We have enabled Proactive Defence Kill Mood in the Imunify360 security firewall in the server.
Proactive Defence module works as follows:
Imagine that there is a malicious insert in index.php code that can be used to gain access to the server. In this case, Proactive Defence in KILL mode will block the launch of this script and display this incident in the dashboard. (cPanel > Imunify360)
Further actions will be up to you - either clear the file from the code or delete it from the server permanently.