Säkrare hemsida med .sehttp://bussfabriken.se/ (103.224.212.185) - Serp-hijackingAttacked url: http://bussfabriken.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Jun 2017 14:33:24 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcRt1c%2FS253LSKS1A73V6xOVcjqjfmwR8rb%2Brv2bq8XHuMPFCW6%2FX69DJX5f4XD5TQ0NkxC9t7KJ2N%2FZ%2BzRaj%2FO3sY8iSNmGt3Y316bpVkNtV02z3WujUe9bJOWS33jey5zUb4I2DXHYKk1YiuYGhdpfntz%2BMT3Xcqg2ZBgSgvgFly4liDzc7hcilyYs9IpXt41krGHb7Ar5cJeCSqsI8ccRJPf6M9ftM0Lk8l5EnMCHIa9Tz8eSJlc0t5IY5w1uOdH8Bh6oZSLbNjjDNxVrPXMnZInskEGfjcLkNbaJdxvFTh5RGi5RWVKrbi8HD8zwXEsXZxRabgAL%2FYwnrO9wS1uUGYtzufDN9xgCyCWskj0cDfZBNK4qEOXNwHWr2SkEZRT%2FgdaPmGUdP9haWV%2BP80Gl%2FMdFXYbNKqFRkI7iugo42SMWlCHhzBP0a6SNVksD5NApMhdmf4aRBBH7G6jMy%2Bgv6F0mb2nyRtBQ0dqu9XIwmKXpu%2F1W1JZ5rRfA5un%2FSMTnf%2FORoIFv3hAwfrW0tvzWjTkMX7PQhXp <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: bussfabriken.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 21 Jun 2017 12:33:24 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1498048404.2154130; expires=Sat, 19-Jun-2027 12:33:24 GMT; Max-Age=315360000 <br>Location: http://ww38.bussfabriken.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: bussfabriken.se <br>Referer: http://www.google.com/search?q=bussfabriken.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 21 Jun 2017 12:33:23 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45-0+deb7u8 <br>Set-Cookie: __tad=1498048403.3088131; expires=Sat, 19-Jun-2027 12:33:23 GMT <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcRt1c%2FS253LSKS1A73V6xOVcjqjfmwR8rb%2Brv2bq8XHuMPFCW6%2FX69DJX5f4XD5TQ0NkxC9t7KJ2N%2FZ%2BzRaj%2FO3sY8iSNmGt3Y316bpVkNtV02z3WujUe9bJOWS33jey5zUb4I2DXHYKk1YiuYGhdpfntz%2BMT3Xcqg2ZBgSgvgFly4liDzc7hcilyYs9IpXt41krGHb7Ar5cJeCSqsI8ccRJPf6M9ftM0Lk8l5EnMCHIa9Tz8eSJlc0t5IY5w1uOdH8Bh6oZSLbNjjDNxVrPXMnZInskEGfjcLkNbaJdxvFTh5RGi5RWVKrbi8HD8zwXEsXZxRabgAL%2FYwnrO9wS1uUGYtzufDN9xgCyCWskj0cDfZBNK4qEOXNwHWr2SkEZRT%2FgdaPmGUdP9haWV%2BP80Gl%2FMdFXYbNKqFRkI7iugo42SMWlCHhzBP0a6SNVksD5NApMhdmf4aRBBH7G6jMy%2Bgv6F0mb2nyRtBQ0dqu9XIwmKXpu%2F1W1JZ5rRfA5un%2FSMTnf%2FORoIFv3hAwfrW0tvzWjTkMX7PQhXp <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>bussfabriken.se is on 103.224.212.185<br>ASN for 103.224.212.185: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.185 corresponds with lb-212-185.above.com<br>Abuse.net does not have any reliable address for lb-212-185.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-185.above.com1498050424http://utt.se/ (194.9.95.100) - Serp-hijackingAttacked url: http://utt.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Jun 2017 14:26:50 +0200<br><br>Visitors with referer are redirected to http://vados.biz/gosw?keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: utt.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.10.3 <br>Date: Wed, 21 Jun 2017 12:26:50 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Link: &lt;http://utt.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: utt.se <br>Referer: http://www.google.com/search?q=utt.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.10.3 <br>Date: Wed, 21 Jun 2017 12:26:49 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://vados.biz/gosw?keyword=&amp;pill=<br><br>utt.se is on 194.9.95.100<br>ASN for 194.9.95.100: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.95.100 corresponds with s7.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1498050422http://progressionsports.se/ (195.74.38.149) - Serp-hijackingAttacked url: http://progressionsports.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Jun 2017 14:06:02 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: progressionsports.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Wed, 21 Jun 2017 12:06:01 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>X-Pingback: http://progressionsports.se/xmlrpc.php <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: progressionsports.se <br>Referer: http://www.google.com/search?q=progressionsports.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Wed, 21 Jun 2017 12:05:47 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>progressionsports.se is on 195.74.38.149<br>ASN for 195.74.38.149: 41528<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.149 corresponds with cl-35.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1498050419http://khal.se/ (194.9.94.137) - Serp-hijackingAttacked url: http://khal.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Jun 2017 12:49:20 +0200<br><br>Visitors with referer are redirected to http://vados.biz/cialisse?keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: khal.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.10.3 <br>Date: Wed, 21 Jun 2017 10:49:20 GMT <br>Content-Type: text/html; charset=utf-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Set-Cookie: c025e142ae5dd797a899add9154e4949=918l5gefh5p468j32ang3llbo5; path=/; HttpOnly <br>P3P: CP=&quot;NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM&quot; <br>Expires: Mon, 1 Jan 2001 00:00:00 GMT <br>Last-Modified: Wed, 21 Jun 2017 10:49:20 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: khal.se <br>Referer: http://www.google.com/search?q=khal.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.10.3 <br>Date: Wed, 21 Jun 2017 10:49:19 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://vados.biz/cialisse?keyword=&amp;pill=<br><br>khal.se is on 194.9.94.137<br>ASN for 194.9.94.137: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.137 corresponds with s529.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1498050392http://mediatronics.se/ (213.115.165.39) - Serp-hijackingAttacked url: http://mediatronics.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Jun 2017 12:36:38 +0200<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: mediatronics.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Connection: close <br>Date: Wed, 21 Jun 2017 10:36:39 GMT <br>Server: Microsoft-IIS/6.0 <br>X-Powered-By: ASP.NET <br>Content-Length: 23313 <br>Content-Type: text/html <br>Set-Cookie: ASPSESSIONIDCQRSRBCC=KCFLBGCBHHJOAHIPDHNPHJEJ; path=/ <br>Cache-control: private <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: mediatronics.se <br>Referer: http://www.google.com/search?q=mediatronics.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Connection: close <br>Date: Wed, 21 Jun 2017 10:36:38 GMT <br>Server: Microsoft-IIS/6.0 <br>X-Powered-By: ASP.NET <br>Location: http://www.fapp.pw/app/se.php <br>Content-Length: 150 <br>Content-Type: text/html <br>Set-Cookie: ASPSESSIONIDCQRSRBCC=JCFLBGCBDGAMKGBOJFLMMGGD; path=/ <br>Cache-control: private<br><br>mediatronics.se is on 213.115.165.39<br>ASN for 213.115.165.39: 2119<br>Abusix contact information: abuse@telenor.se (information only)<br>213.115.165.39 corresponds with berra.eastpoint.se<br>Abuse.net does not have any reliable address for berra.eastpoint.se<br>Found address in whois: abuse@telenor.se abuse@eastpoint.se abuse@bredband.com1498050384http://custome.se/ (103.224.212.194) - Serp-hijackingAttacked url: http://custome.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Jun 2017 12:33:57 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcR%2BqbJJlwzrrKzgt4luon%2BNVV7nxgFthsJbp9OJ8q3yXBQiOqsMRpMsuI47GYTc8NHwPisnaLfO122qK1cZz69PBaUeaJ4uzNcitmOnHfs0%2BO5haOFwtA7sJQH4HgKmSyoHQmj6m5EZ3F3lmk5VeTK7wylvkNyOFdXObCUzWIpaSMNf1iI5Pg9IE9aZcUNK8Yah4%2BOYtrfwhXGC2ivxOOwPY9DPZ13TzTSPy5dP0Y%2FRaFCRjb56cw5ywaYtVs8jvpjJjcnI%2FvoIoiqa1uXMbC5EW8bSEUBMWWkQGMqwWDh2%2FerX8ShefP7ziRoHETp7rnQqVdTvDL%2BOVgNT%2BCPxVh6PnK4%2FQE5Y%2FP7Qc6zsmTMsnW1pfnxbcZELMXs0JCyhSE0RLjYNasW1tjb%2FKygEykpFAJwdQnXJmrLR36xgoNQMCLVJaqlF96b1iXtBVAdyiNjrStv6dQic%2BFTqoRws3AXkHaeY67kyEzKX9NQBAzmM7ofb3yfesvqRBDPXACDwNqeroGqozAak%2BY%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: custome.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 21 Jun 2017 10:33:58 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45-0+deb7u8 <br>Set-Cookie: __tad=1498041238.7405988; expires=Sat, 19-Jun-2027 10:33:58 GMT <br>Location: http://ww11.custome.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: custome.se <br>Referer: http://www.google.com/search?q=custome.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 21 Jun 2017 10:33:57 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1498041237.7087007; expires=Sat, 19-Jun-2027 10:33:57 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcR%2BqbJJlwzrrKzgt4luon%2BNVV7nxgFthsJbp9OJ8q3yXBQiOqsMRpMsuI47GYTc8NHwPisnaLfO122qK1cZz69PBaUeaJ4uzNcitmOnHfs0%2BO5haOFwtA7sJQH4HgKmSyoHQmj6m5EZ3F3lmk5VeTK7wylvkNyOFdXObCUzWIpaSMNf1iI5Pg9IE9aZcUNK8Yah4%2BOYtrfwhXGC2ivxOOwPY9DPZ13TzTSPy5dP0Y%2FRaFCRjb56cw5ywaYtVs8jvpjJjcnI%2FvoIoiqa1uXMbC5EW8bSEUBMWWkQGMqwWDh2%2FerX8ShefP7ziRoHETp7rnQqVdTvDL%2BOVgNT%2BCPxVh6PnK4%2FQE5Y%2FP7Qc6zsmTMsnW1pfnxbcZELMXs0JCyhSE0RLjYNasW1tjb%2FKygEykpFAJwdQnXJmrLR36xgoNQMCLVJaqlF96b1iXtBVAdyiNjrStv6dQic%2BFTqoRws3AXkHaeY67kyEzKX9NQBAzmM7ofb3yfesvqRBDPXACDwNqeroGqozAak%2BY%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>custome.se is on 103.224.212.194<br>ASN for 103.224.212.194: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.194 corresponds with lb-212-194.above.com<br>Abuse.net does not have any reliable address for lb-212-194.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@lb-212-194.above.com abuse@above.com1498050380http://erikolssons.se/ (103.224.212.199) - Serp-hijackingAttacked url: http://erikolssons.