Säkrare hemsida med .sehttp://buttlekvarn.nu/ (93.188.2.51) - Serp-hijackingAttacked url: http://buttlekvarn.nu/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 15 Sep 2017 13:11:04 +0200<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: buttlekvarn.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Fri, 15 Sep 2017 11:11:14 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/7.1.8 <br>Vary: Accept-Encoding,Cookie <br>Cache-Control: max-age=3, must-revalidate <br>X-Loopia-Node: 172.22.223.25 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: buttlekvarn.nu <br>Referer: http://www.google.com/search?q=buttlekvarn.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx <br>Date: Fri, 15 Sep 2017 11:11:14 GMT <br>Content-Type: text/html; charset=iso-8859-1 <br>Connection: close <br>Location: http://www.fapp.pw/app/se.php <br>X-Loopia-Node: 172.22.223.25<br><br>buttlekvarn.nu is on 93.188.2.51<br>ASN for 93.188.2.51: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.51 corresponds with webfront1.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1505476867http://levelbar.se/ (46.30.213.175) - Serp-hijackingAttacked url: http://levelbar.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 15 Sep 2017 11:54:07 +0200<br><br>Visitors with referer are redirected to http://shops-sales.shop/?domain=a101&amp;lineNo=6128&amp;from=shops-sales.shop&amp;template=&amp;mix_title=0&amp;PhpRedirectType=1&amp;IsEnterFromSearchEngine=1&amp;IsSpiderVisit=0&amp;IsDirectShowProductDetailHtmlIfEnterFromSearchEngine=1 <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: levelbar.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Fri, 15 Sep 2017 09:54:14 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.31 <br>X-Pingback: http://www.levelbar.se/xmlrpc.php <br>Location: http://www.levelbar.se/ <br>Vary: Accept-Encoding <br>Content-Encoding: gzip <br>Content-Length: 21 <br>Content-Type: text/html; charset=UTF-8 <br>X-Varnish: 240653555 <br>Age: 0 <br>Via: 1.1 varnish (Varnish/5.1) <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: levelbar.se <br>Referer: http://www.google.com/search?q=levelbar.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Fri, 15 Sep 2017 09:54:13 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.31 <br>Location: http://shops-sales.shop/?domain=a101&amp;lineNo=6128&amp;from=shops-sales.shop&amp;template=&amp;mix_title=0&amp;PhpRedirectType=1&amp;IsEnterFromSearchEngine=1&amp;IsSpiderVisit=0&amp;IsDirectShowProductDetailHtmlIfEnterFromSearchEngine=1 <br>Vary: Accept-Encoding <br>Content-Encoding: gzip <br>Content-Length: 20 <br>Content-Type: text/html; charset=UTF-8 <br>X-Varnish: 192920867 <br>Age: 0 <br>Via: 1.1 varnish (Varnish/5.1) <br>Connection: close<br><br>levelbar.se is on 46.30.213.175<br>ASN for 46.30.213.175: 51468<br>Abusix contact information: abuse@one.com (information only)<br>46.30.213.175 corresponds with webcluster48.webpod3-cph3.one.com<br>Abuse.net has 1 reliable address(es) for one.com<br>Found address(es): abuse@one.com1505476838http://scrapitup.se/ (195.74.38.120) - Serp-hijackingAttacked url: http://scrapitup.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 15 Sep 2017 08:07:19 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: scrapitup.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Fri, 15 Sep 2017 06:07:28 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Link: &lt;http://scrapitup.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot;, &lt;http://scrapitup.se/&gt;; rel=shortlink <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: scrapitup.se <br>Referer: http://www.google.com/search?q=scrapitup.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Fri, 15 Sep 2017 06:07:00 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>scrapitup.se is on 195.74.38.120<br>ASN for 195.74.38.120: 41528<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.120 corresponds with cl-20.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1505476456http://vaffeljarn.se/ (89.221.250.22) - Serp-hijackingAttacked url: http://vaffeljarn.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 15 Sep 2017 06:08:17 +0200<br><br>Visitors with referer are redirected to http://jindalo.ru:8080/forum/links/public_version.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeljarn.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Fri, 15 Sep 2017 04:08:26 GMT <br>Server: Apache <br>Last-Modified: Wed, 11 May 2011 09:58:07 GMT <br>ETag: &quot;7dca4f2-90c-4a2fd1bff89c0&quot; <br>Accept-Ranges: bytes <br>Content-Length: 2316 <br>Vary: Accept-Encoding <br>Connection: close <br>Content-Type: text/html <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeljarn.se <br>Referer: http://www.google.com/search?q=vaffeljarn.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Fri, 15 Sep 2017 04:08:26 GMT <br>Server: Apache <br>Location: http://jindalo.ru:8080/forum/links/public_version.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>vaffeljarn.se is on 89.221.250.22<br>ASN for 89.221.250.22: 1257<br>89.221.250.22 manually set to use abuse@aname.net1505476418http://davidlilja.se/ (194.9.95.75) - Serp-hijackingAttacked url: http://davidlilja.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 15 Sep 2017 05:41:20 +0200<br><br>Visitors with referer are redirected to http://vados.biz/gosw?keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: davidlilja.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Fri, 15 Sep 2017 03:41:30 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Link: &lt;http://davidlilja.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br>Link: &lt;http://wp.me/P8xTbr-nK&gt;; rel=shortlink <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: davidlilja.se <br>Referer: http://www.google.com/search?q=davidlilja.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Fri, 15 Sep 2017 03:41:29 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://vados.biz/gosw?keyword=&amp;pill=<br><br>davidlilja.se is on 194.9.95.75<br>ASN for 194.9.95.75: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.95.75 corresponds with s190.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1505476397http://2improve.se/ (91.201.60.26) - Serp-hijackingAttacked url: http://2improve.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 15 Sep 2017 04:44:12 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: 2improve.