Säkrare hemsida med .sehttp://landsbygdskraft.se/ (93.188.2.52) - Serp-hijackingAttacked url: http://landsbygdskraft.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 19 Oct 2018 16:02:18 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: landsbygdskraft.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Fri, 19 Oct 2018 14:02:18 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Vary: Cookie <br>X-Pingback: http://landsbygdskraft.se/xmlrpc.php <br>X-Loopia-Node: 172.22.223.76 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: landsbygdskraft.se <br>Referer: http://www.google.com/search?q=landsbygdskraft.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Fri, 19 Oct 2018 14:02:18 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.76<br><br>landsbygdskraft.se is on 93.188.2.52<br>ASN for 93.188.2.52: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.52 corresponds with webfront2.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1539959646http://adventure-academy.se/ (192.185.85.61) - Serp-hijackingAttacked url: http://adventure-academy.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 19 Oct 2018 09:43:16 +0200<br><br>Visitors with referer are redirected to http://universalic.info/api/redirect?offerid=47&amp;sourceid=5197&amp;landingid=356&amp;subid_1=Alpha <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: adventure-academy.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx/1.14.0 <br>Date: Fri, 19 Oct 2018 07:43:28 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Pragma: no-cache <br>Expires: Wed, 11 Jan 1984 05:00:00 GMT <br>Cache-Control: no-cache, must-revalidate, max-age=0 <br>Set-Cookie: visits=1539935006; expires=Tue, 19-Jan-2038 03:14:07 GMT <br>Set-Cookie: PHPSESSID=cc8a5f3edb86fddd6e9fbf1169a9b328; path=/ <br>Location: http://www.adventure-academy.se/ <br>X-Endurance-Cache-Level: 2 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: adventure-academy.se <br>Referer: http://www.google.com/search?q=adventure-academy.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Server: nginx/1.14.0 <br>Date: Fri, 19 Oct 2018 07:43:25 GMT <br>Content-Type: text/html; charset=utf-8 <br>Connection: close <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>Set-Cookie: visits=1539935005; expires=Tue, 19-Jan-2038 03:14:07 GMT <br>Set-Cookie: PHPSESSID=f7806d91a1d179891413fc85218370c6; path=/ <br>Set-Cookie: e855537258ac5146b4895e5e719d4ab79dcbc0be=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE0XCI6MTUzOTkzNDk3MX0sXCJjYW1wYWlnbnNcIjp7XCIxXCI6MTUzOTkzNDk3MX0sXCJ0aW1lXCI6MTUzOTkzNDk3MX0ifQ.KuQsubAk-ULkV6Q0kEnlLGWRSfPPTHHYGk6xkqNzbTM; expires=Sat, 20-Oct-2018 07:43:25 GMT; path=/; domain=.adventure-academy.se <br>Location: http://universalic.info/api/redirect?offerid=47&amp;sourceid=5197&amp;landingid=356&amp;subid_1=Alpha <br>X-Endurance-Cache-Level: 2<br><br>adventure-academy.se is on 192.185.85.61<br>ASN for 192.185.85.61: 20013<br>Abusix contact information: ipadmin@websitewelcome.com (information only)<br>192.185.85.61 corresponds with 192-185-85-61.unifiedlayer.com<br>Abuse.net has 1 reliable address(es) for unifiedlayer.com<br>Found address(es): abuse@unifiedlayer.com1539958690http://syf.nu/ (212.97.132.153) - Serp-hijackingAttacked url: http://syf.nu/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 19 Oct 2018 07:30:34 +0200<br><br>Visitors with referer are redirected to http://www.swogo.com/wp-content/uploads/Scan327.zip <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: syf.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>X-Powered-By: PHP/5.6.36 <br>X-Pingback: http://syf.nu/xmlrpc.php <br>Content-Type: text/html; charset=UTF-8 <br>Date: Fri, 19 Oct 2018 05:30:34 GMT <br>Accept-Ranges: bytes <br>Server: LiteSpeed <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: syf.nu <br>Referer: http://www.google.com/search?q=syf.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Fri, 19 Oct 2018 05:30:34 GMT <br>Accept-Ranges: bytes <br>Server: LiteSpeed <br>Location: http://www.swogo.com/wp-content/uploads/Scan327.zip <br>Connection: close<br><br>syf.nu is on 212.97.132.153<br>ASN for 212.97.132.153: 9120<br>Abusix contact information: abuse@surftown.com (information only)<br>212.97.132.153 corresponds with ws50.surf-town.net<br>Abuse.net has 2 reliable address(es) for surf-town.net<br>Found address(es): abuse@surf-town.net abuse@cohaesio.com1539958476http://dev.crescent.se/ (195.74.38.117) - Serp-hijackingAttacked url: http://dev.crescent.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 19 Oct 2018 05:32:10 +0200<br><br>Visitors with referer are redirected to http://www.cheapshop123.com/cheap1.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Fri, 19 Oct 2018 03:32:20 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=nlj94hpg0rdg1ojcg95a9ohhc4; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Referer: http://www.google.com/search?q=dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Fri, 19 Oct 2018 03:32:17 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=ikcno48e7pkdqb99671thbvjr0; path=/ <br>Location: http://www.cheapshop123.com/cheap1.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>dev.crescent.se is on 195.74.38.117<br>ASN for 195.74.38.117: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.117 corresponds with cl-17.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1539958170http://pvi.karolinanorstrom.se/ (52.58.78.16) - Serp-hijackingAttacked url: http://pvi.karolinanorstrom.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 18 Oct 2018 20:29:31 +0200<br><br>Visitors with referer are redirected to http://karolinanorstrom.se <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: pvi.karolinanorstrom.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 503 Service Temporarily Unavailable <br>Server: openresty/1.13.6.2 <br>Date: Thu, 18 Oct 2018 18:29:30 GMT <br>Content-Type: text/html <br>Content-Length: 219 <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: pvi.karolinanorstrom.se <br>Referer: http://www.google.com/search?q=pvi.karolinanorstrom.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: openresty/1.13.6.2 <br>Date: Thu, 18 Oct 2018 18:29:30 GMT <br>Content-Type: text/html; charset=utf-8 <br>Connection: close <br>X-Frame-Options: SAMEORIGIN <br>X-XSS-Protection: 1; mode=block <br>X-Content-Type-Options: nosniff <br>Location: http://karolinanorstrom.se <br>Cache-Control: no-cache <br>Set-Cookie: _undeveloped_session=VzYrcVl3ZXZMbkVkaUJhY0ZIcjU2ZlJQYXJ3MTNWVWgxVFNuZ1RNa0V1SEpyM1RJa0lyZjY1RHNIV2gvc3BTNDRLaktGNXBPT1hIWVNBYzdqa3dzRUkwZFg0Z29Bd09XMXRWalJpdFBSVmc9LS1FYzdCR0JHZE9KOU1yQnVhZ3p1bUJ3PT0%3D--9939c293e0dd7e2974d609d2e00c75cdd6de1ae0; path=/; HttpOnly <br>X-Request-Id: 3f365642-fba0-4c4e-9d33-e145c946c52b <br>X-Runtime: 0.003791<br><br>pvi.karolinanorstrom.se is on 52.58.78.16<br>ASN for 52.58.78.16: 16509<br>Abusix contact information: abuse@amazonaws.com (information only)<br>52.58.78.16 corresponds with ec2-52-58-78-16.eu-central-1.compute.amazonaws.com<br>Abuse.net has 1 reliable address(es) for amazonaws.com<br>Found address(es): abuse@amazonaws.com1539957414http://adventure-academy.se/ (192.185.85.61) - Serp-hijackingAttacked url: http://adventure-academy.