Säkrare hemsida med .sehttp://progressionsports.se/ (195.74.38.149) - Serp-hijackingAttacked url: http://progressionsports.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 12 Jul 2017 13:03:44 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: progressionsports.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Wed, 12 Jul 2017 11:03:43 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>X-Pingback: http://progressionsports.se/xmlrpc.php <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: progressionsports.se <br>Referer: http://www.google.com/search?q=progressionsports.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Wed, 12 Jul 2017 11:03:36 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>progressionsports.se is on 195.74.38.149<br>ASN for 195.74.38.149: 41528<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.149 corresponds with cl-35.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1499859870http://cracked.se/ (103.224.212.191) - Serp-hijackingAttacked url: http://cracked.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 12 Jul 2017 12:44:45 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT%2Bzwn10jVoD4M3PpgSppK69kT%2B6Kf6kmE2XqyworK8mVt68vvvgxbNZ0W6e%2FcZuip%2FL1OCQXV5glVeLyHkfM7IwuOQr0%2BpmRG2%2FofFKMK%2B%2Bw7SOhRZ58YtUK1GQdWknk1h4%2BSWbU591%2FfDqKiDrPX6qc2XyE%2FWPT1q5sqgH1Vxr6XZ3bKNvvoSY%2FPthOpKFLGzPecvsm6umSeplOCW1qUS%2BeNDFDEPrrEQOtBT6itOuQVl54ig%2F3e9H%2BrSfNq6GtgG04Yu1pdibGMnEIve5NQeeW00ccflZ4Jh7aK3sSzHgNdbxqRQju%2FzCQodKpggOcHyvKiRWjQUJ3WgOjz04Bi%2BJnU3rAGAZeT3eGfseswSwTXF1WB4bcV3xRFchgRwncfbw89Vxh9vTudTzdn9MOqduXF%2FlymtBClI5xHVxhU87sMnJLqehMI3xG4Q4QA29R42N7rBG%2BfEWbHtsjOVIiHCH31Yh%2Fcq0CIodx2X7367uFNZfSllBNYIE0%2BgpzQxxhuEGK4Os9JNltmqBDp6GbqGw%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: cracked.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 12 Jul 2017 10:44:45 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499856285.3068132; expires=Sat, 10-Jul-2027 10:44:45 GMT; Max-Age=315360000 <br>Location: http://ww11.cracked.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: cracked.se <br>Referer: http://www.google.com/search?q=cracked.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 12 Jul 2017 10:44:44 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499856284.4468484; expires=Sat, 10-Jul-2027 10:44:44 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT%2Bzwn10jVoD4M3PpgSppK69kT%2B6Kf6kmE2XqyworK8mVt68vvvgxbNZ0W6e%2FcZuip%2FL1OCQXV5glVeLyHkfM7IwuOQr0%2BpmRG2%2FofFKMK%2B%2Bw7SOhRZ58YtUK1GQdWknk1h4%2BSWbU591%2FfDqKiDrPX6qc2XyE%2FWPT1q5sqgH1Vxr6XZ3bKNvvoSY%2FPthOpKFLGzPecvsm6umSeplOCW1qUS%2BeNDFDEPrrEQOtBT6itOuQVl54ig%2F3e9H%2BrSfNq6GtgG04Yu1pdibGMnEIve5NQeeW00ccflZ4Jh7aK3sSzHgNdbxqRQju%2FzCQodKpggOcHyvKiRWjQUJ3WgOjz04Bi%2BJnU3rAGAZeT3eGfseswSwTXF1WB4bcV3xRFchgRwncfbw89Vxh9vTudTzdn9MOqduXF%2FlymtBClI5xHVxhU87sMnJLqehMI3xG4Q4QA29R42N7rBG%2BfEWbHtsjOVIiHCH31Yh%2Fcq0CIodx2X7367uFNZfSllBNYIE0%2BgpzQxxhuEGK4Os9JNltmqBDp6GbqGw%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>cracked.se is on 103.224.212.191<br>ASN for 103.224.212.191: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.191 corresponds with lb-212-191.above.com<br>Abuse.net does not have any reliable address for lb-212-191.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-191.above.com1499859845http://skarstadbygg.se/ (93.90.145.83) - Serp-hijackingAttacked url: http://skarstadbygg.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 12 Jul 2017 12:32:42 +0200<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: skarstadbygg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 748 <br>Content-Type: text/html <br>ETag: &quot;&quot; <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDSCBSQBAS=JALJGNPCLKNMDLIHKDFNFPOB; path=/ <br>X-Powered-By: ASP.NET <br>Date: Wed, 12 Jul 2017 10:32:49 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: skarstadbygg.se <br>Referer: http://www.google.com/search?q=skarstadbygg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 150 <br>Content-Type: text/html <br>ETag: &quot;&quot; <br>Location: http://www.fapp.pw/app/se.php <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDSCBSQBAS=IALJGNPCJCGFJKJADEIFHNBO; path=/ <br>X-Powered-By: ASP.NET <br>Date: Wed, 12 Jul 2017 10:32:49 GMT <br>Connection: close<br><br>skarstadbygg.se is on 93.90.145.83<br>ASN for 93.90.145.83: 35041<br>Abusix contact information: abuse@levonline.com (information only)<br>rDNS not found for 93.90.145.83<br>Found address in whois: abuse@levonline.com1499859835http://namdemansgarden.se/ (103.224.212.199) - Serp-hijackingAttacked url: http://namdemansgarden.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 12 Jul 2017 11:59:43 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT%2Bzwn10jVoD4Ivwc1x5zJe7bo8yb2KiOAjojBqKUFISEE01d7cImddASUjbFKnfy%2BOskmjzJj4ZMnAu03Kli0oS%2B5jSUZa8pTZ4VWWKARjahi3xweCbIg0FVy%2BlRRqDK4NmwATfZR76bqoUWirb88oQRvys23SRzKkFW5f7FdYhyhwj4VeIAAyaxJ0LW9MkTcdn7fRy1hbwMeo6RcgENW0uVXDafL4rDN9y0%2BDDUctVUS%2BPS9eJAqcyRJeGPJyMyOWTYSyvJ4OCNfxtYmcL%2Ba%2BOw6o%2BJLGwVip8CfixCpZzBnPADbZfflBbGvS1OumPZQd%2F%2B%2FeVdMFLX7FCwRUE60ZyMiv7hkTkNpVdt9fa2oKPnYnLwg%2FzXo%2F0UfAjpXo0JURWyEhrVrnQ6UPqpcLrx0%2Bzob45JdIvy0ito6esOtmvvvK1%2F0m0Mz9ZOyc4l5Lc6IPc6jZbWDKbxwN0IBnGcvPWnfwlRcgUXrhCbxP0H2Iy3PLGXrumQkIWOO3czSsO5PxC90r%2FgUTKvuXQT0tPlEPN2%2B5tv%2Fy%2B7wEOawvN51Vze <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: namdemansgarden.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 12 Jul 2017 09:59:50 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499853590.2013695; expires=Sat, 10-Jul-2027 09:59:50 GMT; Max-Age=315360000 <br>Location: http://ww11.namdemansgarden.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: namdemansgarden.se <br>Referer: http://www.google.com/search?q=namdemansgarden.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 12 Jul 2017 09:59:49 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499853589.5262090; expires=Sat, 10-Jul-2027 09:59:49 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT%2Bzwn10jVoD4Ivwc1x5zJe7bo8yb2KiOAjojBqKUFISEE01d7cImddASUjbFKnfy%2BOskmjzJj4ZMnAu03Kli0oS%2B5jSUZa8pTZ4VWWKARjahi3xweCbIg0FVy%2BlRRqDK4NmwATfZR76bqoUWirb88oQRvys23SRzKkFW5f7FdYhyhwj4VeIAAyaxJ0LW9MkTcdn7fRy1hbwMeo6RcgENW0uVXDafL4rDN9y0%2BDDUctVUS%2BPS9eJAqcyRJeGPJyMyOWTYSyvJ4OCNfxtYmcL%2Ba%2BOw6o%2BJLGwVip8CfixCpZzBnPADbZfflBbGvS1OumPZQd%2F%2B%2FeVdMFLX7FCwRUE60ZyMiv7hkTkNpVdt9fa2oKPnYnLwg%2FzXo%2F0UfAjpXo0JURWyEhrVrnQ6UPqpcLrx0%2Bzob45JdIvy0ito6esOtmvvvK1%2F0m0Mz9ZOyc4l5Lc6IPc6jZbWDKbxwN0IBnGcvPWnfwlRcgUXrhCbxP0H2Iy3PLGXrumQkIWOO3czSsO5PxC90r%2FgUTKvuXQT0tPlEPN2%2B5tv%2Fy%2B7wEOawvN51Vze <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>namdemansgarden.se is on 103.224.212.199<br>ASN for 103.224.212.199: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.199 corresponds with lb-212-199.above.com<br>Abuse.net does not have any reliable address for lb-212-199.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-199.above.com1499859754http://hyllingebus.se/ (103.224.212.187) - Serp-hijackingAttacked url: http://hyllingebus.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 12 Jul 2017 11:45:57 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT%2Bzwn10jVoD4ZeYBChUL5KtGKr4TbbCWea5LU32AfpfUbc4lIzaTcT%2FSuaeCZQxRPEQdfv5cOBezhiEZA%2FEryOLsbh8tnZJvzU0beJwG7IlcpOtDP4Qcd5mI0p8n3b%2BhqBoCSPmiGmtq3pK6yojHYOWAWk7jvJgvYgNSQJUeAgKCBHK%2BXQtHKFyfuSwsK%2FJGDKB8QWFhVcwD3x%2FTzLGomwD4kHeOJGhiyZdoDrs2Myx2JyVQdEUEIBkz2928TBUQS5t7%2BceRNp3IwHD6hCPpy8qiWo2fGdfTwTH6iRotRrNmvQsRTbjmT7%2Ft1%2FbgFRW9qHiLDeIPKYSh0H93VVgSFug4aRvMW2vKqT2mf8kDXNB3v3Ni%2BfPKgOhlwJb8S9dWTse6hdOoDylcM1DWpJlmPTzCfGTkJ1EGSzXmEvazlqVbPjna6uWyVyyyTFOSN%2BviC314MKkBzu16HcAdfZHj8H1teFGs7CXd1pDYZqeK9KudL8O3QKWXN%2F98%2BNedpxFlyJdtKgpidxbp5L3k6IVzDCBIiy6ItzOcXw%3D%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: hyllingebus.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 12 Jul 2017 09:45:57 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499852757.1714777; expires=Sat, 10-Jul-2027 09:45:57 GMT; Max-Age=315360000 <br>Location: http://ww11.hyllingebus.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: hyllingebus.se <br>Referer: http://www.google.com/search?q=hyllingebus.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 12 Jul 2017 09:45:56 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499852756.1087853; expires=Sat, 10-Jul-2027 09:45:56 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT%2Bzwn10jVoD4ZeYBChUL5KtGKr4TbbCWea5LU32AfpfUbc4lIzaTcT%2FSuaeCZQxRPEQdfv5cOBezhiEZA%2FEryOLsbh8tnZJvzU0beJwG7IlcpOtDP4Qcd5mI0p8n3b%2BhqBoCSPmiGmtq3pK6yojHYOWAWk7jvJgvYgNSQJUeAgKCBHK%2BXQtHKFyfuSwsK%2FJGDKB8QWFhVcwD3x%2FTzLGomwD4kHeOJGhiyZdoDrs2Myx2JyVQdEUEIBkz2928TBUQS5t7%2BceRNp3IwHD6hCPpy8qiWo2fGdfTwTH6iRotRrNmvQsRTbjmT7%2Ft1%2FbgFRW9qHiLDeIPKYSh0H93VVgSFug4aRvMW2vKqT2mf8kDXNB3v3Ni%2BfPKgOhlwJb8S9dWTse6hdOoDylcM1DWpJlmPTzCfGTkJ1EGSzXmEvazlqVbPjna6uWyVyyyTFOSN%2BviC314MKkBzu16HcAdfZHj8H1teFGs7CXd1pDYZqeK9KudL8O3QKWXN%2F98%2BNedpxFlyJdtKgpidxbp5L3k6IVzDCBIiy6ItzOcXw%3D%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>hyllingebus.se is on 103.224.212.187<br>ASN for 103.224.212.187: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.187 corresponds with lb-212-187.above.com<br>Abuse.net does not have any reliable address for lb-212-187.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@lb-212-187.above.com abuse@above.com1499859733http://aftpnbladet.se/ (103.224.212.195) - Serp-hijackingAttacked url: http://aftpnbladet.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 12 Jul 2017 11:39:50 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT%2Bzwn10jVoD4rwIU0%2Bs%2FVpadwLsXiUXR7j0mo56mV8Y1aieyqysSIjn5lp7dWTSGWMxUYZVajIFiJR8%2B9cJ1RNFcI%2F0%2BKiGcBLrxpKresjGUpA0f%2FfdPhPzFgzjvYpMvKnYoTTeVFsPPFQCuO6FwDw%2FGPbb6HkMwf5Ih8fiiGaopo30OKWOHuZUp29D0Gyq0oqaczN5PIKk9X8OwQUSDis%2Bm1%2BPX5dBE3ha8Eg4PqBGb2D3sygLhb6XK66OctS1Vj9AXpHxphd6tpHi%2BtNhLJKbFQjbDXickCozvm%2Fb5L6d25y1hyRCBSkkmcX69SPCIAJEXuRTzJBWzKXXRJTKXlzwb2WZ1rtXQnP9RQEb%2BbcjnkNU3WPuZKdlqBH5Ouq334x4fm9ocEG7us59lbybxyOIiB2FEHfQrCW9KLj8Fmi2JAPH6u8ebSOh0LI72lBmi7Q9freBIanf34kx0DCv99fAMVMOdXaLg2RE2f3PlS%2Bgg4A0qCpPGrMZ5pr%2B1588XH9Hw2fBtRVsOedx7RcnCS5Op5c05b%2BxzDdp7t4F27hnZ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: aftpnbladet.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 12 Jul 2017 09:39:57 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499852397.7700387; expires=Sat, 10-Jul-2027 09:39:57 GMT; Max-Age=315360000 <br>Location: http://ww38.aftpnbladet.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: aftpnbladet.se <br>Referer: http://www.google.com/search?q=aftpnbladet.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 12 Jul 2017 09:39:56 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499852396.5526884; expires=Sat, 10-Jul-2027 09:39:56 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT%2Bzwn10jVoD4rwIU0%2Bs%2FVpadwLsXiUXR7j0mo56mV8Y1aieyqysSIjn5lp7dWTSGWMxUYZVajIFiJR8%2B9cJ1RNFcI%2F0%2BKiGcBLrxpKresjGUpA0f%2FfdPhPzFgzjvYpMvKnYoTTeVFsPPFQCuO6FwDw%2FGPbb6HkMwf5Ih8fiiGaopo30OKWOHuZUp29D0Gyq0oqaczN5PIKk9X8OwQUSDis%2Bm1%2BPX5dBE3ha8Eg4PqBGb2D3sygLhb6XK66OctS1Vj9AXpHxphd6tpHi%2BtNhLJKbFQjbDXickCozvm%2Fb5L6d25y1hyRCBSkkmcX69SPCIAJEXuRTzJBWzKXXRJTKXlzwb2WZ1rtXQnP9RQEb%2BbcjnkNU3WPuZKdlqBH5Ouq334x4fm9ocEG7us59lbybxyOIiB2FEHfQrCW9KLj8Fmi2JAPH6u8ebSOh0LI72lBmi7Q9freBIanf34kx0DCv99fAMVMOdXaLg2RE2f3PlS%2Bgg4A0qCpPGrMZ5pr%2B1588XH9Hw2fBtRVsOedx7RcnCS5Op5c05b%2BxzDdp7t4F27hnZ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>aftpnbladet.se is on 103.224.212.195<br>ASN for 103.224.212.195: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.195 corresponds with lb-212-195.above.com<br>Abuse.net does not have any reliable address for lb-212-195.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-195.above.com1499859727http://exceltips.se/ (89.221.250.113) - Serp-hijackingAttacked url: http://exceltips.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 12 Jul 2017 11:08:18 +0200<br><br>Visitors with referer are redirected to http://fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: exceltips.