Is this a cpanel or fantastico exploit?

This is related to Fantastico, those URLs are not part of a base cPanel install.

 

OFAC restrictions on exports are found here: http://www.ustreas.gov/offices/enforcement/ofac/programs/index.shtml

We police our license base for servers in restricted countries. However, because an individual is from a restricted country and has access to a cPanel interface does not mean that they are the server or license owner.