Obviously, your server is NOT secure!
IMMEDIATELY change your cPanel and FTP passwords to something strong (http://strongpasswordgenerator.com has good hints and can generate near-impossible-to-crack passwords for you but be sure to use at least 11 characters which include both cases, digits and special characters - spaces, too, if permitted by your host) THEN DELETE all your files and only then, upload to refresh. If you're using databases, dump EVERYTHING and look through it for a table which doesn't belong and inappropriate values in the table fields (especially for login records).
FWIW, 18.104.22.168 resolves to hu3.hostutopia.net. If that's not you, then they are the ones hacking you (report them to your local police and your host with a DEMAND that they pursue the hacker, too). If that IS you, look for the scrp.php file and see what that's sending to the hacker.