mirror of
https://github.com/scr34m/php-malware-scanner.git
synced 2026-06-16 12:30:35 +00:00
Compare commits
22 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
26458d20af | ||
|
|
70edc4210d | ||
|
|
aec0f56af5 | ||
|
|
2e8b9c604f | ||
|
|
802ead97cc | ||
|
|
4666a101f9 | ||
|
|
e4755feeef | ||
|
|
920cf8a4c6 | ||
|
|
aa774f4330 | ||
|
|
cd1164dbb5 | ||
|
|
77ebd8abd7 | ||
|
|
29e6c73558 | ||
|
|
bf13288367 | ||
|
|
088c0761b3 | ||
|
|
18b06fc48b | ||
|
|
f1b8b89ca5 | ||
|
|
c6a52dc67e | ||
|
|
3b76a7270e | ||
|
|
f0bdb1f1e1 | ||
|
|
43876b337b | ||
|
|
1fad164790 | ||
|
|
f4d53e89d8 |
@@ -34,7 +34,7 @@ Usage: php scan.php -d <directory>
|
|||||||
-t --time Show time of last file change
|
-t --time Show time of last file change
|
||||||
-L --line-number Display matching pattern line number in file
|
-L --line-number Display matching pattern line number in file
|
||||||
-o --output-format Custom defined output format
|
-o --output-format Custom defined output format
|
||||||
-j --wordpress-version Version of wordpress to get md5 signatures
|
-j <version> --wordpress-version Version of wordpress to get md5 signatures
|
||||||
--combined-whitelist Combined whitelist
|
--combined-whitelist Combined whitelist
|
||||||
--custom-whitelist Loads whitelist from specified file and merge with existing
|
--custom-whitelist Loads whitelist from specified file and merge with existing
|
||||||
--disable-stats Disable statistics output
|
--disable-stats Disable statistics output
|
||||||
|
|||||||
@@ -16,7 +16,48 @@ opendns
|
|||||||
phishtank
|
phishtank
|
||||||
sophos
|
sophos
|
||||||
surfright
|
surfright
|
||||||
symantec
|
# symantec - removed because already a TLD too so generate many false positives
|
||||||
|
|
||||||
# SEO poison, pharmacy redirect
|
# SEO poison, pharmacy redirect
|
||||||
dealonline.su
|
dealonline.su
|
||||||
|
|
||||||
|
# functions escaped as hexadecimal string
|
||||||
|
7068705f756e616d65
|
||||||
|
70687076657273696f6e
|
||||||
|
6368646972
|
||||||
|
676574637764
|
||||||
|
707265675f73706c6974
|
||||||
|
636f7079
|
||||||
|
66696c655f6765745f636f6e74656e7473
|
||||||
|
6261736536345f6465636f6465
|
||||||
|
69735f646972
|
||||||
|
6f625f656e645f636c65616e28293b
|
||||||
|
756e6c696e6b
|
||||||
|
6d6b646972
|
||||||
|
63686d6f64
|
||||||
|
7363616e646972
|
||||||
|
7374725f7265706c616365
|
||||||
|
68746d6c7370656369616c6368617273
|
||||||
|
7661725f64756d70
|
||||||
|
666f70656e
|
||||||
|
667772697465
|
||||||
|
66636c6f7365
|
||||||
|
64617465
|
||||||
|
66696c656d74696d65
|
||||||
|
737562737472
|
||||||
|
737072696e7466
|
||||||
|
66696c657065726d73
|
||||||
|
746f756368
|
||||||
|
66696c655f657869737473
|
||||||
|
72656e616d65
|
||||||
|
69735f6172726179
|
||||||
|
69735f6f626a656374
|
||||||
|
737472706f73
|
||||||
|
69735f7772697461626c65
|
||||||
|
69735f7265616461626c65
|
||||||
|
737472746f74696d65
|
||||||
|
66696c6573697a65
|
||||||
|
726d646972
|
||||||
|
6f625f6765745f636c65616e
|
||||||
|
7265616466696c65
|
||||||
|
617373657274
|
||||||
@@ -180,6 +180,7 @@ kZWZpbm
|
|||||||
|
|
||||||
# Obfuscation related code
|
# Obfuscation related code
|
||||||
eval("?>
|
eval("?>
|
||||||
|
eval('?>
|
||||||
"base64_decode"
|
"base64_decode"
|
||||||
='base'.(32*2).'_de'.'code'
|
='base'.(32*2).'_de'.'code'
|
||||||
"p"."r"."e"."g"."_"
|
"p"."r"."e"."g"."_"