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 19174 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.0 <br>Set-Cookie: ASPSESSIONIDACQQTDDT=MNBFDCPCNFNFMNCBDBCNOFOH; path=/ <br>X-Powered-By: ASP.NET <br>Date: Wed, 12 Jul 2017 09:08:32 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: exceltips.se <br>Referer: http://www.google.com/search?q=exceltips.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Redirect <br>Content-Length: 148 <br>Content-Type: text/html; charset=UTF-8 <br>Location: http://fapp.pw/app/se.php <br>Server: Microsoft-IIS/7.0 <br>X-Powered-By: ASP.NET <br>Date: Wed, 12 Jul 2017 09:08:32 GMT <br>Connection: close<br><br>exceltips.se is on 89.221.250.113<br>ASN for 89.221.250.113: 1257<br>89.221.250.113 manually set to use abuse@aname.net1499859642http://purefitbars.se/ (194.9.94.38) - Serp-hijackingAttacked url: http://purefitbars.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 12 Jul 2017 10:32:54 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: purefitbars.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.10.3 <br>Date: Wed, 12 Jul 2017 08:32:54 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Set-Cookie: wfvt_505271604=5965deb5d0e4a; expires=Wed, 12-Jul-2017 09:02:53 GMT; Max-Age=1800; path=/; httponly <br>Link: &lt;http://purefitbars.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: purefitbars.se <br>Referer: http://www.google.com/search?q=purefitbars.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.10.3 <br>Date: Wed, 12 Jul 2017 08:32:51 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>purefitbars.se is on 194.9.94.38<br>ASN for 194.9.94.38: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.38 corresponds with s439.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1499859610http://skolkompassen.se/ (103.224.212.187) - Serp-hijackingAttacked url: http://skolkompassen.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 12 Jul 2017 10:02:57 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT%2Bzwn10jVoD4tgZVvtwzpHUBNrXhyrdDjkPPBXOfdDBdlYMNFaQ0JW4GNYnDr%2BbLRBHm0SxwPiAwPMDKtoLLlsGVM9aMTuG7Xe05MWOsmabT2B%2BShdL%2BtzJZUP2xtRqNYJSbruPK89tFSZAwBSkVHFyfnZwBjsPPlWKULzi2%2B6SFRFUsK8QbPGpJW3pqzEJDSsjkat99TY8YYYhxl%2F%2FBBMPsypEV%2F7KovBQ7MI4uneTapfu3Rww1l09CRcB63%2Bxu3cX20kgSSDGSKLAuOrYORnJc4Utp%2BOx6dCyAAKILcJS0t1Gx4IZ2ceM0%2FqW7jYIz1T%2BMMReUvnJ2UvuQbH10rcW%2FmUgaVnARMsuyURqiiHYufeQ63fwEcnvBHE0fL76ExFV%2FS0Qk0K3HRuaAx7UgMNwNtOtf2KEGP2qLPaY%2FS5ownU%2BojzayQ%2B4MIQ%2BKunpUMBgMs0HPgvCvSOIAoGjqTqGnDXcBQqiZaW%2BjwRnwHPW97XeUU7JzgcZEybJbxSVyG%2FyiSp2tUVBMVzzQSbjHylfg2j1ZZ03GvyBWYSX8KWl%2B <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: skolkompassen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 12 Jul 2017 08:02:57 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499846577.1799800; expires=Sat, 10-Jul-2027 08:02:57 GMT; Max-Age=315360000 <br>Location: http://ww38.skolkompassen.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: skolkompassen.se <br>Referer: http://www.google.com/search?q=skolkompassen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 12 Jul 2017 08:02:56 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499846576.2528834; expires=Sat, 10-Jul-2027 08:02:56 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT%2Bzwn10jVoD4tgZVvtwzpHUBNrXhyrdDjkPPBXOfdDBdlYMNFaQ0JW4GNYnDr%2BbLRBHm0SxwPiAwPMDKtoLLlsGVM9aMTuG7Xe05MWOsmabT2B%2BShdL%2BtzJZUP2xtRqNYJSbruPK89tFSZAwBSkVHFyfnZwBjsPPlWKULzi2%2B6SFRFUsK8QbPGpJW3pqzEJDSsjkat99TY8YYYhxl%2F%2FBBMPsypEV%2F7KovBQ7MI4uneTapfu3Rww1l09CRcB63%2Bxu3cX20kgSSDGSKLAuOrYORnJc4Utp%2BOx6dCyAAKILcJS0t1Gx4IZ2ceM0%2FqW7jYIz1T%2BMMReUvnJ2UvuQbH10rcW%2FmUgaVnARMsuyURqiiHYufeQ63fwEcnvBHE0fL76ExFV%2FS0Qk0K3HRuaAx7UgMNwNtOtf2KEGP2qLPaY%2FS5ownU%2BojzayQ%2B4MIQ%2BKunpUMBgMs0HPgvCvSOIAoGjqTqGnDXcBQqiZaW%2BjwRnwHPW97XeUU7JzgcZEybJbxSVyG%2FyiSp2tUVBMVzzQSbjHylfg2j1ZZ03GvyBWYSX8KWl%2B <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>skolkompassen.se is on 103.224.212.187<br>ASN for 103.224.212.187: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.187 corresponds with lb-212-187.above.com<br>Abuse.net does not have any reliable address for lb-212-187.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@lb-212-187.above.com abuse@above.com1499859592http://vikinglline.se/ (103.224.212.199) - Serp-hijackingAttacked url: http://vikinglline.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 12 Jul 2017 08:48:43 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT%2Bzwn10jVoD4WY4esDyspdB0pv7hat1ysvpLap7bTM6jt4z7JcSZpXpl9GVyYsWfz%2BtLQAIyCT9yix3v9P2gxuv2e7ADf%2BwCetG0PJFTiGuK88WRro2AkqIUOIzeL%2B78SdwROUDjyOUfuUidBTINdmV%2FduLkhT9Jn5xzrBh3JSRySTpD6nb5fgbyG8mqGxku6qPTbctyMBlHGw9JOFwFa6Z%2BHj%2B%2BWG573VPGfe0EpnjRGZz1kOM%2FOd5mzzJf7HNGAzMtAt7veigWQqicvdsUNBcqhUbDZvVeoHmVmwqEjwN3Xqq9xikSCIxZVMZhK6mDGwJzOdeWws%2Bi0fpgef6yUj8hYsGG529YPjPkwDwl%2BOG9cbek8vUEg08Vs2jnRaRn92sW%2F%2FithhLUROwPyWenEIi%2Bgtl3kW%2BXFpFYUnzqRwP61XDqSAFpV3jDv9ZW%2FsX%2FQvlfwsGqaLUNIn758XbZYj%2BFgEUc9Jxp%2BmJBKB64%2BPMZNxpRYC3y%2FyzTsX%2BCWQSanlh%2Fk4TagPxtTYybl4eGIhMQ602UdvrdpQ%3D%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vikinglline.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 12 Jul 2017 06:48:43 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499842123.2064961; expires=Sat, 10-Jul-2027 06:48:43 GMT; Max-Age=315360000 <br>Location: http://ww11.vikinglline.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vikinglline.se <br>Referer: http://www.google.com/search?q=vikinglline.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 12 Jul 2017 06:48:42 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499842122.5387221; expires=Sat, 10-Jul-2027 06:48:42 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT%2Bzwn10jVoD4WY4esDyspdB0pv7hat1ysvpLap7bTM6jt4z7JcSZpXpl9GVyYsWfz%2BtLQAIyCT9yix3v9P2gxuv2e7ADf%2BwCetG0PJFTiGuK88WRro2AkqIUOIzeL%2B78SdwROUDjyOUfuUidBTINdmV%2FduLkhT9Jn5xzrBh3JSRySTpD6nb5fgbyG8mqGxku6qPTbctyMBlHGw9JOFwFa6Z%2BHj%2B%2BWG573VPGfe0EpnjRGZz1kOM%2FOd5mzzJf7HNGAzMtAt7veigWQqicvdsUNBcqhUbDZvVeoHmVmwqEjwN3Xqq9xikSCIxZVMZhK6mDGwJzOdeWws%2Bi0fpgef6yUj8hYsGG529YPjPkwDwl%2BOG9cbek8vUEg08Vs2jnRaRn92sW%2F%2FithhLUROwPyWenEIi%2Bgtl3kW%2BXFpFYUnzqRwP61XDqSAFpV3jDv9ZW%2FsX%2FQvlfwsGqaLUNIn758XbZYj%2BFgEUc9Jxp%2BmJBKB64%2BPMZNxpRYC3y%2FyzTsX%2BCWQSanlh%2Fk4TagPxtTYybl4eGIhMQ602UdvrdpQ%3D%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>vikinglline.se is on 103.224.212.199<br>ASN for 103.224.212.199: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.199 corresponds with lb-212-199.above.com<br>Abuse.net does not have any reliable address for lb-212-199.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-199.above.com1499845111http://narutoge.se/ (103.224.212.190) - Serp-hijackingAttacked url: http://narutoge.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 12 Jul 2017 07:44:27 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT%2Bzwn10jVoD4IdLzzGPCkCvnOlb7PgCnhb8VcasUDBrGjCLT1Fsbsa3kosx7%2F3ZTVKHnqJ6wLp02VoSzIUp6fD%2FosIY8erh9N3%2BWkfROy3iKm9XUb9713PuLtKGK7yNPU6vgxipMFvbT%2BrLO6ejOkWJ2todSp%2BQV4LAcO2noXVGvU9P8gvhslVBdeb2albgq3l9EnUYAj9nWsj2Q7Euokfknbni%2BiKE2cWDmH7SpzdLbovyC%2FVxRatnNc4MdUUwzfMaR6pW9nxL8BSbM9mqTh69FCBJe5GOc5lTLoYXK0fZO37rFvJmkEd7JYUHiDCIlUGbsajzdm%2F5B2b0JG4wVa5Jpi6jALNh7iptvUzENFH%2BIKiinQduHrEmP%2B7S%2FaLDQTpmxC3OClTqWk5AlxZ1IbfyVNRk9Byi2y%2B%2FVwxDcbq2FEbTTzBUSMEl8dw36sG9KKNCnPSjhHuDhLy%2FKi%2BGlhVOOfBvvg1l9S8kvm4mbjNEemsUbVWf7Dd4aenGg8LaGn3QagtGNjkLJnlxeat8aR3I%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: narutoge.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 12 Jul 2017 05:44:27 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499838267.7596076; expires=Sat, 10-Jul-2027 05:44:27 GMT; Max-Age=315360000 <br>Location: http://ww11.narutoge.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: narutoge.se <br>Referer: http://www.google.com/search?q=narutoge.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 12 Jul 2017 05:44:26 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499838266.5959309; expires=Sat, 10-Jul-2027 05:44:26 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT%2Bzwn10jVoD4IdLzzGPCkCvnOlb7PgCnhb8VcasUDBrGjCLT1Fsbsa3kosx7%2F3ZTVKHnqJ6wLp02VoSzIUp6fD%2FosIY8erh9N3%2BWkfROy3iKm9XUb9713PuLtKGK7yNPU6vgxipMFvbT%2BrLO6ejOkWJ2todSp%2BQV4LAcO2noXVGvU9P8gvhslVBdeb2albgq3l9EnUYAj9nWsj2Q7Euokfknbni%2BiKE2cWDmH7SpzdLbovyC%2FVxRatnNc4MdUUwzfMaR6pW9nxL8BSbM9mqTh69FCBJe5GOc5lTLoYXK0fZO37rFvJmkEd7JYUHiDCIlUGbsajzdm%2F5B2b0JG4wVa5Jpi6jALNh7iptvUzENFH%2BIKiinQduHrEmP%2B7S%2FaLDQTpmxC3OClTqWk5AlxZ1IbfyVNRk9Byi2y%2B%2FVwxDcbq2FEbTTzBUSMEl8dw36sG9KKNCnPSjhHuDhLy%2FKi%2BGlhVOOfBvvg1l9S8kvm4mbjNEemsUbVWf7Dd4aenGg8LaGn3QagtGNjkLJnlxeat8aR3I%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>narutoge.se is on 103.224.212.190<br>ASN for 103.224.212.190: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.190 corresponds with lb-212-190.above.com<br>Abuse.net does not have any reliable address for lb-212-190.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-190.above.com1499845093http://racingspel.se/ (103.224.212.196) - Serp-hijackingAttacked url: http://racingspel.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 12 Jul 2017 06:59:07 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT%2Bzwn10jVoD47dDRnW6uoXfBoCZHKStFNNqb05VDEz6%2BKq7dGrEJgpL6iS9pdCtpAoK5iKJQudh6mRppchEFLHYGhpsV70XhZ04%2FS9m1%2FGvMrQk%2Bu3hcs%2BJ4f1WEEbwCg%2F%2BPtJi6w4mpyjPbuzVWHcIEXSEiHXWt1pjriEYtq67BcLlUcaThet5L%2Br9EY6uYtI%2BEqhP5SU2VlU3WQG9RBN2j3CkViYB0STO5gmBiFQCrah4qBuXKqN15dLIYshlEmOYu6P7o8CxE5lrFTOTQQ9LzS8A%2FPFpKh8papzpr%2FPQ3fjHOHptYe06AhudFY7VnGUaTwYb7S3d%2FWdZ3PmbMeEdqGIWSkEydRBrRKJI2J32Ow0f0BJDFsBfiF3XCNpT4pVtYvrCVuH7iMiWO5G%2FFB6pKHI377Y1lOVckNKa2Re8BJLMrlRmm4j575b7PAT1uD7oSoyCGzRiHGcL0%2BfNHywJeOamH7f%2Bu%2B9HodpUptHd%2FXUjZqAK%2BFQekYFxBOJ6kc%2BZX1fwjpFVNQzjJ31VTqhLdBeaufHhesg%3D%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: racingspel.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 12 Jul 2017 04:59:14 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499835554.2808358; expires=Sat, 10-Jul-2027 04:59:14 GMT; Max-Age=315360000 <br>Location: http://ww11.racingspel.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: racingspel.se <br>Referer: http://www.google.com/search?q=racingspel.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 12 Jul 2017 04:59:13 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499835554.2302951; expires=Sat, 10-Jul-2027 04:59:14 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT%2Bzwn10jVoD47dDRnW6uoXfBoCZHKStFNNqb05VDEz6%2BKq7dGrEJgpL6iS9pdCtpAoK5iKJQudh6mRppchEFLHYGhpsV70XhZ04%2FS9m1%2FGvMrQk%2Bu3hcs%2BJ4f1WEEbwCg%2F%2BPtJi6w4mpyjPbuzVWHcIEXSEiHXWt1pjriEYtq67BcLlUcaThet5L%2Br9EY6uYtI%2BEqhP5SU2VlU3WQG9RBN2j3CkViYB0STO5gmBiFQCrah4qBuXKqN15dLIYshlEmOYu6P7o8CxE5lrFTOTQQ9LzS8A%2FPFpKh8papzpr%2FPQ3fjHOHptYe06AhudFY7VnGUaTwYb7S3d%2FWdZ3PmbMeEdqGIWSkEydRBrRKJI2J32Ow0f0BJDFsBfiF3XCNpT4pVtYvrCVuH7iMiWO5G%2FFB6pKHI377Y1lOVckNKa2Re8BJLMrlRmm4j575b7PAT1uD7oSoyCGzRiHGcL0%2BfNHywJeOamH7f%2Bu%2B9HodpUptHd%2FXUjZqAK%2BFQekYFxBOJ6kc%2BZX1fwjpFVNQzjJ31VTqhLdBeaufHhesg%3D%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>racingspel.se is on 103.224.212.196<br>ASN for 103.224.212.196: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.196 corresponds with lb-212-196.above.com<br>Abuse.net does not have any reliable address for lb-212-196.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@lb-212-196.above.com abuse@above.com1499845065http://xn--bjrnbio-b1a.se/ (103.224.212.192) - Serp-hijackingAttacked url: http://xn--bjrnbio-b1a.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 12 Jul 2017 04:30:01 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT%2Bzwn10jVoD4npwLaleydww%2F%2F8g%2FdKH89ZWt0cg1thkNxM%2BTrHdSOHA8s%2BmYhU457nIWMIRaXm8pQyfOjGogyd61FuD81H3Bu8gNIY%2FuHHxVN9W34zH5aM7yRbJZ56MGivC%2BoUq3onz3wBvYDJ5HZ4BnA%2FcF9kFsGPXHPTWCnBTW7YUD4e28KPkSoo7H1uYzmdMSosYN1LfBxF52gbkAvgN7C0As7nFevHOaMzQNKSO0TAQjOH8grqPf5OiBLk%2Be2dX5bnUFSfFNqJ1%2BAmkUyHNoI7HwOTPXTRh1E%2FbHzVdt4qcO0SpJ1Z5yTsQQpTHzE7oc1t0lw5qMXlZuTmJJn58lHpxBVtnIUaf%2F90XbcgHeiq2GRjKP3NrGXkJSczTjGR9XC1WgDyFfUCGcANu5C6ZlEJXCmADHXJr%2B6G4lLOGDb5I4RDB%2B3ljRZJ%2BOjPcYfb6Uq%2BAmiZznltN0rQobwc6F4rBvjtDLRg5eVBKm5jLeHHPg%2BthQVIn%2F5qF3EfLieOoLnlEoyVIbSPwkH0l0%2Bc12Vizp%2Fn3AZMWXJX%2BaA9Jy <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: xn--bjrnbio-b1a.