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Jun 2017 12:31:47 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcRoRzkhZ0wEcPnCNnKz0G5Z7E%2B%2BdBRTcWlJ3YcWWnPWxSHqeGcBJ6fY6UNHOdoiVBm%2FVQwYswgoqVxLuKQilk3lLLouSbEUWZjjdWb9pKF%2ByEG3cRqmJpi%2ByLkQeYNoBLeDGq121nBt5cEtoUAJSX82tjHg0tJtpQKMA9J0nTZ2Ghxu1XDQfVwB7ugPzpqAlMmMNnItOpUVLdxv%2FmcCi8GaXBC6rKjs5Yzs2Z3gGtq23sqgzZ4JM9uIzpEE5StuMyQ6OzkYpg%2Fot5O7bigX3wVmFMgAv83%2BiINppY9m7OLBWBQnqQCnxaMaZsTqonkL6aWb6ibJEhzTNgRUSEX78FizNXzSC4vNIgGheOpSPq6Tii36Y6ecMhvh1CtTFQpV6f3DZ4hgcZBK%2B1FZSH36Hd6iACyH%2Bgb%2F8Wr9Luiiys52pyXEcw27q9BRicf04peiBpBJxtvk3JouD1mzH4xeEVaThM4Ez3uhJaoZS61pQDh86xv%2BHbx2wF2q0e6X49FPNwpD0I4Adrt0HdXcaxq2vEu0sn%2BFOh3yOI5 <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: erikolssons.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 21 Jun 2017 10:31:47 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45-0+deb7u8 <br>Set-Cookie: __tad=1498041107.2067397; expires=Sat, 19-Jun-2027 10:31:47 GMT <br>Location: http://ww11.erikolssons.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: erikolssons.se <br>Referer: http://www.google.com/search?q=erikolssons.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 21 Jun 2017 10:31:46 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1498041106.2464823; expires=Sat, 19-Jun-2027 10:31:46 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcRoRzkhZ0wEcPnCNnKz0G5Z7E%2B%2BdBRTcWlJ3YcWWnPWxSHqeGcBJ6fY6UNHOdoiVBm%2FVQwYswgoqVxLuKQilk3lLLouSbEUWZjjdWb9pKF%2ByEG3cRqmJpi%2ByLkQeYNoBLeDGq121nBt5cEtoUAJSX82tjHg0tJtpQKMA9J0nTZ2Ghxu1XDQfVwB7ugPzpqAlMmMNnItOpUVLdxv%2FmcCi8GaXBC6rKjs5Yzs2Z3gGtq23sqgzZ4JM9uIzpEE5StuMyQ6OzkYpg%2Fot5O7bigX3wVmFMgAv83%2BiINppY9m7OLBWBQnqQCnxaMaZsTqonkL6aWb6ibJEhzTNgRUSEX78FizNXzSC4vNIgGheOpSPq6Tii36Y6ecMhvh1CtTFQpV6f3DZ4hgcZBK%2B1FZSH36Hd6iACyH%2Bgb%2F8Wr9Luiiys52pyXEcw27q9BRicf04peiBpBJxtvk3JouD1mzH4xeEVaThM4Ez3uhJaoZS61pQDh86xv%2BHbx2wF2q0e6X49FPNwpD0I4Adrt0HdXcaxq2vEu0sn%2BFOh3yOI5 <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>erikolssons.se is on 103.224.212.199<br>ASN for 103.224.212.199: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.199 corresponds with lb-212-199.above.com<br>Abuse.net does not have any reliable address for lb-212-199.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@lb-212-199.above.com abuse@above.com1498050372http://seetex.se/ (81.26.42.232) - Serp-hijackingAttacked url: http://seetex.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Jun 2017 12:05:51 +0200<br><br>Visitors with referer are redirected to http://www.serverjump.com/jump.aspx?jumpid=0sichm <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: seetex.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 10326 <br>Content-Type: text/html <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDCACBTACA=MGNJHCCBFKOGCEGJGPNDCBBI; path=/ <br>X-Powered-By: ASP.NET <br>Date: Wed, 21 Jun 2017 10:05:37 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: seetex.se <br>Referer: http://www.google.com/search?q=seetex.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 170 <br>Content-Type: text/html <br>Location: http://www.serverjump.com/jump.aspx?jumpid=0sichm <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDCACBTACA=LGNJHCCBFCKODDJFEMCNLDKM; path=/ <br>X-Powered-By: ASP.NET <br>Date: Wed, 21 Jun 2017 10:05:37 GMT <br>Connection: close<br><br>seetex.se is on 81.26.42.232<br>ASN for 81.26.42.232: 43200<br>Abusix contact information: abuse@pcsupport.no (information only)<br>81.26.42.232 corresponds with pcsweb12.pcsupport.no<br>Abuse.net does not have any reliable address for pcsweb12.pcsupport.no<br>Found address in whois: abuse@pcsupport.no1498050369http://ostacamping.se/ (194.9.95.65) - Serp-hijackingAttacked url: http://ostacamping.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Jun 2017 11:46:51 +0200<br><br>Visitors with referer are redirected to http://vados.biz/gosw?keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: ostacamping.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.10.3 <br>Date: Wed, 21 Jun 2017 09:46:51 GMT <br>Content-Type: text/html; charset=utf-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Set-Cookie: 72eaeff6113c9a3ed7fafc91f842c0d6=62ng78j036n1kmatf4fcnrua57; path=/; HttpOnly <br>P3P: CP=&quot;NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM&quot; <br>Expires: Mon, 1 Jan 2001 00:00:00 GMT <br>Last-Modified: Wed, 21 Jun 2017 09:46:50 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: ostacamping.se <br>Referer: http://www.google.com/search?q=ostacamping.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.10.3 <br>Date: Wed, 21 Jun 2017 09:46:50 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://vados.biz/gosw?keyword=&amp;pill=<br><br>ostacamping.se is on 194.9.95.65<br>ASN for 194.9.95.65: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.95.65 corresponds with s210.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1498050351http://lund-hoistad.se/ (31.216.35.4) - Serp-hijackingAttacked url: http://lund-hoistad.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Jun 2017 11:09:00 +0200<br><br>Visitors with referer are redirected to http://www.coins200.com/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: lund-hoistad.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 8327 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDAAQCACQC=IEAOHBKAPCAPKKGBNIELEJHO; path=/ <br>X-Powered-By: ASP.NET <br>X-Powered-By-Plesk: PleskWin <br>Date: Wed, 21 Jun 2017 09:09:00 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: lund-hoistad.se <br>Referer: http://www.google.com/search?q=lund-hoistad.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 145 <br>Content-Type: text/html <br>Location: http://www.coins200.com/ <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDAAQCACQC=HEAOHBKAOHAKGGFMKAJIFENA; path=/ <br>X-Powered-By: ASP.NET <br>X-Powered-By-Plesk: PleskWin <br>Date: Wed, 21 Jun 2017 09:09:00 GMT <br>Connection: close<br><br>lund-hoistad.se is on 31.216.35.4<br>ASN for 31.216.35.4: 197308<br>Abusix contact information: abuse@cygate.se (information only)<br>31.216.35.4 corresponds with shww-0040.s.thehostingplatform.com<br>Abuse.net does not have any reliable address for shww-0040.s.thehostingplatform.com<br>Found address in whois: abuse@cygate.se1498050332http://esenciadesuecia.se/ (195.74.38.63) - Serp-hijackingAttacked url: http://esenciadesuecia.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Jun 2017 10:42:28 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: esenciadesuecia.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Wed, 21 Jun 2017 08:42:29 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>X-Pingback: http://www.esenciadesuecia.se/xmlrpc.php <br>Location: http://www.esenciadesuecia.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br>Pool-Info: /Common/CloudLinux-cluster-02 10.160.1.2 80 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: esenciadesuecia.se <br>Referer: http://www.google.com/search?q=esenciadesuecia.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Wed, 21 Jun 2017 08:42:20 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html <br>Pool-Info: /Common/CloudLinux-cluster-02 10.160.1.2 80<br><br>esenciadesuecia.se is on 195.74.38.63<br>ASN for 195.74.38.63: 41528<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.63 corresponds with cl-02.atm.binero.net<br>Abuse.net does not have any reliable address for cl-02.atm.binero.net<br>Found address in whois: drift@binero.se abuse@binero.se1498050324http://huggetsgross.se/ (194.9.94.73) - Serp-hijackingAttacked url: http://huggetsgross.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Jun 2017 09:56:45 +0200<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: huggetsgross.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 11006 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDQSQRDACQ=KBKAEGNAFGMGJEANILKFGOKN; path=/ <br>X-Powered-By: ASP.NET <br>Date: Wed, 21 Jun 2017 07:56:47 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: huggetsgross.se <br>Referer: http://www.google.com/search?q=huggetsgross.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 150 <br>Content-Type: text/html <br>Location: http://www.fapp.pw/app/se.php <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDQSQRDACQ=JBKAEGNAOLLNDPMGJHJHNNHH; path=/ <br>X-Powered-By: ASP.NET <br>Date: Wed, 21 Jun 2017 07:56:47 GMT <br>Connection: close<br><br>huggetsgross.se is on 194.9.94.73<br>ASN for 194.9.94.73: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.73 corresponds with iis10.windowscluster.loopia.se<br>Abuse.net does not have any reliable address for iis10.windowscluster.loopia.se<br>Found address in whois: abuse@loopia.se1498050317http://dayft.se/ (103.224.212.187) - Serp-hijackingAttacked url: http://dayft.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Jun 2017 09:36:36 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcR4jDfYUGbkt30hozeFf1KgqEuWTNnD3YRJsearYS94l%2FIQaou8Lgpurnx%2B0oiGMu%2BR8ytqG3BmOMBzZzvER9kAqTytWKaYdAiH6XB%2B7HB4ExGgd4Hi97EYFLBsL24o49fXV8MC9ke6Dbg5wlSfLg8YT0qH8TAhPymDsKDNPHBD4PIwcpp3vnQc5WMVtotYR23lg%2BqHkCZXwGch5HuCno6EccszmAz5F7cAWM7gJARlgEn0xNQAAAeJ%2B8voYhjiiZoBRkc9639kXuSqpVYmViCT%2FDtSqcw%2FjTDKYmIvPzFtutxFyKa94ft63pmgQ7yLRcYZ5qPNuEAXEyAJRj%2FqZJDKWZjjz1OXN1PC7sTDs0EImCLJb4CxT%2FRUCGZ%2F31WQRUBmBC6FLU9j%2FrAfjdhbf5vFjLePUj802G5uEYiKZPR7%2BoxR%2B4EDiVtXL5yUXBLMi3PkbOPUZOPXRJUTIjEC8BEA6O5%2Fudm967%2Bs8J%2BewpDt2k8UuTSt5PNuDTZOLwqTS9KL8MuFySRT%2Bs%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dayft.