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 18 Oct 2018 09:14:36 +0200<br><br>Visitors with referer are redirected to http://universalic.info/api/redirect?offerid=47&amp;sourceid=5197&amp;landingid=356&amp;subid_1=Alpha <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: adventure-academy.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx/1.14.0 <br>Date: Thu, 18 Oct 2018 07:14:47 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Pragma: no-cache <br>Expires: Wed, 11 Jan 1984 05:00:00 GMT <br>Cache-Control: no-cache, must-revalidate, max-age=0 <br>Set-Cookie: visits=1539846877; expires=Tue, 19-Jan-2038 03:14:07 GMT <br>Set-Cookie: PHPSESSID=7778a947c745ce9bcc78d1f1c319d047; path=/ <br>Location: http://www.adventure-academy.se/ <br>X-Endurance-Cache-Level: 2 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: adventure-academy.se <br>Referer: http://www.google.com/search?q=adventure-academy.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Server: nginx/1.14.0 <br>Date: Thu, 18 Oct 2018 07:14:36 GMT <br>Content-Type: text/html; charset=utf-8 <br>Connection: close <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>Set-Cookie: visits=1539846876; expires=Tue, 19-Jan-2038 03:14:07 GMT <br>Set-Cookie: PHPSESSID=3d2c04861147ba10966f301b4b0b541c; path=/ <br>Set-Cookie: e855537258ac5146b4895e5e719d4ab79dcbc0be=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE0XCI6MTUzOTg0Njg0MH0sXCJjYW1wYWlnbnNcIjp7XCIxXCI6MTUzOTg0Njg0MH0sXCJ0aW1lXCI6MTUzOTg0Njg0MH0ifQ.8TTCRZUdnNmgtcGoknyWNgVXpXNKTkhwJ7GB_o66L7E; expires=Fri, 19-Oct-2018 07:14:36 GMT; path=/; domain=.adventure-academy.se <br>Location: http://universalic.info/api/redirect?offerid=47&amp;sourceid=5197&amp;landingid=356&amp;subid_1=Alpha <br>X-Endurance-Cache-Level: 2<br><br>adventure-academy.se is on 192.185.85.61<br>ASN for 192.185.85.61: 20013<br>Abusix contact information: ipadmin@websitewelcome.com (information only)<br>192.185.85.61 corresponds with 192-185-85-61.unifiedlayer.com<br>Abuse.net has 1 reliable address(es) for unifiedlayer.com<br>Found address(es): abuse@unifiedlayer.com1539874159http://shineonyou.se/ (195.74.38.97) - Serp-hijackingAttacked url: http://shineonyou.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 17 Oct 2018 15:33:48 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Wed, 17 Oct 2018 13:34:00 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://shineonyou.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=ru46t9npbrv7ctq93a34hssho1; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Referer: http://www.google.com/search?q=shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Wed, 17 Oct 2018 13:33:45 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>shineonyou.se is on 195.74.38.97<br>ASN for 195.74.38.97: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.97 corresponds with cl-13.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1539862082http://zogg.se/ (93.188.2.52) - Serp-hijackingAttacked url: http://zogg.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 17 Oct 2018 12:06:36 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Wed, 17 Oct 2018 10:06:48 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Vary: Accept-Encoding,Cookie <br>Cache-Control: max-age=3, must-revalidate <br>WP-Super-Cache: Served supercache file from PHP <br>X-Loopia-Node: 172.22.223.70 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Wed, 17 Oct 2018 10:06:48 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.70<br><br>zogg.se is on 93.188.2.52<br>ASN for 93.188.2.52: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.52 corresponds with webfront2.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1539777527http://dev.crescent.se/ (195.74.38.117) - Serp-hijackingAttacked url: http://dev.crescent.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 16 Oct 2018 20:35:32 +0200<br><br>Visitors with referer are redirected to http://www.cheapshop123.com/cheap1.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 16 Oct 2018 18:35:42 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=tv0qkgri45gunms028d7810ul0; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Referer: http://www.google.com/search?q=dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 16 Oct 2018 18:35:40 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=l39sehn9vopg7i0v4med47n9p5; path=/ <br>Location: http://www.cheapshop123.com/cheap1.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>dev.crescent.se is on 195.74.38.117<br>ASN for 195.74.38.117: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.117 corresponds with cl-17.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1539777253http://aquelius.se/ (81.236.49.251) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://mtmoriahcogic.org/zk7qvbjh.php?id=14607427&quot;&gt;<br><br>Offensive url: http://mtmoriahcogic.org/zk7qvbjh.php?id=14607427<br>Url is blacklisted in Google Safe Browsing<br><br>aquelius.se is on 81.236.49.251<br>ASN for 81.236.49.251: 3301<br>Abusix contact information: abuse@telia.com (information only)<br>81.236.49.251 corresponds with lb-win.webhosting.telia.com<br>Abuse.net has 1 reliable address(es) for telia.com<br>Found address(es): abuse@telia.com1539601890http://shineonyou.se/ (195.74.38.97) - Serp-hijackingAttacked url: http://shineonyou.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Sun, 14 Oct 2018 22:40:47 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Sun, 14 Oct 2018 20:40:58 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://shineonyou.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=v1ep14d0u55uso5qi0leb1d4l6; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Referer: http://www.google.com/search?q=shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Sun, 14 Oct 2018 20:40:49 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>shineonyou.se is on 195.74.38.97<br>ASN for 195.74.38.97: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.97 corresponds with cl-13.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1539601543http://forlagetorda.se/ (93.188.2.53) - Serp-hijackingAttacked url: http://forlagetorda.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 12 Oct 2018 13:13:03 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: forlagetorda.