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 12 Jul 2017 02:30:08 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499826608.4435002; expires=Sat, 10-Jul-2027 02:30:08 GMT; Max-Age=315360000 <br>Location: http://ww38.xn--bjrnbio-b1a.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: xn--bjrnbio-b1a.se <br>Referer: http://www.google.com/search?q=xn--bjrnbio-b1a.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 12 Jul 2017 02:30:07 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499826607.8224461; expires=Sat, 10-Jul-2027 02:30:07 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT%2Bzwn10jVoD4npwLaleydww%2F%2F8g%2FdKH89ZWt0cg1thkNxM%2BTrHdSOHA8s%2BmYhU457nIWMIRaXm8pQyfOjGogyd61FuD81H3Bu8gNIY%2FuHHxVN9W34zH5aM7yRbJZ56MGivC%2BoUq3onz3wBvYDJ5HZ4BnA%2FcF9kFsGPXHPTWCnBTW7YUD4e28KPkSoo7H1uYzmdMSosYN1LfBxF52gbkAvgN7C0As7nFevHOaMzQNKSO0TAQjOH8grqPf5OiBLk%2Be2dX5bnUFSfFNqJ1%2BAmkUyHNoI7HwOTPXTRh1E%2FbHzVdt4qcO0SpJ1Z5yTsQQpTHzE7oc1t0lw5qMXlZuTmJJn58lHpxBVtnIUaf%2F90XbcgHeiq2GRjKP3NrGXkJSczTjGR9XC1WgDyFfUCGcANu5C6ZlEJXCmADHXJr%2B6G4lLOGDb5I4RDB%2B3ljRZJ%2BOjPcYfb6Uq%2BAmiZznltN0rQobwc6F4rBvjtDLRg5eVBKm5jLeHHPg%2BthQVIn%2F5qF3EfLieOoLnlEoyVIbSPwkH0l0%2Bc12Vizp%2Fn3AZMWXJX%2BaA9Jy <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>xn--bjrnbio-b1a.se is on 103.224.212.192<br>ASN for 103.224.212.192: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.192 corresponds with lb-212-192.above.com<br>Abuse.net does not have any reliable address for lb-212-192.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@lb-212-192.above.com abuse@above.com1499844954http://sexkunskap.se/ (195.74.38.99) - Serp-hijackingAttacked url: http://sexkunskap.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 12 Jul 2017 01:37:48 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: sexkunskap.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 11 Jul 2017 23:37:55 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Vary: Accept-Encoding,Cookie <br>Cache-Control: max-age=3, must-revalidate <br>WP-Super-Cache: Served supercache file from PHP <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br>Pool-Info: /Common/CloudLinux-cluster-15 10.160.2.15 80 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: sexkunskap.se <br>Referer: http://www.google.com/search?q=sexkunskap.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Tue, 11 Jul 2017 23:37:50 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html <br>Pool-Info: /Common/CloudLinux-cluster-15 10.160.2.15 80<br><br>sexkunskap.se is on 195.74.38.99<br>ASN for 195.74.38.99: 41528<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.99 corresponds with cl-15.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1499844222http://apicellae.se/ (103.224.212.193) - Serp-hijackingAttacked url: http://apicellae.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 11 Jul 2017 23:57:21 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT%2Bzwn10jVoD4TGYzYLwDltswBhmLch%2BDNGmNGd6PYSpWBJsfuLYQkdvPI%2F%2F%2BObu8Dx6m05iP5kfRLPAHlctfahHb3MB0THN9Ny5hCL%2FQGVmds8%2F2cBhT1djNEHBeHigaVIYTtyQyyp9bQfDkrV3vAupAzA2A4j%2F%2ByPWQfHS7er17alQWhoYMboBZ4YE3xd25EYRmFZYfUUHKAaZDQl6CjBEPkR5hIh0Ea8B62%2BCtjRmzMu23iE%2FquwE4v2ZFL0Qqp1kMKNtysC%2BOZZtzRRf5jvV%2FNpScHyAIkzUimeBkbnIZSGtDBxC7iGf5alNRC7NQK81%2Fllz4EuhqaGpz6L%2F9m70RuM9YAd%2BnFlC7MsEjjz%2Bj3SsBzSVhxFadNB6iGWelTptT9k%2FFosbap%2BncR7S47NmvbK47k7an2GPkl6CdePjql4BzBUzAn4F9CwckwhMAcyGm7ggZuV93dBBPYMlQ9chY9wyZ76hm%2B14LtSvxEuvpFCbowYwJgYVQ%2BtGZIaRZ9bxsqsvwLSXH42JgZG7qwG0%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: apicellae.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 11 Jul 2017 21:57:28 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499810248.3318563; expires=Fri, 09-Jul-2027 21:57:28 GMT; Max-Age=315360000 <br>Location: http://ww11.apicellae.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: apicellae.se <br>Referer: http://www.google.com/search?q=apicellae.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 11 Jul 2017 21:57:27 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499810247.1519885; expires=Fri, 09-Jul-2027 21:57:27 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT%2Bzwn10jVoD4TGYzYLwDltswBhmLch%2BDNGmNGd6PYSpWBJsfuLYQkdvPI%2F%2F%2BObu8Dx6m05iP5kfRLPAHlctfahHb3MB0THN9Ny5hCL%2FQGVmds8%2F2cBhT1djNEHBeHigaVIYTtyQyyp9bQfDkrV3vAupAzA2A4j%2F%2ByPWQfHS7er17alQWhoYMboBZ4YE3xd25EYRmFZYfUUHKAaZDQl6CjBEPkR5hIh0Ea8B62%2BCtjRmzMu23iE%2FquwE4v2ZFL0Qqp1kMKNtysC%2BOZZtzRRf5jvV%2FNpScHyAIkzUimeBkbnIZSGtDBxC7iGf5alNRC7NQK81%2Fllz4EuhqaGpz6L%2F9m70RuM9YAd%2BnFlC7MsEjjz%2Bj3SsBzSVhxFadNB6iGWelTptT9k%2FFosbap%2BncR7S47NmvbK47k7an2GPkl6CdePjql4BzBUzAn4F9CwckwhMAcyGm7ggZuV93dBBPYMlQ9chY9wyZ76hm%2B14LtSvxEuvpFCbowYwJgYVQ%2BtGZIaRZ9bxsqsvwLSXH42JgZG7qwG0%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>apicellae.se is on 103.224.212.193<br>ASN for 103.224.212.193: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.193 corresponds with lb-212-193.above.com<br>Abuse.net does not have any reliable address for lb-212-193.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@lb-212-193.above.com abuse@above.com1499844096http://luv.nu/ (103.224.182.249) - Serp-hijackingAttacked url: http://luv.nu/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 11 Jul 2017 23:56:43 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT%2Bzwn10jVoD41mCkxmFpFIXsSqdGeHfRLtbj4EgsFUSNO9YqjzrvwGIZ3jWlQ0rZzE5gCn8XMgcxISpmnJXUoeJV1IQUHbzcKzsg8rvrjY0fqKmEfAyChkHbb8ZEbKqlbiSfr56AHaB5Nnhrabbd%2BAcex9SMh7yklqA2YGKifrGmPtBGvZL%2FXYbjhb6Pnxtm%2F3GW16X%2FPpx%2Fo%2FaAiGIMOhLGTcMxKOhf4FxeuuahtMhYPNcP3nqZj9s1xBHHnwq0J3oP0tahmkRHD4vkk6C5Lu0ECyLRtAFDSB%2F229DRtWvPq9G0RhSpYkwpNe%2FLs8Vmn7CgLN1gQSPMts0rqBM6w474eq7Ic0axjQynk%2BvD8n9ot3%2B8s3gZiNUQ7mfxIWzrgHb5noz6nm3%2FmXM2XdfkwSm1ou6qhuLln4CTtn%2FwIoiQLSKXviGM7QIAvbHlxO8n8N5AIBtU%2FYnaTJUSQl0cY%2FplOgAUkYfxP5BKSlJLlZpJEyuVewqUytb3C9UHDB3daA%3D%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: luv.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 11 Jul 2017 21:56:50 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499810210.2188065; expires=Fri, 09-Jul-2027 21:56:50 GMT; Max-Age=315360000 <br>Location: http://ww11.luv.nu/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: luv.nu <br>Referer: http://www.google.com/search?q=luv.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 11 Jul 2017 21:56:49 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499810209.7956473; expires=Fri, 09-Jul-2027 21:56:49 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT%2Bzwn10jVoD41mCkxmFpFIXsSqdGeHfRLtbj4EgsFUSNO9YqjzrvwGIZ3jWlQ0rZzE5gCn8XMgcxISpmnJXUoeJV1IQUHbzcKzsg8rvrjY0fqKmEfAyChkHbb8ZEbKqlbiSfr56AHaB5Nnhrabbd%2BAcex9SMh7yklqA2YGKifrGmPtBGvZL%2FXYbjhb6Pnxtm%2F3GW16X%2FPpx%2Fo%2FaAiGIMOhLGTcMxKOhf4FxeuuahtMhYPNcP3nqZj9s1xBHHnwq0J3oP0tahmkRHD4vkk6C5Lu0ECyLRtAFDSB%2F229DRtWvPq9G0RhSpYkwpNe%2FLs8Vmn7CgLN1gQSPMts0rqBM6w474eq7Ic0axjQynk%2BvD8n9ot3%2B8s3gZiNUQ7mfxIWzrgHb5noz6nm3%2FmXM2XdfkwSm1ou6qhuLln4CTtn%2FwIoiQLSKXviGM7QIAvbHlxO8n8N5AIBtU%2FYnaTJUSQl0cY%2FplOgAUkYfxP5BKSlJLlZpJEyuVewqUytb3C9UHDB3daA%3D%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>luv.nu is on 103.224.182.249<br>ASN for 103.224.182.249: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.182.249 corresponds with lb-182-249.above.com<br>Abuse.net does not have any reliable address for lb-182-249.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@lb-182-249.above.com abuse@above.com1499844094http://skollen.se/ (103.224.212.193) - Serp-hijackingAttacked url: http://skollen.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 11 Jul 2017 22:20:20 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT%2Bzwn10jVoD4N2M2UUS09dXQTH4wCAT%2B0Ygu9mAS4KUmhn4EitcuKrXSsrZkydb5PKSZMn2En1LWTHLVYzxNyNfOjA27p3AhIPs90K%2BltHGwseiOb5Itl037El%2FgHqKk6brVtWJqHT8T3Z5L1E3CTjcvvPIpGyTqhDd%2BdW38hGkDszgnUHxf7Y9MM0qQeUDjxmTH6jbtR54WYJp0aqiacSM%2FQQsMB2sO7SO0uZ4umaeg7qkLQrbytHr5sf3n9EcKbpxFJjvYbkWdXHopgs%2FnWXiNKhAelV%2FgbOHZwy4iXlwgzafKq2hVAKlpJ4aGGU2cHIyl11zSa1BP1CjVHFBGyb5oozUDDp7IuzC7Lu8C405Q4ne3Hkn%2BR63hvIZhUsKp3KFt8AdREkHzed%2BlUmedMwYhyNg2xyqAgQeFRLvpYgRS7OqFJh1qCvCEZ21RRDCnreBIigJ8GlrguHjDGPyavTgs%2Fvm%2BhnOhPvBSsiFB21tIrPBu1wKqGSYL7Jos%2Fyieoeuq9joX1x3ageOkhpmJ1iA%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: skollen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 11 Jul 2017 20:20:27 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499804427.6258746; expires=Fri, 09-Jul-2027 20:20:27 GMT; Max-Age=315360000 <br>Location: http://ww11.skollen.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: skollen.se <br>Referer: http://www.google.com/search?q=skollen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 11 Jul 2017 20:20:27 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499804427.4884867; expires=Fri, 09-Jul-2027 20:20:27 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT%2Bzwn10jVoD4N2M2UUS09dXQTH4wCAT%2B0Ygu9mAS4KUmhn4EitcuKrXSsrZkydb5PKSZMn2En1LWTHLVYzxNyNfOjA27p3AhIPs90K%2BltHGwseiOb5Itl037El%2FgHqKk6brVtWJqHT8T3Z5L1E3CTjcvvPIpGyTqhDd%2BdW38hGkDszgnUHxf7Y9MM0qQeUDjxmTH6jbtR54WYJp0aqiacSM%2FQQsMB2sO7SO0uZ4umaeg7qkLQrbytHr5sf3n9EcKbpxFJjvYbkWdXHopgs%2FnWXiNKhAelV%2FgbOHZwy4iXlwgzafKq2hVAKlpJ4aGGU2cHIyl11zSa1BP1CjVHFBGyb5oozUDDp7IuzC7Lu8C405Q4ne3Hkn%2BR63hvIZhUsKp3KFt8AdREkHzed%2BlUmedMwYhyNg2xyqAgQeFRLvpYgRS7OqFJh1qCvCEZ21RRDCnreBIigJ8GlrguHjDGPyavTgs%2Fvm%2BhnOhPvBSsiFB21tIrPBu1wKqGSYL7Jos%2Fyieoeuq9joX1x3ageOkhpmJ1iA%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>skollen.se is on 103.224.212.193<br>ASN for 103.224.212.193: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.193 corresponds with lb-212-193.above.com<br>Abuse.net does not have any reliable address for lb-212-193.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-193.above.com1499843997http://bloei.nu/ (103.224.182.249) - Serp-hijackingAttacked url: http://bloei.nu/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 11 Jul 2017 22:06:11 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT%2Bzwn10jVoD4w8Yx4r26cxNI2hMD2ruWt88NhvjWtVJi5ie6XAgm5XszaOkNEcEKCO%2FOH7AgFeUPqb5m5zprMOBwn2NJHIIpQ05t3Fd07iODbY5z4ggNUEpixefeFZQGH1cAr0lb%2Bogyv98xP%2Fec0FiHdVwRvYImKs9Wdeu4CaDXDrA3LOIppg2%2BvB6AueGOlPwPfty7eMPSJpQN7%2BRkCqU1k7higSsU%2BxDvDk0TA1Bpu5LLbGiIMBmPJSdA6GR%2BLer3nS4rie1aqVqBH5Lv2soC8e1abZiRZZ%2Bka6aO%2BRNiFxeAfle2xQR%2BgsIPTQD%2BIgQBTpoChabq8D8494pjx5qI0BFGHrqaj8%2BT8ZyckI%2B80M7izQ%2BYKxCS7E56R18aNT%2BUMp96rPbgCXrR4OFNZ2RDIgKytNFqgCPRVrqFxBbnFHsOHbkWEHTx1vTGBSZ8zVCSmUCxf%2FEbBaJDq39aipLNuk8PZvWFtNakaZsZ2bmIZKttxU93hel82XOzB8rp0Umh0yo9aKwb <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: bloei.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 11 Jul 2017 20:06:11 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499803571.7055870; expires=Fri, 09-Jul-2027 20:06:11 GMT; Max-Age=315360000 <br>Location: http://ww11.bloei.nu/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: bloei.nu <br>Referer: http://www.google.com/search?q=bloei.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 11 Jul 2017 20:06:10 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499803571.8590828; expires=Fri, 09-Jul-2027 20:06:11 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT%2Bzwn10jVoD4w8Yx4r26cxNI2hMD2ruWt88NhvjWtVJi5ie6XAgm5XszaOkNEcEKCO%2FOH7AgFeUPqb5m5zprMOBwn2NJHIIpQ05t3Fd07iODbY5z4ggNUEpixefeFZQGH1cAr0lb%2Bogyv98xP%2Fec0FiHdVwRvYImKs9Wdeu4CaDXDrA3LOIppg2%2BvB6AueGOlPwPfty7eMPSJpQN7%2BRkCqU1k7higSsU%2BxDvDk0TA1Bpu5LLbGiIMBmPJSdA6GR%2BLer3nS4rie1aqVqBH5Lv2soC8e1abZiRZZ%2Bka6aO%2BRNiFxeAfle2xQR%2BgsIPTQD%2BIgQBTpoChabq8D8494pjx5qI0BFGHrqaj8%2BT8ZyckI%2B80M7izQ%2BYKxCS7E56R18aNT%2BUMp96rPbgCXrR4OFNZ2RDIgKytNFqgCPRVrqFxBbnFHsOHbkWEHTx1vTGBSZ8zVCSmUCxf%2FEbBaJDq39aipLNuk8PZvWFtNakaZsZ2bmIZKttxU93hel82XOzB8rp0Umh0yo9aKwb <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>bloei.nu is on 103.224.182.249<br>ASN for 103.224.182.249: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.182.249 corresponds with lb-182-249.above.com<br>Abuse.net does not have any reliable address for lb-182-249.