What is 4price3.php?

Created 19th August 2023
Updated 19th August 2023

4price.php is a webshell and collection of miscellaneous tools that gets deployed onto compromised servers.

It's sold by a spam and bot marketplace and its mainly used to control the server its deployed on for the needs of whatever the attacker has: usually botting and spamming. If you have found this request in your logs, then, verify the file doesn't exist. If it does exist then that may indicate other security vulnerabilities and persistence methods at play. You should seek expert advice in taking the server offline, restoring from a last known good backup, apply patches and solve any web application vulnerabilities that may have lead to the compromise, and validate the server and application are secure.

---

References

1. Facebook. (n.d.). Arab Bitcoin Community Facebook Group. Retrieved August 19, 2023, from https://www.facebook.com/groups/ArabBitcoinComunity/
2. 4Price Login Page: 4Price. (n.d.). Login. Retrieved August 19, 2023, from https://4price.sk/login
3. FreshTools: FreshTools. (n.d.). FreshTools. Retrieved August 19, 2023, from https://freshtools.4price.sk/

---

Other known request paths

1. 4pric.php
2. 4price.php
3. 4pricemailer.php
4. 4price3.php