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 21 Jun 2017 07:36:37 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1498030597.2038070; expires=Sat, 19-Jun-2027 07:36:37 GMT; Max-Age=315360000 <br>Location: http://ww11.dayft.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dayft.se <br>Referer: http://www.google.com/search?q=dayft.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 21 Jun 2017 07:36:36 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1498030596.6782974; expires=Sat, 19-Jun-2027 07:36:36 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcR4jDfYUGbkt30hozeFf1KgqEuWTNnD3YRJsearYS94l%2FIQaou8Lgpurnx%2B0oiGMu%2BR8ytqG3BmOMBzZzvER9kAqTytWKaYdAiH6XB%2B7HB4ExGgd4Hi97EYFLBsL24o49fXV8MC9ke6Dbg5wlSfLg8YT0qH8TAhPymDsKDNPHBD4PIwcpp3vnQc5WMVtotYR23lg%2BqHkCZXwGch5HuCno6EccszmAz5F7cAWM7gJARlgEn0xNQAAAeJ%2B8voYhjiiZoBRkc9639kXuSqpVYmViCT%2FDtSqcw%2FjTDKYmIvPzFtutxFyKa94ft63pmgQ7yLRcYZ5qPNuEAXEyAJRj%2FqZJDKWZjjz1OXN1PC7sTDs0EImCLJb4CxT%2FRUCGZ%2F31WQRUBmBC6FLU9j%2FrAfjdhbf5vFjLePUj802G5uEYiKZPR7%2BoxR%2B4EDiVtXL5yUXBLMi3PkbOPUZOPXRJUTIjEC8BEA6O5%2Fudm967%2Bs8J%2BewpDt2k8UuTSt5PNuDTZOLwqTS9KL8MuFySRT%2Bs%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>dayft.se is on 103.224.212.187<br>ASN for 103.224.212.187: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.187 corresponds with lb-212-187.above.com<br>Abuse.net does not have any reliable address for lb-212-187.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@lb-212-187.above.com abuse@above.com1498050293http://xn--lund-histad-wfb.se/ (31.216.35.4) - Serp-hijackingAttacked url: http://xn--lund-histad-wfb.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Jun 2017 08:29:29 +0200<br><br>Visitors with referer are redirected to http://www.coins200.com/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: xn--lund-histad-wfb.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 8327 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDAAQCACQC=DFONHBKAGCDFPEKBBKEHKHCE; path=/ <br>X-Powered-By: ASP.NET <br>X-Powered-By-Plesk: PleskWin <br>Date: Wed, 21 Jun 2017 06:29:27 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: xn--lund-histad-wfb.se <br>Referer: http://www.google.com/search?q=xn--lund-histad-wfb.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 145 <br>Content-Type: text/html <br>Location: http://www.coins200.com/ <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDAAQCACQC=CFONHBKAGFPBMGOMEALLMAEP; path=/ <br>X-Powered-By: ASP.NET <br>X-Powered-By-Plesk: PleskWin <br>Date: Wed, 21 Jun 2017 06:29:27 GMT <br>Connection: close<br><br>xn--lund-histad-wfb.se is on 31.216.35.4<br>ASN for 31.216.35.4: 197308<br>Abusix contact information: abuse@cygate.se (information only)<br>31.216.35.4 corresponds with shww-0040.s.thehostingplatform.com<br>Abuse.net does not have any reliable address for shww-0040.s.thehostingplatform.com<br>Found address in whois: abuse@cygate.se1498050276http://secon.se/ (194.9.94.102) - Serp-hijackingAttacked url: http://secon.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Jun 2017 08:09:03 +0200<br><br>Visitors with referer are redirected to http://c2b1.localtds.com/?bxbTNJ&amp;keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: secon.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.10.3 <br>Date: Wed, 21 Jun 2017 06:09:03 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>X-Pingback: http://secon.se/xmlrpc.php <br>Link: &lt;http://secon.se/?p=24&gt;; rel=shortlink <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: secon.se <br>Referer: http://www.google.com/search?q=secon.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.10.3 <br>Date: Wed, 21 Jun 2017 06:09:00 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://c2b1.localtds.com/?bxbTNJ&amp;keyword=&amp;pill=<br><br>secon.se is on 194.9.94.102<br>ASN for 194.9.94.102: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.102 corresponds with s377.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1498050265http://kaffehornan.se/ (194.9.94.54) - Serp-hijackingAttacked url: http://kaffehornan.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Jun 2017 07:48:53 +0200<br><br>Visitors with referer are redirected to http://vados.biz/gosw?keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: kaffehornan.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.10.3 <br>Date: Wed, 21 Jun 2017 05:48:53 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Link: &lt;http://kaffehornan.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: kaffehornan.se <br>Referer: http://www.google.com/search?q=kaffehornan.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.10.3 <br>Date: Wed, 21 Jun 2017 05:48:51 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://vados.biz/gosw?keyword=&amp;pill=<br><br>kaffehornan.se is on 194.9.94.54<br>ASN for 194.9.94.54: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.54 corresponds with s517.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1498050261http://dev.crescent.se/ (195.74.38.117) - Serp-hijackingAttacked url: http://dev.crescent.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Jun 2017 06:33:05 +0200<br><br>Visitors with referer are redirected to http://www.cheapshop123.com/cheap1.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Wed, 21 Jun 2017 04:33:05 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=9h53q7qs1rd21k2mq1gl9hea33; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Referer: http://www.google.com/search?q=dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 21 Jun 2017 04:33:03 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=8g0nfbmb980u0d8m90ve4b01b4; path=/ <br>Location: http://www.cheapshop123.com/cheap1.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>dev.crescent.se is on 195.74.38.117<br>ASN for 195.74.38.117: 41528<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.117 corresponds with cl-17.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1498050258http://styrelsefolk.se/ (93.90.145.83) - Serp-hijackingAttacked url: http://styrelsefolk.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Jun 2017 05:32:29 +0200<br><br>Visitors with referer are redirected to http://www.doaat.com/download.php?pid= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: styrelsefolk.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 15 <br>Content-Type: text/html <br>ETag: &quot;&quot; <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDQABRQABS=CHGDCOKAGGENPNJBBDHBAHAI; path=/ <br>X-Powered-By: ASP.NET <br>Date: Wed, 21 Jun 2017 03:32:29 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: styrelsefolk.se <br>Referer: http://www.google.com/search?q=styrelsefolk.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 159 <br>Content-Type: text/html <br>ETag: &quot;&quot; <br>Location: http://www.doaat.com/download.php?pid= <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDQABRQABS=BHGDCOKAFGJCAFJMJOBKBFOF; path=/ <br>X-Powered-By: ASP.NET <br>Date: Wed, 21 Jun 2017 03:32:28 GMT <br>Connection: close<br><br>styrelsefolk.se is on 93.90.145.83<br>ASN for 93.90.145.83: 35041<br>Abusix contact information: abuse@levonline.com (information only)<br>rDNS not found for 93.90.145.83<br>Found address in whois: abuse@levonline.com1498050247http://bengtmattsson.se/ (217.68.32.42) - Serp-hijackingAttacked url: http://bengtmattsson.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Jun 2017 04:38:12 +0200<br><br>Visitors with referer are redirected to http://www.canadagoosese.org/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: bengtmattsson.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 129 <br>Content-Type: text/html <br>Location: home.asp <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDCCSSCDCQ=MHPFHOJAABDCEFKLLMFAIGDD; path=/ <br>X-Powered-By: ASP.NET <br>Date: Wed, 21 Jun 2017 02:38:10 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: bengtmattsson.se <br>Referer: http://www.google.com/search?q=bengtmattsson.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 150 <br>Content-Type: text/html <br>Location: http://www.canadagoosese.org/ <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDCCSSCDCQ=LHPFHOJAHBFKFEFDOFGIBNHD; path=/ <br>X-Powered-By: ASP.NET <br>Date: Wed, 21 Jun 2017 02:38:10 GMT <br>Connection: close<br><br>bengtmattsson.se is on 217.68.32.42<br>ASN for 217.68.32.42: 39078<br>Abusix contact information: abuse@gdm.se (information only)<br>rDNS not found for 217.68.32.42<br>Found address in whois: abuse@gdm.se1498050233http://idottonline.se/ (103.224.212.189) - Serp-hijackingAttacked url: http://idottonline.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Jun 2017 04:25:58 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcRqFOTUX0vCceXog1OA1wTVUHVzujKZNyNvLHROmPXTMfjyx2cBk6tLPQYb%2BOM6ScJXTFvX%2B%2BURnMDOptkA1PrZG%2BFBPsJuesbn6LSVRuLQN5D%2BTig36wSB4qBS9Z5dsy%2FM52GpP4JiNbFO92Wisg6xfnybs6PCK0XL68nM5mN%2Bbj5yMAHi6a6eyfyzEcVg5UC6RHvvXaZ3AlxEXqO3fUWvwaOYyvh2FONZU28zBtAhPm8LcEfrABAfiNqvLm9jflgY5IWzThbaWrRVFa5qgo%2FJqDFC2l8W7rC8kG1VbMXWJ4BI8myXbnm4q6A%2FwPRHGy%2FEpr613eTGlPRcIoGZBd9QSdi7UYg2aezHfRwuUc6eKLbhEQ2YCGYwxugN%2BqNStnP3Ovko%2FFxcM3xvE5fYYsWoEOA9X5kVviuC7oo0vAKWMYyT7XFyRDY9c1H8heBrP7DI2h%2BhhlogKG8mh0MeS%2BFNUvqxSvCPnjWB9ZYj2bK5KQvLxR6RhCHx9Fb9qF35d43lbbnDWwtaWp3xvxFCQ4E%2BsAhnUorFkmW <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: idottonline.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 21 Jun 2017 02:25:58 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1498011958.6158096; expires=Sat, 19-Jun-2027 02:25:58 GMT; Max-Age=315360000 <br>Location: http://ww11.idottonline.