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Fri, 15 Sep 2017 02:44:12 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.5.38 <br>Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://2improve.se/xmlrpc.php <br>Link: &lt;http://2improve.se/&gt;; rel=shortlink <br>Upgrade: h2,h2c <br>Connection: Upgrade, close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: 2improve.se <br>Referer: http://www.google.com/search?q=2improve.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Fri, 15 Sep 2017 02:43:43 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.5.38 <br>Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0 <br>Pragma: no-cache <br>Set-Cookie: redirectCookie=1; expires=Sat, 16-Sep-2017 02:44:12 GMT; Max-Age=86400 <br>Upgrade: h2,h2c <br>Connection: Upgrade, close <br>Location: http://islas.co.uk/college/image/ <br>Content-Type: text/html<br><br>2improve.se is on 91.201.60.26<br>ASN for 91.201.60.26: 44136<br>Abusix contact information: abuse@oderland.se (information only)<br>91.201.60.26 corresponds with dionysos.oderland.com<br>Abuse.net does not have any reliable address for dionysos.oderland.com<br>Found address in whois: abuse@oderland.se1505476322http://konditoriregnbagen.se/ (194.9.94.14) - Serp-hijackingAttacked url: http://konditoriregnbagen.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 15 Sep 2017 01:11:33 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: konditoriregnbagen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Thu, 14 Sep 2017 23:11:42 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Cookie <br>X-Powered-By: PHP/5.6.30 <br>Link: &lt;http://konditoriregnbagen.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br>Link: &lt;http://konditoriregnbagen.se/&gt;; rel=shortlink <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: konditoriregnbagen.se <br>Referer: http://www.google.com/search?q=konditoriregnbagen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Thu, 14 Sep 2017 23:11:40 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>konditoriregnbagen.se is on 194.9.94.14<br>ASN for 194.9.94.14: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.14 corresponds with s514.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1505476222http://zogg.se/ (194.9.94.194) - Serp-hijackingAttacked url: http://zogg.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 15 Sep 2017 00:10:13 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Thu, 14 Sep 2017 22:10:22 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Cookie <br>X-Powered-By: PHP/5.6.30 <br>X-Pingback: http://zogg.se/xmlrpc.php <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Thu, 14 Sep 2017 22:10:20 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>zogg.se is on 194.9.94.194<br>ASN for 194.9.94.194: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.194 corresponds with s407.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1505476194http://khal.se/ (194.9.94.137) - Serp-hijackingAttacked url: http://khal.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 14 Sep 2017 17:09:20 +0200<br><br>Visitors with referer are redirected to http://vados.biz/cialisse?keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: khal.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Thu, 14 Sep 2017 15:09:29 GMT <br>Content-Type: text/html; charset=utf-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Set-Cookie: c025e142ae5dd797a899add9154e4949=lqs0iahlr97gv4cbor9lt8lur7; path=/; HttpOnly <br>P3P: CP=&quot;NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM&quot; <br>Expires: Mon, 1 Jan 2001 00:00:00 GMT <br>Last-Modified: Thu, 14 Sep 2017 15:09:29 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: khal.se <br>Referer: http://www.google.com/search?q=khal.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Thu, 14 Sep 2017 15:09:28 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://vados.biz/cialisse?keyword=&amp;pill=<br><br>khal.se is on 194.9.94.137<br>ASN for 194.9.94.137: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.137 corresponds with s529.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1505475990http://purefitbars.se/ (194.9.94.38) - Serp-hijackingAttacked url: http://purefitbars.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 14 Sep 2017 11:58:37 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: purefitbars.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Thu, 14 Sep 2017 09:58:47 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Set-Cookie: wfvt_505271604=59ba52d6ed616; expires=Thu, 14-Sep-2017 10:28:46 GMT; Max-Age=1800; path=/; httponly <br>Link: &lt;http://purefitbars.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: purefitbars.se <br>Referer: http://www.google.com/search?q=purefitbars.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Thu, 14 Sep 2017 09:58:44 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>purefitbars.se is on 194.9.94.38<br>ASN for 194.9.94.38: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.38 corresponds with s439.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1505389493http://wilkon.se/ (194.9.94.17) - Serp-hijackingAttacked url: http://wilkon.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 14 Sep 2017 10:18:08 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: wilkon.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Thu, 14 Sep 2017 08:18:08 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For,Accept-Encoding <br>X-Powered-By: PHP/5.6.30 <br>Set-Cookie: nm_transient_id=nmtr_9f17ceeb86740bf16b49311bf084c952b0ed8bc4; path=/ <br>Set-Cookie: PHPSESSID=rki7djji51qfcplmjof8qicn44; path=/ <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>Link: &lt;http://wilkon.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br>Link: &lt;http://wilkon.se/&gt;; rel=shortlink <br>Link: &lt;http://wilkon.se/wp-json&gt;; rel=&quot;https://github.com/WP-API/WP-API&quot; <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: wilkon.se <br>Referer: http://www.google.com/search?q=wilkon.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Thu, 14 Sep 2017 08:18:05 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For,Accept-Encoding <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/ <br>Cache-Control: max-age=86400 <br>Expires: Fri, 15 Sep 2017 08:18:01 GMT<br><br>wilkon.se is on 194.9.94.17<br>ASN for 194.9.94.17: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.17 corresponds with s540.