2017-05-28 00:18:22 cwd=/ 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1dEqas-002Q

1. 2017-05-28 00:18:22 cwd=/ 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1dEqas-002Qux-KK
2. 2017-05-28 00:18:22 1dEqas-002Qv9-OB <= <> R=1dEqas-002Qux-KK U=mailnull P=local S=2856 T="Mail delivery deferred: returning message to sender" for wordpress@bollywooduniverse.in
3. 2017-05-28 00:18:22 1dEqas-002Qux-KK => >wordpress@bollywooduniverse.in <arpitspidy123@gmail.com> R=check_mail_permissions T=address_reply
4. 2017-05-28 00:18:22 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1dEqas-002Qv9-OB
5. 2017-05-28 00:18:22 1dEqas-002Qv9-OB => bollywo9 <wordpress@bollywooduniverse.in> R=localuser T=dovecot_delivery C="250 2.0.0 <bollywo9@server.royalclouds.net> WTyQMJ5dKlkU1wgAMmS4gA Saved"
6. 2017-05-28 00:18:22 1dEqas-002Qv9-OB Completed
7. 2017-05-28 00:18:22 1dEqas-002Qug-H1 ** arpit21011994@gmail.com R=lookuphost T=remote_smtp H=gmail-smtp-in.l.google.com [64.233.160.27] X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=yes: SMTP error from remote mail server after end of da$
8. 2017-05-28 00:18:22 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1dEqas-002Qug-H1
9. 2017-05-28 00:18:22 1dEqas-002QvG-To <= <> R=1dEqas-002Qug-H1 U=mailnull P=local S=3963 T="Mail delivery failed: returning message to sender" for bollywo9@server.royalclouds.net
10. 2017-05-28 00:18:22 1dEqas-002Qug-H1 Completed
11. 2017-05-28 00:18:22 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1dEqas-002QvG-To
12. 2017-05-28 00:18:22 1dEqas-002QvG-To => bollywo9 <bollywo9@server.royalclouds.net> R=localuser T=dovecot_delivery C="250 2.0.0 <bollywo9@server.royalclouds.net> XTyQMJ5dKlkU1wgAMmS4gA Saved"
13. 2017-05-28 00:18:22 1dEqas-002QvG-To Completed
14. 2017-05-28 00:19:01 cwd=/home/botcf 9 args: /usr/sbin/sendmail -FCronDaemon -i -odi -oem -oi -t -f botcf
15. 2017-05-28 00:19:01 1dEqbV-002R8z-Cz <= botcf@server.royalclouds.net U=botcf P=local S=839 T="Cron <botcf@server> /usr/bin/php -q /home/botcf/public_html/value.php" for botcf
16. 2017-05-28 00:19:01 cwd=/var/spool/exim 4 args: /usr/sbin/exim -odi -Mc 1dEqbV-002R8z-Cz
17. 2017-05-28 00:19:01 1dEqbV-002R8z-Cz => botcf <botcf@server.royalclouds.net> R=localuser T=dovecot_delivery C="250 2.0.0 <botcf@server.royalclouds.net> uXXnHMVdKll6sggAMmS4gA Saved"
18. 2017-05-28 00:19:01 1dEqbV-002R8z-Cz Completed
19. 2017-05-28 00:19:14 SMTP connection from [127.0.0.1]:33768 (TCP/IP connection count = 1)
20. 2017-05-28 00:19:14 SMTP connection from (localhost) [127.0.0.1]:33768 closed by QUIT
21. 2017-05-28 00:19:32 SMTP connection from [158.69.181.106]:60213 (TCP/IP connection count = 1)
22. 2017-05-28 00:19:52 SMTP connection from mta16.phoenix-local-live.com [158.69.181.106]:60213 closed by QUIT
23. 2017-05-28 00:20:01 cwd=/home/hotblink 9 args: /usr/sbin/sendmail -FCronDaemon -i -odi -oem -oi -t -f hotblink
24. 2017-05-28 00:20:01 cwd=/home/tollynew 9 args: /usr/sbin/sendmail -FCronDaemon -i -odi -oem -oi -t -f tollynew
25. 2017-05-28 00:20:01 1dEqcT-002RX5-OH <= hotblink@server.royalclouds.net U=hotblink P=local S=922 T="Cron <hotblink@server> AGRAHUT.COM/pub/cron.php" for hotblink
26. 2017-05-28 00:20:01 cwd=/var/spool/exim 4 args: /usr/sbin/exim -odi -Mc 1dEqcT-002RX5-OH
27. 2017-05-28 00:20:01 1dEqcT-002RX5-OH => hotblink <hotblink@server.royalclouds.net> R=localuser T=dovecot_delivery C="250 2.0.0 <hotblink@server.royalclouds.net> qZZjMAFeKll6sggAMmS4gA Saved"
28. 2017-05-28 00:20:01 1dEqcT-002RX5-OH Completed
29. 2017-05-28 00:20:01 cwd=/home/botcf 9 args: /usr/sbin/sendmail -FCronDaemon -i -odi -oem -oi -t -f botcf