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: idottonline.se <br>Referer: http://www.google.com/search?q=idottonline.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 21 Jun 2017 02:25:57 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45-0+deb7u8 <br>Set-Cookie: __tad=1498011957.6000890; expires=Sat, 19-Jun-2027 02:25:57 GMT <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcRqFOTUX0vCceXog1OA1wTVUHVzujKZNyNvLHROmPXTMfjyx2cBk6tLPQYb%2BOM6ScJXTFvX%2B%2BURnMDOptkA1PrZG%2BFBPsJuesbn6LSVRuLQN5D%2BTig36wSB4qBS9Z5dsy%2FM52GpP4JiNbFO92Wisg6xfnybs6PCK0XL68nM5mN%2Bbj5yMAHi6a6eyfyzEcVg5UC6RHvvXaZ3AlxEXqO3fUWvwaOYyvh2FONZU28zBtAhPm8LcEfrABAfiNqvLm9jflgY5IWzThbaWrRVFa5qgo%2FJqDFC2l8W7rC8kG1VbMXWJ4BI8myXbnm4q6A%2FwPRHGy%2FEpr613eTGlPRcIoGZBd9QSdi7UYg2aezHfRwuUc6eKLbhEQ2YCGYwxugN%2BqNStnP3Ovko%2FFxcM3xvE5fYYsWoEOA9X5kVviuC7oo0vAKWMYyT7XFyRDY9c1H8heBrP7DI2h%2BhhlogKG8mh0MeS%2BFNUvqxSvCPnjWB9ZYj2bK5KQvLxR6RhCHx9Fb9qF35d43lbbnDWwtaWp3xvxFCQ4E%2BsAhnUorFkmW <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>idottonline.se is on 103.224.212.189<br>ASN for 103.224.212.189: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.189 corresponds with lb-212-189.above.com<br>Abuse.net does not have any reliable address for lb-212-189.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-189.above.com1498050215http://mccenter.se/ (93.90.145.83) - Serp-hijackingAttacked url: http://mccenter.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Jun 2017 04:19:27 +0200<br><br>Visitors with referer are redirected to http://blog.163.com/cheapfifa16coins <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: mccenter.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 890 <br>Content-Type: text/html <br>ETag: &quot;&quot; <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDCADRBBAR=CPJPPFNAHNLEIAABIDJLKCGH; path=/ <br>X-Powered-By: ASP.NET <br>Date: Wed, 21 Jun 2017 02:19:28 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: mccenter.se <br>Referer: http://www.google.com/search?q=mccenter.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 157 <br>Content-Type: text/html <br>ETag: &quot;&quot; <br>Location: http://blog.163.com/cheapfifa16coins <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDCADRBBAR=BPJPPFNAPJIAJBODJIHMCEFL; path=/ <br>X-Powered-By: ASP.NET <br>Date: Wed, 21 Jun 2017 02:19:28 GMT <br>Connection: close<br><br>mccenter.se is on 93.90.145.83<br>ASN for 93.90.145.83: 35041<br>Abusix contact information: abuse@levonline.com (information only)<br>rDNS not found for 93.90.145.83<br>Found address in whois: abuse@levonline.com1498050212http://marktmedia.se/ (103.224.212.195) - Serp-hijackingAttacked url: http://marktmedia.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Jun 2017 03:21:43 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcRgvk79gtlWt29Mg%2B40fVZMghl3lJQo%2FjKO9JKK%2Fw4x%2BEBXAUaU1qLy5wHYmKyXvhB6zoBOe2HsaBeKldXR2%2BybNb95qvnJm7HSVT46poULdla3xO7o8Fm3zc3pejauJdhy0oQ28iG39Tumz5Q2H9z0z3NJTNMUylbH9rXNfBQVOoLoB4RP%2B94%2FrHNOhi2zKOsOfZGouw5CHZcxqdsuvWPl7%2FPLGeogT%2FCNdluykbB9GP59FAKpd2%2BNLxo8pJAfKALjyUGVA2ULj0REZOGhgwGFGEkpDw6FMlZ%2BKfP9ebjzr14aw2X9DePvgZgMTnVtH7qZroMSJL514V%2BeQauDUN4vlCIpChNfkS4q%2Bw8sxC74e0zRXzRdh%2B4Ao4Ga5cvyb7TFVplRqPhhXMSmhyh5rh7R%2B171sHup10L1rSsr1YCIuC19T91I9VNvLCfr3osy6d75dW5OOr2tG%2FSSNIPaWT67D0NNT6FR2OY3GASuwWNNfQAR7uJwu%2BBK%2F4mcnQQelDWkMpnggCPSkK2eE1RtrlDPA%3D%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: marktmedia.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 21 Jun 2017 01:21:44 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1498008104.8636732; expires=Sat, 19-Jun-2027 01:21:44 GMT; Max-Age=315360000 <br>Location: http://ww11.marktmedia.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: marktmedia.se <br>Referer: http://www.google.com/search?q=marktmedia.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 21 Jun 2017 01:21:43 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1498008103.5356352; expires=Sat, 19-Jun-2027 01:21:43 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcRgvk79gtlWt29Mg%2B40fVZMghl3lJQo%2FjKO9JKK%2Fw4x%2BEBXAUaU1qLy5wHYmKyXvhB6zoBOe2HsaBeKldXR2%2BybNb95qvnJm7HSVT46poULdla3xO7o8Fm3zc3pejauJdhy0oQ28iG39Tumz5Q2H9z0z3NJTNMUylbH9rXNfBQVOoLoB4RP%2B94%2FrHNOhi2zKOsOfZGouw5CHZcxqdsuvWPl7%2FPLGeogT%2FCNdluykbB9GP59FAKpd2%2BNLxo8pJAfKALjyUGVA2ULj0REZOGhgwGFGEkpDw6FMlZ%2BKfP9ebjzr14aw2X9DePvgZgMTnVtH7qZroMSJL514V%2BeQauDUN4vlCIpChNfkS4q%2Bw8sxC74e0zRXzRdh%2B4Ao4Ga5cvyb7TFVplRqPhhXMSmhyh5rh7R%2B171sHup10L1rSsr1YCIuC19T91I9VNvLCfr3osy6d75dW5OOr2tG%2FSSNIPaWT67D0NNT6FR2OY3GASuwWNNfQAR7uJwu%2BBK%2F4mcnQQelDWkMpnggCPSkK2eE1RtrlDPA%3D%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>marktmedia.se is on 103.224.212.195<br>ASN for 103.224.212.195: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.195 corresponds with lb-212-195.above.com<br>Abuse.net does not have any reliable address for lb-212-195.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-195.above.com1498050207http://umeatidningstransporter.se/ (194.9.95.100) - Serp-hijackingAttacked url: http://umeatidningstransporter.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Jun 2017 01:42:26 +0200<br><br>Visitors with referer are redirected to http://vados.biz/gosw?keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: umeatidningstransporter.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.10.3 <br>Date: Tue, 20 Jun 2017 23:42:26 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Link: &lt;http://utt.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: umeatidningstransporter.se <br>Referer: http://www.google.com/search?q=umeatidningstransporter.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.10.3 <br>Date: Tue, 20 Jun 2017 23:42:25 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://vados.biz/gosw?keyword=&amp;pill=<br><br>umeatidningstransporter.se is on 194.9.95.100<br>ASN for 194.9.95.100: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.95.100 corresponds with s7.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1498050196http://saxnasgarden.se/ (103.224.212.186) - Serp-hijackingAttacked url: http://saxnasgarden.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Jun 2017 01:34:05 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcRCv2r1EbeNq%2Bkd5xI0xPS4HhMU9CTqfit2xraN7z8JoYAheqRJj%2BL5FqsWOx4xsIk4VT570z09mT%2BEbFbQWlVXrmLOpLaNYMoEAaXDscW7yMi5N6ZXi5gbOR3aXXQVI3dWnUbN5bEAO7kHkw4izbnertJl1fz9XhbOyT%2BJ4VVzCNEXAXh01A1y%2BsAwHTuZPtjF9YN1U2%2FFUVzLFp4lO%2FQIgj97WXe%2BW9sdi1sqzng59k%2FR1xID394mvPfg5aJy5Z5UET1He7Cc0rf6qX%2BBCmkxGr%2FsZkvHRcQ4J8m5asDyxKEMCBZVLekIUzpyaRQljgMMA2irRGgKFlOeVbsX3Zo1OzAzhHNbpqVlRCKSSwt3RnIAKoxvsoCvP8TSSNogfPGr%2Fui1IQ9YQx%2FrB00ViYluj0T0IUsnViK9EIcXPZoFwvUpzQprJiQMtu3JioOYAUWKRk8jv4UYpMxS6Iw3OQXRThOCMa3QlVtQWstZDOMkqVQCYTYGf3cO5UsaqbIhqCoLCTcRompDjDCSA9Al78ZkDKTPybGJ5Tt <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: saxnasgarden.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 20 Jun 2017 23:34:06 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1498001646.7958361; expires=Fri, 18-Jun-2027 23:34:06 GMT; Max-Age=315360000 <br>Location: http://ww11.saxnasgarden.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: saxnasgarden.se <br>Referer: http://www.google.com/search?q=saxnasgarden.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 20 Jun 2017 23:34:05 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1498001645.4498003; expires=Fri, 18-Jun-2027 23:34:05 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcRCv2r1EbeNq%2Bkd5xI0xPS4HhMU9CTqfit2xraN7z8JoYAheqRJj%2BL5FqsWOx4xsIk4VT570z09mT%2BEbFbQWlVXrmLOpLaNYMoEAaXDscW7yMi5N6ZXi5gbOR3aXXQVI3dWnUbN5bEAO7kHkw4izbnertJl1fz9XhbOyT%2BJ4VVzCNEXAXh01A1y%2BsAwHTuZPtjF9YN1U2%2FFUVzLFp4lO%2FQIgj97WXe%2BW9sdi1sqzng59k%2FR1xID394mvPfg5aJy5Z5UET1He7Cc0rf6qX%2BBCmkxGr%2FsZkvHRcQ4J8m5asDyxKEMCBZVLekIUzpyaRQljgMMA2irRGgKFlOeVbsX3Zo1OzAzhHNbpqVlRCKSSwt3RnIAKoxvsoCvP8TSSNogfPGr%2Fui1IQ9YQx%2FrB00ViYluj0T0IUsnViK9EIcXPZoFwvUpzQprJiQMtu3JioOYAUWKRk8jv4UYpMxS6Iw3OQXRThOCMa3QlVtQWstZDOMkqVQCYTYGf3cO5UsaqbIhqCoLCTcRompDjDCSA9Al78ZkDKTPybGJ5Tt <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>saxnasgarden.se is on 103.224.212.186<br>ASN for 103.224.212.186: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.186 corresponds with lb-212-186.above.com<br>Abuse.net does not have any reliable address for lb-212-186.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-186.above.com1498050193http://intressant.nu/ (66.33.215.206) - Serp-hijackingAttacked url: http://intressant.nu/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Jun 2017 01:17:23 +0200<br><br>Visitors with referer are redirected to http://methuenedge.com/stats.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: intressant.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 20 Jun 2017 23:17:22 GMT <br>Server: Apache <br>Vary: Accept-Encoding <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: intressant.nu <br>Referer: http://www.google.com/search?q=intressant.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Tue, 20 Jun 2017 23:17:22 GMT <br>Server: Apache <br>Location: http://methuenedge.com/stats.php <br>Vary: Accept-Encoding <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>intressant.nu is on 66.33.215.206<br>ASN for 66.33.215.206: 26347<br>Abusix contact information: abuse@dreamhost.com (information only)<br>66.33.215.206 corresponds with apache2-igloo.beehive.dreamhost.com<br>Abuse.net has 2 reliable address(es) for dreamhost.com<br>Found address(es): abuse@dreamhost.com abuse-replies@dreamhost.com1498050191http://ithu.se/ (194.9.94.15) - Serp-hijackingAttacked url: http://ithu.