See: htxp://en.wordpress.com/tag/dormring1/ landing here: htxp://wir-sprechen-online.com/2009/10/09/dormring1-click-fraud-evolves/
heuristics do not look good. Anyone to comment?
Misused server on that IP?
History of Trojan.Crypt.Delf.E, unknown exe or probably unknown NewHeur_PE?
polonus
Found this: http://adamdempsey.com/2012/08/fun-and-unusual-http-response-headers/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 09 Oct 2012 18:38:30 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 09 Oct 2012 18:36:02 GMT
Cache-Control: max-age=1052, must-revalidate
X-nananana: Batcache
Vary: Cookie
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
polonus