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1505389487http://emmaab.nu/ (91.195.155.160) - Serp-hijackingAttacked url: http://emmaab.nu/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 14 Sep 2017 09:30:27 +0200<br><br>Visitors with referer are redirected to http://bohenet.net/Bank/Docs26.zip <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: emmaab.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 500 Internal Server Error <br>Date: Thu, 14 Sep 2017 07:30:36 GMT <br>Server: Apache <br>X-Powered-By: PleskLin <br>Connection: close <br>Content-Type: text/html <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: emmaab.nu <br>Referer: http://www.google.com/search?q=emmaab.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Thu, 14 Sep 2017 07:30:36 GMT <br>Server: Apache <br>Location: http://bohenet.net/Bank/Docs26.zip <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>emmaab.nu is on 91.195.155.160<br>ASN for 91.195.155.160: 43770<br>Abusix contact information: abuse@itconnect.se (information only)<br>rDNS not found for 91.195.155.160<br>Found address in whois: abuse@itconnect.se1505389483http://h2o-stiftelsen.se/ (195.74.38.69) - Serp-hijackingAttacked url: http://h2o-stiftelsen.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 14 Sep 2017 08:05:28 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: h2o-stiftelsen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Thu, 14 Sep 2017 06:05:28 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>X-Pingback: http://h2o-stiftelsen.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=r17imk3vl0j7hepc8r8rlsu8u4; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br>Pool-Info: /Common/CloudLinux-cluster-08 10.160.2.8 80 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: h2o-stiftelsen.se <br>Referer: http://www.google.com/search?q=h2o-stiftelsen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Thu, 14 Sep 2017 06:05:16 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html <br>Pool-Info: /Common/CloudLinux-cluster-08 10.160.2.8 80<br><br>h2o-stiftelsen.se is on 195.74.38.69<br>ASN for 195.74.38.69: 41528<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.69 corresponds with cl-08.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1505389464http://stadsmagasinet.se/ (194.9.95.119) - Serp-hijackingAttacked url: http://stadsmagasinet.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 14 Sep 2017 06:43:45 +0200<br><br>Visitors with referer are redirected to http://1e7.localtds.com/?bxbTNJ&amp;keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: stadsmagasinet.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Thu, 14 Sep 2017 04:43:54 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Link: &lt;http://stadsmagasinet.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br>Link: &lt;http://stadsmagasinet.se/&gt;; rel=shortlink <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: stadsmagasinet.se <br>Referer: http://www.google.com/search?q=stadsmagasinet.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Thu, 14 Sep 2017 04:43:53 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://1e7.localtds.com/?bxbTNJ&amp;keyword=&amp;pill=<br><br>stadsmagasinet.se is on 194.9.95.119<br>ASN for 194.9.95.119: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.95.119 corresponds with s298.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1505389461http://scrapitup.se/ (195.74.38.120) - Serp-hijackingAttacked url: http://scrapitup.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 14 Sep 2017 04:00:51 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: scrapitup.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Thu, 14 Sep 2017 02:01:00 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Link: &lt;http://scrapitup.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot;, &lt;http://scrapitup.se/&gt;; rel=shortlink <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: scrapitup.se <br>Referer: http://www.google.com/search?q=scrapitup.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Thu, 14 Sep 2017 02:00:30 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>scrapitup.se is on 195.74.38.120<br>ASN for 195.74.38.120: 41528<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.120 corresponds with cl-20.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1505389439http://sexkunskap.se/ (195.74.38.99) - Serp-hijackingAttacked url: http://sexkunskap.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 14 Sep 2017 03:32:05 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: sexkunskap.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Thu, 14 Sep 2017 01:32:05 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Vary: Accept-Encoding,Cookie <br>Cache-Control: max-age=3, must-revalidate <br>WP-Super-Cache: Served supercache file from PHP <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br>Pool-Info: /Common/CloudLinux-cluster-15 10.160.1.15 80 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: sexkunskap.se <br>Referer: http://www.google.com/search?q=sexkunskap.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Thu, 14 Sep 2017 01:32:04 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html <br>Pool-Info: /Common/CloudLinux-cluster-15 10.160.1.15 80<br><br>sexkunskap.se is on 195.74.38.99<br>ASN for 195.74.38.99: 41528<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.99 corresponds with cl-15.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1505389430http://adhdawareness.se/ (195.128.174.129) - Serp-hijackingAttacked url: http://adhdawareness.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 14 Sep 2017 02:37:22 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: adhdawareness.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Thu, 14 Sep 2017 00:37:22 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Server: Apache/2.2.3 (CloudLinux) <br>X-Powered-By: PHP/5.3.3 <br>Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://adhdawareness.se/xmlrpc.php <br>X-TAProxy: proxy-web-dyn-02 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: adhdawareness.se <br>Referer: http://www.google.com/search?q=adhdawareness.