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Fri, 12 Oct 2018 11:13:03 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Set-Cookie: PHPSESSID=a883643f8b8cfa53985a095bc8d8af15; path=/ <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://forlagetorda.se/xmlrpc.php <br>Link: &lt;http://forlagetorda.se/&gt;; rel=shortlink <br>X-Loopia-Node: 172.22.223.65 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: forlagetorda.se <br>Referer: http://www.google.com/search?q=forlagetorda.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Fri, 12 Oct 2018 11:13:02 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.65<br><br>forlagetorda.se is on 93.188.2.53<br>ASN for 93.188.2.53: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.53 corresponds with webfront3.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1539343603http://joopot.se/ (195.74.38.63) - Serp-hijackingAttacked url: http://joopot.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 12 Oct 2018 08:33:03 +0200<br><br>Visitors with referer are redirected to http://www.tatlitarifleri.tv/2670/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: joopot.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 403 Forbidden <br>Date: Fri, 12 Oct 2018 06:33:14 GMT <br>Server: Apache <br>Vary: accept-language,accept-charset <br>Accept-Ranges: bytes <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1 <br>Content-Language: en <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: joopot.se <br>Referer: http://www.google.com/search?q=joopot.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Fri, 12 Oct 2018 06:33:14 GMT <br>Server: Apache <br>Location: http://www.tatlitarifleri.tv/2670/ <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>joopot.se is on 195.74.38.63<br>ASN for 195.74.38.63: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.63 corresponds with cl-02.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1539343492http://dev.crescent.se/ (195.74.38.117) - Serp-hijackingAttacked url: http://dev.crescent.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 12 Oct 2018 00:09:07 +0200<br><br>Visitors with referer are redirected to http://www.cheapshop123.com/cheap1.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Thu, 11 Oct 2018 22:09:06 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=e27od8ktuehk5tto9pofsjr2j3; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Referer: http://www.google.com/search?q=dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Thu, 11 Oct 2018 22:09:01 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=ivt6ndag90r84qjfiurq550ic2; path=/ <br>Location: http://www.cheapshop123.com/cheap1.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>dev.crescent.se is on 195.74.38.117<br>ASN for 195.74.38.117: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.117 corresponds with cl-17.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1539343222http://pionbutiken.se/ (93.90.145.81) - Serp-hijackingAttacked url: http://pionbutiken.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 11 Oct 2018 19:53:07 +0200<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: pionbutiken.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 785 <br>Content-Type: text/html <br>ETag: &quot;&quot; <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDCARBTDQS=GFHFLKJDDCGHKJEKPEBKNABM; path=/ <br>X-Powered-By: ASP.NET <br>Date: Thu, 11 Oct 2018 17:53:18 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: pionbutiken.se <br>Referer: http://www.google.com/search?q=pionbutiken.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 150 <br>Content-Type: text/html <br>ETag: &quot;&quot; <br>Location: http://www.fapp.pw/app/se.php <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDCARBTDQS=FFHFLKJDADMFMEKINDNLGHJI; path=/ <br>X-Powered-By: ASP.NET <br>Date: Thu, 11 Oct 2018 17:53:18 GMT <br>Connection: close<br><br>pionbutiken.se is on 93.90.145.81<br>ASN for 93.90.145.81: 35041<br>Abusix contact information: abuse@levonline.com (information only)<br>93.90.145.81 corresponds with iis-01.crystone.se<br>Abuse.net has 2 reliable address(es) for crystone.se<br>Found address(es): abuse@crystone.se abuse@crystone.net1539343169http://brfakerholmen.se/ (195.74.38.130) - Serp-hijackingAttacked url: http://brfakerholmen.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 11 Oct 2018 15:12:34 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: brfakerholmen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Thu, 11 Oct 2018 13:12:45 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.38 <br>X-Pingback: http://www.brfakerholmen.se/xmlrpc.php <br>Location: http://www.brfakerholmen.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: brfakerholmen.se <br>Referer: http://www.google.com/search?q=brfakerholmen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Thu, 11 Oct 2018 13:12:35 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.38 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>brfakerholmen.se is on 195.74.38.130<br>ASN for 195.74.38.130: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.130 corresponds with cl-26.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1539343152http://shineonyou.se/ (195.74.38.97) - Serp-hijackingAttacked url: http://shineonyou.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 11 Oct 2018 13:17:14 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Thu, 11 Oct 2018 11:17:25 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://shineonyou.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=e9ddkk4jre9h4ucvmoglv93nf0; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Referer: http://www.google.com/search?q=shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Thu, 11 Oct 2018 11:17:14 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>shineonyou.se is on 195.74.38.97<br>ASN for 195.74.38.97: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.97 corresponds with cl-13.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1539260402http://zogg.se/ (93.188.2.52) - Serp-hijackingAttacked url: http://zogg.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 11 Oct 2018 12:30:32 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Thu, 11 Oct 2018 10:30:32 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Vary: Cookie <br>X-Pingback: http://zogg.se/xmlrpc.php <br>X-Loopia-Node: 172.22.223.70 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Thu, 11 Oct 2018 10:30:31 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.70<br><br>zogg.se is on 93.188.2.52<br>ASN for 93.188.2.52: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.52 corresponds with webfront2.