Good find, read also: http://safeweb.norton.com/report/show?name=200.63.97.55
Recorded attack was for included: .:/usr/lib/php:/usr/local/lib/php
due to this exploit: http://www.exploit-db.com/exploits/12192/
and via Joomla → http://forum.joomla.org/viewtopic.php?f=621&t=706027
Sucuri → htxp://v5k45.ru/9o35drIVs8LH09Gn21eAVla3I2FKmOOLF/BsfCZqY3e2BIVFsJnUlKHmiKU42FK2dT3D.php
→ The address you entered is unnecessarily exposing the following response headers which divulge its choice of web platform:
- Server: nginx/0.7.67
- X-Powered-By: PHP/5.2.17
→ It looks like a cookie is being set without the “HttpOnly” flag being set (name : value): 1. cookie_fid : 5412
→ It doesn’t look like an X-Frame-Options header was returned from the server which means that this website could be at risk of a clickjacking attack
Also consider: https://www.virustotal.com/en/ip-address/200.63.97.55/information/
polonus
pol