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Thu, 14 Sep 2017 00:37:21 GMT <br>Content-Type: text/html <br>Connection: close <br>Server: Apache/2.2.3 (CloudLinux) <br>X-Powered-By: PHP/5.3.3 <br>Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0 <br>Pragma: no-cache <br>Set-Cookie: redirectCookie=1; expires=Fri, 15-Sep-2017 00:37:21 GMT <br>Location: http://islas.co.uk/college/image/ <br>X-TAProxy: proxy-web-dyn-02<br><br>adhdawareness.se is on 195.128.174.129<br>ASN for 195.128.174.129: 31027<br>Abusix contact information: abuse@talkactive.net (information only)<br>195.128.174.129 corresponds with web29.talkactive.net<br>Abuse.net has 2 reliable address(es) for talkactive.net<br>Found address(es): abuse@webpartner.dk abuse@talkactive.net1505389398http://konditoriregnbagen.se/ (194.9.94.14) - Serp-hijackingAttacked url: http://konditoriregnbagen.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 13 Sep 2017 22:46:34 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: konditoriregnbagen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Wed, 13 Sep 2017 20:46:34 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Cookie <br>X-Powered-By: PHP/5.6.30 <br>Link: &lt;http://konditoriregnbagen.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br>Link: &lt;http://konditoriregnbagen.se/&gt;; rel=shortlink <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: konditoriregnbagen.se <br>Referer: http://www.google.com/search?q=konditoriregnbagen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Wed, 13 Sep 2017 20:46:32 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>konditoriregnbagen.se is on 194.9.94.14<br>ASN for 194.9.94.14: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.14 corresponds with s514.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1505389220http://apilogue.se/ (5.100.154.160) - MalwareOffensive html code:<br>&lt;script type='text/javascript' src='http://www.appqard.se/wp-includes/js/jquery/jquery.js?ver=1.12.4'&gt;<br><br>Offensive url: http://www.appqard.se/wp-includes/js/jquery/jquery.js?ver=1.12.4<br>Url is blacklisted in Google Safe Browsing<br><br>apilogue.se is on 5.100.154.160<br>ASN for 5.100.154.160: 394695<br>Abusix contact information: abuse@publicdomainregistry.com (information only)<br>5.100.154.160 corresponds with cp-uk-2.webhostbox.net<br>Abuse.net has 1 reliable address(es) for webhostbox.net<br>Found address(es): abuse@publicdomainregistry.com1505386948http://styrelsefolk.se/ (93.90.145.83) - Serp-hijackingAttacked url: http://styrelsefolk.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 12 Sep 2017 23:50:03 +0200<br><br>Visitors with referer are redirected to http://www.doaat.com/download.php?pid= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: styrelsefolk.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 0 <br>Content-Type: text/html <br>ETag: &quot;&quot; <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDACDTACBQ=IKBLOKNDPMLFKPCGFOJCGLMK; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 12 Sep 2017 21:50:03 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: styrelsefolk.se <br>Referer: http://www.google.com/search?q=styrelsefolk.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 159 <br>Content-Type: text/html <br>ETag: &quot;&quot; <br>Location: http://www.doaat.com/download.php?pid= <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDACDTACBQ=HKBLOKNDMKNEDHNOGKDMIFBD; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 12 Sep 2017 21:49:33 GMT <br>Connection: close<br><br>styrelsefolk.se is on 93.90.145.83<br>ASN for 93.90.145.83: 35041<br>Abusix contact information: abuse@levonline.com (information only)<br>rDNS not found for 93.90.145.83<br>Found address in whois: abuse@levonline.com1505314702http://konditoriregnbagen.se/ (194.9.94.14) - Serp-hijackingAttacked url: http://konditoriregnbagen.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 12 Sep 2017 20:09:57 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: konditoriregnbagen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Tue, 12 Sep 2017 18:10:06 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Cookie <br>X-Powered-By: PHP/5.6.30 <br>Link: &lt;http://konditoriregnbagen.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br>Link: &lt;http://konditoriregnbagen.se/&gt;; rel=shortlink <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: konditoriregnbagen.se <br>Referer: http://www.google.com/search?q=konditoriregnbagen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Tue, 12 Sep 2017 18:10:03 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>konditoriregnbagen.se is on 194.9.94.14<br>ASN for 194.9.94.14: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.14 corresponds with s514.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1505312567http://zogg.se/2013/01/01/vags-ande/ (194.9.94.194) - Serp-hijackingAttacked url: http://zogg.se/2013/01/01/vags-ande/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 12 Sep 2017 19:14:21 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Tue, 12 Sep 2017 17:14:21 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Cookie <br>X-Powered-By: PHP/5.6.30 <br>X-Pingback: http://zogg.se/xmlrpc.php <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Tue, 12 Sep 2017 17:14:20 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>zogg.se is on 194.9.94.194<br>ASN for 194.9.94.194: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.194 corresponds with s407.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1505312536http://vaffeldagen.se/ (89.221.250.22) - Serp-hijackingAttacked url: http://vaffeldagen.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 12 Sep 2017 18:57:43 +0200<br><br>Visitors with referer are redirected to http://jindalo.ru:8080/forum/links/public_version.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeldagen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 12 Sep 2017 16:57:51 GMT <br>Server: Apache <br>Last-Modified: Wed, 11 May 2011 09:58:07 GMT <br>ETag: &quot;7dca4f2-90c-4a2fd1bff89c0&quot; <br>Accept-Ranges: bytes <br>Content-Length: 2316 <br>Vary: Accept-Encoding <br>Connection: close <br>Content-Type: text/html <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeldagen.se <br>Referer: http://www.google.com/search?q=vaffeldagen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Tue, 12 Sep 2017 16:57:51 GMT <br>Server: Apache <br>Location: http://jindalo.ru:8080/forum/links/public_version.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>vaffeldagen.se is on 89.221.250.22<br>ASN for 89.221.250.22: 1257<br>89.221.250.22 manually set to use abuse@aname.net1505312504http://vaffeljarn.se/ (89.221.250.22) - Serp-hijackingAttacked url: http://vaffeljarn.