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1539260379http://zogg.se/page/2/ (93.188.2.52) - Serp-hijackingAttacked url: http://zogg.se/page/2/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 10 Oct 2018 23:08:55 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Wed, 10 Oct 2018 21:09:07 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.36 <br>Vary: Cookie <br>X-Pingback: http://zogg.se/xmlrpc.php <br>X-Loopia-Node: 172.22.223.70 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Wed, 10 Oct 2018 21:09:05 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.36 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.70<br><br>zogg.se is on 93.188.2.52<br>ASN for 93.188.2.52: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.52 corresponds with webfront2.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1539260248http://studioolga.se/ (93.90.145.83) - Serp-hijackingAttacked url: http://studioolga.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 10 Oct 2018 17:22:25 +0200<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: studioolga.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 2940 <br>Content-Type: text/html <br>ETag: &quot;&quot; <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDCCQDTBTQ=COIFDDOCOLHNCKHMDBPDHIPP; path=/ <br>X-Powered-By: ASP.NET <br>Date: Wed, 10 Oct 2018 15:22:24 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: studioolga.se <br>Referer: http://www.google.com/search?q=studioolga.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 150 <br>Content-Type: text/html <br>ETag: &quot;&quot; <br>Location: http://www.fapp.pw/app/se.php <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDCCQDTBTQ=BOIFDDOCNHKMEEJIPNNLNFJJ; path=/ <br>X-Powered-By: ASP.NET <br>Date: Wed, 10 Oct 2018 15:22:24 GMT <br>Connection: close<br><br>studioolga.se is on 93.90.145.83<br>ASN for 93.90.145.83: 35041<br>Abusix contact information: abuse@levonline.com (information only)<br>rDNS not found for 93.90.145.83<br>Found address in whois: abuse@levonline.com1539260062http://brfakerholmen.se/ (195.74.38.130) - Serp-hijackingAttacked url: http://brfakerholmen.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 10 Oct 2018 14:55:27 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: brfakerholmen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Wed, 10 Oct 2018 12:55:38 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.38 <br>X-Pingback: http://www.brfakerholmen.se/xmlrpc.php <br>Location: http://www.brfakerholmen.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: brfakerholmen.se <br>Referer: http://www.google.com/search?q=brfakerholmen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Wed, 10 Oct 2018 12:55:25 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.38 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>brfakerholmen.se is on 195.74.38.130<br>ASN for 195.74.38.130: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.130 corresponds with cl-26.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1539259982http://shineonyou.se/ (195.74.38.97) - Serp-hijackingAttacked url: http://shineonyou.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 09 Oct 2018 08:43:18 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 09 Oct 2018 06:43:29 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://shineonyou.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=0sdeskqfgk1radccsecrp3e7s1; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Referer: http://www.google.com/search?q=shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Tue, 09 Oct 2018 06:43:06 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>shineonyou.se is on 195.74.38.97<br>ASN for 195.74.38.97: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.97 corresponds with cl-13.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1539070951http://balsjomaskin.se/ (81.95.105.71) - Serp-hijackingAttacked url: http://balsjomaskin.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 09 Oct 2018 05:42:17 +0200<br><br>Visitors with referer are redirected to http://www.serverjump.com/jump.aspx?jumpid=0sichm <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: balsjomaskin.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 16712 <br>Content-Type: text/html <br>Server: Microsoft-IIS/10.0 <br>Set-Cookie: unikTry=bes%F6k; expires=Thu, 08-Nov-2018 23:00:00 GMT; path=/ <br>Set-Cookie: ASPSESSIONIDCACQDCQB=EEBLMBBCCOGOHMANHFCOCHGH; path=/ <br>Date: Tue, 09 Oct 2018 03:42:16 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: balsjomaskin.se <br>Referer: http://www.google.com/search?q=balsjomaskin.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Content-Length: 172 <br>Content-Type: text/html; charset=UTF-8 <br>Location: http://www.serverjump.com/jump.aspx?jumpid=0sichm <br>Server: Microsoft-IIS/10.0 <br>Date: Tue, 09 Oct 2018 03:42:15 GMT <br>Connection: close<br><br>balsjomaskin.se is on 81.95.105.71<br>ASN for 81.95.105.71: 25234<br>Abusix contact information: abuse@active24.cz (information only)<br>81.95.105.71 corresponds with iis105.windows.loopia.com<br>Abuse.net does not have any reliable address for iis105.windows.loopia.com<br>Found address in whois: abuse@active24.cz1539070722http://forlagetorda.se/ (93.188.2.53) - Serp-hijackingAttacked url: http://forlagetorda.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 08 Oct 2018 23:04:55 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: forlagetorda.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Mon, 08 Oct 2018 21:04:55 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.36 <br>Set-Cookie: PHPSESSID=1c496abea1e1a91476f7b721a9eeecab; path=/ <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://forlagetorda.se/xmlrpc.php <br>Link: &lt;http://forlagetorda.se/&gt;; rel=shortlink <br>X-Loopia-Node: 172.22.223.65 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: forlagetorda.se <br>Referer: http://www.google.com/search?q=forlagetorda.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Mon, 08 Oct 2018 21:04:55 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.36 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.65<br><br>forlagetorda.se is on 93.188.2.53<br>ASN for 93.188.2.53: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.53 corresponds with webfront3.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1539069861http://frokenknapp.se/ (95.143.206.34) - Serp-hijackingAttacked url: http://frokenknapp.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 08 Oct 2018 13:25:04 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: frokenknapp.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Mon, 08 Oct 2018 11:25:12 GMT <br>Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 <br>X-Powered-By: PHP/5.4.32 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://www.frokenknapp.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=6037325ba0b6d91af40d150f49057d34; path=/ <br>Location: http://www.frokenknapp.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: frokenknapp.se <br>Referer: http://www.google.com/search?q=frokenknapp.