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@lb-182-249.above.com abuse@above.com1499843986http://mon.nu/ (103.224.182.249) - Serp-hijackingAttacked url: http://mon.nu/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 11 Jul 2017 19:47:13 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT%2Bzwn10jVoD495iPG7T0uJTPAfnP2U4mjSHjc22eLMBWMs43vNVRsHXSetXxOQaXDlx9RWpfRl9QdlieE3ztq4CIBF6ub715awxlC8ZNBWGVeFB0qpZCozoYTqP504inxZ8gM51cbMq233Fif2X4F2QZnk4%2B3Gw9hL6ejF4kHjTGArbketyRTtI443D%2FRCnuKe2qXEnrrkyGKehJz1xMTZ8Whx1UfWpksEf8rNEtOYKOQt18zkhLhvS8Pj1lSzctmSfir9y7qPECLYYyDJ3KkY4Zk2cjmXMsVm%2FihuGBDqSHDfZMJsOqPL8K7owaqotwLIrCEfj5%2Bq0IdYHDaeVxM3x55eEycR2opbYJ6YHNkCf1TW02uO5TMso3aT5%2BK%2B83hfMgKw%2BGjySoIVeLdrk6xhHH%2FZMTyW%2Ftqla%2FwqrUa87Bsw4UTscaxLe329wAtKBB0ja%2BbJf3ocaRowNPsU9mz%2F1dIv%2FzfiGu6oZ9mDxG3bxqPmPYPJ1vNmwOC3otiCUMQVmQwFMnZNMy <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: mon.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 11 Jul 2017 17:47:13 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499795233.8446400; expires=Fri, 09-Jul-2027 17:47:13 GMT; Max-Age=315360000 <br>Location: http://ww38.mon.nu/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: mon.nu <br>Referer: http://www.google.com/search?q=mon.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 11 Jul 2017 17:47:12 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499795232.3322523; expires=Fri, 09-Jul-2027 17:47:12 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT%2Bzwn10jVoD495iPG7T0uJTPAfnP2U4mjSHjc22eLMBWMs43vNVRsHXSetXxOQaXDlx9RWpfRl9QdlieE3ztq4CIBF6ub715awxlC8ZNBWGVeFB0qpZCozoYTqP504inxZ8gM51cbMq233Fif2X4F2QZnk4%2B3Gw9hL6ejF4kHjTGArbketyRTtI443D%2FRCnuKe2qXEnrrkyGKehJz1xMTZ8Whx1UfWpksEf8rNEtOYKOQt18zkhLhvS8Pj1lSzctmSfir9y7qPECLYYyDJ3KkY4Zk2cjmXMsVm%2FihuGBDqSHDfZMJsOqPL8K7owaqotwLIrCEfj5%2Bq0IdYHDaeVxM3x55eEycR2opbYJ6YHNkCf1TW02uO5TMso3aT5%2BK%2B83hfMgKw%2BGjySoIVeLdrk6xhHH%2FZMTyW%2Ftqla%2FwqrUa87Bsw4UTscaxLe329wAtKBB0ja%2BbJf3ocaRowNPsU9mz%2F1dIv%2FzfiGu6oZ9mDxG3bxqPmPYPJ1vNmwOC3otiCUMQVmQwFMnZNMy <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>mon.nu is on 103.224.182.249<br>ASN for 103.224.182.249: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.182.249 corresponds with lb-182-249.above.com<br>Abuse.net does not have any reliable address for lb-182-249.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-182-249.above.com1499843826http://kungligaopera.se/ (103.224.212.187) - Serp-hijackingAttacked url: http://kungligaopera.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 11 Jul 2017 19:04:41 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT%2Bzwn10jVoD4Fcp8F%2BpnpThBNNxN7Ea8inIZHv9JMWquouclyDMOmeNbfEW46KC2P%2BUJMw%2F2%2BtIWl%2F11n%2BkCl7%2FzQhc74bThj3pX3mWBqEVhrfGScfwKMcnZ9h4sx6KZygXdoBPLoeG3W3UDQp7i9ASbHPRysuAeY8w2xzu8%2FLs4YWNisF6dSFa%2BB8nnZsEqY%2BKiM8PLbhD01MrqmlCSPG%2FcZ5TpQ6Y4p6T8qF0Tkx6gBZHz%2FODATEdt9zEYSxtvkOSi4cjdbM1ubmAABkXg5wYzuWxwzHQpwjKqrkgqoYcx%2FSci7UNR4plQrhbsL3Sbx8zxaNEcLKzT2Cu6ixFSxRz%2FqvjhLppk3hxMR18dXSr9Ncnl5Jl767aGynPjOrtwmntktN2mjYw1rZzParL9eUJajJyu%2B9y2R69IoXV8ivvKxxmbay9ml1Jf%2F18OaWJj%2F0C%2B3TPzEf5fEl4DuOmAo6lFIK62CZK1KwxXpo%2BhYfuKSiKEO1IO0RvdiHa5A1%2BiKwl8xXIxK5pobtEN1%2BOHdhb5TZ7CbADMf9fLrZpHR05Yjn24Zkaw2M0%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: kungligaopera.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 11 Jul 2017 17:04:48 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499792688.4037330; expires=Fri, 09-Jul-2027 17:04:48 GMT; Max-Age=315360000 <br>Location: http://ww11.kungligaopera.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: kungligaopera.se <br>Referer: http://www.google.com/search?q=kungligaopera.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 11 Jul 2017 17:04:47 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499792687.8774233; expires=Fri, 09-Jul-2027 17:04:47 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT%2Bzwn10jVoD4Fcp8F%2BpnpThBNNxN7Ea8inIZHv9JMWquouclyDMOmeNbfEW46KC2P%2BUJMw%2F2%2BtIWl%2F11n%2BkCl7%2FzQhc74bThj3pX3mWBqEVhrfGScfwKMcnZ9h4sx6KZygXdoBPLoeG3W3UDQp7i9ASbHPRysuAeY8w2xzu8%2FLs4YWNisF6dSFa%2BB8nnZsEqY%2BKiM8PLbhD01MrqmlCSPG%2FcZ5TpQ6Y4p6T8qF0Tkx6gBZHz%2FODATEdt9zEYSxtvkOSi4cjdbM1ubmAABkXg5wYzuWxwzHQpwjKqrkgqoYcx%2FSci7UNR4plQrhbsL3Sbx8zxaNEcLKzT2Cu6ixFSxRz%2FqvjhLppk3hxMR18dXSr9Ncnl5Jl767aGynPjOrtwmntktN2mjYw1rZzParL9eUJajJyu%2B9y2R69IoXV8ivvKxxmbay9ml1Jf%2F18OaWJj%2F0C%2B3TPzEf5fEl4DuOmAo6lFIK62CZK1KwxXpo%2BhYfuKSiKEO1IO0RvdiHa5A1%2BiKwl8xXIxK5pobtEN1%2BOHdhb5TZ7CbADMf9fLrZpHR05Yjn24Zkaw2M0%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>kungligaopera.se is on 103.224.212.187<br>ASN for 103.224.212.187: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.187 corresponds with lb-212-187.above.com<br>Abuse.net does not have any reliable address for lb-212-187.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-187.above.com1499843738http://recidens.se/ (103.224.212.190) - Serp-hijackingAttacked url: http://recidens.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 11 Jul 2017 14:40:46 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT8mzzSI%2FqzPKooec5LfKgNDdhZixtKRm8cJasBDieQ6396hk%2FH%2Fo8IxVq81pdeJO60z80jRKpbDsxQZ3knpMJJpgaJM5wj4EYNRDMApWQdxTsDGSDIvfQBcw5KlqEFlyqNMBXj1P28krjS%2FyRiJB4a8Gv0sypa2W8Lx2fVN01ZgtMf1qqzAlGHa2HrhVTw44QE4lin5rYrVtqTyLq9jQO3oLOYYt5Y7oxL%2ByoKoCD%2FhxtaR%2Bewp3b3pC8BcmcgrHRx9D0o6%2BIA0SEaQOobkNs5HbFCVGUw58mvY53aGbBiBuiaYKnpe4MU%2FW%2FVwoEARO2XMn2Ir4EAq1edEGriFuctLoG4fyxLIDWXiaDpbP9to0eeNWC9YemuyPWTW1dZ%2BZ9xj1LAjr9qrTvxUgDH%2BM7HiV3PinnyLEZtnDfzBgsIOO%2FrP6H96hgZEDEtyLlyIUa5IEzTtaCrcmseb5sP0YNJltLsQL%2B6XGwqaDfEhPoDujnTa5iAOehRd4sj3CPXvUzD1czQNOWn8FdWggHqfyggQ%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: recidens.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 11 Jul 2017 12:40:46 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499776846.5534591; expires=Fri, 09-Jul-2027 12:40:46 GMT; Max-Age=315360000 <br>Location: http://ww11.recidens.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: recidens.se <br>Referer: http://www.google.com/search?q=recidens.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 11 Jul 2017 12:40:45 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499776845.7683350; expires=Fri, 09-Jul-2027 12:40:45 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT8mzzSI%2FqzPKooec5LfKgNDdhZixtKRm8cJasBDieQ6396hk%2FH%2Fo8IxVq81pdeJO60z80jRKpbDsxQZ3knpMJJpgaJM5wj4EYNRDMApWQdxTsDGSDIvfQBcw5KlqEFlyqNMBXj1P28krjS%2FyRiJB4a8Gv0sypa2W8Lx2fVN01ZgtMf1qqzAlGHa2HrhVTw44QE4lin5rYrVtqTyLq9jQO3oLOYYt5Y7oxL%2ByoKoCD%2FhxtaR%2Bewp3b3pC8BcmcgrHRx9D0o6%2BIA0SEaQOobkNs5HbFCVGUw58mvY53aGbBiBuiaYKnpe4MU%2FW%2FVwoEARO2XMn2Ir4EAq1edEGriFuctLoG4fyxLIDWXiaDpbP9to0eeNWC9YemuyPWTW1dZ%2BZ9xj1LAjr9qrTvxUgDH%2BM7HiV3PinnyLEZtnDfzBgsIOO%2FrP6H96hgZEDEtyLlyIUa5IEzTtaCrcmseb5sP0YNJltLsQL%2B6XGwqaDfEhPoDujnTa5iAOehRd4sj3CPXvUzD1czQNOWn8FdWggHqfyggQ%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>recidens.se is on 103.224.212.190<br>ASN for 103.224.212.190: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.190 corresponds with lb-212-190.above.com<br>Abuse.net does not have any reliable address for lb-212-190.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-190.above.com1499843548http://stadionstafetterna.se/ (95.128.113.25) - MalwareOffensive html code:<br>&lt;script src=&quot;http://stadionstafetten.se/wp-content/themes/gameplan/js/html5.js&quot; type=&quot;text/javascript&quot;&gt;<br><br>Offensive url: http://stadionstafetten.se/wp-content/themes/gameplan/js/html5.js<br>Url is blacklisted in Google Safe Browsing<br><br>stadionstafetterna.se is on 95.128.113.25<br>ASN for 95.128.113.25: 43809<br>Abusix contact information: abuse@forss.net (information only)<br>95.128.113.25 corresponds with mini.forss.net<br>Abuse.net does not have any reliable address for mini.forss.net<br>Found address in whois: abuse@forss.net1499843500http://xn--wsab-5qa.se/ (103.224.212.193) - Serp-hijackingAttacked url: http://xn--wsab-5qa.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 11 Jul 2017 10:57:04 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT8mzzSI%2FqzPKc9nDsfgrrkLGiwRHm%2BmFj7sa5KKBKXCvwgIgGenvCt4UGLOLoKOuNaVnK68cdjdXtOy8Q0%2F0Pq6I6G7Q5K3YcxyHf1iqKrNEL0UOIEt2W0IRk0Pt6HJBwjrp7QnaNMUkiyPn%2FJ%2Be8q1%2Fv6VS0ZbAIx7JvV0px2ZiEKQQ7eiEEKAgq2eoWX7gx7tJiafbZBP1HNSUp4EtJqymHagrvzGtSWOs7ikTCnIyXc1H%2BRp7BsN5rY2qVIFYqmMoyoFJvLhmd7NbKL17niVssRB4F74Ox1Rv4FknMbwZn9tpNvzzOlhCXfrZGqgWmo00cYLxW3aLB7pikjv68k5j43QoAUeNYHnR4apdy%2F6pEmFX2lwm3qXL4bXUYmTxanFcKgiGAAzZuRgg5PyQMXJsLbq3aUs%2B9C61DCsjZGyGNDhSVnLkWbROC3Fru%2Fup8G7MRp9DcSZzQc%2BoI63xeiaXZyq6uRdCvpzYaYZC%2FyzAxqHtjMTvxOCDGZLSCaVk7ApqCQuZgex%2FCPveJQyaIKCserl%2Fqqr5JAW3UEKUKnOi <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: xn--wsab-5qa.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 11 Jul 2017 08:57:11 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499763431.7382374; expires=Fri, 09-Jul-2027 08:57:11 GMT; Max-Age=315360000 <br>Location: http://ww38.xn--wsab-5qa.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: xn--wsab-5qa.se <br>Referer: http://www.google.com/search?q=xn--wsab-5qa.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 11 Jul 2017 08:57:10 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499763430.4178424; expires=Fri, 09-Jul-2027 08:57:10 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT8mzzSI%2FqzPKc9nDsfgrrkLGiwRHm%2BmFj7sa5KKBKXCvwgIgGenvCt4UGLOLoKOuNaVnK68cdjdXtOy8Q0%2F0Pq6I6G7Q5K3YcxyHf1iqKrNEL0UOIEt2W0IRk0Pt6HJBwjrp7QnaNMUkiyPn%2FJ%2Be8q1%2Fv6VS0ZbAIx7JvV0px2ZiEKQQ7eiEEKAgq2eoWX7gx7tJiafbZBP1HNSUp4EtJqymHagrvzGtSWOs7ikTCnIyXc1H%2BRp7BsN5rY2qVIFYqmMoyoFJvLhmd7NbKL17niVssRB4F74Ox1Rv4FknMbwZn9tpNvzzOlhCXfrZGqgWmo00cYLxW3aLB7pikjv68k5j43QoAUeNYHnR4apdy%2F6pEmFX2lwm3qXL4bXUYmTxanFcKgiGAAzZuRgg5PyQMXJsLbq3aUs%2B9C61DCsjZGyGNDhSVnLkWbROC3Fru%2Fup8G7MRp9DcSZzQc%2BoI63xeiaXZyq6uRdCvpzYaYZC%2FyzAxqHtjMTvxOCDGZLSCaVk7ApqCQuZgex%2FCPveJQyaIKCserl%2Fqqr5JAW3UEKUKnOi <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>xn--wsab-5qa.se is on 103.224.212.193<br>ASN for 103.224.212.193: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.193 corresponds with lb-212-193.above.com<br>Abuse.net does not have any reliable address for lb-212-193.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-193.above.com1499843245http://miljomlotteriet.se/ (103.224.212.197) - Serp-hijackingAttacked url: http://miljomlotteriet.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 11 Jul 2017 10:39:23 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT8mzzSI%2FqzPKRAcsn2cLte%2FgERNPqGZWN7tLniyCahAS8SFQXi%2Bh5R2VJEx1Xkf5GM65xJJXc33aWOFFFlwWratFtjOQ1QmIoRmMy45QqghL8hv5%2F2zFMYQU68ghlAp%2BkNTid1F2VULpZ6ctC2Jyb8dUvB%2FjzLGbG7qzQQqjQhd2Tdri%2Fm9c6obfmB%2BxT%2FpIoqHlkcdAFe4mL5a0FgNZWIgQtn49Ga8Fy2OUxwAMWt%2BKyV5A%2FbBRXqilpKzrJjWVnzisEo7Ah5hbd6zBuiyN6qZ0hcKOXY3s1I7jw7UQR2E8ncyKyWvjsCHdxz%2Bdg2AM%2BR6bchCb8egiyUCETvGuX29eHK2YkAXGQ9pCbkl4Jzhn1Z8XPRRYgPeeFMT6QJo7j%2B5ThJGPNn5CJmQ2lzAZ%2Fyp6cKYZBB4hdwVabKK1peirly0fawKbJHzjaqpihoX9RKJ2mPvXrZxIjE4Hc5OxXnauu2NpJsoR8OkLCzWgostBWc%2FLvurygBICRSXDdGUQBtT0rbDlN2FCC40SMguauYQoROCoIUyyMW0TheGUJMeV <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: miljomlotteriet.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 11 Jul 2017 08:39:30 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499762370.5623066; expires=Fri, 09-Jul-2027 08:39:30 GMT; Max-Age=315360000 <br>Location: http://ww11.miljomlotteriet.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: miljomlotteriet.se <br>Referer: http://www.google.com/search?q=miljomlotteriet.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 11 Jul 2017 08:39:29 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499762370.2174154; expires=Fri, 09-Jul-2027 08:39:30 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT8mzzSI%2FqzPKRAcsn2cLte%2FgERNPqGZWN7tLniyCahAS8SFQXi%2Bh5R2VJEx1Xkf5GM65xJJXc33aWOFFFlwWratFtjOQ1QmIoRmMy45QqghL8hv5%2F2zFMYQU68ghlAp%2BkNTid1F2VULpZ6ctC2Jyb8dUvB%2FjzLGbG7qzQQqjQhd2Tdri%2Fm9c6obfmB%2BxT%2FpIoqHlkcdAFe4mL5a0FgNZWIgQtn49Ga8Fy2OUxwAMWt%2BKyV5A%2FbBRXqilpKzrJjWVnzisEo7Ah5hbd6zBuiyN6qZ0hcKOXY3s1I7jw7UQR2E8ncyKyWvjsCHdxz%2Bdg2AM%2BR6bchCb8egiyUCETvGuX29eHK2YkAXGQ9pCbkl4Jzhn1Z8XPRRYgPeeFMT6QJo7j%2B5ThJGPNn5CJmQ2lzAZ%2Fyp6cKYZBB4hdwVabKK1peirly0fawKbJHzjaqpihoX9RKJ2mPvXrZxIjE4Hc5OxXnauu2NpJsoR8OkLCzWgostBWc%2FLvurygBICRSXDdGUQBtT0rbDlN2FCC40SMguauYQoROCoIUyyMW0TheGUJMeV <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>miljomlotteriet.se is on 103.224.212.197<br>ASN for 103.224.212.197: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.197 corresponds with lb-212-197.above.com<br>Abuse.net does not have any reliable address for lb-212-197.