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 12 Sep 2017 18:30:21 +0200<br><br>Visitors with referer are redirected to http://jindalo.ru:8080/forum/links/public_version.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeljarn.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 12 Sep 2017 16:30:30 GMT <br>Server: Apache <br>Last-Modified: Wed, 11 May 2011 09:58:07 GMT <br>ETag: &quot;7dca4f2-90c-4a2fd1bff89c0&quot; <br>Accept-Ranges: bytes <br>Content-Length: 2316 <br>Vary: Accept-Encoding <br>Connection: close <br>Content-Type: text/html <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeljarn.se <br>Referer: http://www.google.com/search?q=vaffeljarn.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Tue, 12 Sep 2017 16:30:29 GMT <br>Server: Apache <br>Location: http://jindalo.ru:8080/forum/links/public_version.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>vaffeljarn.se is on 89.221.250.22<br>ASN for 89.221.250.22: 1257<br>89.221.250.22 manually set to use abuse@aname.net1505312436http://zogg.se/ (194.9.94.194) - Serp-hijackingAttacked url: http://zogg.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 12 Sep 2017 09:44:35 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Tue, 12 Sep 2017 07:44:35 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Accept-Encoding,Cookie <br>X-Powered-By: PHP/5.6.30 <br>Cache-Control: max-age=3, must-revalidate <br>WP-Super-Cache: Served supercache file from PHP <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Tue, 12 Sep 2017 07:44:35 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>zogg.se is on 194.9.94.194<br>ASN for 194.9.94.194: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.194 corresponds with s407.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1505221482http://purefitbars.se/ (194.9.94.38) - Serp-hijackingAttacked url: http://purefitbars.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 12 Sep 2017 07:08:55 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: purefitbars.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Tue, 12 Sep 2017 05:09:03 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Set-Cookie: wfvt_505271604=59b76befa8f86; expires=Tue, 12-Sep-2017 05:39:03 GMT; Max-Age=1800; path=/; httponly <br>Link: &lt;http://purefitbars.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: purefitbars.se <br>Referer: http://www.google.com/search?q=purefitbars.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Tue, 12 Sep 2017 05:09:00 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>purefitbars.se is on 194.9.94.38<br>ASN for 194.9.94.38: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.38 corresponds with s439.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1505221067http://passivist.se/ (194.9.94.213) - Serp-hijackingAttacked url: http://passivist.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 12 Sep 2017 04:32:08 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: passivist.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx/1.12.1 <br>Date: Tue, 12 Sep 2017 02:32:08 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Cookie <br>X-Powered-By: PHP/5.6.30 <br>Location: http://www.igpassivhus.se/ <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: passivist.se <br>Referer: http://www.google.com/search?q=passivist.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Tue, 12 Sep 2017 02:32:06 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>passivist.se is on 194.9.94.213<br>ASN for 194.9.94.213: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.213 corresponds with s368.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1505221023http://igpassivhus.se/ (194.9.94.213) - Serp-hijackingAttacked url: http://igpassivhus.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 12 Sep 2017 00:53:40 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: igpassivhus.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx/1.12.1 <br>Date: Mon, 11 Sep 2017 22:53:49 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Cookie <br>X-Powered-By: PHP/5.6.30 <br>Location: http://www.igpassivhus.se/ <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: igpassivhus.se <br>Referer: http://www.google.com/search?q=igpassivhus.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Mon, 11 Sep 2017 22:53:48 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>igpassivhus.se is on 194.9.94.213<br>ASN for 194.9.94.213: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.213 corresponds with s368.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1505220814http://zogg.se/2013/01/03/stadig-frukost/ (194.9.94.194) - Serp-hijackingAttacked url: http://zogg.se/2013/01/03/stadig-frukost/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 11 Sep 2017 19:59:11 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Mon, 11 Sep 2017 17:59:11 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Accept-Encoding,Cookie <br>X-Powered-By: PHP/5.6.30 <br>Cache-Control: max-age=3, must-revalidate <br>WP-Super-Cache: Served supercache file from PHP <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Mon, 11 Sep 2017 17:59:11 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>zogg.se is on 194.9.94.194<br>ASN for 194.9.94.194: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.194 corresponds with s407.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1505220746http://passivhusab.se/ (194.9.94.213) - Serp-hijackingAttacked url: http://passivhusab.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 11 Sep 2017 19:08:21 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: passivhusab.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx/1.12.1 <br>Date: Mon, 11 Sep 2017 17:08:30 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Cookie <br>X-Powered-By: PHP/5.6.30 <br>Location: http://www.igpassivhus.se/ <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: passivhusab.se <br>Referer: http://www.google.com/search?q=passivhusab.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Mon, 11 Sep 2017 17:08:28 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>passivhusab.se is on 194.9.94.213<br>ASN for 194.9.94.213: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.213 corresponds with s368.