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Mon, 08 Oct 2018 11:25:06 GMT <br>Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 <br>X-Powered-By: PHP/5.4.32 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>frokenknapp.se is on 95.143.206.34<br>ASN for 95.143.206.34: 49770<br>Abusix contact information: peter@serverconnect.se (information only)<br>95.143.206.34 corresponds with cpanel.apptech.se<br>Abuse.net does not have any reliable address for cpanel.apptech.se<br>Found address in whois: peter@serverconnect.se1539069345http://zogg.se/ (93.188.2.52) - Serp-hijackingAttacked url: http://zogg.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 08 Oct 2018 01:04:12 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Sun, 07 Oct 2018 23:04:23 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.36 <br>Vary: Accept-Encoding,Cookie <br>Cache-Control: max-age=3, must-revalidate <br>WP-Super-Cache: Served supercache file from PHP <br>X-Loopia-Node: 172.22.223.70 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Sun, 07 Oct 2018 23:04:23 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.36 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.70<br><br>zogg.se is on 93.188.2.52<br>ASN for 93.188.2.52: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.52 corresponds with webfront2.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1538996532http://dev.crescent.se/ (195.74.38.117) - Serp-hijackingAttacked url: http://dev.crescent.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 05 Oct 2018 05:49:29 +0200<br><br>Visitors with referer are redirected to http://www.cheapshop123.com/cheap1.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Fri, 05 Oct 2018 03:49:39 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=ose7fp2ru1vmlup9g1pgusstn4; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Referer: http://www.google.com/search?q=dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Fri, 05 Oct 2018 03:49:35 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=iei7a3uc02lvst34bs5pgd4vf6; path=/ <br>Location: http://www.cheapshop123.com/cheap1.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>dev.crescent.se is on 195.74.38.117<br>ASN for 195.74.38.117: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.117 corresponds with cl-17.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1538741506http://frokenknapp.se/ (95.143.206.34) - Serp-hijackingAttacked url: http://frokenknapp.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 05 Oct 2018 02:15:42 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: frokenknapp.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Fri, 05 Oct 2018 00:15:40 GMT <br>Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 <br>X-Powered-By: PHP/5.4.32 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://www.frokenknapp.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=be79d7ed37f26f4bfc09cd1c863c96af; path=/ <br>Location: http://www.frokenknapp.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: frokenknapp.se <br>Referer: http://www.google.com/search?q=frokenknapp.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Fri, 05 Oct 2018 00:15:35 GMT <br>Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 <br>X-Powered-By: PHP/5.4.32 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>frokenknapp.se is on 95.143.206.34<br>ASN for 95.143.206.34: 49770<br>Abusix contact information: peter@serverconnect.se (information only)<br>95.143.206.34 corresponds with cpanel.apptech.se<br>Abuse.net does not have any reliable address for cpanel.apptech.se<br>Found address in whois: peter@serverconnect.se1538741460http://landsbygdskraft.se/ (93.188.2.52) - Serp-hijackingAttacked url: http://landsbygdskraft.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 04 Oct 2018 17:49:11 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: landsbygdskraft.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Thu, 04 Oct 2018 15:49:22 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.36 <br>Vary: Cookie <br>X-Pingback: http://landsbygdskraft.se/xmlrpc.php <br>X-Loopia-Node: 172.22.223.76 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: landsbygdskraft.se <br>Referer: http://www.google.com/search?q=landsbygdskraft.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Thu, 04 Oct 2018 15:49:22 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.36 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.76<br><br>landsbygdskraft.se is on 93.188.2.52<br>ASN for 93.188.2.52: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.52 corresponds with webfront2.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1538741334http://dev.crescent.se/ (195.74.38.117) - Serp-hijackingAttacked url: http://dev.crescent.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 02 Oct 2018 11:28:20 +0200<br><br>Visitors with referer are redirected to http://www.cheapshop123.com/cheap1.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 02 Oct 2018 09:28:30 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=0djk1bnv0pfghiit2o6v2c3n91; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Referer: http://www.google.com/search?q=dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 02 Oct 2018 09:28:26 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=8cbd40m6eq080s1br45h6l6f93; path=/ <br>Location: http://www.cheapshop123.com/cheap1.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>dev.crescent.se is on 195.74.38.117<br>ASN for 195.74.38.117: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.117 corresponds with cl-17.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1538483142http://shineonyou.se/ (195.74.38.97) - Serp-hijackingAttacked url: http://shineonyou.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 02 Oct 2018 09:53:40 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 02 Oct 2018 07:53:40 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://shineonyou.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=2eegh4h4cbjtbemrtfpcjirlu5; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Referer: http://www.google.com/search?q=shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Tue, 02 Oct 2018 07:53:22 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>shineonyou.se is on 195.74.38.97<br>ASN for 195.74.38.97: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.97 corresponds with cl-13.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1538483124http://landsbygdskraft.se/ (93.188.2.52) - Serp-hijackingAttacked url: http://landsbygdskraft.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 02 Oct 2018 06:01:40 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: landsbygdskraft.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Tue, 02 Oct 2018 04:01:51 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.36 <br>Vary: Cookie <br>X-Pingback: http://landsbygdskraft.se/xmlrpc.php <br>X-Loopia-Node: 172.22.223.76 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: landsbygdskraft.se <br>Referer: http://www.google.com/search?q=landsbygdskraft.