif Hack) was found in any image files.
Scanning Skipped Files: Skipped file scan completed.
Scanning Skipped Files Completion Time: 00:00:01
Delete /tmp Files: tmp files have been deleted.

[MScan Scan Start: September 30, 2017 11:31 pm]
Scan Time Calculation: Start Count total files to scan.
Scan Time Calculation: Max File Size Limit to Scan: 400 KB
Scan Time Calculation: Total Website Files: 8851
Scan Time Calculation: Total Skipped Files (larger than 400 KB): 67
Scan Time Calculation: Total WP Core Files to Scan: 1321
Scan Time Calculation: Total non-Image Files to Scan: 3332
Scan Time Calculation: Total Image Files to Scan: 2170
Scan Time Calculation: Total Files to Scan (WP Core + non-Image + Image): 6823
Scan Time Calculation: Hosting Account Root Folders to Scan: .qidb, wp-admin, wp-content, wp-includes, wp-snapshots
Scan Time Calculation: WP Hash Time Estimate: +0 Seconds
Scan Time Calculation: WP Core Files Time Estimate: +3 Seconds
Scan Time Calculation: non-Image Files Time Estimate: +123 Seconds
Scan Time Calculation: Image Files Time Estimate: +64 Seconds
Scan Time Calculation: DB Size Time Estimate: +3 Seconds
Scan Time Calculation: Scan Time Estimate: 193 Seconds
Scan Time Calculation Completion Time: 00:00:00
WP Zip File Download: The wp-hashes.php file already exists for WordPress 4.8.2. The wordpress-4.8.2.zip was not downloaded again.
WP Zip File Extraction: The wp-hashes.php file already exists for WordPress 4.8.2. The wordpress-4.8.2.zip file does not need to be extracted.
WP MD5 File Hash Maker: The wp-hashes.php file already exists for WordPress 4.8.2. The wp-hashes.php file was not created again.
Scanning Files: Start scanning files.
Scanning Files: Start WP Core file scan.
Scanning Files: Suspicious|Modified|Unknown WP Core files:
Scanning Files WP Core: No Suspicious|Modified|Unknown WP Core files were found.
Scanning Files: WP Core file scan completed.
Scanning Files: Start non-Image file (php, js, etc) scan.
Scanning Files: Suspicious code pattern matches:
Scanning Files (php, html, etc): File: /home/gregso5/public_html/wp-content/wflogs/rules.php
Scanning Files (php, html, etc): Code Pattern Match: |iframe|
Scanning Files (php, html, etc): File: /home/gregso5/public_html/wp-content/wflogs/ips.php
Scanning Files (php, html, etc): Code Pattern Match: __halt_compiler
Scanning Files (php, html, etc): File: /home/gregso5/public_html/wp-content/wflogs/attack-data.php
Scanning Files (php, html, etc): Code Pattern Match: __halt_compiler
Scanning Files .js: No Suspicious .js code pattern matches were found.
Scanning Files .htaccess: No Suspicious .htaccess code pattern matches were found.
Scanning Files: non-Image file (php, js, etc) scan completed.
Scanning Files: Start Image file scan.
Scanning Files: Suspicious code (Stegosploit|Exif Hack) matches:
Scanning Files (png, jpg, etc): No Suspicious code (Stegosploit|Exif Hack) was found in any image files.
Scanning Files: Image file scan completed.
Scanning Files: Scanning files completed.
Scanning Database: Start database scan.
Scanning Database: Suspicious code pattern matches:
Scanning Database: DB Table: wpbd_posts | Column|Field: post_content | Primary Key ID: 30922
Scanning Database: Code Pattern Match: <iframe
Scanning Database: DB Table: wpbd_posts | Column|Field: post_content | Primary Key ID: 30902
Scanning Database: Code Pattern Match: <iframe
Scanning Database: DB Table: wpbd_posts | Column|Field: post_content | Primary Key ID: 30909
Scanning Database: Code Pattern Match: <iframe
Scanning Database: DB Table: wpbd_posts | Column|Field: post_content | Primary Key ID: 30910
Scanning Database: Code Pattern Match: <iframe
Scanning Database: DB Table: wpbd_posts | Column|Field: post_content | Primary Key ID: 30911
Scanning Database: Code Pattern Match: <iframe
Scanning Database: DB Table: wpbd_posts | Column|Field: post_content | Primary Key ID: 30912
Scanning Database: Code Pattern Match: <iframe
Scanning Database: DB Table: wpbd_posts | Column|Field: post_content | Primary Key ID: 30913
Scanning Database: Code Pattern Match: <iframe
Scanning Database: DB Table: wpbd_posts | Column|Field: post_content | Primary Key ID: 30914
Scanning Database: Code Pattern Match: <iframe
Scanning Database: DB Table: wpbd_posts | Column|Field: post_content | Primary Key ID: 30916
Scanning Database: Code Pattern Match: <iframe
Scanning Database: DB Table: wpbd_posts | Column|Field: post_content | Primary Key ID: 30915
Scanning Database: Code Pattern Match: <iframe
Scanning Database: DB Table: wpbd_posts | Column|Field: post_content | Primary Key ID: 30917
Scanning Database: Code Pattern Match: <iframe
Scanning Database: DB Table: wpbd_posts | Column|Field: post_content | Primary Key ID: 30923
Scanning Database: Code Pattern Match: <iframe
Scanning Database: Database scan completed.
Scanning Files & Database Completion Time: 00:00:24
Delete /tmp Files: tmp files have been deleted.