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-197.above.com1499843205http://jiicomp.se/ (103.224.212.196) - Serp-hijackingAttacked url: http://jiicomp.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 04 Jul 2017 14:28:22 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoTyhEAxOsUZ48t6XvRv0X12qR9pSQ7bZVI6yusL%2BJzAuMgBAIFFwl%2FEQ3MmFGvOkh2Hdj%2F834hXqQt1OLp6Fd1I74NA01%2FdaCmiHiLOzPiorOIyBA%2FWvUNf4FeDMlZ%2FrwO%2BU11Rua%2BB%2FMHGNBlPtHcfp3QFzbGzedWC%2FWD1%2FPujFTud7wWa%2Bul3m3MV3MhXtozQNo66mikk3%2BI5p3dpw4kRZjN%2FlC%2FWtd%2BG6KlMt9kjOuWnqb4gJa%2FsF6DxG0LQ%2BN7NG0JW5fiBhRD9zfI%2FdEa2AdCKldUHPCnFzVgpafsjO5JIfbouVQrNXUukhDF6M4l6gr76Tqb6czctOmdoJePphvwbJ07ArCNXgHTfpvMnlMN3drao%2B4hMSOYVxsOqk7YYkZhkBfnNh%2F6b%2FWjTtS3LEmaeDzAplKqhBpItSM6%2F1GXvdBruKJOolAvcQ%2FKtsMB%2BcHWIuk5bkGeI29MKOUuks0DU8F02IrmdvPvJmW7vExv%2B3%2FTi2i8CiIHuacBaAjXS7XTvSHqbdl <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: jiicomp.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 04 Jul 2017 12:28:27 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499171307.6226082; expires=Fri, 02-Jul-2027 12:28:27 GMT; Max-Age=315360000 <br>Location: http://ww11.jiicomp.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: jiicomp.se <br>Referer: http://www.google.com/search?q=jiicomp.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 04 Jul 2017 12:28:26 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499171306.5256322; expires=Fri, 02-Jul-2027 12:28:26 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoTyhEAxOsUZ48t6XvRv0X12qR9pSQ7bZVI6yusL%2BJzAuMgBAIFFwl%2FEQ3MmFGvOkh2Hdj%2F834hXqQt1OLp6Fd1I74NA01%2FdaCmiHiLOzPiorOIyBA%2FWvUNf4FeDMlZ%2FrwO%2BU11Rua%2BB%2FMHGNBlPtHcfp3QFzbGzedWC%2FWD1%2FPujFTud7wWa%2Bul3m3MV3MhXtozQNo66mikk3%2BI5p3dpw4kRZjN%2FlC%2FWtd%2BG6KlMt9kjOuWnqb4gJa%2FsF6DxG0LQ%2BN7NG0JW5fiBhRD9zfI%2FdEa2AdCKldUHPCnFzVgpafsjO5JIfbouVQrNXUukhDF6M4l6gr76Tqb6czctOmdoJePphvwbJ07ArCNXgHTfpvMnlMN3drao%2B4hMSOYVxsOqk7YYkZhkBfnNh%2F6b%2FWjTtS3LEmaeDzAplKqhBpItSM6%2F1GXvdBruKJOolAvcQ%2FKtsMB%2BcHWIuk5bkGeI29MKOUuks0DU8F02IrmdvPvJmW7vExv%2B3%2FTi2i8CiIHuacBaAjXS7XTvSHqbdl <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>jiicomp.se is on 103.224.212.196<br>ASN for 103.224.212.196: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.196 corresponds with lb-212-196.above.com<br>Abuse.net does not have any reliable address for lb-212-196.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@lb-212-196.above.com abuse@above.com1499173351http://tdance.se/ (93.188.2.51) - Serp-hijackingAttacked url: http://tdance.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 04 Jul 2017 13:54:53 +0200<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: tdance.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx <br>Date: Tue, 04 Jul 2017 11:54:53 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://tdans.se/ <br>X-Loopia-Node: 172.22.223.20 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: tdance.se <br>Referer: http://www.google.com/search?q=tdance.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx <br>Date: Tue, 04 Jul 2017 11:54:52 GMT <br>Content-Type: text/html; charset=iso-8859-1 <br>Connection: close <br>Location: http://www.fapp.pw/app/se.php <br>X-Loopia-Node: 172.22.223.20<br><br>tdance.se is on 93.188.2.51<br>ASN for 93.188.2.51: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.51 corresponds with webfront1.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1499173347http://manti.se/ (103.224.212.196) - Serp-hijackingAttacked url: http://manti.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 04 Jul 2017 13:43:18 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoTyhEAxOsUZ485u3PJjYJPJWKuJrDcfvUFzGXCelpeKccDV5wO0PY2%2F14hXdRlQXQok8Hlenlqr2ijYofhRyM5I8Je%2B3JUv507Vn4W%2FQQnhWna92UtlUx9HyGyllMm51%2FDGume2X6FPr32Q3HLT1O%2BXSevTATkfXlD%2FJ8sJjzNFHEhY%2FYu0HaFxqr24DUyUWj2h%2Fa6t4HAQoNxTYhjO06MK%2BHIor5ca9G%2Bmu7cMSgyO7anCuensmIu3Z2PO4XJ637I7JGuT0vel%2BqxJ2Kx%2BZE99R%2BKO86YZKqool%2F768FUlXxqD8I5CE%2BzlfOJPAMZb1%2BQ9eIadoTJjj7nWe7qBPD%2FYm%2BbxofrA3KeEZ%2BQy0FP76JUQcrtEPU%2B%2F5vVBVcBBy8gSQaKa6t8IDfiFHq4iDhsVduHYMl1yZvtSL5Szx7%2B3b41g830Sadg2uLL2hhwYX0DWhLFyGR4E9DtGfEgFAcPVn4Yv0nlNb8jTC3jn40O0HEilTdqvKLIqSmAAr6XAM3gw%3D%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: manti.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 04 Jul 2017 11:43:23 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499168603.8550394; expires=Fri, 02-Jul-2027 11:43:23 GMT; Max-Age=315360000 <br>Location: http://ww11.manti.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: manti.se <br>Referer: http://www.google.com/search?q=manti.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 04 Jul 2017 11:43:22 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499168602.7698825; expires=Fri, 02-Jul-2027 11:43:22 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoTyhEAxOsUZ485u3PJjYJPJWKuJrDcfvUFzGXCelpeKccDV5wO0PY2%2F14hXdRlQXQok8Hlenlqr2ijYofhRyM5I8Je%2B3JUv507Vn4W%2FQQnhWna92UtlUx9HyGyllMm51%2FDGume2X6FPr32Q3HLT1O%2BXSevTATkfXlD%2FJ8sJjzNFHEhY%2FYu0HaFxqr24DUyUWj2h%2Fa6t4HAQoNxTYhjO06MK%2BHIor5ca9G%2Bmu7cMSgyO7anCuensmIu3Z2PO4XJ637I7JGuT0vel%2BqxJ2Kx%2BZE99R%2BKO86YZKqool%2F768FUlXxqD8I5CE%2BzlfOJPAMZb1%2BQ9eIadoTJjj7nWe7qBPD%2FYm%2BbxofrA3KeEZ%2BQy0FP76JUQcrtEPU%2B%2F5vVBVcBBy8gSQaKa6t8IDfiFHq4iDhsVduHYMl1yZvtSL5Szx7%2B3b41g830Sadg2uLL2hhwYX0DWhLFyGR4E9DtGfEgFAcPVn4Yv0nlNb8jTC3jn40O0HEilTdqvKLIqSmAAr6XAM3gw%3D%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>manti.se is on 103.224.212.196<br>ASN for 103.224.212.196: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.196 corresponds with lb-212-196.above.com<br>Abuse.net does not have any reliable address for lb-212-196.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-196.above.com1499173344http://zogg.se/2013/01/01/vags-ande/ (194.9.94.194) - Serp-hijackingAttacked url: http://zogg.se/2013/01/01/vags-ande/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 04 Jul 2017 11:58:42 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.10.3 <br>Date: Tue, 04 Jul 2017 09:58:47 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Accept-Encoding,Cookie <br>X-Powered-By: PHP/5.6.30 <br>Cache-Control: max-age=3, must-revalidate <br>WP-Super-Cache: Served supercache file from PHP <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.10.3 <br>Date: Tue, 04 Jul 2017 09:58:47 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>zogg.se is on 194.9.94.194<br>ASN for 194.9.94.194: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.194 corresponds with s407.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1499173329http://dinheiro.se/ (103.224.212.191) - Serp-hijackingAttacked url: http://dinheiro.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 04 Jul 2017 11:17:41 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoTyhEAxOsUZ48xdzY%2FBCRBS0yknPn7XsnRwPO9IECWnz5%2BgRoe%2F5H396oUedeBAKqTYLLYPvUcDeZ9g0LM0zNW%2FpsDavvneqGOI5h8317tLxXGquCM2MLjRcv%2B0drU0D%2FT8lE2tSJBI5dC6PbX6PcSFBcOaW5eMqoehlESZwXwjJB5Hfo20RaQrm7P%2FoY0WF2xqp0f70FM9OpsZqzMAeITzkd7mt0DLejX4gnIsAYW%2Ff6p0L%2BIi7o9rpGHrIJ2KaYPSGJrVqzGc8TyhIrhRSxnOfgT9%2ByowH5PZpjPT%2Bbdj2s6S2aJdRN%2FyMLKSg9vEoV%2BnPQttR2jdeXjKQL2p02gMBy341LOIVBlahKUFOslARWAHFLNWwo5E4CV%2B4fAHyfDBiOYaRlllBkHY4MZl9E%2BVSEv3fcsvwyxrZl%2Bq8DqlzaH2Vy%2ByZ122WnkYhx58JS23orDjj79bTtq%2BSJXagVkVeT7ERRt0w7s04ZLS6WAsgLNmMlik3UcWZ%2F395dFS%2BLtsZR3r9pZnWmgOTAx1UwaBY%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dinheiro.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 04 Jul 2017 09:17:46 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499159866.6762647; expires=Fri, 02-Jul-2027 09:17:46 GMT; Max-Age=315360000 <br>Location: http://ww11.dinheiro.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dinheiro.se <br>Referer: http://www.google.com/search?q=dinheiro.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 04 Jul 2017 09:17:45 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499159865.6240944; expires=Fri, 02-Jul-2027 09:17:45 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoTyhEAxOsUZ48xdzY%2FBCRBS0yknPn7XsnRwPO9IECWnz5%2BgRoe%2F5H396oUedeBAKqTYLLYPvUcDeZ9g0LM0zNW%2FpsDavvneqGOI5h8317tLxXGquCM2MLjRcv%2B0drU0D%2FT8lE2tSJBI5dC6PbX6PcSFBcOaW5eMqoehlESZwXwjJB5Hfo20RaQrm7P%2FoY0WF2xqp0f70FM9OpsZqzMAeITzkd7mt0DLejX4gnIsAYW%2Ff6p0L%2BIi7o9rpGHrIJ2KaYPSGJrVqzGc8TyhIrhRSxnOfgT9%2ByowH5PZpjPT%2Bbdj2s6S2aJdRN%2FyMLKSg9vEoV%2BnPQttR2jdeXjKQL2p02gMBy341LOIVBlahKUFOslARWAHFLNWwo5E4CV%2B4fAHyfDBiOYaRlllBkHY4MZl9E%2BVSEv3fcsvwyxrZl%2Bq8DqlzaH2Vy%2ByZ122WnkYhx58JS23orDjj79bTtq%2BSJXagVkVeT7ERRt0w7s04ZLS6WAsgLNmMlik3UcWZ%2F395dFS%2BLtsZR3r9pZnWmgOTAx1UwaBY%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>dinheiro.se is on 103.224.212.191<br>ASN for 103.224.212.191: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.191 corresponds with lb-212-191.above.com<br>Abuse.net does not have any reliable address for lb-212-191.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-191.above.com1499173327http://zogg.se/page/2/ (194.9.94.194) - Serp-hijackingAttacked url: http://zogg.se/page/2/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 04 Jul 2017 11:04:16 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.10.3 <br>Date: Tue, 04 Jul 2017 09:04:16 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Accept-Encoding,Cookie <br>X-Powered-By: PHP/5.6.30 <br>Cache-Control: max-age=3, must-revalidate <br>WP-Super-Cache: Served supercache file from PHP <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.10.3 <br>Date: Tue, 04 Jul 2017 09:04:16 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>zogg.se is on 194.9.94.194<br>ASN for 194.9.94.194: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.194 corresponds with s407.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1499173325http://v75kollen.se/ (103.224.212.191) - Serp-hijackingAttacked url: http://v75kollen.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 04 Jul 2017 09:19:08 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoTyhEAxOsUZ48%2B2g9mfWUOwenwGE6hW168UEJQ7%2FzjS8RhX%2BHmHFYGVwa7nXRlpeEikYuHBOSf6jzPHtozNAxpGtvi8Ok7gMu055H5m9I4vLS5L%2B4Gyz6ZV0RIUvR2aKDICN%2FpGQagmdaoVqB7Qi%2Fy%2FpoU5rPoCRvOEmynEcx3GS2%2BvG3n82l9jQZndWzZr6fs%2Fs7JqsxiaDmJESDJiYaQIcTfaO0UXdqUwViNJexH%2FE%2Bya19PojBZquUQCiLhimd9Lvn1NRIgdEFXVp6dAnUVOKQ1p9v0gwafD6ngCtiGCEDFBjxCIZXlagNOdAORD3vKCmB4dn5N7eLXAkmjr%2BfNGGJLrARcAkvIJm89SMimnd76nXauss%2B2T8P%2FRj%2Bmv3B0ai3fVyf4Uu6UZGKraK5qLXe4g8DVvAnffoO38%2FijWRhx2GscP6JQjCKWfXuQIx0Yob3GmTw1w%2F5ZgLuhsaFCQDjFfMpBcXs92fPdhyZf5Bx3xfl4BltHifsgvUz7piwQeVMFbmH054wm8%2Bpl8x8my0%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: v75kollen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 04 Jul 2017 07:19:13 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499152753.3173639; expires=Fri, 02-Jul-2027 07:19:13 GMT; Max-Age=315360000 <br>Location: http://ww11.v75kollen.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: v75kollen.se <br>Referer: http://www.google.com/search?q=v75kollen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 04 Jul 2017 07:19:12 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499152752.8718424; expires=Fri, 02-Jul-2027 07:19:12 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoTyhEAxOsUZ48%2B2g9mfWUOwenwGE6hW168UEJQ7%2FzjS8RhX%2BHmHFYGVwa7nXRlpeEikYuHBOSf6jzPHtozNAxpGtvi8Ok7gMu055H5m9I4vLS5L%2B4Gyz6ZV0RIUvR2aKDICN%2FpGQagmdaoVqB7Qi%2Fy%2FpoU5rPoCRvOEmynEcx3GS2%2BvG3n82l9jQZndWzZr6fs%2Fs7JqsxiaDmJESDJiYaQIcTfaO0UXdqUwViNJexH%2FE%2Bya19PojBZquUQCiLhimd9Lvn1NRIgdEFXVp6dAnUVOKQ1p9v0gwafD6ngCtiGCEDFBjxCIZXlagNOdAORD3vKCmB4dn5N7eLXAkmjr%2BfNGGJLrARcAkvIJm89SMimnd76nXauss%2B2T8P%2FRj%2Bmv3B0ai3fVyf4Uu6UZGKraK5qLXe4g8DVvAnffoO38%2FijWRhx2GscP6JQjCKWfXuQIx0Yob3GmTw1w%2F5ZgLuhsaFCQDjFfMpBcXs92fPdhyZf5Bx3xfl4BltHifsgvUz7piwQeVMFbmH054wm8%2Bpl8x8my0%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>v75kollen.se is on 103.224.212.191<br>ASN for 103.224.212.191: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.191 corresponds with lb-212-191.above.com<br>Abuse.net does not have any reliable address for lb-212-191.