HEX
Server: LiteSpeed
System: Linux premium148.web-hosting.com 4.18.0-553.44.1.lve.el8.x86_64 #1 SMP Thu Mar 13 14:29:12 UTC 2025 x86_64
User: burhbrzf (1357)
PHP: 7.4.33
Disabled: NONE
$ pwd: /home/burhbrzf/
Upload Files
File: /home/burhbrzf/scanreport-burhbrzf-Jan_21_2026_03h47m.txt
----------- SCAN REPORT -----------
TimeStamp: Wed, 21 Jan 2026 03:47:26 -0500
(/usr/sbin/cxs --background --clamdsock /var/clamd --dbreport --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 50000 --noforce --html --ignore /etc/cxs/cxs.ignore.manual --options mMOLfSGchexdnwZDRru --noprobability --qoptions Mv --report /home/burhbrzf/scanreport-burhbrzf-Jan_21_2026_03h47m.txt --sizemax 1000000 --ssl --summary --sversionscan --timemax 30 --unofficial --user burhbrzf --virusscan --vmrssmax 2000000 --waitscan 0 --xtra /etc/cxs/cxs.xtra.manual)


Scanning /home/burhbrzf:

'/home/burhbrzf/access-logs'
# Symlink to [/etc/apache2/logs/domlogs/burhbrzf]

'/home/burhbrzf/.composer/vendor/symfony/console/Resources/bin/hiddeninput.exe'
# MS Windows Binary/Executable [application/x-winexec]

'/home/burhbrzf/.nc_plugin/hidden'
# World writeable directory

'/home/burhbrzf/api.burhanmarketing.net/HeroApi/includes/includes/includes/avi_696612530cf28.zip'
# (compressed file: b_696612530cf28.tmp [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2195]]

'/home/burhbrzf/api.burhanmarketing.net/shoessoft/shoessoft/shoessoft/mkv_69619efeca20b.zip'
# (compressed file: b_69619efeca20b.tmp [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2202]]

'/home/burhbrzf/api.burhanmarketing.net/tradechamp/tradechamp/tradechamp/tradechamp/m4v_6968bf564f027.zip'
# (compressed file: b_6968bf564f027.tmp [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2195]]

'/home/burhbrzf/api.burhanmarketing.net/tradechamp/tradechamp/tradechamp/tradechamp/tradechamp/mp3_6969f1be02b11.zip'
# (compressed file: b_6969f1be02b11.tmp [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2202]]

'/home/burhbrzf/api.burhanmarketing.net/twilio-php-main/src/Twilio/Rest/Notify/V1/Service/Service/CVEehkNT.jpeg'
# Suspicious image file (hidden script file)

'/home/burhbrzf/booking.burhanrentacar.net/cgi-bin/cgi-bin/wma_69619f24d2548.zip'
# (compressed file: b_69619f24d2548.tmp [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2195]]

'/home/burhbrzf/booking.burhanrentacar.net/cgi-bin/cgi-bin/cgi-bin/HE.jpeg'
# Suspicious image file (hidden script file)

'/home/burhbrzf/booking.burhanrentacar.net/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/ATkbjSxFts.gif'
# Suspicious image file (hidden script file)

'/home/burhbrzf/booking.burhanrentacar.net/cgi-bin/cgi-bin/cgi-bin/cgi-bin/cgi-bin/mp2_696acc96eff83.zip'
# (compressed file: b_696acc96eff83.tmp [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2202]]

'/home/burhbrzf/booking.burhanrentacar.net/images/images/images/images/images/TEnpGkhBiAyvxRrPsV.png'
# Suspicious image file (hidden script file)

'/home/burhbrzf/booking.burhanrentacar.net/images/images/images/images/images/images/images/3gp_69619f2be075c.zip'
# (compressed file: b_69619f2be075c.tmp [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P2189]]

'/home/burhbrzf/burhanrentacar.net/span.php'
# Universal decode regex match = [universal decoder]
# (decoded file [advanced decoder: 14 (depth: 2)]) ClamAV detected virus = [YARA.TO_38544_PHP_Backdoor_Backdoor.UNOFFICIAL]

'/home/burhbrzf/burhanrentacar.net/assets/css/css/3gp_6960c47cb5d50.zip'
# (compressed file: b_6960c47cb5d50.tmp [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2202]]

'/home/burhbrzf/burhanrentacar.net/rental/rental/node_modules/node-notifier/vendor/notifu/notifu.exe'
# MS Windows Binary/Executable [application/x-winexec]