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Jun 2017 01:02:16 +0200<br><br>Visitors with referer are redirected to http://04b962.localtds.com/?bxbTNJ&amp;keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: ithu.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx/1.10.3 <br>Date: Tue, 20 Jun 2017 23:02:16 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://ny.ithu.se/ <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: ithu.se <br>Referer: http://www.google.com/search?q=ithu.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.10.3 <br>Date: Tue, 20 Jun 2017 23:02:15 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://04b962.localtds.com/?bxbTNJ&amp;keyword=&amp;pill=<br><br>ithu.se is on 194.9.94.15<br>ASN for 194.9.94.15: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.15 corresponds with s515.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1498050180http://fastpomemap.se/ (103.224.212.184) - Serp-hijackingAttacked url: http://fastpomemap.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Jun 2017 00:53:21 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcRtBPX6TcbAWWhKoYfds0YBAnjaCuuePwIzMz2Za8ksEiCZV3lQ8OcEmChGbquz%2FmyvogoAE36UBxFKH2fnQ7dd87RMEzFVA2X97sN5%2FGIKjJXQyxdPew3WIbT76ksfLn%2BUxAW6oQt4cbfAbedBiXTA0hifOk%2F56k8Ki%2FP3RL52RDAk4JjDbnV8GmmTaKm4wbg5x5ZSuDMHsUXS07m49MniYvEtcx9cnu6SlzM2PLlX2iyzYa2gLpS41B%2B8nbi9Ii1fizsypJwJz%2BCI99kImttsD9CYv0HjXImbbIGrhvafDEyt6RWeixMix5ObJRhbapXBg0B1tbtt4ZPiS9HWasUvOAkqWKwdQ45g34uspUlS74kjbM1KFqRJVBrrbYEsEJYNfY3Oh7AUefo3AquNkqpTKg6a%2BM%2FLvNf0dSzYXa57Xa5zqTxvUznquyJpA0Yx2GPATVrtUXQDPSvtu6wX80jVAt7oSyZkRCdvDggTq3nE%2BszwSL2bKnh26995GcJ5UCLcybgvtOkdOnvgvRlG5ivbQ%3D%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: fastpomemap.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 20 Jun 2017 22:53:22 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497999202.3483056; expires=Fri, 18-Jun-2027 22:53:22 GMT; Max-Age=315360000 <br>Location: http://ww11.fastpomemap.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: fastpomemap.se <br>Referer: http://www.google.com/search?q=fastpomemap.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 20 Jun 2017 22:53:21 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45-0+deb7u8 <br>Set-Cookie: __tad=1497999201.6702966; expires=Fri, 18-Jun-2027 22:53:21 GMT <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcRtBPX6TcbAWWhKoYfds0YBAnjaCuuePwIzMz2Za8ksEiCZV3lQ8OcEmChGbquz%2FmyvogoAE36UBxFKH2fnQ7dd87RMEzFVA2X97sN5%2FGIKjJXQyxdPew3WIbT76ksfLn%2BUxAW6oQt4cbfAbedBiXTA0hifOk%2F56k8Ki%2FP3RL52RDAk4JjDbnV8GmmTaKm4wbg5x5ZSuDMHsUXS07m49MniYvEtcx9cnu6SlzM2PLlX2iyzYa2gLpS41B%2B8nbi9Ii1fizsypJwJz%2BCI99kImttsD9CYv0HjXImbbIGrhvafDEyt6RWeixMix5ObJRhbapXBg0B1tbtt4ZPiS9HWasUvOAkqWKwdQ45g34uspUlS74kjbM1KFqRJVBrrbYEsEJYNfY3Oh7AUefo3AquNkqpTKg6a%2BM%2FLvNf0dSzYXa57Xa5zqTxvUznquyJpA0Yx2GPATVrtUXQDPSvtu6wX80jVAt7oSyZkRCdvDggTq3nE%2BszwSL2bKnh26995GcJ5UCLcybgvtOkdOnvgvRlG5ivbQ%3D%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>fastpomemap.se is on 103.224.212.184<br>ASN for 103.224.212.184: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.184 corresponds with lb-212-184.above.com<br>Abuse.net does not have any reliable address for lb-212-184.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-184.above.com1498050168http://davidlilja.se/ (194.9.95.75) - Serp-hijackingAttacked url: http://davidlilja.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Jun 2017 00:52:59 +0200<br><br>Visitors with referer are redirected to http://vados.biz/gosw?keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: davidlilja.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.10.3 <br>Date: Tue, 20 Jun 2017 22:52:59 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Link: &lt;http://davidlilja.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br>Link: &lt;http://wp.me/P8xTbr-nK&gt;; rel=shortlink <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: davidlilja.se <br>Referer: http://www.google.com/search?q=davidlilja.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.10.3 <br>Date: Tue, 20 Jun 2017 22:52:57 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://vados.biz/gosw?keyword=&amp;pill=<br><br>davidlilja.se is on 194.9.95.75<br>ASN for 194.9.95.75: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.95.75 corresponds with s190.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1498050165http://tip-tops.se/ (195.128.174.138) - Serp-hijackingAttacked url: http://tip-tops.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Jun 2017 00:39:59 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: tip-tops.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Tue, 20 Jun 2017 22:39:59 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Server: Apache/2.2.3 (CloudLinux) <br>X-Powered-By: PHP/5.3.3 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>Set-Cookie: PHPSESSID=1mqrpgfpqe90t1615ttbcjpia3; path=/ <br>Location: http://www.tip-tops.se/ <br>X-TAProxy: proxy-web-dyn-04 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: tip-tops.se <br>Referer: http://www.google.com/search?q=tip-tops.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Tue, 20 Jun 2017 22:39:57 GMT <br>Content-Type: text/html <br>Connection: close <br>Server: Apache/2.2.3 (CloudLinux) <br>X-Powered-By: PHP/5.3.3 <br>Location: http://islas.co.uk/college/image/ <br>X-TAProxy: proxy-web-dyn-04<br><br>tip-tops.se is on 195.128.174.138<br>ASN for 195.128.174.138: 31027<br>Abusix contact information: abuse@talkactive.net (information only)<br>195.128.174.138 corresponds with web38.talkactive.net<br>Abuse.net has 2 reliable address(es) for talkactive.net<br>Found address(es): abuse@webpartner.dk abuse@talkactive.net1498050156http://prpellerheads.se/ (103.224.212.191) - Serp-hijackingAttacked url: http://prpellerheads.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Jun 2017 00:31:38 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcRE2%2Byq3Sn0scxs3%2F5KmCsVnl7PUBYsGhh99ZZQ%2BGmi1oHV5TeLSa%2FlQL5CfEs0Na4wYgVTmc8sKZQl4WorCFwZizk41TkToEXU%2BXTGpVmphoGZOuCbBW41PYjE3Pk4Wh1eWBrp04dvh1h%2FYGG72kjv1%2BjXeWiFSzWzEW8CYyoReZ3b2BQXKbSvGkPY2i%2BZSkInl9loHBYe5ViJNaYOl5KNT6owZ%2B4ajM6jBr7k0EuDK5v3m44Us5vs8xMEFAwixgvkaowSW63kUVb0IMLMnSoXHQ23RgCbbqrd35SA1NNqSE9J07HMQJ%2Fi1L%2B76P9xVODxWdLxWNBVBatJGS%2FRZfP9z3Le5IbG8l6ulL8YP%2FGR9hva3ygtabYbWumd%2BG57oLtGTlXu%2FtF9jcFVi1qTdo28LI20vuLUQbxwJDufwrkvQRNjN1IGE4JHJSrTb%2B00uoqHOaBC%2Fb2Hv00ygo768QyVeEFKzt4DiQ%2BUuTcyRHNSpHvEApQu2UP%2BXvRYDQicIA5x65OF6jPwD%2FMy8g2fc9zsJZWjmM9uQ1iE8mzQHStT2c%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: prpellerheads.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 20 Jun 2017 22:31:39 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45-0+deb7u8 <br>Set-Cookie: __tad=1497997899.3491548; expires=Fri, 18-Jun-2027 22:31:39 GMT <br>Location: http://ww11.prpellerheads.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: prpellerheads.se <br>Referer: http://www.google.com/search?q=prpellerheads.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 20 Jun 2017 22:31:38 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497997898.7315708; expires=Fri, 18-Jun-2027 22:31:38 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcRE2%2Byq3Sn0scxs3%2F5KmCsVnl7PUBYsGhh99ZZQ%2BGmi1oHV5TeLSa%2FlQL5CfEs0Na4wYgVTmc8sKZQl4WorCFwZizk41TkToEXU%2BXTGpVmphoGZOuCbBW41PYjE3Pk4Wh1eWBrp04dvh1h%2FYGG72kjv1%2BjXeWiFSzWzEW8CYyoReZ3b2BQXKbSvGkPY2i%2BZSkInl9loHBYe5ViJNaYOl5KNT6owZ%2B4ajM6jBr7k0EuDK5v3m44Us5vs8xMEFAwixgvkaowSW63kUVb0IMLMnSoXHQ23RgCbbqrd35SA1NNqSE9J07HMQJ%2Fi1L%2B76P9xVODxWdLxWNBVBatJGS%2FRZfP9z3Le5IbG8l6ulL8YP%2FGR9hva3ygtabYbWumd%2BG57oLtGTlXu%2FtF9jcFVi1qTdo28LI20vuLUQbxwJDufwrkvQRNjN1IGE4JHJSrTb%2B00uoqHOaBC%2Fb2Hv00ygo768QyVeEFKzt4DiQ%2BUuTcyRHNSpHvEApQu2UP%2BXvRYDQicIA5x65OF6jPwD%2FMy8g2fc9zsJZWjmM9uQ1iE8mzQHStT2c%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>prpellerheads.se is on 103.224.212.191<br>ASN for 103.224.212.191: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.191 corresponds with lb-212-191.above.com<br>Abuse.net does not have any reliable address for lb-212-191.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-191.above.com1498050154http://bolibygg.se/ (195.74.38.148) - Serp-hijackingAttacked url: http://bolibygg.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 20 Jun 2017 23:43:57 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: bolibygg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 20 Jun 2017 21:43:58 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Link: &lt;http://bolibygg.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br>Pool-Info: /Common/CloudLinux-cluster-34 10.160.2.34 80 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: bolibygg.se <br>Referer: http://www.google.com/search?q=bolibygg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Tue, 20 Jun 2017 21:43:50 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html <br>Pool-Info: /Common/CloudLinux-cluster-34 10.160.2.34 80<br><br>bolibygg.se is on 195.74.38.148<br>ASN for 195.74.38.148: 41528<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.148 corresponds with cl-34.atm.binero.net<br>Abuse.net does not have any reliable address for cl-34.atm.binero.net<br>Found address in whois: drift@binero.se abuse@binero.se1498050072http://svaneholmfiber.se/ (195.74.38.127) - Serp-hijackingAttacked url: http://svaneholmfiber.