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-191.above.com1499173312http://specsawer.se/ (103.224.212.197) - Serp-hijackingAttacked url: http://specsawer.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 04 Jul 2017 07:40:06 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoTyhEAxOsUZ48YLSBJ2BBhJ%2BtrndEtlfuhG4pwUsu9xrx7cgBQs2pexGtu4RJIDOWGi00qrGkyfiVQ9BOurz1XdBx%2B8gXn8Kl1zIEiUWukFT5zD%2BMzT2rY55858o3WGl3JsI0nnwOC0hsupO19yI6lJa8CdeI8sUN8sKyaznTPG4La2wk2CstlveS58eEXGGAei0Fy8dKoF8iz0ThMjZoVITFcRfnAxzq0YSpu0%2BiizIb3obYxeqCHLBWomQPW8U3%2FuZXfeB5qsPZ6uU%2FWPAVstNQJedINkcZeP9xF18yCC2rtwGA6%2Bvi3VIPhMr09bjEOF07Ed4gGH5FuyTGsEW2hcxUEqXM3EpkDwPOVzLijha0SP6xyaBCWhNdtDDiF9IRQIHwWhleYuwW8xs5nr%2FXokJlePbBdauwPfV%2FgxF40nUA9w%2FNqdaxazDq2RyTPcfuG2waewuyTvFY9fNUuI1n19eSAq5AQhs%2B0IUALyVjUG8osSqiahCprnUoHd7l%2FTbn6EjelpNVwQqGj92HVrzNjH0%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: specsawer.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 04 Jul 2017 05:40:11 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499146811.1982452; expires=Fri, 02-Jul-2027 05:40:11 GMT; Max-Age=315360000 <br>Location: http://ww11.specsawer.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: specsawer.se <br>Referer: http://www.google.com/search?q=specsawer.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 04 Jul 2017 05:40:10 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499146810.8323291; expires=Fri, 02-Jul-2027 05:40:10 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoTyhEAxOsUZ48YLSBJ2BBhJ%2BtrndEtlfuhG4pwUsu9xrx7cgBQs2pexGtu4RJIDOWGi00qrGkyfiVQ9BOurz1XdBx%2B8gXn8Kl1zIEiUWukFT5zD%2BMzT2rY55858o3WGl3JsI0nnwOC0hsupO19yI6lJa8CdeI8sUN8sKyaznTPG4La2wk2CstlveS58eEXGGAei0Fy8dKoF8iz0ThMjZoVITFcRfnAxzq0YSpu0%2BiizIb3obYxeqCHLBWomQPW8U3%2FuZXfeB5qsPZ6uU%2FWPAVstNQJedINkcZeP9xF18yCC2rtwGA6%2Bvi3VIPhMr09bjEOF07Ed4gGH5FuyTGsEW2hcxUEqXM3EpkDwPOVzLijha0SP6xyaBCWhNdtDDiF9IRQIHwWhleYuwW8xs5nr%2FXokJlePbBdauwPfV%2FgxF40nUA9w%2FNqdaxazDq2RyTPcfuG2waewuyTvFY9fNUuI1n19eSAq5AQhs%2B0IUALyVjUG8osSqiahCprnUoHd7l%2FTbn6EjelpNVwQqGj92HVrzNjH0%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>specsawer.se is on 103.224.212.197<br>ASN for 103.224.212.197: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.197 corresponds with lb-212-197.above.com<br>Abuse.net does not have any reliable address for lb-212-197.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-197.above.com1499173308http://handm.se/ (103.224.212.197) - Serp-hijackingAttacked url: http://handm.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 04 Jul 2017 05:05:55 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoTyhEAxOsUZ48RmAdbh4vCz%2BBAMZg48CX4mtIbgYXlsZeFB949unFPmYyzA7bFlgDn6S1NpJz0YObL0aVAd81PhybyHtRv7AeFRBBBlECgTj5vdjHVHrZLMXvdK6E%2Fat4aJw05L5bw7YF%2BrSfTZEVRbv9tpphDJYR%2Bic2y4t54326v%2BDRodVfUXZI7rsXs1nj9kmTrbDR%2BgiapRyAOfM04Su9Mg907eS83s2d3n1R7hg8Qepq%2FNbJPil%2BXDFr%2Fdx8AfkdD5xZhBC7QpxsHWrY8QZpjDQ0RNbV4x75bp7wlX%2BM5Q17JRueHA4%2FhuEwRlVnssY4fcbTvAJ37jeT%2F410iQDLD7a1g4IVjhxGyiseeMDa1jfn26T2iiakSrCi04YsamgaL7UGu4rrjBDMJFOgMo7WDSsngN8gDHrSB81WopBcs2yu0Trd8M9Gtwxv4xXjz7WKzMZsi%2FMJTg2pY4fUO2qdoM1jlQb1RsyYUBZ7oh%2FNaGRq88qTNuQFTBWqxR9%2BCL5HusfHiymR <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: handm.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 04 Jul 2017 03:06:00 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499137560.4879849; expires=Fri, 02-Jul-2027 03:06:00 GMT; Max-Age=315360000 <br>Location: http://ww38.handm.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: handm.se <br>Referer: http://www.google.com/search?q=handm.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 04 Jul 2017 03:05:59 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499137560.2974674; expires=Fri, 02-Jul-2027 03:06:00 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoTyhEAxOsUZ48RmAdbh4vCz%2BBAMZg48CX4mtIbgYXlsZeFB949unFPmYyzA7bFlgDn6S1NpJz0YObL0aVAd81PhybyHtRv7AeFRBBBlECgTj5vdjHVHrZLMXvdK6E%2Fat4aJw05L5bw7YF%2BrSfTZEVRbv9tpphDJYR%2Bic2y4t54326v%2BDRodVfUXZI7rsXs1nj9kmTrbDR%2BgiapRyAOfM04Su9Mg907eS83s2d3n1R7hg8Qepq%2FNbJPil%2BXDFr%2Fdx8AfkdD5xZhBC7QpxsHWrY8QZpjDQ0RNbV4x75bp7wlX%2BM5Q17JRueHA4%2FhuEwRlVnssY4fcbTvAJ37jeT%2F410iQDLD7a1g4IVjhxGyiseeMDa1jfn26T2iiakSrCi04YsamgaL7UGu4rrjBDMJFOgMo7WDSsngN8gDHrSB81WopBcs2yu0Trd8M9Gtwxv4xXjz7WKzMZsi%2FMJTg2pY4fUO2qdoM1jlQb1RsyYUBZ7oh%2FNaGRq88qTNuQFTBWqxR9%2BCL5HusfHiymR <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>handm.se is on 103.224.212.197<br>ASN for 103.224.212.197: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.197 corresponds with lb-212-197.above.com<br>Abuse.net does not have any reliable address for lb-212-197.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-197.above.com1499173300http://mp3free.se/ (103.224.212.193) - Serp-hijackingAttacked url: http://mp3free.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 04 Jul 2017 05:02:45 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoTyhEAxOsUZ48Ox8OaogQyjM59od%2FFW%2B4q8PE5K8BhHal1PPInOPBIGvgsL9GNwRPgX64a22rhsHo41Gn3hyBjWl%2BPqXc1VVAAq1NeAArAYEdWvB0hFe7lIgsXgrpRdvLxGoE6lU9k5jS5fLZ8HclFExUYV2oTY%2B4UTUvn3R%2BLEGR8P%2FK4wmcpkyOPkJH%2F4kbOj5BopbWHF57hZgq1Q77ZLOdAbv10hCCt%2FDYdHB2OYfbFJTnJyu58vl0c8mlCCOzR8f3qIfu8MsBmkjuPCySyOLpGn5i0IjzaikJv2CeaYUCB84LuCs%2BAjuiP0NLg7HnkFxRiELmfYsGYZ3Zc6hNywu4lct9%2FIBji5FomzlGrT2yycOmZnkXMShkMYx0V%2BSjCa96CNMTpqShFQp9EMn6JoG%2BrLVEMCvvTk%2Bv9GTcqa3NKUfOtB8FkBzN5hYZPGRIe%2BLM3fKSNunqt4vKoNeaG9r9vd9xlqnfEqJIPZ8rHn9aalbTRDEnFyRklLpa1raamlYoLHsuS8kH <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: mp3free.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 04 Jul 2017 03:02:45 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499137365.7749436; expires=Fri, 02-Jul-2027 03:02:45 GMT; Max-Age=315360000 <br>Location: http://ww11.mp3free.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: mp3free.se <br>Referer: http://www.google.com/search?q=mp3free.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 04 Jul 2017 03:02:44 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499137364.1606313; expires=Fri, 02-Jul-2027 03:02:44 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoTyhEAxOsUZ48Ox8OaogQyjM59od%2FFW%2B4q8PE5K8BhHal1PPInOPBIGvgsL9GNwRPgX64a22rhsHo41Gn3hyBjWl%2BPqXc1VVAAq1NeAArAYEdWvB0hFe7lIgsXgrpRdvLxGoE6lU9k5jS5fLZ8HclFExUYV2oTY%2B4UTUvn3R%2BLEGR8P%2FK4wmcpkyOPkJH%2F4kbOj5BopbWHF57hZgq1Q77ZLOdAbv10hCCt%2FDYdHB2OYfbFJTnJyu58vl0c8mlCCOzR8f3qIfu8MsBmkjuPCySyOLpGn5i0IjzaikJv2CeaYUCB84LuCs%2BAjuiP0NLg7HnkFxRiELmfYsGYZ3Zc6hNywu4lct9%2FIBji5FomzlGrT2yycOmZnkXMShkMYx0V%2BSjCa96CNMTpqShFQp9EMn6JoG%2BrLVEMCvvTk%2Bv9GTcqa3NKUfOtB8FkBzN5hYZPGRIe%2BLM3fKSNunqt4vKoNeaG9r9vd9xlqnfEqJIPZ8rHn9aalbTRDEnFyRklLpa1raamlYoLHsuS8kH <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>mp3free.se is on 103.224.212.193<br>ASN for 103.224.212.193: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.193 corresponds with lb-212-193.above.com<br>Abuse.net does not have any reliable address for lb-212-193.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-193.above.com1499173298http://tdans.nu/ (93.188.2.51) - Serp-hijackingAttacked url: http://tdans.nu/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 04 Jul 2017 04:47:16 +0200<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: tdans.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx <br>Date: Tue, 04 Jul 2017 02:47:16 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://tdans.se/ <br>X-Loopia-Node: 172.22.223.20 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: tdans.nu <br>Referer: http://www.google.com/search?q=tdans.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx <br>Date: Tue, 04 Jul 2017 02:47:15 GMT <br>Content-Type: text/html; charset=iso-8859-1 <br>Connection: close <br>Location: http://www.fapp.pw/app/se.php <br>X-Loopia-Node: 172.22.223.20<br><br>tdans.nu is on 93.188.2.51<br>ASN for 93.188.2.51: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.51 corresponds with webfront1.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1499173294http://lagabas.se/ (103.224.212.198) - Serp-hijackingAttacked url: http://lagabas.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 04 Jul 2017 01:35:13 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoTyhEAxOsUZ487VCrrWL6cQWLvyQAa9lgt%2BrnZ2%2FgLXlOByroCR%2Bky8hjdKiQUCNkn61%2BQMOkIFOzMBBwsIUbxSBU7k%2BVFnJ0fv9V9trYHBOe5OsqUMidou%2F8UUWIWH0hmjJQdZGMk2JP0H%2F9sF%2Bj1z4R3ljqaf2RBn0gpCCpbZrtJkAiY0wnicqdUWqyAwHa9v74RqXh4k6j7wlq1lcxjdnKIhQGXlHYz6ke0oTnaMbheIfnO0CPk43%2BevbnCoqKPwAyDQY3hr4xzkSr1FzeAcvsLZmppspA3l8dbAUGDQInl2BnjzdsXHQrBpIlgW87VZGTfqyjGzb6XEhhJIovrPFRX32jrHN5PCAulLKw%2BEH9KQrl0NUwRh9seZjPP9y%2BycXnpRRI8i9BV1sK9SvUKQM0q7WSbv4TID%2FTHudWBdxt9kFpLf7JeZQtonCZf%2FA7ayoESpjFoFQkVep1uKtKAiCj1Tx%2BpWIDFEYQwsbxTQUAuwaCDrdkFVuBihivn5HDRc7V5Q%2FFDgKBep7mTuuuH5s%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: lagabas.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 03 Jul 2017 23:35:18 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499124918.7923697; expires=Thu, 01-Jul-2027 23:35:18 GMT; Max-Age=315360000 <br>Location: http://ww11.lagabas.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: lagabas.se <br>Referer: http://www.google.com/search?q=lagabas.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 03 Jul 2017 23:35:17 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499124917.8356931; expires=Thu, 01-Jul-2027 23:35:17 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoTyhEAxOsUZ487VCrrWL6cQWLvyQAa9lgt%2BrnZ2%2FgLXlOByroCR%2Bky8hjdKiQUCNkn61%2BQMOkIFOzMBBwsIUbxSBU7k%2BVFnJ0fv9V9trYHBOe5OsqUMidou%2F8UUWIWH0hmjJQdZGMk2JP0H%2F9sF%2Bj1z4R3ljqaf2RBn0gpCCpbZrtJkAiY0wnicqdUWqyAwHa9v74RqXh4k6j7wlq1lcxjdnKIhQGXlHYz6ke0oTnaMbheIfnO0CPk43%2BevbnCoqKPwAyDQY3hr4xzkSr1FzeAcvsLZmppspA3l8dbAUGDQInl2BnjzdsXHQrBpIlgW87VZGTfqyjGzb6XEhhJIovrPFRX32jrHN5PCAulLKw%2BEH9KQrl0NUwRh9seZjPP9y%2BycXnpRRI8i9BV1sK9SvUKQM0q7WSbv4TID%2FTHudWBdxt9kFpLf7JeZQtonCZf%2FA7ayoESpjFoFQkVep1uKtKAiCj1Tx%2BpWIDFEYQwsbxTQUAuwaCDrdkFVuBihivn5HDRc7V5Q%2FFDgKBep7mTuuuH5s%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>lagabas.se is on 103.224.212.198<br>ASN for 103.224.212.198: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.198 corresponds with lb-212-198.above.com<br>Abuse.net does not have any reliable address for lb-212-198.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-198.above.com1499173255http://bornholmstraffiken.se/ (103.224.212.187) - Serp-hijackingAttacked url: http://bornholmstraffiken.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 04 Jul 2017 00:45:42 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoTyhEAxOsUZ48CPldIpHuRj%2BlRI%2FPvbm%2Bw5d328DlW8Zg9PvK0yOdp0t7xMZ5bJBmFHAZZNGbtgdzJ1N29IzgQGB9XeqOf1FdJI615hv1u873Cfj2GwmvTGO747%2B3XfNc%2BLZd3Wt%2FOaJhLXdmaKoiuQz8Qwawh2K8K0Sa2EcOylUZ8UT8YQI68%2BHRk7HiukR2RtcO1oe3JVr2%2F0aBmFXuTkWhBbpnAtqZCRZWXmo8ZodFW1QoKhfWIb26eKYzd4kmMDWYy%2FAmke8d9DXMx9zNTBQgQtoSb%2BTDRj%2FDWzoyzfigrqMSoqXa0qNHGvpuiFFl8911yizNNwMi7S5a4zre5OJbZX3OtY3pviLjuA1aLT%2Bhh5we%2BXiyF8a2iQMtivo4%2BPM3pLlduJZKg%2BRAWFHv%2FcKPDpnvH3kAdVaocIj67FRvl6%2BEraWzUMrM9dfkVqTCWGkwkI1PjtICgZYOeRoHhdvYiG4LB0WSFA7KaMHtDR6Vb1s%2BBh66EI68E1o2a23jsmYicI%2BbUmapwZocV0gyl82SAiJA5YQWJtbFhGK%2F4PAmJz8PU1U6mEc%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: bornholmstraffiken.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 03 Jul 2017 22:45:42 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499121942.2632978; expires=Thu, 01-Jul-2027 22:45:42 GMT; Max-Age=315360000 <br>Location: http://ww11.bornholmstraffiken.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: bornholmstraffiken.se <br>Referer: http://www.google.com/search?q=bornholmstraffiken.