|
||||||
@@ -202,6 +203,9 @@ gz'.'inf'.'late
|
|||||||
# fopo.com.ar - free online php obfuscator. It conveniently leaves comments in the code.
|
# fopo.com.ar - free online php obfuscator. It conveniently leaves comments in the code.
|
||||||
http://www.fopo.com.ar/
|
http://www.fopo.com.ar/
|
||||||
@eval("\
|
@eval("\
|
||||||
|
";eval(
|
||||||
|
eval(eval(
|
||||||
|
@eval(`
|
||||||
|
|
||||||
#Malware/Attack specific strings/fingerprints/signatures
|
#Malware/Attack specific strings/fingerprints/signatures
|
||||||
MagelangCyber
|
MagelangCyber
|
||||||
@@ -259,6 +263,7 @@ FaisaL Ahmed aka rEd X
|
|||||||
smisbot
|
smisbot
|
||||||
smotherbot
|
smotherbot
|
||||||
Indonesian Hacker Rulez
|
Indonesian Hacker Rulez
|
||||||
|
pwetan.com
|
||||||
|
|
||||||
# WP-VCD Malware https://www.getastra.com/blog/911/how-to-fix-wp-vcd-backdoor-hack-in-wordpress-functions-php/
|
# WP-VCD Malware https://www.getastra.com/blog/911/how-to-fix-wp-vcd-backdoor-hack-in-wordpress-functions-php/
|
||||||
wp-vcd
|
wp-vcd
|
||||||
@@ -374,3 +379,50 @@ ZeroByte
|
|||||||
# SEO poisoning control site call
|
# SEO poisoning control site call
|
||||||
"http://$xxx
|
"http://$xxx
|
||||||
?useragent=$botbotbot
|
?useragent=$botbotbot
|
||||||
|
|
||||||
|
# php://input encoded in base64
|
||||||
|
cGhwOi8vaW5wdXQ=
|
||||||
|
|
||||||
|
# backdoor script
|
||||||
|
<font color="red">Upload Gagal..</font><br />
|
||||||
|
explode('?>',$shell
|
||||||
|
0.33333333333333+0.33333333333333+0.33333333333333
|
||||||
|
0.66666666666667+0.66666666666667+0.66666666666667
|
||||||
|
1.3333333333333+1.3333333333333+1.3333333333333
|
||||||
|
class _t{private static$_
|
||||||
|
'LQ'.'=='
|
||||||
|
|
||||||
|
# common mobile agent check in SEO poison scripts
|
||||||
|
Array("1207", "3gso", "4thp", "501i", "502i", "503i", "504i", "505i", "506i",
|
||||||
|
|
||||||
|
# eval url decoded string
|
||||||
|
eval(rawurldecode('
|
||||||
|
|
||||||
|
# simple obfuscated function
|
||||||
|
'gz'.'unc'.'ompress'
|
||||||
|
'create'.'_'.'function'
|
||||||
|
'gzinf', 'la', 'te'
|
||||||
|
'e_f', 'cti', 'un', 'on', 'cr', 'eat'
|
||||||
|
'base', '64_dec', 'ode'
|
||||||
|
'cook', 'set', 'ie'
|
||||||
|
'repl', 'str_', 'ace'
|
||||||
|
"base"."64_"
|
||||||
|
'base'.'64_'
|
||||||
|
"t"."m"."p"."_"."n"."a"."m"."e"
|
||||||
|
"f"."i"."l"."e"."_"."p"."u"."t"
|
||||||
|
"f"."i"."l"."e"."_"."g"."e"."t"
|
||||||
|
'ode', 'e64_', 'bas', 'dec'
|
||||||
|
'unct', 'ion', 'te_f', 'crea'
|
||||||
|
'te', 'g', 'nf', 'l', 'a', 'zi'
|
||||||
|
'tion', 'e_func', 'creat'
|
||||||
|
'64_d', 'se', 'eco', 'de', 'ba'
|
||||||
|
'co', 'ki', 'e', 'o', 'set'
|
||||||
|
'str', '_rep', 'lace'
|
||||||
|
|
||||||
|
# process data from request object directly
|
||||||
|
extract($_REQUEST) && @$
|
||||||
|
extract($_REQUEST)&&@$
|
||||||
|
xtract($_REQUEST)&&@$
|
||||||
|
|
||||||
|
# uncompress cafted content
|
||||||
|
gzuncompress(strrev(substr(
|
||||||
|
|||||||
@@ -60,7 +60,7 @@ chr\s*\(\s*101\s*\)\s*\.\s*chr\s*\(\s*118\s*\)\s*\.\s*chr\s*\(\s*97\s*\)\s*\.\s*
|
|||||||
|
|
||||||
#Detects the '_' character encoded in a string like "\x5F". '_' is present in many functions that malware would want to hide.