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 20 Jun 2017 23:10:46 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: svaneholmfiber.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Tue, 20 Jun 2017 21:10:46 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>X-Pingback: http://www.svaneholmfiber.se/xmlrpc.php <br>Location: http://www.svaneholmfiber.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: svaneholmfiber.se <br>Referer: http://www.google.com/search?q=svaneholmfiber.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Tue, 20 Jun 2017 21:10:19 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>svaneholmfiber.se is on 195.74.38.127<br>ASN for 195.74.38.127: 41528<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.127 corresponds with cl-23.atm.binero.net<br>Abuse.net does not have any reliable address for cl-23.atm.binero.net<br>Found address in whois: drift@binero.se abuse@binero.se1498050070http://mhs.se/ (194.9.94.228) - Serp-hijackingAttacked url: http://mhs.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 20 Jun 2017 22:46:35 +0200<br><br>Visitors with referer are redirected to http://36742.localtds.com/?bxbTNJ&amp;keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: mhs.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.10.3 <br>Date: Tue, 20 Jun 2017 20:46:35 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Link: &lt;http://mhs.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br>Link: &lt;http://mhs.se/&gt;; rel=shortlink <br>X-Frame-Options: SAMEORIGIN <br>X-XSS-Protection: 1; mode=block <br>X-Content-Type-Options: nosniff <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: mhs.se <br>Referer: http://www.google.com/search?q=mhs.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.10.3 <br>Date: Tue, 20 Jun 2017 20:46:32 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://36742.localtds.com/?bxbTNJ&amp;keyword=&amp;pill= <br>X-Frame-Options: SAMEORIGIN <br>X-XSS-Protection: 1; mode=block <br>X-Content-Type-Options: nosniff<br><br>mhs.se is on 194.9.94.228<br>ASN for 194.9.94.228: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.228 corresponds with s169.loopia.se<br>Abuse.net does not have any reliable address for s169.loopia.se<br>Found address in whois: abuse@loopia.se1498050060http://ydrekommun.se/ (103.224.212.194) - Serp-hijackingAttacked url: http://ydrekommun.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 20 Jun 2017 22:31:09 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcRjbwNGFEWTS7m3yGkGG9nHJ3WpFA8X2w7UchZA669xCFJy3FJqFMmZF92ho0ECdfg0yfe3pGWouKfbS1Zkm0QVKiMpF%2FQI4pCgEyObkQdiUHiq7B%2B4lHfsd5strzuPf2xh32%2BjLJ02qyJCy%2BBwg%2FUmAsthfzmBLsHCYl8RP1KSMu8fdVH5kwXvekY3uqxQKaGNmR7XiOO%2FxvmmWmSO4oApiLnJOfxVw1neQpBHeKfad8aBTv1BEbzbyPW3dpfZA5D1Y3GOF60XrN9nP3mrDdAyt%2B66OqhQroP4f5IR5GJRAcsdb4pHtWqZOE%2B4OqX4qmSQr%2F32arCztHykLpdnnPkulhbdgqFRkXnxewOtjpqkN8TavkCzXO0NSGT5wDAZAeXQv8L%2BtGcpdrM5cypNY9y%2FKYadZgr%2F2SO%2Bx5%2BqFyvNidcnrQ3n0sZtcBVk4Q0OTC57uA099xJ23ww11Rbs7IBJzoPfXAbB9d4CPSHs2HuZMdIIjOpPjNtvoqT9aI708c%2BqLCm2boKPAJp%2BmZ0fg4aAg%3D%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: ydrekommun.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 20 Jun 2017 20:31:09 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497990669.6161816; expires=Fri, 18-Jun-2027 20:31:09 GMT; Max-Age=315360000 <br>Location: http://ww11.ydrekommun.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: ydrekommun.se <br>Referer: http://www.google.com/search?q=ydrekommun.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 20 Jun 2017 20:31:08 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497990668.3961200; expires=Fri, 18-Jun-2027 20:31:08 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcRjbwNGFEWTS7m3yGkGG9nHJ3WpFA8X2w7UchZA669xCFJy3FJqFMmZF92ho0ECdfg0yfe3pGWouKfbS1Zkm0QVKiMpF%2FQI4pCgEyObkQdiUHiq7B%2B4lHfsd5strzuPf2xh32%2BjLJ02qyJCy%2BBwg%2FUmAsthfzmBLsHCYl8RP1KSMu8fdVH5kwXvekY3uqxQKaGNmR7XiOO%2FxvmmWmSO4oApiLnJOfxVw1neQpBHeKfad8aBTv1BEbzbyPW3dpfZA5D1Y3GOF60XrN9nP3mrDdAyt%2B66OqhQroP4f5IR5GJRAcsdb4pHtWqZOE%2B4OqX4qmSQr%2F32arCztHykLpdnnPkulhbdgqFRkXnxewOtjpqkN8TavkCzXO0NSGT5wDAZAeXQv8L%2BtGcpdrM5cypNY9y%2FKYadZgr%2F2SO%2Bx5%2BqFyvNidcnrQ3n0sZtcBVk4Q0OTC57uA099xJ23ww11Rbs7IBJzoPfXAbB9d4CPSHs2HuZMdIIjOpPjNtvoqT9aI708c%2BqLCm2boKPAJp%2BmZ0fg4aAg%3D%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>ydrekommun.se is on 103.224.212.194<br>ASN for 103.224.212.194: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.194 corresponds with lb-212-194.above.com<br>Abuse.net does not have any reliable address for lb-212-194.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@lb-212-194.above.com abuse@above.com1498050053http://empatiabokochbild.se/ (93.90.145.83) - Serp-hijackingAttacked url: http://empatiabokochbild.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 20 Jun 2017 22:23:53 +0200<br><br>Visitors with referer are redirected to http://www.lampsnext.com/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: empatiabokochbild.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 7030 <br>Content-Type: text/html <br>ETag: &quot;&quot; <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDQQSCBCDS=PAEBLPBANKDFPCCLLJGMBEDG; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 20 Jun 2017 20:23:54 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: empatiabokochbild.se <br>Referer: http://www.google.com/search?q=empatiabokochbild.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 146 <br>Content-Type: text/html <br>ETag: &quot;&quot; <br>Location: http://www.lampsnext.com/ <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDQQSCBCDS=OAEBLPBAFCMGKLNJKBILBFKB; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 20 Jun 2017 20:23:54 GMT <br>Connection: close<br><br>empatiabokochbild.se is on 93.90.145.83<br>ASN for 93.90.145.83: 35041<br>Abusix contact information: abuse@levonline.com (information only)<br>rDNS not found for 93.90.145.83<br>Found address in whois: abuse@levonline.com1498050050http://joopot.se/ (195.74.38.63) - Serp-hijackingAttacked url: http://joopot.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 20 Jun 2017 22:15:10 +0200<br><br>Visitors with referer are redirected to http://www.tatlitarifleri.tv/2670/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: joopot.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 20 Jun 2017 20:15:10 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30 <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br>Pool-Info: /Common/CloudLinux-cluster-02 10.160.3.2 80 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: joopot.se <br>Referer: http://www.google.com/search?q=joopot.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 20 Jun 2017 20:15:10 GMT <br>Server: Apache <br>Location: http://www.tatlitarifleri.tv/2670/ <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1 <br>Pool-Info: /Common/CloudLinux-cluster-02 10.160.3.2 80<br><br>joopot.se is on 195.74.38.63<br>ASN for 195.74.38.63: 41528<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.63 corresponds with cl-02.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1498050011http://fernanda.se/ (103.224.212.198) - Serp-hijackingAttacked url: http://fernanda.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 20 Jun 2017 21:32:04 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcRVt4OtSj%2F20rMoIo0nutKxYTeAUgVsWp1IoJtjbRkv7uGvKhYnuL1YdaEwPMj%2B9dprXI2YQ1oHGoRrK7jLEEDTUxVc4Gb7yus88RKb7mpyCp1e0vbNfNPw9eSAhbOEzK4AtzJLeziw9WI463AHKvKt7s6qVoou%2B%2Bo38XLFBM6Iov%2FxTbFRqN05SHqbNoRX%2FylqKODUzXWc0GpusBdk1Y0pazhzlHYNEX61eBRwzGLShehroYhPPmRl9KV6YuoPwl8WgqwztnxCgyydrdlW%2FWiucOm4gSfOoBdAx4bUIe5%2FaW1SO%2B%2ByqtpS66jmH6EL9iykIJ6F5xaFE8rpQpYczQd2brKSVeb1%2FzgeOaWiH1BCLYCL2JxjUtmGua2xJJCWUjNWao5MRTrgNBY9YlxGSrsvntORwaPTJLdVfTXeMgMtxhHxH57M9Yt%2B%2BLdRPoO9Dh47y6Rr2fwKysGILyYw%2BVwG4Ach%2BmsSYKJt%2FNx8G7bvcdwsbaSp4ag9Mz1JNc8lyZ7mLLhCNMJXrg%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: fernanda.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 20 Jun 2017 19:32:04 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497987124.5031990; expires=Fri, 18-Jun-2027 19:32:04 GMT; Max-Age=315360000 <br>Location: http://ww11.fernanda.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: fernanda.se <br>Referer: http://www.google.com/search?q=fernanda.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 20 Jun 2017 19:32:03 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45-0+deb7u8 <br>Set-Cookie: __tad=1497987123.8233451; expires=Fri, 18-Jun-2027 19:32:03 GMT <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcRVt4OtSj%2F20rMoIo0nutKxYTeAUgVsWp1IoJtjbRkv7uGvKhYnuL1YdaEwPMj%2B9dprXI2YQ1oHGoRrK7jLEEDTUxVc4Gb7yus88RKb7mpyCp1e0vbNfNPw9eSAhbOEzK4AtzJLeziw9WI463AHKvKt7s6qVoou%2B%2Bo38XLFBM6Iov%2FxTbFRqN05SHqbNoRX%2FylqKODUzXWc0GpusBdk1Y0pazhzlHYNEX61eBRwzGLShehroYhPPmRl9KV6YuoPwl8WgqwztnxCgyydrdlW%2FWiucOm4gSfOoBdAx4bUIe5%2FaW1SO%2B%2ByqtpS66jmH6EL9iykIJ6F5xaFE8rpQpYczQd2brKSVeb1%2FzgeOaWiH1BCLYCL2JxjUtmGua2xJJCWUjNWao5MRTrgNBY9YlxGSrsvntORwaPTJLdVfTXeMgMtxhHxH57M9Yt%2B%2BLdRPoO9Dh47y6Rr2fwKysGILyYw%2BVwG4Ach%2BmsSYKJt%2FNx8G7bvcdwsbaSp4ag9Mz1JNc8lyZ7mLLhCNMJXrg%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>fernanda.se is on 103.224.212.198<br>ASN for 103.224.212.198: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.198 corresponds with lb-212-198.above.com<br>Abuse.net does not have any reliable address for lb-212-198.