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 03 Jul 2017 22:45:41 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499121941.4494204; expires=Thu, 01-Jul-2027 22:45:41 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoTyhEAxOsUZ48CPldIpHuRj%2BlRI%2FPvbm%2Bw5d328DlW8Zg9PvK0yOdp0t7xMZ5bJBmFHAZZNGbtgdzJ1N29IzgQGB9XeqOf1FdJI615hv1u873Cfj2GwmvTGO747%2B3XfNc%2BLZd3Wt%2FOaJhLXdmaKoiuQz8Qwawh2K8K0Sa2EcOylUZ8UT8YQI68%2BHRk7HiukR2RtcO1oe3JVr2%2F0aBmFXuTkWhBbpnAtqZCRZWXmo8ZodFW1QoKhfWIb26eKYzd4kmMDWYy%2FAmke8d9DXMx9zNTBQgQtoSb%2BTDRj%2FDWzoyzfigrqMSoqXa0qNHGvpuiFFl8911yizNNwMi7S5a4zre5OJbZX3OtY3pviLjuA1aLT%2Bhh5we%2BXiyF8a2iQMtivo4%2BPM3pLlduJZKg%2BRAWFHv%2FcKPDpnvH3kAdVaocIj67FRvl6%2BEraWzUMrM9dfkVqTCWGkwkI1PjtICgZYOeRoHhdvYiG4LB0WSFA7KaMHtDR6Vb1s%2BBh66EI68E1o2a23jsmYicI%2BbUmapwZocV0gyl82SAiJA5YQWJtbFhGK%2F4PAmJz8PU1U6mEc%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>bornholmstraffiken.se is on 103.224.212.187<br>ASN for 103.224.212.187: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.187 corresponds with lb-212-187.above.com<br>Abuse.net does not have any reliable address for lb-212-187.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-187.above.com1499173248http://knaser.nu/ (103.224.182.249) - Serp-hijackingAttacked url: http://knaser.nu/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 04 Jul 2017 00:14:47 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoTyhEAxOsUZ48LA6FrUCOWOla8cSfE5qdGZjyOS4Lro1MqrXvmYi3ln2z%2BiMJ%2FEOCwGovaX4ECa8ILPb6kXf77I7qKPXXiMidmyrKoDE2GcwJWrzssS1%2BbSLZbhP6OSxVqrRkdXitCTQVq4VBxJEPQTz5Voh8Gl7oGudRp%2Bzuv%2B6v4HXuATnRVHQDAnzT2vtG6AmIxfHTL5DqnkdNShoSzrBFLPdUzgNhseNhid%2FyQ%2FBZENUClagSIZrE1SxviTXbYcmsb3ZySWs0M9Ex7rTrdlZGCpFuV1rClNKrozbPCz6TURBUVIG7ecZ47Jgr1p8FlDzdlfjfyIm20c0rC6ZWdobcK2%2BdAfcXMutnd0yLiLj9YBmuN47dfsBY6NjP%2B%2FBsd45ODDCpV1azQOQnEsSULkY5xlR6flZc%2BaoWKRUs0zR7kcMZFpKv3a0kq3XzwIFZbIjoLsSpuvP1CJsGePe94S1FK40flJkMVsW%2BYnRCfKLbRRd4ClezkxTaJVpE84dNGOIz%2FZkFCbIGaeYdsw6YcUQ%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: knaser.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 03 Jul 2017 22:14:52 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499120092.5188312; expires=Thu, 01-Jul-2027 22:14:52 GMT; Max-Age=315360000 <br>Location: http://ww11.knaser.nu/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: knaser.nu <br>Referer: http://www.google.com/search?q=knaser.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 03 Jul 2017 22:14:51 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499120091.8875415; expires=Thu, 01-Jul-2027 22:14:51 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoTyhEAxOsUZ48LA6FrUCOWOla8cSfE5qdGZjyOS4Lro1MqrXvmYi3ln2z%2BiMJ%2FEOCwGovaX4ECa8ILPb6kXf77I7qKPXXiMidmyrKoDE2GcwJWrzssS1%2BbSLZbhP6OSxVqrRkdXitCTQVq4VBxJEPQTz5Voh8Gl7oGudRp%2Bzuv%2B6v4HXuATnRVHQDAnzT2vtG6AmIxfHTL5DqnkdNShoSzrBFLPdUzgNhseNhid%2FyQ%2FBZENUClagSIZrE1SxviTXbYcmsb3ZySWs0M9Ex7rTrdlZGCpFuV1rClNKrozbPCz6TURBUVIG7ecZ47Jgr1p8FlDzdlfjfyIm20c0rC6ZWdobcK2%2BdAfcXMutnd0yLiLj9YBmuN47dfsBY6NjP%2B%2FBsd45ODDCpV1azQOQnEsSULkY5xlR6flZc%2BaoWKRUs0zR7kcMZFpKv3a0kq3XzwIFZbIjoLsSpuvP1CJsGePe94S1FK40flJkMVsW%2BYnRCfKLbRRd4ClezkxTaJVpE84dNGOIz%2FZkFCbIGaeYdsw6YcUQ%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>knaser.nu is on 103.224.182.249<br>ASN for 103.224.182.249: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.182.249 corresponds with lb-182-249.above.com<br>Abuse.net does not have any reliable address for lb-182-249.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@lb-182-249.above.com abuse@above.com1499173243http://scrapitup.se/ (195.74.38.120) - Serp-hijackingAttacked url: http://scrapitup.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 03 Jul 2017 22:14:07 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: scrapitup.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Mon, 03 Jul 2017 20:14:11 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Link: &lt;http://scrapitup.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot;, &lt;http://scrapitup.se/&gt;; rel=shortlink <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: scrapitup.se <br>Referer: http://www.google.com/search?q=scrapitup.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Mon, 03 Jul 2017 20:13:58 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>scrapitup.se is on 195.74.38.120<br>ASN for 195.74.38.120: 41528<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.120 corresponds with cl-20.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1499173237http://tedans.nu/ (93.188.2.51) - Serp-hijackingAttacked url: http://tedans.nu/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 03 Jul 2017 22:03:43 +0200<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: tedans.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx <br>Date: Mon, 03 Jul 2017 20:03:48 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://tdans.se/ <br>X-Loopia-Node: 172.22.223.20 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: tedans.nu <br>Referer: http://www.google.com/search?q=tedans.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx <br>Date: Mon, 03 Jul 2017 20:03:45 GMT <br>Content-Type: text/html; charset=iso-8859-1 <br>Connection: close <br>Location: http://www.fapp.pw/app/se.php <br>X-Loopia-Node: 172.22.223.20<br><br>tedans.nu is on 93.188.2.51<br>ASN for 93.188.2.51: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.51 corresponds with webfront1.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1499173235http://sgarmaturen.se/ (103.224.212.184) - Serp-hijackingAttacked url: http://sgarmaturen.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 03 Jul 2017 21:43:13 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoTyhEAxOsUZ48hmuKzYNSATKSvvvnXuBRLsjT4RKHPtBBpDMnUAONFI6V736WlC0kcUwmUbfg2xABafHKOPZBJ5k93NpRN%2B1DFjMhoPtPwGN3oC3ZUMdwCKMyGKnh2zBwMpP2BmBnPKNaaaWE%2Fqivx33vwchJYK43rDBLeH6pMp3nh2suXP9anLWfPWxhAYo97KKPleq%2FnYNrdmeKeVvV%2FMXZD3%2F7sdHstQ%2BFVNmYsS2zkzwA0wj1yt1%2FiZ9t8BEIq%2BgC56o7CbcQbxzh9XwpeF8eEK%2Bl5hOskTQmgYiqFcpUf7APo8rESnIiWWq0OapWxLkWjKkv3qf956XneaKV4lyLtc1Ucj5pExHuZPpWTKTDmlClpWnh%2FUUIzh7rgFlYEhShyc%2FsaRIBKUwSBUtNJn0mAmd8WJzVmhMcxyhszvTxgegoUkrwENpStgfaOchcq6jnNzl23eQzqXbcWKBIWEK%2BEx1b%2BEyoMuoaKItSxaoaQfTPnimeqKzq97PdihvRyAOaWeDjk0LJabMpczjVcigzqY8wdnA3IQ%3D%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: sgarmaturen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 03 Jul 2017 19:43:18 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499110998.4637565; expires=Thu, 01-Jul-2027 19:43:18 GMT; Max-Age=315360000 <br>Location: http://ww38.sgarmaturen.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: sgarmaturen.se <br>Referer: http://www.google.com/search?q=sgarmaturen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 03 Jul 2017 19:43:17 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499110997.3410239; expires=Thu, 01-Jul-2027 19:43:17 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoTyhEAxOsUZ48hmuKzYNSATKSvvvnXuBRLsjT4RKHPtBBpDMnUAONFI6V736WlC0kcUwmUbfg2xABafHKOPZBJ5k93NpRN%2B1DFjMhoPtPwGN3oC3ZUMdwCKMyGKnh2zBwMpP2BmBnPKNaaaWE%2Fqivx33vwchJYK43rDBLeH6pMp3nh2suXP9anLWfPWxhAYo97KKPleq%2FnYNrdmeKeVvV%2FMXZD3%2F7sdHstQ%2BFVNmYsS2zkzwA0wj1yt1%2FiZ9t8BEIq%2BgC56o7CbcQbxzh9XwpeF8eEK%2Bl5hOskTQmgYiqFcpUf7APo8rESnIiWWq0OapWxLkWjKkv3qf956XneaKV4lyLtc1Ucj5pExHuZPpWTKTDmlClpWnh%2FUUIzh7rgFlYEhShyc%2FsaRIBKUwSBUtNJn0mAmd8WJzVmhMcxyhszvTxgegoUkrwENpStgfaOchcq6jnNzl23eQzqXbcWKBIWEK%2BEx1b%2BEyoMuoaKItSxaoaQfTPnimeqKzq97PdihvRyAOaWeDjk0LJabMpczjVcigzqY8wdnA3IQ%3D%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>sgarmaturen.se is on 103.224.212.184<br>ASN for 103.224.212.184: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.184 corresponds with lb-212-184.above.com<br>Abuse.net does not have any reliable address for lb-212-184.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@lb-212-184.above.com abuse@above.com1499173200http://piahinterior.se/ (103.224.212.193) - Serp-hijackingAttacked url: http://piahinterior.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 03 Jul 2017 20:18:40 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoTyhEAxOsUZ48eJI6rHuJVX2wK9Ez5qHpojzEeQwZRQ1SUMqmcYtk%2BN%2F%2FpNXzzFM3lQurfV3hroFvufNG8J9gsH7YbU9wctgL8AlwxQHti0GfERJt8ehrtKV484E9rTJqsce4boXo1b627FtUbFhh1GfyrNX8P%2BQyiBIT%2FoKr4nwfx%2FxkeXC8J8%2BdnzEAy%2FRVF%2FYhAtqcree9OYShsqiFPH1en%2BH1JycaIXtvWCh%2BiROLoTqRJ2J%2B1XlykScinWdpQTLYHSlgNFMYcnJMfkuHmOkzn%2FzrdWwhsA1XCiBW0WCFKRTj3PItdCDBBVO%2BLeXB1e0hp1eCKJScWZG0l9sn7L%2F7SVqd0DMVJa68Sh4k3dc%2BKabt9F53Eo7bK6MMaSN5TMBJcymz%2FkSfvCgvnVLBTQwaCE8NLW9%2BiIovzMziy47LReeoZhuJjOT9IOllZEFGTxfp5aFPGeYDELVKcDbEjddXQ5dc9psbZr2yIA4GQd8W2e5ptV%2BFTxj5EaFtzkcqIWdL2888TLBRNc8F20wK3qM2c2QpFXk4tGjRmLUO4fbF <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: piahinterior.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 03 Jul 2017 18:18:45 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499105925.1650963; expires=Thu, 01-Jul-2027 18:18:45 GMT; Max-Age=315360000 <br>Location: http://ww11.piahinterior.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: piahinterior.se <br>Referer: http://www.google.com/search?q=piahinterior.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 03 Jul 2017 18:18:44 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499105924.2286682; expires=Thu, 01-Jul-2027 18:18:44 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoTyhEAxOsUZ48eJI6rHuJVX2wK9Ez5qHpojzEeQwZRQ1SUMqmcYtk%2BN%2F%2FpNXzzFM3lQurfV3hroFvufNG8J9gsH7YbU9wctgL8AlwxQHti0GfERJt8ehrtKV484E9rTJqsce4boXo1b627FtUbFhh1GfyrNX8P%2BQyiBIT%2FoKr4nwfx%2FxkeXC8J8%2BdnzEAy%2FRVF%2FYhAtqcree9OYShsqiFPH1en%2BH1JycaIXtvWCh%2BiROLoTqRJ2J%2B1XlykScinWdpQTLYHSlgNFMYcnJMfkuHmOkzn%2FzrdWwhsA1XCiBW0WCFKRTj3PItdCDBBVO%2BLeXB1e0hp1eCKJScWZG0l9sn7L%2F7SVqd0DMVJa68Sh4k3dc%2BKabt9F53Eo7bK6MMaSN5TMBJcymz%2FkSfvCgvnVLBTQwaCE8NLW9%2BiIovzMziy47LReeoZhuJjOT9IOllZEFGTxfp5aFPGeYDELVKcDbEjddXQ5dc9psbZr2yIA4GQd8W2e5ptV%2BFTxj5EaFtzkcqIWdL2888TLBRNc8F20wK3qM2c2QpFXk4tGjRmLUO4fbF <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>piahinterior.se is on 103.224.212.193<br>ASN for 103.224.212.193: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.193 corresponds with lb-212-193.above.com<br>Abuse.net does not have any reliable address for lb-212-193.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@lb-212-193.above.com abuse@above.com1499173195http://saljgruppen.se/ (89.221.250.16) - Serp-hijackingAttacked url: http://saljgruppen.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 03 Jul 2017 19:05:11 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: saljgruppen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Mon, 03 Jul 2017 17:05:15 GMT <br>Server: Apache <br>X-Pingback: http://www.saljgruppen.se/xmlrpc.php <br>Location: http://www.saljgruppen.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: saljgruppen.se <br>Referer: http://www.google.com/search?q=saljgruppen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Mon, 03 Jul 2017 17:04:59 GMT <br>Server: Apache <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>saljgruppen.se is on 89.221.250.16<br>ASN for 89.221.250.16: 1257<br>89.221.250.16 manually set to use abuse@aname.net1499173188http://custommer.se/ (103.224.212.191) - Serp-hijackingAttacked url: http://custommer.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 03 Jul 2017 18:51:00 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoTyhEAxOsUZ48jnAil%2FS%2Bb0QRe%2BBKJ6XYWIWatPWtIIjcH5A95EAlO0r5Z%2FSqhwsQAPpSrlWjQ%2FIr40draH%2FRe09xw0aRTqJogUQyzS%2Bf3JAw0f8JUKZw4OISTA5Rf1ZrgUNb5X872DOV8PJXnvDjiC6s4XTN7dJSG4sJKbTUgj8Nx15XfMUU9vXPg2wvOXAkpiw4BqIoyebEl8fePbQTlvceHPmpIDOYGBfTQj2Q934%2FE4FmpGBIvsiQY5LyHfSJ3lAm5O%2FyQRlCfrROb84%2FABam346SdMnkucv85nWSE7VBz4PMsSTSVEuCTg6%2BPBapw5vpDpwQrBxpQi9ttu%2Be7fjGCJnWAWIMeVUWQLdVXw%2Bwl0p16ee55Pj%2B4KcEoHfBPNnoIn9X%2FgXGMKjJKx8H4jb8Sc5D12F8v%2BfFLUSMRY94kLvaiTDFJ4phtJhN5O8CDYzopLeIXn7FPbsm72%2BezGhs1NtD3HfUAOQLf861rEc1NDiC6NdDmZJpuwkThhIorEFQglIM4hnuedd156YEmcMO%2FU3FtiEXnA%3D%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: custommer.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 03 Jul 2017 16:51:05 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499100665.2018792; expires=Thu, 01-Jul-2027 16:51:05 GMT; Max-Age=315360000 <br>Location: http://ww38.custommer.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: custommer.se <br>Referer: http://www.google.com/search?q=custommer.