|
#Detects the '_' character encoded in a string like "\x5F". '_' is present in many functions that malware would want to hide.
|
||||||
# '_' as "\x5f"
|
# '_' as "\x5f"
|
||||||
\\[Xx](5[Ff])
|
# \\[Xx](5[Ff]) - removed because generate many false positives
|
||||||
|
|
||||||
#Detects the '_' character placed inside a call to the 'chr()' function
|
#Detects the '_' character placed inside a call to the 'chr()' function
|
||||||
# '_' as 'chr(95)' or 'chr(0x5f)'
|
# '_' as 'chr(95)' or 'chr(0x5f)'
|
||||||
@@ -95,7 +95,7 @@ eval\(\$[a-z0-9_]+\(\$_POST
|
|||||||
("[a-z0-9]+"\.chr\(\d+\)\.){3,}
|
("[a-z0-9]+"\.chr\(\d+\)\.){3,}
|
||||||
|
|
||||||
# nested function call used variables
|
# nested function call used variables
|
||||||
\$[a-z]+\(\$[a-z0-9]+\(
|
\$[a-z0-9_]+\(\$[a-z0-9_]+\(
|
||||||
|
|
||||||
# GLOBALS inject with escaped content
|
# GLOBALS inject with escaped content
|
||||||
\$GLOBALS;\$\{"\\x
|
\$GLOBALS;\$\{"\\x
|
||||||
@@ -116,4 +116,41 @@ function\s+_[0-9]{8,}\(
|
|||||||
create_function\s*\(\s*['"]{2}
|
create_function\s*\(\s*['"]{2}
|
||||||
|
|
||||||
# control concated from cookie at the call
|
# control concated from cookie at the call
|
||||||
(\$[a-z]{2,}=urldecode\(\$_COOKIE\['[a-z]{2,}'\]\);){3,}
|
(\$[a-z]{2,}=urldecode\(\$_COOKIE\['[a-z]{2,}'\]\);){3,}
|
||||||
|
|
||||||
|
# ${$O{18}.$O{7}.$O{24}.$O{2}.$O{50}.$O{8}
|
||||||
|
(\$[A-Z]+\{\d+\}\.){3,}
|
||||||
|
|
||||||
|
# comment in variable name $_REQUEST /*YUsrqpbzvXTSa...QpDNTPYQvLSFPCqsSnWNVqPdSIAYaQj*/[
|
||||||
|
\$_REQUEST\s*\/\*[A-Za-z]+\*\/\[
|
||||||
|
|
||||||
|
# cookie payload if(isset($_COOKIE)){$p=$_COOKIE;(count($p)==55&&in_array(gettype($p).count($p),$p))?(($p[68]=$p[68].$p[22])&&($p[35]=$p[68]($p[35]))&&($p=$p[35]($p[13],$p[68]($p[45])))&&$p()):$p;}
|
||||||
|
\(count\(\$p\)==\d+&&in_array\(gettype\(\$p\)\.count\(\$p\),\$p\)\)
|
||||||
|
|
||||||
|
# gzipped payload post process
|
||||||
|
explode\('\|\x01\|\x03\|\x03', gzinflate\(
|
||||||
|
|
||||||
|
# backdoor reported #71
|
||||||
|
@header\(\w{3,5}::\w{1,2}\('_\w{1,3}' \. '\w{1,3}', '_\w{1,3}'\)\);
|
||||||
|
@header\(\w{3,5}::\w{1,2}\('_\w{1,3}', '_' \. '\w{1,3}' . '\w{1,3}'\)\);
|
||||||
|
|
||||||
|
# backdoor reported #72
|
||||||
|
@\$[a-z]{1}\[\d+\]\(\$[a-z]{1}\[\d+\]\);
|
||||||
|
|
||||||
|
# reported #77
|
||||||
|
\$[a-z]11 \^ [a-z]8\(\$[a-z]6, \$[a-z]14, \$[a-z]6\[13\]\(\$[a-z]11\)\)\)\);
|
||||||
|
|
||||||
|
# eval function return and concat
|
||||||
