Server IP : 162.213.255.40 / Your IP : 216.73.216.121
System : Linux server146.web-hosting.com 4.18.0-513.18.1.lve.el8.x86_64 #1 SMP Thu Feb 22 12:55:50 UTC 2024 x86_64
PHP Version : 8.0.30
Disable Function : NONE
cURL : ON | WGET : ON | Sudo : OFF | Pkexec : OFF
Upload Files :
Command :
Current File : /home/hellrfbn//scan_report-2025-07-24_16-39
----------- SCAN REPORT -----------
TimeStamp: Thu, 24 Jul 2025 09:39:47 -0400
(/usr/sbin/cxs --background --clamdsock /var/clamd --dbreport --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 100000 --noforce --html --ignore /etc/cxs/cxs.ignore.manual --options mMOLfSGchexdnwZDRru --noprobability --qoptions Mvh --quarantine /opt/cxs/quarantine --report /home/hellrfbn/scan_report-2025-07-24_16-39 --sizemax 1000000 --ssl --summary --sversionscan --timemax 30 --unofficial --user hellrfbn --virusscan --vmrssmax 2000000 --waitscan 0 --xtra /etc/cxs/cxs.xtra.manual)
Scanning /home/hellrfbn:
'/home/hellrfbn/access-logs'
# Symlink to [/etc/apache2/logs/domlogs/hellrfbn]
'/home/hellrfbn/.nc_plugin/hidden'
# World writeable directory
'/home/hellrfbn/new.hellochef.menu/admin.php'
# Universal decode regex match = [universal decoder]
# (quarantined to /opt/cxs/quarantine/cxsuser/hellrfbn/admin.php.1753364553_1) (decoded file [advanced decoder: 14 (depth: 1)]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P1295]]
'/home/hellrfbn/new.hellochef.menu/index.php'
# (quarantined to /opt/cxs/quarantine/cxsuser/hellrfbn/index.php.1753364553_1) ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL]
'/home/hellrfbn/new.hellochef.menu/wp-content/plugins/woocommerce/includes/admin/class-wc-admin-menus.php'
# Universal decode regex match = [universal decoder]
'/home/hellrfbn/new.hellochef.menu/wp-content/plugins/woocommerce/src/Internal/Admin/Settings/PaymentsController.php'
# Universal decode regex match = [universal decoder]
'/home/hellrfbn/new.hellochef.menu/wp-content/plugins/woocommerce/vendor/maxmind-db/reader/ext/maxminddb.c'
# Suspicious file type [application/x-c]
'/home/hellrfbn/public_html'
# World writeable directory
'/home/hellrfbn/public_html/a5/admin.php'
# Universal decode regex match = [universal decoder]
# (quarantined to /opt/cxs/quarantine/cxsuser/hellrfbn/admin.php.1753365089_1) (decoded file [advanced decoder: 14 (depth: 1)]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P1295]]
'/home/hellrfbn/public_html/a5/index.php'
# (quarantined to /opt/cxs/quarantine/cxsuser/hellrfbn/index.php.1753365089_1) ClamAV detected virus = [{HEX}php.generic.malware.447.UNOFFICIAL]
'/home/hellrfbn/public_html/wp-content/plugins/click-to-chat-for-whatsapp/click-to-chat.php'
# Script version check [OLD] [Click to Chat v4.16 < v4.20]
'/home/hellrfbn/public_html/wp-content/plugins/click-to-chat-for-whatsapp/new/admin/class-ht-ctc-admin-main-page.php'
# Universal decode regex match = [universal decoder]
'/home/hellrfbn/public_html/wp-content/plugins/cookie-law-info/cookie-law-info.php'
# Script version check [OLD] [CookieYes | GDPR Cookie Consent v3.2.8 < v3.2.10]
'/home/hellrfbn/public_html/wp-content/plugins/cookie-law-info/lite/admin/class-admin.php'
# Universal decode regex match = [universal decoder]
'/home/hellrfbn/public_html/wp-content/plugins/elementor/elementor.php'
# Script version check [OLD] [Elementor v3.27.3 < v3.28.4]
'/home/hellrfbn/public_html/wp-content/plugins/eps-301-redirects/eps-301-redirects.php'
# Script version check [OLD] [301 Redirects v2.77 < v2.79]
'/home/hellrfbn/public_html/wp-content/plugins/ga-google-analytics/ga-google-analytics.php'