30. 2017-05-28 00:20:01 1dEqcT-002RYT-RQ <= botcf@server.royalclouds.net U=botcf P=local S=839 T="Cron <botcf@server> /usr/bin/php -q /home/botcf/public_html/value.php" for botcf
31. 2017-05-28 00:20:01 cwd=/var/spool/exim 4 args: /usr/sbin/exim -odi -Mc 1dEqcT-002RYT-RQ
32. 2017-05-28 00:20:01 1dEqcT-002RXB-Tm <= tollynew@server.royalclouds.net U=tollynew P=local S=1320 T="Cron <tollynew@server> wget http://videoreel.in/index.php/post/facebook_bot -O /dev/null" for tollynew
33. 2017-05-28 00:20:01 cwd=/var/spool/exim 4 args: /usr/sbin/exim -odi -Mc 1dEqcT-002RXB-Tm
34. 2017-05-28 00:20:02 1dEqcT-002RYT-RQ => botcf <botcf@server.royalclouds.net> R=localuser T=dovecot_delivery C="250 2.0.0 <botcf@server.royalclouds.net> rZZjMAFeKll6sggAMmS4gA Saved"
35. 2017-05-28 00:20:02 1dEqcT-002RYT-RQ Completed
36. 2017-05-28 00:20:02 1dEqcT-002RXB-Tm => tollynew <tollynew@server.royalclouds.net> R=localuser T=dovecot_delivery C="250 2.0.0 <tollynew@server.royalclouds.net> fC/4OQFeKlnN4wgAMmS4gA Saved"
37. 2017-05-28 00:20:02 1dEqcT-002RXB-Tm Completed
38. 2017-05-28 00:20:02 cwd=/home/royalcl1 9 args: /usr/sbin/sendmail -FCronDaemon -i -odi -oem -oi -t -f royalcl1
39. 2017-05-28 00:20:02 1dEqcU-002RZk-A0 <= royalcl1@server.royalclouds.net U=royalcl1 P=local S=924 T="Cron <royalcl1@server> php -q /home/royalcl1/whmcsdata1/crons/pipe.php" for royalclouds@yandex.com
40. 2017-05-28 00:20:02 cwd=/var/spool/exim 4 args: /usr/sbin/exim -odi -Mc 1dEqcU-002RZk-A0
41. 2017-05-28 00:20:02 1dEqcU-002RZk-A0 SMTP connection outbound 1495948802 1dEqcU-002RZk-A0 royalclouds.net royalclouds@yandex.com
42. 2017-05-28 00:20:05 1dEqcU-002RZk-A0 => royalclouds@yandex.com R=lookuphost T=remote_smtp H=mx.yandex.ru [93.158.134.89] X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=yes C="250 2.0.0 Ok: queued on mxfront4h.mail.yandex.net as 1495948804$
43. 2017-05-28 00:20:05 1dEqcU-002RZk-A0 Completed
44. 2017-05-28 00:20:06 cwd=/etc/csf 2 args: /usr/sbin/exim -bpc
45. 2017-05-28 00:20:06 cwd=/etc/csf 4 args: /usr/sbin/sendmail -f root -t
46. 2017-05-28 00:20:06 1dEqcY-002RcU-Po <= root@server.royalclouds.net U=root P=local S=14848 T="lfd on server.royalclouds.net: Suspicious process running under user laishett" for root
47. 2017-05-28 00:20:06 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1dEqcY-002RcU-Po
48. 2017-05-28 00:20:08 1dEqcY-002RcU-Po => servers <root@server.royalclouds.net> R=virtual_user T=dovecot_virtual_delivery C="250 2.0.0 <servers@royalclouds.net> aWTmMwZeKlnN4wgAMmS4gA Saved"
49. 2017-05-28 00:20:08 1dEqcY-002RcU-Po Completed
50. 2017-05-28 00:21:01 cwd=/home/botcf 9 args: /usr/sbin/sendmail -FCronDaemon -i -odi -oem -oi -t -f botcf
51. 2017-05-28 00:21:01 1dEqdR-002Rxt-GZ <= botcf@server.royalclouds.net U=botcf P=local S=839 T="Cron <botcf@server> /usr/bin/php -q /home/botcf/public_html/value.php" for botcf
52. 2017-05-28 00:21:01 cwd=/var/spool/exim 4 args: /usr/sbin/exim -odi -Mc 1dEqdR-002Rxt-GZ
53. 2017-05-28 00:21:01 1dEqdR-002Rxt-GZ => botcf <botcf@server.royalclouds.net> R=localuser T=dovecot_delivery C="250 2.0.0 <botcf@server.royalclouds.net> KbXmIj1eKlnN4wgAMmS4gA Saved"
54. 2017-05-28 00:21:01 1dEqdR-002Rxt-GZ Completed
55. 2017-05-28 00:21:06 cwd=/etc/csf 4 args: /usr/sbin/sendmail -f root -t
56. 2017-05-28 00:21:06 1dEqdW-002S6d-TW <= root@server.royalclouds.net U=root P=local S=8926 T="lfd on server.royalclouds.net: Suspicious process running under user nobody" for root
57. 2017-05-28 00:21:06 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1dEqdW-002S6d-TW