|
eval\([A-Za-z0-9]{5,}\(\) \. '
|
||||||
|
|
||||||
|
# eval function return, parameter is a hex string
|
||||||
|
eval\([A-Za-z0-9]{5,}\(\"[A-Z0-9]{16,}
|
||||||
|
|
||||||
|
# gzip payload called by variable named function
|
||||||
|
\$[a-zA-Z0-9]{6,}\('\x78\x9C\xAD\x90\x41\x0E
|
||||||
|
|
||||||
|
# obfuscated code return with error suppression
|
||||||
|
return @\$[a-z]{2}\d+\[\d+\]\(\$[a-z]{2}\d+\[\d+\],
|
||||||
|
|
||||||
|
# htaccess alternating
|
||||||
|
[a-z]{1}\([a-z]{1}\(\$[a-z]{2}\.'\/\.htaccess'\)
|
||||||
|
|||||||
10
scan.php
10
scan.php
@@ -622,8 +622,8 @@ class MalwareScanner
|
|||||||
private function report($start, $dir)
|
private function report($start, $dir)
|
||||||
{
|
{
|
||||||
$end = time();
|
$end = time();
|
||||||
echo 'Start time: ' . strftime('%Y-%m-%d %H:%M:%S', $start) . PHP_EOL;
|
echo 'Start time: ' . date('Y-m-d H:m:s', $start) . PHP_EOL;
|
||||||
echo 'End time: ' . strftime('%Y-%m-%d %H:%M:%S', $end) . PHP_EOL;
|
echo 'End time: ' . date('Y-m-d H:m:s', $end) . PHP_EOL;
|
||||||
echo 'Total execution time: ' . ($end - $start) . PHP_EOL;
|
echo 'Total execution time: ' . ($end - $start) . PHP_EOL;
|
||||||
echo 'Base directory: ' . $dir . PHP_EOL;
|
echo 'Base directory: ' . $dir . PHP_EOL;
|
||||||
echo 'Total directories scanned: ' . $this->stat['directories'] . PHP_EOL;
|
echo 'Total directories scanned: ' . $this->stat['directories'] . PHP_EOL;
|
||||||
@@ -709,14 +709,14 @@ class MalwareScanner
|
|||||||
//Returns true if the raw string exists in the file contents.
|
//Returns true if the raw string exists in the file contents.
|
||||||
private function scanFunc_STR(&$pattern, &$content)
|
private function scanFunc_STR(&$pattern, &$content)
|
||||||
{
|
{
|
||||||
return strpos($content, $pattern);
|
return strpos($content, (string)$pattern);
|
||||||
}
|
}
|
||||||
|
|
||||||
//Performs raw string, case insensitive matching.
|
//Performs raw string, case insensitive matching.
|
||||||
//Returns true if the raw string exists in the file contents, ignoring case.
|
//Returns true if the raw string exists in the file contents, ignoring case.
|
||||||
private function scanFunc_STRI(&$pattern, &$content)
|
private function scanFunc_STRI(&$pattern, &$content)
|
||||||
{
|
{
|
||||||
return stripos($content, $pattern);
|
return stripos($content, (string)$pattern);
|
||||||
}
|
}
|
||||||
|
|
||||||
//Performs regular expression matching.
|
//Performs regular expression matching.