# Script version check [OLD] [GA Google Analytics v20241102 < v20250326]
'/home/hellrfbn/public_html/wp-content/plugins/google-analytics-for-wordpress/googleanalytics.php'
# Script version check [OLD] [Google Analytics for WordPress by MonsterInsights v9.2.4 < v9.4.1]
'/home/hellrfbn/public_html/wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571k1.php'
# Universal decode regex match = [universal decoder]
'/home/hellrfbn/public_html/wp-content/plugins/google-site-kit/third-party/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571r1.php'
# Universal decode regex match = [universal decoder]
'/home/hellrfbn/public_html/wp-content/plugins/gtranslate/gtranslate.php'
# Script version check [OLD] [GTranslate v3.0.7 < v3.0.8]
'/home/hellrfbn/public_html/wp-content/plugins/hummingbird-performance/wp-hummingbird.php'
# Script version check [OLD] [Hummingbird v3.11.0 < v3.13.0]
'/home/hellrfbn/public_html/wp-content/plugins/insert-headers-and-footers/ihaf.php'
# Script version check [OLD] [WPCode Lite v2.2.5 < v2.2.7]
'/home/hellrfbn/public_html/wp-content/plugins/jetpack/jetpack.php'
# Script version check [OLD] [Jetpack v14.3 < v14.5]
'/home/hellrfbn/public_html/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-masterbar/src/admin-menu/class-admin-menu.php'
# Universal decode regex match = [universal decoder]
'/home/hellrfbn/public_html/wp-content/plugins/kadence-blocks/kadence-blocks.php'
# Script version check [OLD] [Kadence Blocks – Gutenberg Blocks for Page Builder Features v3.4.8 < v3.5.3]
'/home/hellrfbn/public_html/wp-content/plugins/litespeed-cache/litespeed-cache.php'
# Script version check [OLD] [LiteSpeed Cache v6.5.4 < v7.0.1]
'/home/hellrfbn/public_html/wp-content/plugins/optinmonster/optin-monster-wp-api.php'
# Script version check [OLD] [OptinMonster v2.16.15 < v2.16.19]
'/home/hellrfbn/public_html/wp-content/plugins/sticky-header-effects-for-elementor/sticky-header-effects-for-elementor.php'
# Script version check [OLD] [Sticky Header Effects for Elementor v1.7.4 < v1.7.8]
'/home/hellrfbn/public_html/wp-content/plugins/svg-support/svg-support.php'
# Script version check [OLD] [SVG Support v2.5.8 < v2.5.14]
'/home/hellrfbn/public_html/wp-content/plugins/updraftplus/updraftplus.php'
# Script version check [OLD] [UpdraftPlus - Backup/Restore v1.25.1 < v1.25.5]
'/home/hellrfbn/public_html/wp-content/plugins/wordfence/wordfence.php'
# Script version check [OLD] [Wordfence Security v8.0.3 < v8.0.5]
'/home/hellrfbn/public_html/wp-content/plugins/wordpress-seo/wp-seo.php'
# Script version check [OLD] [Yoast SEO v24.4 < v24.9]
'/home/hellrfbn/public_html/wp-content/plugins/wp-smushit/wp-smush.php'
# Script version check [OLD] [Smush v3.17.0 < v3.18.0]
'/home/hellrfbn/public_html/wp-content/updraft/plugins-old/all-in-one-seo-pack/app/Common/Views/admin/settings-page.php'
# Universal decode regex match = [universal decoder]
'/home/hellrfbn/public_html/wp-content/updraft/plugins-old/click-to-chat-for-whatsapp/new/admin/class-ht-ctc-admin-main-page.php'
# Universal decode regex match = [universal decoder]
'/home/hellrfbn/public_html/wp-content/updraft/plugins-old/cookie-law-info/lite/admin/class-admin.php'
# Universal decode regex match = [universal decoder]
'/home/hellrfbn/public_html/wp-content/updraft/plugins-old/foogallery/includes/admin/class-gallery-datasources.php'
# Universal decode regex match = [universal decoder]
'/home/hellrfbn/public_html/wp-content/updraft/plugins-old/jetpack/modules/masterbar/admin-menu/class-admin-menu.php'
