Only Sophos to detect.

Site I’d rather see blocked, read on in thread,

polonus

See: https://www.virustotal.com/nl/url/48bc9a1b6e6751de9a5773711fa7592f061960846c8fefdc548a6857e64448cd/analysis/1410703673/
and
https://www.virustotal.com/nl/file/3499cc14392c89a2ce53ba7d32cca78f2099a5562db842dedcf999e6e416b254/analysis/1410648852/
Rather new code, but site compromised: Web application details:
Running cPanel 11.44.1.18: roller.urafaget dot com:2082
Outdated Web Server Nginx Found: nginx/1.4.4 via 1.1 varnish
External code link flagged twice: https://www.virustotal.com/nl/file/d4e07a3f913cbbf986185db32bfe97bb4e69be9cdace757b69da4d1922f5b2b4/analysis/
Sucuri flags: http://sitecheck.sucuri.net/results/roller.urafaget.com

Errors: Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.


Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Server at roller.urafaget dot com Port 80 response because of attack code header info proliferation vulnerability
Site has referer=lokhlp dot com/AdBlock.php detection. WOT does not particularly fancy that: http://onlinelinkscan.com/results/lokhlp-comdisable_adblock-php/
Code link to this bad web rep site: http://www.webutations.info/go/review/cpagrip.com?req=chrome

So definitely a site I’d rather see blocked,

polonus

Sophos detection is correct
https://www.virustotal.com/en/url/48bc9a1b6e6751de9a5773711fa7592f061960846c8fefdc548a6857e64448cd/analysis/

Norman lab added detection for php and html file
Files:
seek.php: FBScam.B
roller.urafaget.com.htm: Fbjack.S