|
||||||
@@ -859,7 +859,7 @@ class MalwareScanner
|
|||||||
echo ' -t --time Show time of last file change' . PHP_EOL;
|
echo ' -t --time Show time of last file change' . PHP_EOL;
|
||||||
echo ' -L --line-number Display matching pattern line number in file' . PHP_EOL;
|
echo ' -L --line-number Display matching pattern line number in file' . PHP_EOL;
|
||||||
echo ' -o --output-format Custom defined output format' . PHP_EOL;
|
echo ' -o --output-format Custom defined output format' . PHP_EOL;
|
||||||
echo ' -j --wordpress-version Version of wordpress to get md5 signatures' . PHP_EOL;
|
echo ' -j <version> --wordpress-version Version of wordpress to get md5 signatures' . PHP_EOL;
|
||||||
echo ' --combined-whitelist Combined whitelist' . PHP_EOL;
|
echo ' --combined-whitelist Combined whitelist' . PHP_EOL;
|
||||||
echo ' --disable-stats Disable statistics output' . PHP_EOL;
|
echo ' --disable-stats Disable statistics output' . PHP_EOL;
|
||||||
|
|
||||||
|
|||||||
@@ -256,25 +256,33 @@ e45b8afd0b65516c175ed23f7183bab1 /jquery-migrate-1.1.1.min.js
|
|||||||
dc0102c151c491b8a0f65a520e26e083 /jquery-migrate-1.1.0.min.js
|
dc0102c151c491b8a0f65a520e26e083 /jquery-migrate-1.1.0.min.js
|
||||||
1f5980833a26b490296db71951e1024f /jquery-migrate-1.0.0.js
|
1f5980833a26b490296db71951e1024f /jquery-migrate-1.0.0.js
|
||||||
dd6f8586a1afae562493e9c7cd1ffeea /jquery-migrate-1.0.0.min.js
|
dd6f8586a1afae562493e9c7cd1ffeea /jquery-migrate-1.0.0.min.js
|
||||||
f2fc939d607b2e861af2701a15d14430 /ace/ace.min.js
|
f2fc939d607b2e861af2701a15d14430 /ace/ace.min.js
|
||||||
2954b8d06fd846e81c12b0fd0b3d2d35 /ace/ace/ace.js
|
2954b8d06fd846e81c12b0fd0b3d2d35 /ace/ace/ace.js
|
||||||
c333e22e892cd099e776e9384bbbaa63 /ace/ace/ext-beautify.js
|
c333e22e892cd099e776e9384bbbaa63 /ace/ace/ext-beautify.js
|
||||||
b391899e17b7aea2cf2998656c40f2c6 /core/components/phpthumbof/model/aws/_compatibility_test/sdk_compatibility_test.php
|
b391899e17b7aea2cf2998656c40f2c6 /core/components/phpthumbof/model/aws/_compatibility_test/sdk_compatibility_test.php
|
||||||
6cfb5a3b2820fe378b73c901ee6fc031 /core/components/phpthumbof/model/aws/sdk.class.php
|
6cfb5a3b2820fe378b73c901ee6fc031 /core/components/phpthumbof/model/aws/sdk.class.php
|
||||||
dd894a093463d38f9c9fdbcb7c88cc23 /core/model/aws/sdk.class.php
|
dd894a093463d38f9c9fdbcb7c88cc23 /core/model/aws/sdk.class.php
|
||||||
1ed9b9eea82c9f1ead337b67c188206b /core/model/phpthumb/phpthumb.class.php
|
1ed9b9eea82c9f1ead337b67c188206b /core/model/phpthumb/phpthumb.class.php
|
||||||
ef55bdc338994e87b650e2cf0f87df45 /core/model/smarty/sysplugins/smarty_internal_template.php
|
ef55bdc338994e87b650e2cf0f87df45 /core/model/smarty/sysplugins/smarty_internal_template.php
|
||||||
f8f2e883e5323ed5935f42b17ceda6ba /core/model/smarty/sysplugins/smarty_template_compiled.php
|
f8f2e883e5323ed5935f42b17ceda6ba /core/model/smarty/sysplugins/smarty_template_compiled.php
|
||||||
3d84a338c9daaacc711834cb7797ac98 /core/model/smarty/sysplugins/smarty_cacheresource_custom.php
|
3d84a338c9daaacc711834cb7797ac98 /core/model/smarty/sysplugins/smarty_cacheresource_custom.php
|
||||||
d6be1074d266aecb739352150798d97d /core/model/smarty/sysplugins/smarty_cacheresource_keyvaluestore.php
