Site I’d rather see blocked, read on in thread,
polonus
Site I’d rather see blocked, read on in thread,
polonus
See: https://www.virustotal.com/nl/url/48bc9a1b6e6751de9a5773711fa7592f061960846c8fefdc548a6857e64448cd/analysis/1410703673/
and
https://www.virustotal.com/nl/file/3499cc14392c89a2ce53ba7d32cca78f2099a5562db842dedcf999e6e416b254/analysis/1410648852/
Rather new code, but site compromised: Web application details:
Running cPanel 11.44.1.18: roller.urafaget dot com:2082
Outdated Web Server Nginx Found: nginx/1.4.4 via 1.1 varnish
External code link flagged twice: https://www.virustotal.com/nl/file/d4e07a3f913cbbf986185db32bfe97bb4e69be9cdace757b69da4d1922f5b2b4/analysis/
Sucuri flags: http://sitecheck.sucuri.net/results/roller.urafaget.com
Errors: Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
So definitely a site I’d rather see blocked,
polonus
Sophos detection is correct
https://www.virustotal.com/en/url/48bc9a1b6e6751de9a5773711fa7592f061960846c8fefdc548a6857e64448cd/analysis/
Norman lab added detection for php and html file
Files:
seek.php: FBScam.B
roller.urafaget.com.htm: Fbjack.S