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1505220725http://zogg.se/page/2/ (194.9.94.194) - Serp-hijackingAttacked url: http://zogg.se/page/2/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 11 Sep 2017 18:43:59 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Mon, 11 Sep 2017 16:43:59 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Accept-Encoding,Cookie <br>X-Powered-By: PHP/5.6.30 <br>Cache-Control: max-age=3, must-revalidate <br>WP-Super-Cache: Served supercache file from PHP <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Mon, 11 Sep 2017 16:43:59 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>zogg.se is on 194.9.94.194<br>ASN for 194.9.94.194: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.194 corresponds with s407.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1505220448http://landsbygdskraft.se/ (194.9.94.194) - Serp-hijackingAttacked url: http://landsbygdskraft.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 11 Sep 2017 03:49:15 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: landsbygdskraft.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Mon, 11 Sep 2017 01:49:23 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Cookie <br>X-Powered-By: PHP/5.6.30 <br>X-Pingback: http://landsbygdskraft.se/xmlrpc.php <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: landsbygdskraft.se <br>Referer: http://www.google.com/search?q=landsbygdskraft.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Mon, 11 Sep 2017 01:49:22 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>landsbygdskraft.se is on 194.9.94.194<br>ASN for 194.9.94.194: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.194 corresponds with s407.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1505113892http://igpassivhus.se/ (194.9.94.213) - Serp-hijackingAttacked url: http://igpassivhus.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 11 Sep 2017 00:41:39 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: igpassivhus.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx/1.12.1 <br>Date: Sun, 10 Sep 2017 22:41:39 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Cookie <br>X-Powered-By: PHP/5.6.30 <br>Location: http://www.igpassivhus.se/ <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: igpassivhus.se <br>Referer: http://www.google.com/search?q=igpassivhus.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Sun, 10 Sep 2017 22:41:38 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>igpassivhus.se is on 194.9.94.213<br>ASN for 194.9.94.213: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.213 corresponds with s368.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1505113830http://zogg.se/2013/01/01/vags-ande/ (194.9.94.194) - Serp-hijackingAttacked url: http://zogg.se/2013/01/01/vags-ande/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Sun, 10 Sep 2017 19:07:01 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Sun, 10 Sep 2017 17:07:09 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Accept-Encoding,Cookie <br>X-Powered-By: PHP/5.6.30 <br>Cache-Control: max-age=3, must-revalidate <br>WP-Super-Cache: Served supercache file from PHP <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Sun, 10 Sep 2017 17:07:08 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>zogg.se is on 194.9.94.194<br>ASN for 194.9.94.194: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.194 corresponds with s407.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1505113422http://passivhusab.se/ (194.9.94.213) - Serp-hijackingAttacked url: http://passivhusab.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Sun, 10 Sep 2017 15:45:29 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: passivhusab.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx/1.12.1 <br>Date: Sun, 10 Sep 2017 13:45:29 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Cookie <br>X-Powered-By: PHP/5.6.30 <br>Location: http://www.igpassivhus.se/ <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: passivhusab.se <br>Referer: http://www.google.com/search?q=passivhusab.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Sun, 10 Sep 2017 13:45:28 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>passivhusab.se is on 194.9.94.213<br>ASN for 194.9.94.213: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.213 corresponds with s368.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1505113279http://radhusgruppen.se/ (89.221.250.7) - Serp-hijackingAttacked url: http://radhusgruppen.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Sun, 10 Sep 2017 13:46:45 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: radhusgruppen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Sun, 10 Sep 2017 11:46:52 GMT <br>Server: Apache <br>X-Pingback: http://www.radhusgruppencity.se/xmlrpc.php <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: radhusgruppen.se <br>Referer: http://www.google.com/search?q=radhusgruppen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Sun, 10 Sep 2017 11:46:24 GMT <br>Server: Apache <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>radhusgruppen.se is on 89.221.250.7<br>ASN for 89.221.250.7: 1257<br>89.221.250.7 manually set to use abuse@aname.net1505113220http://bolibygg.se/ (195.74.38.148) - Serp-hijackingAttacked url: http://bolibygg.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Sun, 10 Sep 2017 11:34:24 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: bolibygg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Sun, 10 Sep 2017 09:34:23 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Link: &lt;http://bolibygg.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br>Pool-Info: /Common/CloudLinux-cluster-34 10.160.3.34 80 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: bolibygg.se <br>Referer: http://www.google.com/search?q=bolibygg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Sun, 10 Sep 2017 09:34:04 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html <br>Pool-Info: /Common/CloudLinux-cluster-34 10.160.3.34 80<br><br>bolibygg.se is on 195.74.38.148<br>ASN for 195.74.38.148: 41528<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.148 corresponds with cl-34.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1505113163http://nlsdstockholmuppsala.nu/ (194.169.225.106) - Serp-hijackingAttacked url: http://nlsdstockholmuppsala.nu/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Sun, 10 Sep 2017 11:16:54 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: nlsdstockholmuppsala.