|
d6be1074d266aecb739352150798d97d /core/model/smarty/sysplugins/smarty_cacheresource_keyvaluestore.php
|
||||||
c363512229135b182006a97ba43d31e7 /core/model/smarty/sysplugins/smarty_resource_recompiled.php
|
c363512229135b182006a97ba43d31e7 /core/model/smarty/sysplugins/smarty_resource_recompiled.php
|
||||||
fc8f1e9f0ff666af7beb3f61b055c0e8 /core/model/smarty/sysplugins/smarty_internal_cacheresource_file.php
|
fc8f1e9f0ff666af7beb3f61b055c0e8 /core/model/smarty/sysplugins/smarty_internal_cacheresource_file.php
|
||||||
092a5a658bf49a3c1549f9bd809218ea /core/xpdo/compression/pclzip.lib.php
|
092a5a658bf49a3c1549f9bd809218ea /core/xpdo/compression/pclzip.lib.php
|
||||||
761f1578928050a03f4aa4c789f1d136 /manager/assets/fileapi/FileAPI.js
|
761f1578928050a03f4aa4c789f1d136 /manager/assets/fileapi/FileAPI.js
|
||||||
3c9137d88a00b1ae0b41ff6a70571615 /assets/components/tinymcewrapper/frontend/imogen_theme/js/jquery.js
|
3c9137d88a00b1ae0b41ff6a70571615 /assets/components/tinymcewrapper/frontend/imogen_theme/js/jquery.js
|
||||||
bb127b5ce56b45e8b4b91de2e60dd9eb /assets/components/googleanalytics/js/mgr/libs/highcharts.js
|
bb127b5ce56b45e8b4b91de2e60dd9eb /assets/components/googleanalytics/js/mgr/libs/highcharts.js
|
||||||
7d7958bb0a9438a8966807f9202d0bce /assets/components/tinymce/jscripts/tiny_mce/plugins/spellchecker/classes/PSpellShell.php
|
7d7958bb0a9438a8966807f9202d0bce /assets/components/tinymce/jscripts/tiny_mce/plugins/spellchecker/classes/PSpellShell.php
|
||||||
3ee0a4d8a06cedc0a56f29e8f351ef72 /pclzip-2-8-2/pclzip.lib.php
|
3ee0a4d8a06cedc0a56f29e8f351ef72 /pclzip-2-8-2/pclzip.lib.php
|
||||||
abfd2987afd1f66e3eed50bebbeb6750 /sucuri-scanner-1.8.24/src/base.lib.php
|
abfd2987afd1f66e3eed50bebbeb6750 /sucuri-scanner-1.8.24/src/base.lib.php
|
||||||
78477b67cb223e4504689fef33119884 /sucuri-scanner-1.8.24/src/sitecheck.lib.php
|
78477b67cb223e4504689fef33119884 /sucuri-scanner-1.8.24/src/sitecheck.lib.php
|
||||||
e48460f6ef0c911dc5ad558c57bfd52f /sucuri-scanner-1.8.24/src/integrity.lib.php
|
e48460f6ef0c911dc5ad558c57bfd52f /sucuri-scanner-1.8.24/src/integrity.lib.php
|
||||||
|
29f34168b7384cca58ba64885461e115 wp-admin/includes/class-pclzip.php -> Wordpress Core 6.0
|
||||||
|
a54895edc1402cf1b7b5ecd3f5d85e6b wp-includes/formatting.php -> Wordpress Core 6.0
|
||||||
|
178f2fbc6a48f605ed84b156103d5366 wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/guzzle/src/Middleware.php -> Yoast SEO plugin 19.2
|
||||||
|
1e2d246c57d2123aa8938c8263cb1d3d wp-content/plugins/wordpress-seo/admin/tracking/class-tracking-server-data.php -> Yoast SEO plugin 19.2
|
||||||
|
cacb5670ebb2de31976a4b2eb06cac86 wp-content/plugins/worker/src/MWP/ServiceContainer/Abstract.php -> managewp plugin 4.9.14 from managewp.com
|
||||||
|
ffa76b9ff298702a733747521cfdee69 wp-content/plugins/worker/src/MWP/Action/GetState.php -> managewp plugin 4.9.14 from managewp.com
|
||||||
|
ccce5f45d1ac66bd2bebe75d666b5720 wp-content/plugins/redirection/models/regex.php
|
||||||
|
ae810d74d638c611d8bd958777c9ac6a wp-content/plugins/ssl-insecure-content-fixer/includes/nonces.php
|
||||||
|
|||||||
Reference in New Issue
Block a user