Where we found it? hxtps://www.bun.nl/test/php/test.html *
So we looked at other domains on that IP: https://www.shodan.io/host/173.249.55.80
Re: https://www.virustotal.com/gui/domain/zalkerbroek.festago.nl/detection
Consider: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=enxsa3t9Yn1de2suZntzdHxnXS5ubGBgdHtzdGBwaHBgdHtzdC5odG1s~enc
Neither does Sucuri’s firewall flag it: https://sitecheck.sucuri.net/results/https/zalkerbroek.festago.nl//test/php/test.html
4 retirable libraries detected: https://retire.insecurity.today/#!/scan/a953ac6f2598869dbfa7bd19b39db64032131f07497b7f0e7661761f73d77a9b
Linting scan results: https://webhint.io/scanner/ec148de8-ce1d-48f6-9343-23649c6aea2a
Re: https://help.shodan.io/data-analysis/tracking-hacked-websites
(just on queries like this one: -/test/php/test.html, when not removed from the server- a self-induced PHP plesklin flaw )
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)