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Content-Length: 0 <br>Content-Type: text/html; charset=UTF-8 <br>Server: Microsoft-IIS/8.0 <br>X-Powered-By: PHP/7.0.15 <br>X-Pingback: http://nlsdstockholmuppsala.nu/xmlrpc.php <br>Link: &lt;http://nlsdstockholmuppsala.nu/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br>Link: &lt;http://nlsdstockholmuppsala.nu/&gt;; rel=shortlink <br>X-Powered-By: ASP.NET <br>Date: Sun, 10 Sep 2017 09:16:55 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: nlsdstockholmuppsala.nu <br>Referer: http://www.google.com/search?q=nlsdstockholmuppsala.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Content-Length: 156 <br>Content-Type: text/html; charset=UTF-8 <br>Location: http://islas.co.uk/college/image/ <br>Server: Microsoft-IIS/8.0 <br>X-Powered-By: PHP/7.0.15 <br>X-Powered-By: ASP.NET <br>Date: Sun, 10 Sep 2017 09:16:52 GMT <br>Connection: close<br><br>nlsdstockholmuppsala.nu is on 194.169.225.106<br>ASN for 194.169.225.106: 49232<br>Abusix contact information: abuse@rackfish.com (information only)<br>194.169.225.106 corresponds with stuns-web01.ad.rackfish.net<br>Abuse.net does not have any reliable address for stuns-web01.ad.rackfish.net<br>Found address in whois: abuse@rackfish.com1505113141http://onninenmagasinet.se/ (195.74.38.120) - Serp-hijackingAttacked url: http://onninenmagasinet.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 08 Sep 2017 12:54:52 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: onninenmagasinet.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Fri, 08 Sep 2017 10:54:58 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30 <br>Set-Cookie: _icl_current_language=sv; expires=Sat, 09-Sep-2017 10:54:59 GMT; Max-Age=86400; path=/ <br>Set-Cookie: _clef_state=C81yqjSF1M4lE4F1NaClD1x3; expires=Sat, 09-Sep-2017 10:55:00 GMT; Max-Age=86400; path=/; httponly <br>Set-Cookie: _icl_current_language=sv; expires=Sat, 09-Sep-2017 10:55:00 GMT; Max-Age=86400; path=/ <br>Location: http://www.onninenmagasinet.se/ <br>Vary: User-Agent,Accept-Encoding <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: onninenmagasinet.se <br>Referer: http://www.google.com/search?q=onninenmagasinet.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Fri, 08 Sep 2017 10:54:48 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/ <br>Vary: User-Agent,Accept-Encoding <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>onninenmagasinet.se is on 195.74.38.120<br>ASN for 195.74.38.120: 41528<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.120 corresponds with cl-20.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1504870174http://igpassivhus.se/ (194.9.94.213) - Serp-hijackingAttacked url: http://igpassivhus.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 08 Sep 2017 10:35:11 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: igpassivhus.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx/1.12.1 <br>Date: Fri, 08 Sep 2017 08:35:11 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Cookie <br>X-Powered-By: PHP/5.6.30 <br>Location: http://www.igpassivhus.se/ <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: igpassivhus.se <br>Referer: http://www.google.com/search?q=igpassivhus.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Fri, 08 Sep 2017 08:35:09 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>igpassivhus.se is on 194.9.94.213<br>ASN for 194.9.94.213: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.213 corresponds with s368.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1504870104http://radhusgruppen.se/ (89.221.250.7) - Serp-hijackingAttacked url: http://radhusgruppen.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 08 Sep 2017 07:42:00 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: radhusgruppen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Fri, 08 Sep 2017 05:41:59 GMT <br>Server: Apache <br>X-Pingback: http://www.radhusgruppencity.se/xmlrpc.php <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: radhusgruppen.se <br>Referer: http://www.google.com/search?q=radhusgruppen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Fri, 08 Sep 2017 05:41:46 GMT <br>Server: Apache <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>radhusgruppen.se is on 89.221.250.7<br>ASN for 89.221.250.7: 1257<br>89.221.250.7 manually set to use abuse@aname.net1504869975http://passivhusab.se/ (194.9.94.213) - Serp-hijackingAttacked url: http://passivhusab.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 08 Sep 2017 05:34:47 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: passivhusab.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx/1.12.1 <br>Date: Fri, 08 Sep 2017 03:34:55 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Cookie <br>X-Powered-By: PHP/5.6.30 <br>Location: http://www.igpassivhus.se/ <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: passivhusab.se <br>Referer: http://www.google.com/search?q=passivhusab.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Fri, 08 Sep 2017 03:34:53 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>passivhusab.se is on 194.9.94.213<br>ASN for 194.9.94.213: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.213 corresponds with s368.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1504869901http://brfakerholmen.se/ (195.74.38.130) - Serp-hijackingAttacked url: http://brfakerholmen.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 08 Sep 2017 02:38:42 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: brfakerholmen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Fri, 08 Sep 2017 00:38:42 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30 <br>X-Pingback: http://www.brfakerholmen.se/xmlrpc.php <br>Location: http://www.brfakerholmen.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: brfakerholmen.se <br>Referer: http://www.google.com/search?q=brfakerholmen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Fri, 08 Sep 2017 00:38:22 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>brfakerholmen.se is on 195.74.38.130<br>ASN for 195.74.38.130: 41528<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.130 corresponds with cl-26.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1504869786http://cross-fire.se/ (213.132.113.199) - MalwareOffensive html code:<br>&lt;script type='text/javascript' src='http://www.youngsters.se/wp-content/themes/poseidon/js/html5shiv.min.js?ver=3.7.3'&gt;<br><br>Offensive url: http://www.youngsters.se/wp-content/themes/poseidon/js/html5shiv.min.js?ver=3.7.3<br>Url is blacklisted in Google Safe Browsing<br><br>cross-fire.se is on 213.132.113.199<br>ASN for 213.132.113.199: 12552<br>Abusix contact information: abuse@ip-only.net (information only)<br>213.132.113.199 corresponds with supportcenter.claremont.se<br>Abuse.net does not have any reliable address for supportcenter.claremont.se<br>Found address in whois: abuse@ip-only.net1504869595http://gamlabygget.se/ (195.74.38.95) - Serp-hijackingAttacked url: http://gamlabygget.