'/home/burhbrzf/burhanrentacar.net/rental/rental/node_modules/node-notifier/vendor/notifu/notifu64.exe'
# MS Windows Binary/Executable [application/x-winexec]

'/home/burhbrzf/burhanrentacar.net/rental/rental/node_modules/node-notifier/vendor/snoreToast/snoretoast-x64.exe'
# MS Windows Binary/Executable [application/x-winexec]

'/home/burhbrzf/burhanrentacar.net/rental/rental/node_modules/node-notifier/vendor/snoreToast/snoretoast-x86.exe'
# MS Windows Binary/Executable [application/x-winexec]

'/home/burhbrzf/burhanrentacar.net/rental/rental/public/images'
# World writeable directory

'/home/burhbrzf/burhanrentacar.net/rental/rental/public/storage1'
# World writeable directory

'/home/burhbrzf/burhanrentacar.net/rental/rental/vendor/symfony/console/Resources/bin/hiddeninput.exe'
# MS Windows Binary/Executable [application/x-winexec]

'/home/burhbrzf/leads.burhanmarketing.net/images/images/images/images/images/images/wtuHLXJSNRpag.tiff'
# Suspicious image file (hidden script file)

'/home/burhbrzf/leads.burhanmarketing.net/images/images/images/images/images/images/images/iJqtylrgRKvIT.jpeg'
# Suspicious image file (hidden script file)

'/home/burhbrzf/payroll.burhanrentacar.net/images/images/images/gWiThqR.tif'
# Suspicious image file (hidden script file)

'/home/burhbrzf/payroll.burhanrentacar.net/images/images/images/images/images/iRu.jpeg'
# Suspicious image file (hidden script file)

'/home/burhbrzf/public_html/clams/core/core/gWXV.jpeg'
# Suspicious image file (hidden script file)

'/home/burhbrzf/public_html/clams/core/include/login.php'
# Universal decode regex match = [universal decoder]

'/home/burhbrzf/public_html/js/js/js/js/3gp_696e7808831f4.zip'
# (compressed file: b_696e7808831f4.tmp [depth: 1]) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2195]]

'/home/burhbrzf/public_html/strop/core/include/login.php'
# Universal decode regex match = [universal decoder]

'/home/burhbrzf/public_html/wp-content/plugins/akismet/_inc/img/logo-pprnssn.png'
# Suspicious image file (hidden script file)
# Universal decode regex match = [universal decoder]

'/home/burhbrzf/public_html/wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571k1.php'
# Universal decode regex match = [universal decoder]

'/home/burhbrzf/public_html/wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571r1.php'
# Universal decode regex match = [universal decoder]

'/home/burhbrzf/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/Area.php'
# Universal decode regex match = [universal decoder]

'/home/burhbrzf/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/SetupWizard.php'
# Universal decode regex match = [universal decoder]

'/home/burhbrzf/public_html/wp-includes/Text/Diff/Engine/pprnssn.ttf'
# Universal decode regex match = [universal decoder]

'/home/burhbrzf/public_html/wp-includes/blocks/cover/style-rel.css'
# Universal decode regex match = [universal decoder]

'/home/burhbrzf/public_html/wp-includes/images/w-cceaffa.gif'
# Suspicious image file (hidden script file)
# Universal decode regex match = [universal decoder]

'/home/burhbrzf/public_html/wp-includes/images/wpspin-1x.gif'
# Suspicious image file (hidden script file)

'/home/burhbrzf/public_html/wp-includes/images/xit-3x.gif'
# Suspicious image file (hidden script file)

'/home/burhbrzf/public_html/wp-includes/images/media/cceaffa.png'
# Suspicious image file (hidden script file)
# Universal decode regex match = [universal decoder]

'/home/burhbrzf/salesforce.burhanmarketing.net/images/images/images/images/images/images/emzvBtXQYkfLxW.tiff'
# Suspicious image file (hidden script file)

'/home/burhbrzf/salesforce.burhanmarketing.net/images/images/images/images/images/images/images/uKtkjEVsBl.tif'
# Suspicious image file (hidden script file)

'/home/burhbrzf/salesforce.burhanmarketing.net/images/images/images/images/images/images/images/images/images/UjLPRxkYMNwGlFTvhp.gif'
# Suspicious image file (hidden script file)

----------- SCAN SUMMARY -----------
Scanned directories: 13054
Scanned files: 74954
Ignored items: 192
Suspicious matches: 49
Viruses found: 1
Fingerprint matches: 9
Data scanned: 17725.76 MB
Scan peak memory: 441056 kB
Scan time/item: 0.038 sec
Scan time: 3307.196 sec
@ Telegram