Unknown_html_RFI_shell malware on website...

Viruses and worms
1

See: https://www.virustotal.com/nl/url/17307aa4a0562cf730157ab3512f49e86da5ab598492cd7e13cd1785fc209bdc/analysis/1421074612/
Nothing detected here: http://urlquery.net/report.php?id=1421074746031
Outdated Web Server Nginx Found Vulnerabilities on nginx nginx/1.4.2
IP badness history: https://www.virustotal.com/nl/ip-address/94.242.252.44/information/
Re: IDS alert for 94.242.205.226 ET CNC Zeus Tracker Reported CnC Server group 25
Re: http://jsunpack.jeek.org/?report=f97c6090e016fb4a1ca14cb14a0f6672303ed23b
Potentially suspicious file: /js/cache/registration-6.3.4.js
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Too low entropy detected in string [[‘.('.');((){ =(){ ={};{:(){ .(().())},:(){ [().()]},:(,){=(||…).();.=;=},:(,){ =.()?.():.('')’]] of length 18334 which may point to obfuscation or shellcode.
Threat dump: View code http://www.uploady.com/#!/download/jiPilYEaiud/Z3XA2jY4w1D8HUGx
Threat dump MD5: D307356C1781B0F4D3AF58593567A1ED
File size[byte]: 41162
File type: ASCII
Page/File MD5: B4ED3F8827764368BC0B1D11BBB68E62
Scan duration[sec]: 1.746000

polonus