Mr.X

Malicious script running from this account 24-10-24

techbus+ 2984128  0.0  0.0  10116  1252 ?        S    Oct23   0:00 sh -c /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/Namespace > /dev/null 2>&1
techbus+ 2984129  0.0  0.0    172     4 ?        S    Oct23   0:00  \_ /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/Namespace
techbus+ 3110178  0.0  0.0  10116  1348 ?        S    Oct23   0:00 sh -c /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/forms_setup > /dev/null 2>&1
techbus+ 3110179  0.0  0.0    172     4 ?        S    Oct23   0:00  \_ /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/forms_setup
techbus+ 3139491  0.0  0.0  10116  1320 ?        S    Oct23   0:00 sh -c /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/edit_groups > /dev/null 2>&1
techbus+ 3139492  0.0  0.0    172     4 ?        S    Oct23   0:00  \_ /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/edit_groups
techbus+ 3216013  0.0  0.0  10116  1388 ?        S    00:02   0:00 sh -c /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/encrypt.inc > /dev/null 2>&1
techbus+ 3216014  0.0  0.0    172     4 ?        S    00:02   0:00  \_ /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/encrypt.inc
techbus+ 3347254  0.0  0.0  10116  1244 ?        S    00:38   0:00 sh -c /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/cust_report04 > /dev/null 2>&1
techbus+ 3347255  0.0  0.0    172     4 ?        S    00:38   0:00  \_ /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/cust_report04
techbus+ 3375696  0.0  0.0  10116  1432 ?        S    00:48   0:00 sh -c /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/forms_setup > /dev/null 2>&1
techbus+ 3375697  0.0  0.0    172     4 ?        S    00:48   0:00  \_ /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/forms_setup
techbus+ 3410185  0.0  0.0  10116  1244 ?        S    00:54   0:00 sh -c /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/edit_groups > /dev/null 2>&1
techbus+ 3410186  0.0  0.0    172     4 ?        S    00:54   0:00  \_ /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/edit_groups
techbus+ 3417512  0.0  0.0  10116  1316 ?        S    00:58   0:00 sh -c /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/adminmenu > /dev/null 2>&1
techbus+ 3417513  0.0  0.0    172     4 ?        S    00:58   0:00  \_ /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/adminmenu
techbus+ 3492413  0.0  0.0  10116  1428 ?        S    01:19   0:00 sh -c /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/encrypt.inc > /dev/null 2>&1
techbus+ 3492414  0.0  0.0    172     4 ?        S    01:19   0:00  \_ /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/encrypt.inc
techbus+ 3591385  0.0  0.0  10116  1340 ?        S    01:41   0:00 sh -c /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/class.history > /dev/null 2>&1
techbus+ 3591386  0.0  0.0    172     4 ?        S    01:41   0:00  \_ /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/class.history
techbus+ 3610101  0.0  0.0  10116  1228 ?        S    01:47   0:00 sh -c /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/cust_report04 > /dev/null 2>&1
techbus+ 3610102  0.0  0.0    172     4 ?        S    01:47   0:00  \_ /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/cust_report04
techbus+ 3735789  0.0  0.0  10116  1228 ?        S    02:18   0:00 sh -c /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/forms_setup > /dev/null 2>&1
techbus+ 3735790  0.0  0.0    172     4 ?        S    02:18   0:00  \_ /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/forms_setup
techbus+ 3756843  0.0  0.0  10116  1424 ?        S    02:26   0:00 sh -c /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/edit_groups > /dev/null 2>&1
techbus+ 3756844  0.0  0.0    172     4 ?        S    02:26   0:00  \_ /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/edit_groups
techbus+ 3770520  0.0  0.0  10116  1356 ?        S    02:32   0:00 sh -c /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/adminmenu > /dev/null 2>&1
techbus+ 3770521  0.0  0.0    172     4 ?        S    02:32   0:00  \_ /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/adminmenu
techbus+ 3811000  0.0  0.0  10116  3012 ?        S    02:48   0:00 sh -c /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/encrypt.inc > /dev/null 2>&1
techbus+ 3811001  0.0  0.0    172     4 ?        S    02:48   0:00  \_ /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/encrypt.inc
techbus+ 3895956  0.0  0.0  10116  1268 ?        S    03:18   0:00 sh -c /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/cust_report04 > /dev/null 2>&1
techbus+ 3895957  0.0  0.0    172     4 ?        S    03:18   0:00  \_ /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/cust_report04
techbus+ 3912055  0.0  0.0  10116  1336 ?        S    03:22   0:00 sh -c /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/class.history > /dev/null 2>&1
techbus+ 3912056  0.0  0.0    172     4 ?        S    03:22   0:00  \_ /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/class.history
techbus+ 3982036  0.0  0.0  10116  1244 ?        S    03:48   0:00 sh -c /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/forms_setup > /dev/null 2>&1
techbus+ 3982037  0.0  0.0    172     4 ?        S    03:48   0:00  \_ /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/forms_setup
techbus+ 3997753  0.0  0.0  10116  2928 ?        S    03:54   0:00 sh -c /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/edit_groups > /dev/null 2>&1
techbus+ 3997757  0.0  0.0    172     4 ?        S    03:54   0:00  \_ /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/edit_groups