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 07 Sep 2017 20:49:26 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: gamlabygget.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Thu, 07 Sep 2017 18:49:25 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>X-Pingback: http://gamlabygget.se/xmlrpc.php <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br>Pool-Info: /Common/CloudLinux-cluster-11 10.160.2.11 80 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: gamlabygget.se <br>Referer: http://www.google.com/search?q=gamlabygget.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Thu, 07 Sep 2017 18:49:22 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html <br>Pool-Info: /Common/CloudLinux-cluster-11 10.160.2.11 80<br><br>gamlabygget.se is on 195.74.38.95<br>ASN for 195.74.38.95: 41528<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.95 corresponds with cl-11.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1504869580http://mhs.se/ (194.9.94.228) - Serp-hijackingAttacked url: http://mhs.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 07 Sep 2017 20:17:56 +0200<br><br>Visitors with referer are redirected to http://vados.biz/gosw?keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: mhs.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Thu, 07 Sep 2017 18:18:04 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Set-Cookie: wfvt_159242594=59b18d5c507f0; expires=Thu, 07-Sep-2017 18:48:04 GMT; Max-Age=1800; path=/; httponly <br>Link: &lt;http://mhs.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br>Link: &lt;http://mhs.se/&gt;; rel=shortlink <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: mhs.se <br>Referer: http://www.google.com/search?q=mhs.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Thu, 07 Sep 2017 18:18:02 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://vados.biz/gosw?keyword=&amp;pill=<br><br>mhs.se is on 194.9.94.228<br>ASN for 194.9.94.228: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.228 corresponds with s169.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1504869569http://zogg.se/2013/01/01/vags-ande/ (194.9.94.194) - Serp-hijackingAttacked url: http://zogg.se/2013/01/01/vags-ande/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 07 Sep 2017 18:51:31 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Thu, 07 Sep 2017 16:51:31 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Accept-Encoding,Cookie <br>X-Powered-By: PHP/5.6.30 <br>Cache-Control: max-age=3, must-revalidate <br>WP-Super-Cache: Served supercache file from PHP <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Thu, 07 Sep 2017 16:51:31 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>zogg.se is on 194.9.94.194<br>ASN for 194.9.94.194: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.194 corresponds with s407.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1504869430http://proa23.se/ (195.74.38.136) - Serp-hijackingAttacked url: http://proa23.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 07 Sep 2017 17:43:02 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: proa23.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Thu, 07 Sep 2017 15:43:08 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>X-Pingback: http://proa23.se/xmlrpc.php <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: proa23.se <br>Referer: http://www.google.com/search?q=proa23.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Thu, 07 Sep 2017 15:42:51 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>proa23.se is on 195.74.38.136<br>ASN for 195.74.38.136: 41528<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.136 corresponds with cl-30.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1504869410http://stadsmagasinet.se/ (194.9.95.119) - Serp-hijackingAttacked url: http://stadsmagasinet.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 07 Sep 2017 17:24:51 +0200<br><br>Visitors with referer are redirected to http://1e7.localtds.com/?bxbTNJ&amp;keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: stadsmagasinet.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Thu, 07 Sep 2017 15:24:59 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Link: &lt;http://stadsmagasinet.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br>Link: &lt;http://stadsmagasinet.se/&gt;; rel=shortlink <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: stadsmagasinet.se <br>Referer: http://www.google.com/search?q=stadsmagasinet.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Thu, 07 Sep 2017 15:24:58 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://1e7.localtds.com/?bxbTNJ&amp;keyword=&amp;pill=<br><br>stadsmagasinet.se is on 194.9.95.119<br>ASN for 194.9.95.119: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.95.119 corresponds with s298.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1504869405http://khal.se/ (194.9.94.137) - Serp-hijackingAttacked url: http://khal.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 07 Sep 2017 16:39:34 +0200<br><br>Visitors with referer are redirected to http://vados.biz/cialisse?keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: khal.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Thu, 07 Sep 2017 14:39:34 GMT <br>Content-Type: text/html; charset=utf-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Set-Cookie: c025e142ae5dd797a899add9154e4949=c6iiqhlgmk3upqiht8htao55n3; path=/; HttpOnly <br>P3P: CP=&quot;NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM&quot; <br>Expires: Mon, 1 Jan 2001 00:00:00 GMT <br>Last-Modified: Thu, 07 Sep 2017 14:39:34 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: khal.se <br>Referer: http://www.google.com/search?q=khal.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Thu, 07 Sep 2017 14:39:32 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://vados.biz/cialisse?keyword=&amp;pill=<br><br>khal.se is on 194.9.94.137<br>ASN for 194.9.94.137: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.137 corresponds with s529.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1504869384