PATH:
home
/
shotlining
----------- SCAN REPORT ----------- TimeStamp: Thu, 26 Mar 2026 14:38:55 -0400 (/usr/sbin/cxs --background --clamdsock /var/clamd --dbreport --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 50000 --noforce --html --ignore /etc/cxs/cxs.ignore.manual --options mMOLfSGchexdnwZDRru --noprobability --qoptions Mv --report /home/shotlining/scanreport-shotlining-Mar_26_2026_14h38m.txt --sizemax 1000000 --ssl --summary --sversionscan --timemax 30 --unofficial --user shotlining --virusscan --vmrssmax 2000000 --waitscan 0 --xtra /etc/cxs/cxs.xtra.manual) Scanning /home/shotlining: '/home/shotlining/bin/ssl-manager' # Linux Binary/Executable [application/x-executable] '/home/shotlining/portal.shotlining.com/images/images/images/images/cpFYGtXPTLv.tif' # Suspicious image file (hidden script file) '/home/shotlining/portal.shotlining.com/wp-admin/css/colors/midnight/midnight/uam.jpg' # Suspicious image file (hidden script file) '/home/shotlining/portal.shotlining.com/wp-content/mu-plugins/guard-404-e7c2705ed0.php' # Universal decode regex match = [universal decoder] '/home/shotlining/portal.shotlining.com/wp-content/plugins/akismet/_inc/img/logo-qsnqsonpp.png' # Suspicious image file (hidden script file) # Universal decode regex match = [universal decoder] '/home/shotlining/portal.shotlining.com/wp-content/plugins/fluent-smtp/includes/libs/google-api-client/build/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571k1.php' # Universal decode regex match = [universal decoder] '/home/shotlining/portal.shotlining.com/wp-content/plugins/fluent-smtp/includes/libs/google-api-client/build/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Curves/sect571r1.php' # Universal decode regex match = [universal decoder] '/home/shotlining/portal.shotlining.com/wp-content/plugins/rgfhopass2025/adminer.php' # Script version check [OLD] [Adminer v4.7.8 < v5.3.0] '/home/shotlining/portal.shotlining.com/wp-content/plugins/ssl-manager/bin/autossl-satellite' # Linux Binary/Executable [application/x-executable] '/home/shotlining/portal.shotlining.com/wp-content/plugins/ssl-manager/includes/admin-page.php' # Universal decode regex match = [universal decoder] '/home/shotlining/portal.shotlining.com/wp-content/plugins/ssl-manager/includes/report-page.php' # Universal decode regex match = [universal decoder] # Scan Timeout (30 secs) while processing: '/home/shotlining/portal.shotlining.com/wp-content/plugins/watcher-malware-premium/assets/images/voaflaectous.png' '/home/shotlining/portal.shotlining.com/wp-content/plugins/woocommerce/includes/admin/class-wc-admin-menus.php' # Universal decode regex match = [universal decoder] '/home/shotlining/portal.shotlining.com/wp-content/plugins/woocommerce/src/Internal/Admin/Settings/PaymentsController.php' # Universal decode regex match = [universal decoder] '/home/shotlining/portal.shotlining.com/wp-content/plugins/woocommerce/vendor/maxmind-db/reader/ext/maxminddb.c' # Suspicious file type [application/x-c] '/home/shotlining/portal.shotlining.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clike/index.html' # Suspicious file type [application/x-c] # Scan Timeout (30 secs) while processing: '/home/shotlining/portal.shotlining.com/wp-content/themes/fabrik/samples/layerslider/sample_sliders.txt' '/home/shotlining/portal.shotlining.com/wp-content/themes/fabrik/vamtam/admin/helpers/updates/index.php' # Universal decode regex match = [universal decoder] # (decoded file [advanced decoder: 14 (depth: 12)]) Known exploit = [Fingerprint Match (fp)] [Hacker sig Exploit [P2092]] '/home/shotlining/portal.shotlining.com/wp-includes/Text/Diff/Engine/qsnqsonpp.ttf' # Universal decode regex match = [universal decoder] '/home/shotlining/portal.shotlining.com/wp-includes/blocks/cover/style-rel.css' # Universal decode regex match = [universal decoder] '/home/shotlining/portal.shotlining.com/wp-includes/images/w-dfadfbacc.gif' # Suspicious image file (hidden script file) # Universal decode regex match = [universal decoder] '/home/shotlining/portal.shotlining.com/wp-includes/images/wpspin-1x.gif' # Suspicious image file (hidden script file) '/home/shotlining/portal.shotlining.com/wp-includes/images/xit-3x.gif' # Suspicious image file (hidden script file) '/home/shotlining/portal.shotlining.com/wp-includes/images/media/dfadfbacc.png' # Suspicious image file (hidden script file) # Universal decode regex match = [universal decoder] '/home/shotlining/public_html/wp-content/plugins/cookie-law-info/lite/admin/class-admin.php' # Universal decode regex match = [universal decoder] '/home/shotlining/public_html/wp-content/plugins/filester/includes/File_manager/FileManager.php' # Universal decode regex match = [universal decoder] '/home/shotlining/public_html/wp-content/plugins/litespeed-cache/tpl/banner/jquery3/index.php' # ClamAV detected virus = [TO-41941.WEBSHEL.nc_item_notags_php.MD5-add085933419e1d402b7409fc184fa9a.size-103.UNOFFICIAL] '/home/shotlining/public_html/wp-content/plugins/litespeed-cache/tpl/toolbox/upgrades/index.php' # ClamAV detected virus = [TO-41941.WEBSHEL.nc_item_nocomment_php.MD5-add085933419e1d402b7409fc184fa9a.size-1677.UNOFFICIAL] '/home/shotlining/public_html/wp-content/plugins/userway-accessibility-widget/includes/notifications.php' # Universal decode regex match = [universal decoder] '/home/shotlining/public_html/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clike/index.html' # Suspicious file type [application/x-c] # Scan Timeout (30 secs) while processing: '/home/shotlining/public_html/wp-content/uploads/really-simple-ssl/4f85bae35a0e5152582e9024b6ecaff0/manifest.json' ----------- SCAN SUMMARY ----------- Scanned directories: 8306 Scanned files: 42183 Ignored items: 271 Suspicious matches: 32 Viruses found: 2 Fingerprint matches: 1 Data scanned: 8316.39 MB Scan peak memory: 396344 kB Scan time/item: 0.082 sec Scan time: 4145.560 sec
[+]
www
[+]
.cagefs
[+]
.softaculous
[+]
tmp
[-] .myimunify_id
[edit]
[-] .lastlogin
[edit]
[+]
..
[+]
logs
[+]
public_ftp
[-] .bash_history
[edit]
[+]
mail
[-] scanreport-shotlining-Mar_26_2026_14h38m.txt
[edit]
[+]
.htpasswds
[+]
etc
[+]
public_html
[+]
softaculous_backups
[+]
.ssl-manager
[+]
.trash
[-] .imunify_patch_id
[edit]
[+]
ssl
[+]
portal.shotlining.com
[+]
.caldav
[+]
.cpanel
[+]
bin
[+]
.spamassassin
[-] .last.inodes
[edit]
[+]
.cl.selector
[+]
wp_guard_backups