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@lb-212-198.above.com abuse@above.com1498049977http://grandparym.se/ (103.224.212.199) - Serp-hijackingAttacked url: http://grandparym.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 20 Jun 2017 20:14:29 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcRh9YWONv73tvX3pSlKnjnS4Sa%2FE8Y1AaP6Y9Z%2B8dNv67%2FBnxqDayeBrvt3XY8wT5rzsyoKkZnS2dMxFAPAoheDP4wawo0jjoE0xISs0NVkqrflx4vqs9gxRBYeIJnCwgpfy6nTUo4NUdhrOVujqsCIidpAKJbdzGFG23yzEaOxTJc5SgPFgl1Am7%2FyX1WX%2BqpUvxlAsf60wTzX0lK8VSxvYlx%2BXKSsvab52%2BuMjJL89%2BapgHzUsdukiBa%2FjHnj%2BzbFrbrlKKOCK3yAygqQZVPT0Fo70dMc2aeTXVeTpt9SsSQaqNDpMWnnxffKlDx02DlGzAW8w5DGcPPB%2BV1LgHuizqvdaa9E7jzosgrctdmRAl6Jyo%2FX1qOiJqF%2FOSWcybqFanYKxlPqpmpOAdUXjPjVf0Ba82H3h4EjC6WbQeznhXFp8ywOaRt5lYjmXKczdMfvSwFgM%2F5MwKChI9mYF2P4g%2FpYVstghkP2wjA42%2F%2FcmcBzEfRZVaw7VxSM9fBfaj4P3LfuOQGKaAUA%2BAf%2FeW7xGJQcLhx7H1T <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: grandparym.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 20 Jun 2017 18:14:30 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497982470.1454974; expires=Fri, 18-Jun-2027 18:14:30 GMT; Max-Age=315360000 <br>Location: http://ww11.grandparym.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: grandparym.se <br>Referer: http://www.google.com/search?q=grandparym.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 20 Jun 2017 18:14:29 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497982469.2038799; expires=Fri, 18-Jun-2027 18:14:29 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcRh9YWONv73tvX3pSlKnjnS4Sa%2FE8Y1AaP6Y9Z%2B8dNv67%2FBnxqDayeBrvt3XY8wT5rzsyoKkZnS2dMxFAPAoheDP4wawo0jjoE0xISs0NVkqrflx4vqs9gxRBYeIJnCwgpfy6nTUo4NUdhrOVujqsCIidpAKJbdzGFG23yzEaOxTJc5SgPFgl1Am7%2FyX1WX%2BqpUvxlAsf60wTzX0lK8VSxvYlx%2BXKSsvab52%2BuMjJL89%2BapgHzUsdukiBa%2FjHnj%2BzbFrbrlKKOCK3yAygqQZVPT0Fo70dMc2aeTXVeTpt9SsSQaqNDpMWnnxffKlDx02DlGzAW8w5DGcPPB%2BV1LgHuizqvdaa9E7jzosgrctdmRAl6Jyo%2FX1qOiJqF%2FOSWcybqFanYKxlPqpmpOAdUXjPjVf0Ba82H3h4EjC6WbQeznhXFp8ywOaRt5lYjmXKczdMfvSwFgM%2F5MwKChI9mYF2P4g%2FpYVstghkP2wjA42%2F%2FcmcBzEfRZVaw7VxSM9fBfaj4P3LfuOQGKaAUA%2BAf%2FeW7xGJQcLhx7H1T <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>grandparym.se is on 103.224.212.199<br>ASN for 103.224.212.199: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.199 corresponds with lb-212-199.above.com<br>Abuse.net does not have any reliable address for lb-212-199.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-199.above.com1498049975http://stadsmagasinet.se/ (194.9.95.119) - Serp-hijackingAttacked url: http://stadsmagasinet.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 20 Jun 2017 20:14:19 +0200<br><br>Visitors with referer are redirected to http://1e7.localtds.com/?bxbTNJ&amp;keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: stadsmagasinet.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.10.3 <br>Date: Tue, 20 Jun 2017 18:14:20 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Link: &lt;http://stadsmagasinet.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br>Link: &lt;http://stadsmagasinet.se/&gt;; rel=shortlink <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: stadsmagasinet.se <br>Referer: http://www.google.com/search?q=stadsmagasinet.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.10.3 <br>Date: Tue, 20 Jun 2017 18:14:19 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://1e7.localtds.com/?bxbTNJ&amp;keyword=&amp;pill=<br><br>stadsmagasinet.se is on 194.9.95.119<br>ASN for 194.9.95.119: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.95.119 corresponds with s298.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1498049973http://upplyssningen.se/ (103.224.212.191) - Serp-hijackingAttacked url: http://upplyssningen.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 20 Jun 2017 19:48:51 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcRbV%2FSkcN5fQnrfGj%2BRB90xoQR3IoOE0jZmxT5QPwu%2Fha79YoLkOld7yXNdufbKurLhCDpYa3T%2BND4Vw7Boxg2v6BgDIOirsKg04GRJNk2VLSDveewjV2OKvPwFuhQHGeVbhYlrzesu3GGMqHJcK1v%2BGFe%2FuTJhSIALfwpkiHrQ9zd6mRi%2FfsZScT0CammeSdN2LHQ2u96NROuAv%2BgtVGp42p6U8srxTpkgAbrVjiA42HQ%2F0Ic0kNEu6jCWuSS2NXrdk3RNQJKF7d6qcuic%2FIeS6f75XGhoBliKcGH5yDM4BCIcI8AO3JXaZmJ67sTaC9dafe8ZU0Qy5h260tB6fg55Wh%2FLZo3fxxvWhVsCdHhQc0Ofwl8hMfXZu7cOO9rewMdrYmSMxf28CdZrxzuH0xYnTN6V%2FoI8AVVhrE0bXyvgkFUEIfhTLM6zVg2JSqHhYYg3pm5GtqgZtERjh88%2F%2BOiKCLnU4rwL2Z58iNgpiakNW%2FEoVAUlM0uSZTJ5Ojpqy9h3xbesCxhLN8Hz8SKgoaPJzToWyBLF7Eh <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: upplyssningen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 20 Jun 2017 17:48:51 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497980931.8484170; expires=Fri, 18-Jun-2027 17:48:51 GMT; Max-Age=315360000 <br>Location: http://ww11.upplyssningen.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: upplyssningen.se <br>Referer: http://www.google.com/search?q=upplyssningen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 20 Jun 2017 17:48:50 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497980930.6636569; expires=Fri, 18-Jun-2027 17:48:50 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcRbV%2FSkcN5fQnrfGj%2BRB90xoQR3IoOE0jZmxT5QPwu%2Fha79YoLkOld7yXNdufbKurLhCDpYa3T%2BND4Vw7Boxg2v6BgDIOirsKg04GRJNk2VLSDveewjV2OKvPwFuhQHGeVbhYlrzesu3GGMqHJcK1v%2BGFe%2FuTJhSIALfwpkiHrQ9zd6mRi%2FfsZScT0CammeSdN2LHQ2u96NROuAv%2BgtVGp42p6U8srxTpkgAbrVjiA42HQ%2F0Ic0kNEu6jCWuSS2NXrdk3RNQJKF7d6qcuic%2FIeS6f75XGhoBliKcGH5yDM4BCIcI8AO3JXaZmJ67sTaC9dafe8ZU0Qy5h260tB6fg55Wh%2FLZo3fxxvWhVsCdHhQc0Ofwl8hMfXZu7cOO9rewMdrYmSMxf28CdZrxzuH0xYnTN6V%2FoI8AVVhrE0bXyvgkFUEIfhTLM6zVg2JSqHhYYg3pm5GtqgZtERjh88%2F%2BOiKCLnU4rwL2Z58iNgpiakNW%2FEoVAUlM0uSZTJ5Ojpqy9h3xbesCxhLN8Hz8SKgoaPJzToWyBLF7Eh <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>upplyssningen.se is on 103.224.212.191<br>ASN for 103.224.212.191: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.191 corresponds with lb-212-191.above.com<br>Abuse.net does not have any reliable address for lb-212-191.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@lb-212-191.above.com abuse@above.com1498049969http://fangelset.se/ (194.9.94.194) - Serp-hijackingAttacked url: http://fangelset.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 20 Jun 2017 18:05:28 +0200<br><br>Visitors with referer are redirected to http://vados.biz/gosw?keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: fangelset.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.10.3 <br>Date: Tue, 20 Jun 2017 16:05:29 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Set-Cookie: wfvt_1347251573=594947c954ea0; expires=Tue, 20-Jun-2017 16:35:29 GMT; Max-Age=1800; path=/; httponly <br>Link: &lt;http://fangelset.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br>Link: &lt;http://fangelset.se/&gt;; rel=shortlink <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: fangelset.se <br>Referer: http://www.google.com/search?q=fangelset.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.10.3 <br>Date: Tue, 20 Jun 2017 16:05:27 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://vados.biz/gosw?keyword=&amp;pill=<br><br>fangelset.se is on 194.9.94.194<br>ASN for 194.9.94.194: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.194 corresponds with s407.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1498049954http://imrab.se/ (194.9.94.213) - Serp-hijackingAttacked url: http://imrab.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 20 Jun 2017 18:01:23 +0200<br><br>Visitors with referer are redirected to http://vados.biz/gosw?keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: imrab.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.10.3 <br>Date: Tue, 20 Jun 2017 16:01:23 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Set-Cookie: PHPSESSID=uaeifr4j8j1ulsnb46alnf2683; path=/ <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>Link: &lt;http://imrab.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br>Link: &lt;http://imrab.se/&gt;; rel=shortlink <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: imrab.se <br>Referer: http://www.google.com/search?q=imrab.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.10.3 <br>Date: Tue, 20 Jun 2017 16:01:20 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://vados.biz/gosw?keyword=&amp;pill=<br><br>imrab.se is on 194.9.94.213<br>ASN for 194.9.94.213: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.213 corresponds with s368.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1498049951http://mybill.se/ (93.90.145.103) - Serp-hijackingAttacked url: http://mybill.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 20 Jun 2017 17:50:31 +0200<br><br>Visitors with referer are redirected to http://medical-brothers.com/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: mybill.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 500 Internal Server Error <br>Date: Tue, 20 Jun 2017 15:50:30 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Expires: Wed, 11 Jan 1984 05:00:00 GMT <br>Cache-Control: no-cache, must-revalidate, max-age=0 <br>Pragma: no-cache <br>Connection: close <br>Content-Type: text/html; charset=utf-8 <br>Pool-Info: /Common/cry-apache-03 10.160.41.3 80 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: mybill.se <br>Referer: http://www.google.com/search?q=mybill.