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 03 Jul 2017 16:51:04 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499100664.3456945; expires=Thu, 01-Jul-2027 16:51:04 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoTyhEAxOsUZ48jnAil%2FS%2Bb0QRe%2BBKJ6XYWIWatPWtIIjcH5A95EAlO0r5Z%2FSqhwsQAPpSrlWjQ%2FIr40draH%2FRe09xw0aRTqJogUQyzS%2Bf3JAw0f8JUKZw4OISTA5Rf1ZrgUNb5X872DOV8PJXnvDjiC6s4XTN7dJSG4sJKbTUgj8Nx15XfMUU9vXPg2wvOXAkpiw4BqIoyebEl8fePbQTlvceHPmpIDOYGBfTQj2Q934%2FE4FmpGBIvsiQY5LyHfSJ3lAm5O%2FyQRlCfrROb84%2FABam346SdMnkucv85nWSE7VBz4PMsSTSVEuCTg6%2BPBapw5vpDpwQrBxpQi9ttu%2Be7fjGCJnWAWIMeVUWQLdVXw%2Bwl0p16ee55Pj%2B4KcEoHfBPNnoIn9X%2FgXGMKjJKx8H4jb8Sc5D12F8v%2BfFLUSMRY94kLvaiTDFJ4phtJhN5O8CDYzopLeIXn7FPbsm72%2BezGhs1NtD3HfUAOQLf861rEc1NDiC6NdDmZJpuwkThhIorEFQglIM4hnuedd156YEmcMO%2FU3FtiEXnA%3D%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>custommer.se is on 103.224.212.191<br>ASN for 103.224.212.191: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.191 corresponds with lb-212-191.above.com<br>Abuse.net does not have any reliable address for lb-212-191.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@lb-212-191.above.com abuse@above.com1499173185http://sekai.nu/ (103.224.182.249) - Serp-hijackingAttacked url: http://sekai.nu/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 03 Jul 2017 17:53:35 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoTyhEAxOsUZ482nD8nVHIqHHq4UuPObwuA02zE1TIjKyvjvzvwCjLZRlzOiTiE1abu4iUQGTRh9xdAH86pEQakdzXshUJlh9ecQnynP5nALLYLGIOabD8gdV%2B51Th5mZd6%2FC5YxU2lZWaF9QNXsRgYTtsW3gz36CdoKKaKaB9x%2BOiDJzwOzBXnlcRv2LpRHAcTYE67QonaxnPhLlx%2F1lNxkG869hruqJrt9L0fF6kv8L38deIh3k352bHIlhUQNVzBvsjqfRM6ahVPlJGNTl2Y0kIiHHXcRDgvxCwW9PvznwiStDiXP3PAup9jaqEzp7XxlyDhdqmU4YIfoSzQHTiyuCOf7B56az36nN0LBCA0666VWh4lG%2FjYpk84b6d5vpPSc5gu9hMSA7CjpF3KxpsjFxW8PuZ0vniXM0eI7bihJ70j1jx6OQWthqGGn0L2Id9LXqo7h7UpFNKR6vwDv6j2Eg5ksWoWky2G%2BjEjvAbAKtByGII5RS%2FvvHd1DnDvkHv9MMdGuUQQiNm <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: sekai.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 03 Jul 2017 15:53:35 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499097215.3217619; expires=Thu, 01-Jul-2027 15:53:35 GMT; Max-Age=315360000 <br>Location: http://ww11.sekai.nu/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: sekai.nu <br>Referer: http://www.google.com/search?q=sekai.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 03 Jul 2017 15:53:34 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499097215.3633069; expires=Thu, 01-Jul-2027 15:53:35 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoTyhEAxOsUZ482nD8nVHIqHHq4UuPObwuA02zE1TIjKyvjvzvwCjLZRlzOiTiE1abu4iUQGTRh9xdAH86pEQakdzXshUJlh9ecQnynP5nALLYLGIOabD8gdV%2B51Th5mZd6%2FC5YxU2lZWaF9QNXsRgYTtsW3gz36CdoKKaKaB9x%2BOiDJzwOzBXnlcRv2LpRHAcTYE67QonaxnPhLlx%2F1lNxkG869hruqJrt9L0fF6kv8L38deIh3k352bHIlhUQNVzBvsjqfRM6ahVPlJGNTl2Y0kIiHHXcRDgvxCwW9PvznwiStDiXP3PAup9jaqEzp7XxlyDhdqmU4YIfoSzQHTiyuCOf7B56az36nN0LBCA0666VWh4lG%2FjYpk84b6d5vpPSc5gu9hMSA7CjpF3KxpsjFxW8PuZ0vniXM0eI7bihJ70j1jx6OQWthqGGn0L2Id9LXqo7h7UpFNKR6vwDv6j2Eg5ksWoWky2G%2BjEjvAbAKtByGII5RS%2FvvHd1DnDvkHv9MMdGuUQQiNm <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>sekai.nu is on 103.224.182.249<br>ASN for 103.224.182.249: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.182.249 corresponds with lb-182-249.above.com<br>Abuse.net does not have any reliable address for lb-182-249.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-182-249.above.com1499173157http://emmaab.nu/ (91.195.155.160) - Serp-hijackingAttacked url: http://emmaab.nu/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 03 Jul 2017 16:17:12 +0200<br><br>Visitors with referer are redirected to http://dammasch.com/invoice/Scan079.zip <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: emmaab.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Mon, 03 Jul 2017 14:17:16 GMT <br>Server: Apache <br>X-Powered-By: PleskLin <br>Connection: close <br>Content-Type: text/html <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: emmaab.nu <br>Referer: http://www.google.com/search?q=emmaab.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Mon, 03 Jul 2017 14:17:16 GMT <br>Server: Apache <br>Location: http://dammasch.com/invoice/Scan079.zip <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>emmaab.nu is on 91.195.155.160<br>ASN for 91.195.155.160: 43770<br>Abusix contact information: abuse@itconnect.se (information only)<br>rDNS not found for 91.195.155.160<br>Found address in whois: abuse@itconnect.se1499173145http://cudata.se/ (103.224.212.186) - Serp-hijackingAttacked url: http://cudata.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 03 Jul 2017 14:39:36 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT4H%2FTForGCHA0qB5yLgcQSXAIJD1Dow3bbJ5E%2Bk7YIQSnTFWY8rTE3xNbxPsQXhohRHzgn8qJodAioheWacgICQt25vWfFvPy0FbI1%2FixvSV1E845OLRYSdWB%2FNlkW3NMt%2FfD75z3khOhQCF75VviBEjRScwBDvteQnXCx2WZEuaUY%2F%2BhGTaD%2FBK%2BIkOctPEOui99i9KzmjKHsaHBIdqvHTNlBhBRD2dLBmsBrFfM7WawQvLF9fh3jtCUQcpey531yZ11LVc07xqWb%2B5rjnNMRKPHWZ9gpAPwgAXV8G%2FQj3WPPEvX76qnqoa4CiKTiSkl5YJofa3cvfgdHWa8tFaHXBuePZHq9g82V8zDtOYxHxYKzVbzMquBwzdoHw%2BDo8W5wqeVVaXQB%2ByOra6oYiod7bcmapembD9Portak1ebNxZIirOmqRI7xOk9dAhacP7O3c28TjYAmBrzzhiNvBNnj1q1LNlIiS3H%2B7AW1%2FPv5kaWjMdbGi1VV54r%2B9Bcm5YDe%2BugaD7j8TAGdYUKLv8WGY%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: cudata.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 03 Jul 2017 12:39:41 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499085581.6260214; expires=Thu, 01-Jul-2027 12:39:41 GMT; Max-Age=315360000 <br>Location: http://ww11.cudata.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: cudata.se <br>Referer: http://www.google.com/search?q=cudata.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 03 Jul 2017 12:39:40 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499085580.6321875; expires=Thu, 01-Jul-2027 12:39:40 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT4H%2FTForGCHA0qB5yLgcQSXAIJD1Dow3bbJ5E%2Bk7YIQSnTFWY8rTE3xNbxPsQXhohRHzgn8qJodAioheWacgICQt25vWfFvPy0FbI1%2FixvSV1E845OLRYSdWB%2FNlkW3NMt%2FfD75z3khOhQCF75VviBEjRScwBDvteQnXCx2WZEuaUY%2F%2BhGTaD%2FBK%2BIkOctPEOui99i9KzmjKHsaHBIdqvHTNlBhBRD2dLBmsBrFfM7WawQvLF9fh3jtCUQcpey531yZ11LVc07xqWb%2B5rjnNMRKPHWZ9gpAPwgAXV8G%2FQj3WPPEvX76qnqoa4CiKTiSkl5YJofa3cvfgdHWa8tFaHXBuePZHq9g82V8zDtOYxHxYKzVbzMquBwzdoHw%2BDo8W5wqeVVaXQB%2ByOra6oYiod7bcmapembD9Portak1ebNxZIirOmqRI7xOk9dAhacP7O3c28TjYAmBrzzhiNvBNnj1q1LNlIiS3H%2B7AW1%2FPv5kaWjMdbGi1VV54r%2B9Bcm5YDe%2BugaD7j8TAGdYUKLv8WGY%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>cudata.se is on 103.224.212.186<br>ASN for 103.224.212.186: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.186 corresponds with lb-212-186.above.com<br>Abuse.net does not have any reliable address for lb-212-186.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-186.above.com1499087743http://bjornekullawhisky.se/ (103.224.212.192) - Serp-hijackingAttacked url: http://bjornekullawhisky.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 03 Jul 2017 14:08:16 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT4H%2FTForGCHATS8z02ylW51vCQA1oheQI9i6Y4Mz1MhOczl7ziYU5HvbmPU7FmD0zKVkpVzeC6n54QEQdfRpiCNdnUvp64hsNZGNeQVMCqHwdtWh%2B0l6DqBg9TCffei%2BaRoGN8v7bVDyN8NJ%2FAT8p5QSdDj9Ij%2B8hB631urpPwGqeEvOzj7qUFaRFDGQqwBtGm5iNVqHyTizqUlCmu6CPIij7SDnTYODEzyag5%2B5nGWbJS8JBE31rAREm4%2Bc837SgGePUB7rDLdVmO409ESJLVvgoRcxIRsqDVAxJOLiSgpfm04y7S2%2BtYpd8RkU6%2BkHrOfCvxji%2F%2BS5edjPp2Tl22h15Ompv5yX2ApDbzjUL0r%2FLofV%2BeLxWdV4IK8hCrvvUx5SIR2JFeayo3xjsCpAaFOcqeZwyur1RQGg5O3Wyxf%2FIDVfoIp8DCqyBFx1o9xSPW%2FW1pWjRGxsZwCcUaefAzXYzs5MrhAM%2BStXsfDvx5fLNE3GRWsKIxAocoO1GR8%2BFVfs0nbyfNlN3JcK9jdjTlh%2F5EKXNO8d7y8ndtv9Z5kGb2rcK87kCI8%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: bjornekullawhisky.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 03 Jul 2017 12:08:16 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499083696.5562252; expires=Thu, 01-Jul-2027 12:08:16 GMT; Max-Age=315360000 <br>Location: http://ww11.bjornekullawhisky.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: bjornekullawhisky.se <br>Referer: http://www.google.com/search?q=bjornekullawhisky.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 03 Jul 2017 12:08:15 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499083695.5132069; expires=Thu, 01-Jul-2027 12:08:15 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT4H%2FTForGCHATS8z02ylW51vCQA1oheQI9i6Y4Mz1MhOczl7ziYU5HvbmPU7FmD0zKVkpVzeC6n54QEQdfRpiCNdnUvp64hsNZGNeQVMCqHwdtWh%2B0l6DqBg9TCffei%2BaRoGN8v7bVDyN8NJ%2FAT8p5QSdDj9Ij%2B8hB631urpPwGqeEvOzj7qUFaRFDGQqwBtGm5iNVqHyTizqUlCmu6CPIij7SDnTYODEzyag5%2B5nGWbJS8JBE31rAREm4%2Bc837SgGePUB7rDLdVmO409ESJLVvgoRcxIRsqDVAxJOLiSgpfm04y7S2%2BtYpd8RkU6%2BkHrOfCvxji%2F%2BS5edjPp2Tl22h15Ompv5yX2ApDbzjUL0r%2FLofV%2BeLxWdV4IK8hCrvvUx5SIR2JFeayo3xjsCpAaFOcqeZwyur1RQGg5O3Wyxf%2FIDVfoIp8DCqyBFx1o9xSPW%2FW1pWjRGxsZwCcUaefAzXYzs5MrhAM%2BStXsfDvx5fLNE3GRWsKIxAocoO1GR8%2BFVfs0nbyfNlN3JcK9jdjTlh%2F5EKXNO8d7y8ndtv9Z5kGb2rcK87kCI8%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>bjornekullawhisky.se is on 103.224.212.192<br>ASN for 103.224.212.192: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.192 corresponds with lb-212-192.above.com<br>Abuse.net does not have any reliable address for lb-212-192.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@lb-212-192.above.com abuse@above.com1499087736http://proa23.se/ (195.74.38.136) - Serp-hijackingAttacked url: http://proa23.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 03 Jul 2017 13:24:43 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: proa23.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Mon, 03 Jul 2017 11:24:47 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>X-Pingback: http://proa23.se/xmlrpc.php <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: proa23.se <br>Referer: http://www.google.com/search?q=proa23.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Mon, 03 Jul 2017 11:24:24 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>proa23.se is on 195.74.38.136<br>ASN for 195.74.38.136: 41528<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.136 corresponds with cl-30.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1499087734http://letta.se/ (103.224.212.197) - Serp-hijackingAttacked url: http://letta.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 03 Jul 2017 13:09:54 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT4H%2FTForGCHA3zQZdGZuO%2Fib0dRlNnsEjQBelTuKX%2FEXi2c4dowCqanCihZBJWK1IKsfAQnpo4WSMWztkOH3%2BnB2PUAJi5t5EotsWZtamJ5rlp5WvcbslVqZ4%2Br%2Fy1uOrMYOl%2F7%2Fh1If2lpYqRrxrYydzmvtVicD7m0QNCxH6Tslxm4JX4H7EU%2BS6AKqze80iENH1YRr3veXkSulx3%2BFY52nx%2BGq0f0FD6JZec9crXDJvx79YHrKc%2BCjcGO1J3%2F11tYVdbOB7VchuiRDoWr%2FNhkJThCrjL5mT2033tzi4KqUrlzcCuAYtyCXqgu%2B%2F9kRHyW5W6boIMYg2y0ewPfbisdWbdy4CiduXjBwvwsxtV8lUu45i6W8hnCKDtLEEWladC8dxtU7tXyY34Bk%2FUyDEbvFuEplLcx9begAULstmH1u%2BfDJTfnCDs3K7scmrzACB9STwAkRmIOWqXlb9bE2HNNNU053KT%2FY%2FjDehCYg%2Fd%2Fk4LFEUACt1874xI7EHaNcJPAvU0FxYJJX <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: letta.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 03 Jul 2017 11:09:59 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499080199.7822184; expires=Thu, 01-Jul-2027 11:09:59 GMT; Max-Age=315360000 <br>Location: http://ww11.letta.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: letta.se <br>Referer: http://www.google.com/search?q=letta.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 03 Jul 2017 11:09:58 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499080198.3636473; expires=Thu, 01-Jul-2027 11:09:58 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT4H%2FTForGCHA3zQZdGZuO%2Fib0dRlNnsEjQBelTuKX%2FEXi2c4dowCqanCihZBJWK1IKsfAQnpo4WSMWztkOH3%2BnB2PUAJi5t5EotsWZtamJ5rlp5WvcbslVqZ4%2Br%2Fy1uOrMYOl%2F7%2Fh1If2lpYqRrxrYydzmvtVicD7m0QNCxH6Tslxm4JX4H7EU%2BS6AKqze80iENH1YRr3veXkSulx3%2BFY52nx%2BGq0f0FD6JZec9crXDJvx79YHrKc%2BCjcGO1J3%2F11tYVdbOB7VchuiRDoWr%2FNhkJThCrjL5mT2033tzi4KqUrlzcCuAYtyCXqgu%2B%2F9kRHyW5W6boIMYg2y0ewPfbisdWbdy4CiduXjBwvwsxtV8lUu45i6W8hnCKDtLEEWladC8dxtU7tXyY34Bk%2FUyDEbvFuEplLcx9begAULstmH1u%2BfDJTfnCDs3K7scmrzACB9STwAkRmIOWqXlb9bE2HNNNU053KT%2FY%2FjDehCYg%2Fd%2Fk4LFEUACt1874xI7EHaNcJPAvU0FxYJJX <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>letta.se is on 103.224.212.197<br>ASN for 103.224.212.197: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.197 corresponds with lb-212-197.above.com<br>Abuse.net does not have any reliable address for lb-212-197.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-197.above.com1499087732