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Tue, 02 Oct 2018 04:01:50 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.36 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.76<br><br>landsbygdskraft.se is on 93.188.2.52<br>ASN for 93.188.2.52: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.52 corresponds with webfront2.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1538482976http://frokenknapp.se/ (95.143.206.34) - Serp-hijackingAttacked url: http://frokenknapp.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 02 Oct 2018 05:23:37 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: frokenknapp.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Tue, 02 Oct 2018 03:23:36 GMT <br>Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 <br>X-Powered-By: PHP/5.4.32 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://www.frokenknapp.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=31d54283fbed28b8f9a86230b394ae1a; path=/ <br>Location: http://www.frokenknapp.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: frokenknapp.se <br>Referer: http://www.google.com/search?q=frokenknapp.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Tue, 02 Oct 2018 03:23:16 GMT <br>Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 <br>X-Powered-By: PHP/5.4.32 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>frokenknapp.se is on 95.143.206.34<br>ASN for 95.143.206.34: 49770<br>Abusix contact information: peter@serverconnect.se (information only)<br>95.143.206.34 corresponds with cpanel.apptech.se<br>Abuse.net does not have any reliable address for cpanel.apptech.se<br>Found address in whois: peter@serverconnect.se1538482946http://zogg.se/2013/01/03/stadig-frukost/ (93.188.2.52) - Serp-hijackingAttacked url: http://zogg.se/2013/01/03/stadig-frukost/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 01 Oct 2018 21:47:34 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Mon, 01 Oct 2018 19:47:34 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.36 <br>Vary: Accept-Encoding,Cookie <br>Cache-Control: max-age=3, must-revalidate <br>WP-Super-Cache: Served supercache file from PHP <br>X-Loopia-Node: 172.22.223.70 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Mon, 01 Oct 2018 19:47:34 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.36 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.70<br><br>zogg.se is on 93.188.2.52<br>ASN for 93.188.2.52: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.52 corresponds with webfront2.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1538482138http://adventure-academy.se/ (192.185.85.61) - Serp-hijackingAttacked url: http://adventure-academy.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 01 Oct 2018 21:18:42 +0200<br><br>Visitors with referer are redirected to http://universalic.info/api/redirect?offerid=47&amp;sourceid=5197&amp;landingid=356&amp;subid_1=Alpha <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: adventure-academy.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx/1.14.0 <br>Date: Mon, 01 Oct 2018 19:18:53 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Pragma: no-cache <br>Expires: Wed, 11 Jan 1984 05:00:00 GMT <br>Cache-Control: no-cache, must-revalidate, max-age=0 <br>Set-Cookie: visits=1538421526; expires=Tue, 19-Jan-2038 03:14:07 GMT <br>Set-Cookie: PHPSESSID=445c01008b473fec50c3c0e9053de39b; path=/ <br>Location: http://www.adventure-academy.se/ <br>X-Endurance-Cache-Level: 2 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: adventure-academy.se <br>Referer: http://www.google.com/search?q=adventure-academy.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Server: nginx/1.14.0 <br>Date: Mon, 01 Oct 2018 19:18:45 GMT <br>Content-Type: text/html; charset=utf-8 <br>Connection: close <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>Set-Cookie: visits=1538421525; expires=Tue, 19-Jan-2038 03:14:07 GMT <br>Set-Cookie: PHPSESSID=917a8dbf4409c7783eb4672cd8ba8005; path=/ <br>Set-Cookie: e855537258ac5146b4895e5e719d4ab79dcbc0be=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE0XCI6MTUzODQyMTQ2Nn0sXCJjYW1wYWlnbnNcIjp7XCIxXCI6MTUzODQyMTQ2Nn0sXCJ0aW1lXCI6MTUzODQyMTQ2Nn0ifQ.6Lg_BBAyQuGeH3pN17on9uIzW6UHBR4-KpitYsAqKuU; expires=Tue, 02-Oct-2018 19:18:45 GMT; path=/; domain=.adventure-academy.se <br>Location: http://universalic.info/api/redirect?offerid=47&amp;sourceid=5197&amp;landingid=356&amp;subid_1=Alpha <br>X-Endurance-Cache-Level: 2<br><br>adventure-academy.se is on 192.185.85.61<br>ASN for 192.185.85.61: 20013<br>Abusix contact information: ipadmin@websitewelcome.com (information only)<br>192.185.85.61 corresponds with 192-185-85-61.unifiedlayer.com<br>Abuse.net has 1 reliable address(es) for unifiedlayer.com<br>Found address(es): abuse@unifiedlayer.com1538482132http://zogg.se/page/2/ (93.188.2.52) - Serp-hijackingAttacked url: http://zogg.se/page/2/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 01 Oct 2018 20:38:37 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Mon, 01 Oct 2018 18:38:37 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.36 <br>Vary: Accept-Encoding,Cookie <br>Cache-Control: max-age=3, must-revalidate <br>WP-Super-Cache: Served supercache file from PHP <br>X-Loopia-Node: 172.22.223.70 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Mon, 01 Oct 2018 18:38:37 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.36 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.70<br><br>zogg.se is on 93.188.2.52<br>ASN for 93.188.2.52: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.52 corresponds with webfront2.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1538481867http://kinaskakor.se/ (89.221.250.111) - Serp-hijackingAttacked url: http://kinaskakor.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Sun, 30 Sep 2018 22:43:35 +0200<br><br>Visitors with referer are redirected to http://ajax.auowen.com/libs/jquery.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: kinaskakor.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 11418 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.0 <br>Set-Cookie: ASPSESSIONIDQCTTRARA=HIJBHCJALKPBOANPICMEJHBC; path=/ <br>X-Powered-By: ASP.NET <br>Date: Sun, 30 Sep 2018 20:42:10 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: kinaskakor.se <br>Referer: http://www.google.com/search?q=kinaskakor.