Attacked url: http://flashguru.se/
Attack type: Header hijacking (see http://ikyon.com/attack-types/ for description)
Attack detected Tue, 12 Feb 2013 01:10:45 +0000

Hijacking with http header 'Refresh', redirecting visitors to http://algerie-service.com/ads

HTTP headers sent:
HEAD / HTTP/1.1
Host: flashguru.se
Referer: http://www.google.com/search?q=flashguru.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 200 OK
Date: Tue, 12 Feb 2013 01:14:44 GMT
Server: Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_jk/1.2.32 mod_qos/9.68 mod_perl/2.0.5 Perl/v5.8.8
X-Powered-By: PHP/5.3.6
Refresh: 25; url="http://algerie-service.com/ads"
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: ab25073b7cdfd67a3de85bd0818c59db=18263789840e93537cd99c6daa3dff82; path=/
Connection: close
Content-Type: text/html

flashguru.se is on 81.93.152.95
ASN for 81.93.152.95: 29468
Abusix contact information: abuse@infracom.se (information only)
81.93.152.95 corresponds with srv02.cpanel.pin.se
Abuse.net does not have any reliable address for srv02.cpanel.pin.se
Found address in whois: abuse@infracom.se