# Universal decode regex match = [universal decoder]
'/home/hellrfbn/public_html/wp-content/updraft/plugins-old/meow-gallery/common/admin.php'
# Universal decode regex match = [universal decoder]
'/home/hellrfbn/public_html/wp-content/updraft/plugins-old/ml-slider/ml-slider.php'
# Universal decode regex match = [universal decoder]
'/home/hellrfbn/public_html/wp-content/updraft/plugins-old/simply-gallery-block/blocks/simply_post.php'
# Universal decode regex match = [universal decoder]
'/home/hellrfbn/public_html/wp-content/updraft/plugins-old/woocommerce/includes/admin/class-wc-admin-menus.php'
# Universal decode regex match = [universal decoder]
'/home/hellrfbn/public_html/wp-content/updraft/plugins-old/woocommerce/src/Internal/Admin/WcPayWelcomePage.php'
# Universal decode regex match = [universal decoder]
'/home/hellrfbn/public_html/wp-content/updraft/plugins-old/woocommerce/vendor/maxmind-db/reader/ext/maxminddb.c'
# Suspicious file type [application/x-c]
'/home/hellrfbn/public_html/wp-content/uploads/al_opt_content/CSS/hellochef.menu'
# World writeable directory
'/home/hellrfbn/public_html/wp-content/uploads/al_opt_content/FONT/hellochef.menu/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts'
# World writeable directory
'/home/hellrfbn/public_html/wp-content/uploads/al_opt_content/SCRIPT/hellochef.menu'
# World writeable directory
'/home/hellrfbn/public_html/wp-includes/blocks/preformatted/wp-login.php'
# Universal decode regex match = [universal decoder]
# (quarantined to /opt/cxs/quarantine/cxsuser/hellrfbn/wp-login.php.1753367471_1) (decoded file [advanced decoder: 14 (depth: 1)]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P1295]]
'/home/hellrfbn/server.hellochef.menu/httacces.php'
# Decode regex match = [decode regex: 1]
'/home/hellrfbn/server.hellochef.menu/wp-log.php'
# Regular expression match = [\b(system|exec|passthru|shell_exec)\s*\(\s*\$_(GET|POST|GLOBALS|SERVER|REQUEST|SESSION|ENV|COOKIE)\[]
'/home/hellrfbn/server.hellochef.menu/help/policy/renew/submit/cz/index.php'
# Universal decode regex match = [universal decoder]
'/home/hellrfbn/server.hellochef.menu/help/policy/renew/submit/cz/CZ/app/card.php'
# Universal decode regex match = [universal decoder]
'/home/hellrfbn/server.hellochef.menu/help/policy/renew/submit/cz/CZ/app/info.php'
# Universal decode regex match = [universal decoder]
'/home/hellrfbn/server.hellochef.menu/help/policy/renew/submit/cz/CZ/app/sms.php'
# Universal decode regex match = [universal decoder]
'/home/hellrfbn/server.hellochef.menu/help/policy/renew/submit/cz/CZ/app/thanks.php'
# Universal decode regex match = [universal decoder]
'/home/hellrfbn/server.hellochef.menu/help/policy/renew/submit/cz/CZ/app/update.php'
# Universal decode regex match = [universal decoder]
'/home/hellrfbn/server.hellochef.menu/help/policy/renew/submit/cz/CZ/app/rez/sendcard.php'
# Universal decode regex match = [universal decoder]
----------- SCAN SUMMARY -----------
Scanned directories: 14766
Scanned files: 91244
Ignored items: 498
Suspicious matches: 61
Viruses found: 2
Fingerprint matches: 3
Data scanned: 5266.75 MB
Scan peak memory: 438792 kB
Scan time/item: 0.030 sec
Scan time: 3152.656 sec
| Name |
Size |
Last Modified |
Owner / Group |
Permissions |
Options |
| .. | -- | May 13 2024 06:31:52 | root / nobody | 0755 | |
| .cagefs | -- | July 23 2025 05:25:12 | hellrfbn / hellrfbn | 0771 | |