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 159 <br>Content-Type: text/html <br>Location: http://ajax.auowen.com/libs/jquery.php <br>Server: Microsoft-IIS/7.0 <br>Set-Cookie: ASPSESSIONIDQCTTRARA=GIJBHCJAOLCMDKOBKPMKOELD; path=/ <br>X-Powered-By: ASP.NET <br>Date: Sun, 30 Sep 2018 20:42:10 GMT <br>Connection: close<br><br>kinaskakor.se is on 89.221.250.111<br>ASN for 89.221.250.111: 1257<br>89.221.250.111 manually set to use abuse@aname.net1538393999http://zogg.se/page/2/ (93.188.2.52) - Serp-hijackingAttacked url: http://zogg.se/page/2/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Sun, 30 Sep 2018 20:37:47 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Sun, 30 Sep 2018 18:37:47 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.36 <br>Vary: Accept-Encoding,Cookie <br>Cache-Control: max-age=3, must-revalidate <br>WP-Super-Cache: Served supercache file from PHP <br>X-Loopia-Node: 172.22.223.70 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Sun, 30 Sep 2018 18:37:47 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.36 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.70<br><br>zogg.se is on 93.188.2.52<br>ASN for 93.188.2.52: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.52 corresponds with webfront2.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1538393983http://frokenknapp.se/ (95.143.206.34) - Serp-hijackingAttacked url: http://frokenknapp.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 28 Sep 2018 03:49:17 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: frokenknapp.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Fri, 28 Sep 2018 01:49:27 GMT <br>Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 <br>X-Powered-By: PHP/5.4.32 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://www.frokenknapp.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=88be95674f8f40ee1cb69c13e29c874e; path=/ <br>Location: http://www.frokenknapp.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: frokenknapp.se <br>Referer: http://www.google.com/search?q=frokenknapp.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Fri, 28 Sep 2018 01:49:03 GMT <br>Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 <br>X-Powered-By: PHP/5.4.32 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>frokenknapp.se is on 95.143.206.34<br>ASN for 95.143.206.34: 49770<br>Abusix contact information: peter@serverconnect.se (information only)<br>95.143.206.34 corresponds with cpanel.apptech.se<br>Abuse.net does not have any reliable address for cpanel.apptech.se<br>Found address in whois: peter@serverconnect.se1538133953http://forlagetorda.se/ (93.188.2.53) - Serp-hijackingAttacked url: http://forlagetorda.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 27 Sep 2018 21:05:42 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: forlagetorda.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Thu, 27 Sep 2018 19:05:52 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.36 <br>Set-Cookie: PHPSESSID=572ffb52fc89a526e335d6e443a46656; path=/ <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://forlagetorda.se/xmlrpc.php <br>Link: &lt;http://forlagetorda.se/&gt;; rel=shortlink <br>X-Loopia-Node: 172.22.223.65 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: forlagetorda.se <br>Referer: http://www.google.com/search?q=forlagetorda.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Thu, 27 Sep 2018 19:05:52 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.36 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.65<br><br>forlagetorda.se is on 93.188.2.53<br>ASN for 93.188.2.53: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.53 corresponds with webfront3.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1538133861http://dev.crescent.se/ (195.74.38.117) - Serp-hijackingAttacked url: http://dev.crescent.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 25 Sep 2018 16:54:24 +0200<br><br>Visitors with referer are redirected to http://www.cheapshop123.com/cheap1.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 25 Sep 2018 14:54:24 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=i9b9opdbmip8eaf5a4fmicpv13; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Referer: http://www.google.com/search?q=dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 25 Sep 2018 14:54:21 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=jvl0vg85eog3rlmci6efektd85; path=/ <br>Location: http://www.cheapshop123.com/cheap1.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>dev.crescent.se is on 195.74.38.117<br>ASN for 195.74.38.117: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.117 corresponds with cl-17.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1537963557http://zogg.se/page/2/ (93.188.2.52) - Serp-hijackingAttacked url: http://zogg.se/page/2/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 25 Sep 2018 16:45:44 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Tue, 25 Sep 2018 14:45:54 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.36 <br>Vary: Accept-Encoding,Cookie <br>Cache-Control: max-age=3, must-revalidate <br>WP-Super-Cache: Served supercache file from PHP <br>X-Loopia-Node: 172.22.223.70 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Tue, 25 Sep 2018 14:45:54 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.36 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.70<br><br>zogg.se is on 93.188.2.52<br>ASN for 93.188.2.52: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.52 corresponds with webfront2.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1537963552http://zogg.se/2013/01/01/vags-ande/ (93.188.2.52) - Serp-hijackingAttacked url: http://zogg.se/2013/01/01/vags-ande/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 25 Sep 2018 16:44:24 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Tue, 25 Sep 2018 14:44:34 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.36 <br>Vary: Accept-Encoding,Cookie <br>Cache-Control: max-age=3, must-revalidate <br>WP-Super-Cache: Served supercache file from PHP <br>X-Loopia-Node: 172.22.223.70 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Tue, 25 Sep 2018 14:44:34 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.36 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.70<br><br>zogg.se is on 93.188.2.52<br>ASN for 93.188.2.52: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.52 corresponds with webfront2.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1537963544http://frokenknapp.se/ (95.143.206.34) - Serp-hijackingAttacked url: http://frokenknapp.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 24 Sep 2018 18:45:25 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: frokenknapp.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Mon, 24 Sep 2018 16:45:31 GMT <br>Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 <br>X-Powered-By: PHP/5.4.32 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://www.frokenknapp.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=c2d8a1c3a0d45cbfe3b3917e7f452641; path=/ <br>Location: http://www.frokenknapp.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: frokenknapp.se <br>Referer: http://www.google.com/search?q=frokenknapp.