Malicious script rungnin from this account 21-10-24

techbus+  663735  0.0  0.0 513968 28564 ?        S    00:46   0:00  |   \_ /opt/cpanel/ea-php81/root/usr/bin/php-cgi /home/techbusinessbrai/public_html/access.techbusinessbrain.au/index.php
techbus+  663736  0.0  0.0  10116  1212 ?        S    00:46   0:00  |       \_ sh -c /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/config.image > /de
techbus+  663737  0.0  0.0    172     4 ?        S    00:46   0:00  |           \_ /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/config.image
nobody    804900  0.0  0.2 614128 276752 ?       S    01:50   0:00  \_ /usr/sbin/httpd -k start
techbus+  806667  0.0  0.0 513968 28540 ?        S    01:50   0:00  |   \_ /opt/cpanel/ea-php81/root/usr/bin/php-cgi /home/techbusinessbrai/public_html/access.techbusinessbrain.au/index.php
techbus+  806670  0.0  0.0  10116  1348 ?        S    01:50   0:00  |       \_ sh -c /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/edit_categories >
techbus+  806671  0.0  0.0    172     4 ?        S    01:50   0:00  |           \_ /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/edit_categories
nobody    856826  0.0  0.4 912980 577116 ?       S    02:22   0:01  \_ /usr/sbin/httpd -k start
techbus+  871868  0.0  0.0 513968 28632 ?        S    02:32   0:00  |   \_ /opt/cpanel/ea-php81/root/usr/bin/php-cgi /home/techbusinessbrai/public_html/access.techbusinessbrain.au/index.php
techbus+  871870  0.0  0.0  10116  1232 ?        S    02:32   0:00  |       \_ sh -c /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/config.image > /de
techbus+  871871  0.0  0.0    172     4 ?        S    02:32   0:00  |           \_ /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/config.image
nobody    896886  0.0  0.2 614640 278312 ?       S    02:47   0:00  \_ /usr/sbin/httpd -k start
techbus+  899518  0.0  0.0 513968 28616 ?        S    02:48   0:00  |   \_ /opt/cpanel/ea-php81/root/usr/bin/php-cgi /home/techbusinessbrai/public_html/access.techbusinessbrain.au/index.php
techbus+  899523  0.0  0.0  10116  1332 ?        S    02:48   0:00  |       \_ sh -c /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/filetempo > /dev/n
techbus+  899524  0.0  0.0    172     4 ?        S    02:48   0:00  |           \_ /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/filetempo
nobody    998649  0.0  0.2 614100 277384 ?       S    03:48   0:00  \_ /usr/sbin/httpd -k start
techbus+  999743  0.0  0.0 513968 28620 ?        S    03:49   0:00  |   \_ /opt/cpanel/ea-php81/root/usr/bin/php-cgi /home/techbusinessbrai/public_html/access.techbusinessbrain.au/index.php
techbus+  999745  0.0  0.0  10116  1260 ?        S    03:49   0:00  |       \_ sh -c /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/livehelp_step2 > /
techbus+  999746  0.0  0.0    172     4 ?        S    03:49   0:00  |           \_ /home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/plugins/js_composer/assets/css/lib/typicons/src/font/livehelp_step2


malicious files in below folders

/home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/motov4-formbuilder/admin/autoresponder/subscriber/SendReach/MailWizzApi/Cache/data/db/
/home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/motov4-formbuilder/admin/autoresponder/subscriber/SendReach/MailWizzApi/Cache/data/
/home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/motov4-formbuilder/admin/autoresponder/subscriber/SendReach/MailWizzApi/Cache/data/db
/home/techbusinessbrai/public_html/access.techbusinessbrain.au/wp-content/motov4-formbuilder/admin/autoresponder/subscriber/SendReach/MailWizzApi/Cache/data/
Name	Type	Size	Permission
.caldav	Folder		0755
.cpanel	Folder		0700
.htpasswds	Folder		0750
.koality	Folder		0755
.softaculous	Folder		0711
.spamassassin	Folder		0700
.subaccounts	Folder		0700
.trash	Folder		0700
.wp-cli	Folder		0755
access-logs	Folder		0750
bin	Folder		0755
etc	Folder		0750
logs	Folder		0700
mail	Folder		0751
php	Folder		0755
public_ftp	Folder		0750
public_html	Folder		0750
softaculous_backups	Folder		0711
ssl	Folder		0755
tmp	Folder		0755
wordpress-backups	Folder		0700
www	Folder		0750
.bash_logout	File	18 B	0644
.bash_profile	File	141 B	0644
.bashrc	File	376 B	0644
.htaccesz~	File	82 B	0644
.imunify_patch_id	File	106 B	0660
.lastlogin	File	588 B	0600
.myimunify_id	File	102 B	0660
.spamassassinboxenable	File	0 B	0644
.spamassassinenable	File	0 B	0644
.wp-toolkit-identifier	File	684 B	0600
log.txt	File	12.44 KB	0644
verifyRXh5SWJkc2VKa0tJcjhpT01Yd3RHZz09867 (1).html	File	61 B	0644
Upload:

Command:

Filemanager

Server Info

System Info

User Info