| .caldav | -- | July 28 2025 13:23:51 | hellrfbn / hellrfbn | 0755 | |
| .cl.selector | -- | July 25 2025 07:02:01 | hellrfbn / hellrfbn | 0755 | |
| .clwpos | -- | July 23 2025 05:25:12 | hellrfbn / hellrfbn | 0700 | |
| .cpanel | -- | August 11 2025 04:30:34 | hellrfbn / hellrfbn | 0700 | |
| .cphorde | -- | July 23 2025 05:25:12 | hellrfbn / hellrfbn | 0700 | |
| .htpasswds | -- | July 23 2025 05:25:12 | hellrfbn / nobody | 0750 | |
| .nc_plugin | -- | November 28 2023 23:59:49 | root / root | 0711 | |
| .softaculous | -- | July 23 2025 05:25:12 | hellrfbn / hellrfbn | 0711 | |
| .spamassassin | -- | July 23 2025 05:25:12 | hellrfbn / hellrfbn | 0700 | |
| .subaccounts | -- | July 23 2025 05:25:12 | hellrfbn / hellrfbn | 0700 | |
| .trash | -- | July 23 2025 05:25:12 | hellrfbn / hellrfbn | 0700 | |
| access-logs | -- | August 10 2025 17:51:11 | root / hellrfbn | 0750 | |
| etc | -- | July 23 2025 05:25:12 | hellrfbn / mail | 0750 | |
| logs | -- | August 01 2025 12:32:40 | hellrfbn / hellrfbn | 0700 | |
| lscache | -- | July 23 2025 05:25:12 | nobody / hellrfbn | 2770 | |
| mail | -- | August 11 2025 01:53:42 | hellrfbn / hellrfbn | 0751 | |
| new.hellochef.menu | -- | August 11 2025 01:35:49 | hellrfbn / nobody | 0750 | |
| perl5 | -- | July 23 2025 05:25:12 | hellrfbn / hellrfbn | 0775 | |
| public_ftp | -- | July 23 2025 05:25:12 | hellrfbn / hellrfbn | 0750 | |
| public_html | -- | August 11 2025 01:35:49 | hellrfbn / nobody | 0750 | |
| server.hellochef.menu | -- | August 10 2025 16:30:50 | hellrfbn / nobody | 0750 | |
| softaculous_backups | -- | August 07 2025 08:57:37 | hellrfbn / hellrfbn | 0711 | |
| ssl | -- | July 23 2025 05:25:12 | hellrfbn / hellrfbn | 0755 | |
| test.hellochef.menu | -- | August 11 2025 01:54:15 | hellrfbn / nobody | 0750 | |
| tmp | -- | August 01 2025 12:32:23 | hellrfbn / hellrfbn | 0755 | |
| wp-content | -- | July 23 2025 05:25:12 | hellrfbn / hellrfbn | 0755 | |
| wp-includes | -- | July 23 2025 05:25:12 | hellrfbn / hellrfbn | 0755 | |
| www | -- | August 11 2025 01:35:49 | hellrfbn / nobody | 0750 | |
| | | | | |
| .bash_logout | 0.018 KB | November 28 2023 23:59:44 | hellrfbn / hellrfbn | 0644 | |
| .bash_profile | 0.172 KB | November 28 2023 23:59:44 | hellrfbn / hellrfbn | 0644 | |
| .bashrc | 0.121 KB | November 28 2023 23:59:44 | hellrfbn / hellrfbn | 0644 | |
| .dns | 0.014 KB | December 07 2023 15:03:23 | hellrfbn / hellrfbn | 0664 | |
| .ftpquota | 0.018 KB | July 27 2025 07:03:34 | hellrfbn / hellrfbn | 0600 | |
| .gemrc | 0.136 KB | November 28 2023 23:59:46 | hellrfbn / hellrfbn | 0644 | |
| .imunify_patch_id | 0.104 KB | April 16 2025 07:02:40 | hellrfbn / hellrfbn | 0660 | |
| .last.inodes | 5.43 KB | August 10 2025 09:34:28 | root / root | 0644 | |
| .lastlogin | 0.592 KB | December 19 2024 18:11:34 | hellrfbn / hellrfbn | 0600 | |
| .myimunify_id | 0.1 KB | May 13 2024 07:06:15 | hellrfbn / hellrfbn | 0660 | |
| .spamassassinboxenable | 0 KB | November 28 2023 23:59:46 | hellrfbn / hellrfbn | 0644 | |
| .spamassassinenable | 0 KB | November 28 2023 23:59:46 | hellrfbn / hellrfbn | 0644 | |
| .spbldr_localStorage | 0.103 KB | June 24 2024 18:01:58 | hellrfbn / hellrfbn | 0600 | |
| .wget-hsts | 0.176 KB | July 31 2025 18:25:31 | hellrfbn / hellrfbn | 0644 | |
| .zshrc | 0.643 KB | November 28 2023 23:59:44 | hellrfbn / hellrfbn | 0644 | |
| main.php | 12.406 KB | August 05 2025 11:35:41 | hellrfbn / hellrfbn | 0644 | |
| scan_report-2025-07-24_16-39 | 9.845 KB | July 24 2025 14:32:20 | root / root | 0644 | |