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Mon, 24 Sep 2018 16:45:10 GMT <br>Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 <br>X-Powered-By: PHP/5.4.32 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>frokenknapp.se is on 95.143.206.34<br>ASN for 95.143.206.34: 49770<br>Abusix contact information: peter@serverconnect.se (information only)<br>95.143.206.34 corresponds with cpanel.apptech.se<br>Abuse.net does not have any reliable address for cpanel.apptech.se<br>Found address in whois: peter@serverconnect.se1537878382http://huggetsgross.se/ (194.9.94.73) - Serp-hijackingAttacked url: http://huggetsgross.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 19 Sep 2018 08:35:35 +0200<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: huggetsgross.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 11006 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSCTBBBAB=JNNNHDMAFEMCKMEHMNJOAGAD; path=/ <br>X-Powered-By: ASP.NET <br>Date: Wed, 19 Sep 2018 06:35:45 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: huggetsgross.se <br>Referer: http://www.google.com/search?q=huggetsgross.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 150 <br>Content-Type: text/html <br>Location: http://www.fapp.pw/app/se.php <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSCTBBBAB=INNNHDMACBGLNGHAPMEIMJMK; path=/ <br>X-Powered-By: ASP.NET <br>Date: Wed, 19 Sep 2018 06:35:45 GMT <br>Connection: close<br><br>huggetsgross.se is on 194.9.94.73<br>ASN for 194.9.94.73: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.73 corresponds with iis10.windowscluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1537341429http://zogg.se/page/2/ (93.188.2.52) - Serp-hijackingAttacked url: http://zogg.se/page/2/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 19 Sep 2018 03:39:56 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Wed, 19 Sep 2018 01:39:56 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.36 <br>Vary: Accept-Encoding,Cookie <br>Cache-Control: max-age=3, must-revalidate <br>WP-Super-Cache: Served supercache file from PHP <br>X-Loopia-Node: 172.22.223.70 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Wed, 19 Sep 2018 01:39:56 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.36 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.70<br><br>zogg.se is on 93.188.2.52<br>ASN for 93.188.2.52: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.52 corresponds with webfront2.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1537341309http://advokatfirmangronvall.se/ (194.9.94.83) - Serp-hijackingAttacked url: http://advokatfirmangronvall.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 18 Sep 2018 18:15:30 +0200<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: advokatfirmangronvall.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 1753 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDQQSTTSTQ=KAHPLKBAINIGGEPOCKALEOJH; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 18 Sep 2018 16:15:29 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: advokatfirmangronvall.se <br>Referer: http://www.google.com/search?q=advokatfirmangronvall.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 150 <br>Content-Type: text/html <br>Location: http://www.fapp.pw/app/se.php <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDQQSTTSTQ=JAHPLKBALBLEALFHMIGDPHLM; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 18 Sep 2018 16:15:29 GMT <br>Connection: close<br><br>advokatfirmangronvall.se is on 194.9.94.83<br>ASN for 194.9.94.83: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.83 corresponds with iis13.windowscluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1537341064http://seetex.se/ (81.26.42.232) - Serp-hijackingAttacked url: http://seetex.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 12 Sep 2018 11:56:28 +0200<br><br>Visitors with referer are redirected to http://www.serverjump.com/jump.aspx?jumpid=0sichm <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: seetex.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 10326 <br>Content-Type: text/html <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDCARBABBT=IJOHIJGAJBJDDMCECKDGLBPK; path=/ <br>X-Powered-By: ASP.NET <br>Date: Wed, 12 Sep 2018 09:56:36 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: seetex.se <br>Referer: http://www.google.com/search?q=seetex.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 170 <br>Content-Type: text/html <br>Location: http://www.serverjump.com/jump.aspx?jumpid=0sichm <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDCARBABBT=HJOHIJGACFFIKMJBFDCJAFJH; path=/ <br>X-Powered-By: ASP.NET <br>Date: Wed, 12 Sep 2018 09:56:36 GMT <br>Connection: close<br><br>seetex.se is on 81.26.42.232<br>ASN for 81.26.42.232: 43200<br>Abusix contact information: abuse@pcsupport.no (information only)<br>81.26.42.232 corresponds with pcsweb12.pcsupport.no<br>Abuse.net does not have any reliable address for pcsweb12.pcsupport.no<br>Found address in whois: abuse@pcsupport.no1536746539http://brfakerholmen.se/ (195.74.38.130) - Serp-hijackingAttacked url: http://brfakerholmen.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 12 Sep 2018 11:07:05 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: brfakerholmen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Wed, 12 Sep 2018 09:07:05 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.37 <br>X-Pingback: http://www.brfakerholmen.se/xmlrpc.php <br>Location: http://www.brfakerholmen.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: brfakerholmen.se <br>Referer: http://www.google.com/search?q=brfakerholmen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Wed, 12 Sep 2018 09:07:01 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.37 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>brfakerholmen.se is on 195.74.38.130<br>ASN for 195.74.38.130: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.130 corresponds with cl-26.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1536746518http://shineonyou.se/ (195.74.38.97) - Serp-hijackingAttacked url: http://shineonyou.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 12 Sep 2018 11:02:28 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Wed, 12 Sep 2018 09:02:37 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://shineonyou.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=ueotksnbqarqvcrn22h2oql281; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Referer: http://www.google.com/search?q=shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Wed, 12 Sep 2018 09:02:14 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>shineonyou.se is on 195.74.38.97<br>ASN for 195.74.38.97: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.97 corresponds with cl-13.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1536746515