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Tue, 20 Jun 2017 15:50:30 GMT <br>Server: Apache <br>Location: http://medical-brothers.com/ <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1 <br>Pool-Info: /Common/cry-apache-03 10.160.41.3 80<br><br>mybill.se is on 93.90.145.103<br>ASN for 93.90.145.103: 35041<br>Abusix contact information: abuse@levonline.com (information only)<br>93.90.145.103 corresponds with apache-03.crystone.se<br>Abuse.net has 2 reliable address(es) for crystone.se<br>Found address(es): abuse@crystone.se abuse@crystone.net1498049944http://fangelset.se/arrangemang/ (194.9.94.194) - Serp-hijackingAttacked url: http://fangelset.se/arrangemang/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 20 Jun 2017 17:27:23 +0200<br><br>Visitors with referer are redirected to http://vados.biz/gosw?keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: fangelset.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.10.3 <br>Date: Tue, 20 Jun 2017 15:27:24 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Set-Cookie: wfvt_1347251573=59493edcb0b75; expires=Tue, 20-Jun-2017 15:57:24 GMT; Max-Age=1800; path=/; httponly <br>Link: &lt;http://fangelset.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br>Link: &lt;http://fangelset.se/&gt;; rel=shortlink <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: fangelset.se <br>Referer: http://www.google.com/search?q=fangelset.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.10.3 <br>Date: Tue, 20 Jun 2017 15:27:21 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://vados.biz/gosw?keyword=&amp;pill=<br><br>fangelset.se is on 194.9.94.194<br>ASN for 194.9.94.194: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.194 corresponds with s407.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1498049913http://petragunnarsson.se/ (31.216.35.3) - Serp-hijackingAttacked url: http://petragunnarsson.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 20 Jun 2017 17:09:53 +0200<br><br>Visitors with referer are redirected to http://247worldstorerxc.com/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: petragunnarsson.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Tue, 20 Jun 2017 15:09:50 GMT <br>Server: Apache/2.2.3 (CentOS) <br>X-Pingback: http://www.petragunnarsson.se/xmlrpc.php <br>Location: http://www.petragunnarsson.se/ <br>X-Powered-By: PleskLin <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: petragunnarsson.se <br>Referer: http://www.google.com/search?q=petragunnarsson.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Tue, 20 Jun 2017 15:09:50 GMT <br>Server: Apache/2.2.3 (CentOS) <br>Location: http://247worldstorerxc.com/ <br>X-Powered-By: PleskLin <br>Connection: close <br>Content-Type: text/html<br><br>petragunnarsson.se is on 31.216.35.3<br>ASN for 31.216.35.3: 197308<br>Abusix contact information: abuse@cygate.se (information only)<br>31.216.35.3 corresponds with shwl-0040.s.thehostingplatform.com<br>Abuse.net does not have any reliable address for shwl-0040.s.thehostingplatform.com<br>Found address in whois: abuse@cygate.se1498049899http://2improve.se/ (91.201.60.26) - Serp-hijackingAttacked url: http://2improve.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 20 Jun 2017 17:05:31 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: 2improve.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 20 Jun 2017 15:05:31 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.5.38 <br>Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://2improve.se/xmlrpc.php <br>Link: &lt;http://2improve.se/&gt;; rel=shortlink <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: 2improve.se <br>Referer: http://www.google.com/search?q=2improve.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Tue, 20 Jun 2017 15:05:03 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.5.38 <br>Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0 <br>Pragma: no-cache <br>Set-Cookie: redirectCookie=1; expires=Wed, 21-Jun-2017 15:05:31 GMT; Max-Age=86400 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>2improve.se is on 91.201.60.26<br>ASN for 91.201.60.26: 44136<br>Abusix contact information: abuse@oderland.se (information only)<br>91.201.60.26 corresponds with dionysos.oderland.com<br>Abuse.net does not have any reliable address for dionysos.oderland.com<br>Found address in whois: abuse@oderland.se1498049884http://nenonnet.se/ (103.224.212.185) - Serp-hijackingAttacked url: http://nenonnet.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 20 Jun 2017 16:11:14 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcRvfhMZyUq9ZowYo7RUAtP7nl%2FfGVqqvzZMy5nLzsYOXEzD%2BG4odFc6j38e0aS3obdrPNWy%2FNQerssTtIBZRFUvjIm6YWl6J6V4Ib0heVwHAtSwfV3B5JnXO6PV9Z6FWPGo6C0KSvM3zs6DVMOIkNGHDqMWt6y%2B3zBeqCFEgkNhxbobjp7Ekp5CENKWSw%2BXlMfTEwBla6GsU%2BtIq5whw9Dro9017KXxJmLjW0wiAKguW%2Fj3wdW7xrpTLjlZKHyd%2FVuD2HT41VTrzkS4puqDou2QZms%2B9uRg1dpwEKwKUaqlGjP1Tm3Y0qeZDhIA6YqNDKI6wrAc5ifo5EPpMQh%2BHjN1v8MDmZxQzkqDwi%2F8ZAihmUkKoUnmYLBcPl5%2BdhjhIu1oD5HjOJiiGdu%2F8nN0FqC4EnrW%2FVeiC%2FYcmkorCLSHzW%2F2wSez9MESCS3W0ocQiCbUfwu2Dnh1P0aF0WRLubSMmwTcCV3DnMVECgjFgWg29NdNBm5tZiHJ5CAnYSCo9Ms1cgr8W83W84%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: nenonnet.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 20 Jun 2017 14:11:14 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497967874.3389931; expires=Fri, 18-Jun-2027 14:11:14 GMT; Max-Age=315360000 <br>Location: http://ww1.nenonnet.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: nenonnet.se <br>Referer: http://www.google.com/search?q=nenonnet.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 20 Jun 2017 14:11:13 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497967873.7655622; expires=Fri, 18-Jun-2027 14:11:13 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcRvfhMZyUq9ZowYo7RUAtP7nl%2FfGVqqvzZMy5nLzsYOXEzD%2BG4odFc6j38e0aS3obdrPNWy%2FNQerssTtIBZRFUvjIm6YWl6J6V4Ib0heVwHAtSwfV3B5JnXO6PV9Z6FWPGo6C0KSvM3zs6DVMOIkNGHDqMWt6y%2B3zBeqCFEgkNhxbobjp7Ekp5CENKWSw%2BXlMfTEwBla6GsU%2BtIq5whw9Dro9017KXxJmLjW0wiAKguW%2Fj3wdW7xrpTLjlZKHyd%2FVuD2HT41VTrzkS4puqDou2QZms%2B9uRg1dpwEKwKUaqlGjP1Tm3Y0qeZDhIA6YqNDKI6wrAc5ifo5EPpMQh%2BHjN1v8MDmZxQzkqDwi%2F8ZAihmUkKoUnmYLBcPl5%2BdhjhIu1oD5HjOJiiGdu%2F8nN0FqC4EnrW%2FVeiC%2FYcmkorCLSHzW%2F2wSez9MESCS3W0ocQiCbUfwu2Dnh1P0aF0WRLubSMmwTcCV3DnMVECgjFgWg29NdNBm5tZiHJ5CAnYSCo9Ms1cgr8W83W84%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>nenonnet.se is on 103.224.212.185<br>ASN for 103.224.212.185: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.185 corresponds with lb-212-185.above.com<br>Abuse.net does not have any reliable address for lb-212-185.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-185.above.com1498049870http://bokaidrott.se/ (103.224.212.192) - Serp-hijackingAttacked url: http://bokaidrott.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 20 Jun 2017 15:10:24 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT4XKo%2Fgxkdz1CUMRvFm0EWZEAfURYFRp7Xv%2BMiBobgVtpGdT3UAv6VCrue5QJx%2B4gkLxolVxnFzaGjtbIYakOyVsLZT8dcNtlJEqIvWDQKJjeArYfIrnGDG1iBqZgif4duKkPSN83ye0ay%2FXnCYVEk1hSQSPXPUDLdGCJctX9BQwEEdetOpsiz59uZZYmt3w1QVVLvkUIu%2BZcBqYfxMUUsZr3TU2RBq6TbH1%2FppF8P3GpFQgQis9mYA0PX1MiOncSVZckQqpxVrJuh7cdVP8Ne0jFj1JbCLtm9Z7jMoP7QIa5%2Fi9WrKs25zC6MbuLyswrBdWfwkGfAn%2FNzaCPPApWvSYSeFLiyL43BsUIdLLgtUhbU6CLeEPNQM514C97O%2FnJSTaGXDnP%2BxOoWowAkxdIM8ROBL59Z9rVY7wjrRW37E3gWI0vGByre%2FCBcG1VpmADsULo1CCZCgygfVbkwDhQW6ICnVVotovuE%2B4xhvwFiyl3Grvk9eUVfUgMaVxogMlXPxNi9zwCM2yM8M1ZFodn7IFOA0ZA0RwGM4o3fgvPz1x <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: bokaidrott.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 20 Jun 2017 13:10:25 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497964225.3848005; expires=Fri, 18-Jun-2027 13:10:25 GMT; Max-Age=315360000 <br>Location: http://ww11.bokaidrott.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: bokaidrott.se <br>Referer: http://www.google.com/search?q=bokaidrott.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 20 Jun 2017 13:10:24 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45-0+deb7u8 <br>Set-Cookie: __tad=1497964224.2687274; expires=Fri, 18-Jun-2027 13:10:24 GMT <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT4XKo%2Fgxkdz1CUMRvFm0EWZEAfURYFRp7Xv%2BMiBobgVtpGdT3UAv6VCrue5QJx%2B4gkLxolVxnFzaGjtbIYakOyVsLZT8dcNtlJEqIvWDQKJjeArYfIrnGDG1iBqZgif4duKkPSN83ye0ay%2FXnCYVEk1hSQSPXPUDLdGCJctX9BQwEEdetOpsiz59uZZYmt3w1QVVLvkUIu%2BZcBqYfxMUUsZr3TU2RBq6TbH1%2FppF8P3GpFQgQis9mYA0PX1MiOncSVZckQqpxVrJuh7cdVP8Ne0jFj1JbCLtm9Z7jMoP7QIa5%2Fi9WrKs25zC6MbuLyswrBdWfwkGfAn%2FNzaCPPApWvSYSeFLiyL43BsUIdLLgtUhbU6CLeEPNQM514C97O%2FnJSTaGXDnP%2BxOoWowAkxdIM8ROBL59Z9rVY7wjrRW37E3gWI0vGByre%2FCBcG1VpmADsULo1CCZCgygfVbkwDhQW6ICnVVotovuE%2B4xhvwFiyl3Grvk9eUVfUgMaVxogMlXPxNi9zwCM2yM8M1ZFodn7IFOA0ZA0RwGM4o3fgvPz1x <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>bokaidrott.se is on 103.224.212.192<br>ASN for 103.224.212.192: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.192 corresponds with lb-212-192.above.com<br>Abuse.net does not have any reliable address for lb-212-192.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@lb-212-192.above.com abuse@above.com1498049862http://wjo.se/ (103.224.212.190) - Serp-hijackingAttacked url: http://wjo.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 20 Jun 2017 14:59:38 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT4XKo%2Fgxkdz1v4aR9Nu598tmgDInYXemmdZCpijafVL%2BbBOw7sqiarOLGOmh4mGk8jxMz6hvgegw%2F6wHYX6pZpIdUXLsIGZ1iabAvsVTtaFnuJt6rc6PdfKYjR5xQMbonILlHGKvjd0Q21wJQc0ld9FOsSvjDERIH406Aeb2nD4YsbmBbRwms8FklAfM6zlwHlQ4Ri%2FcRvzl3lG9CcaNBrJYZT2pX%2FL5U6qQNj8proOQSEtCRc5Q9MBYUnReAoQeuSKRaXHn47fwGVktLBd5RJvrTHo2IwP1Y%2BElBY95HcMbN%2Fb2Mzfy%2FCZyULiueirPxKg54e4wvKI%2BXFKdD9kY3m7zoOCLRTbj%2F4d0QOSeru%2B3mRo0BjkBkANZ3cFMIf2QPK%2BzhDbiHqF0Zpqa7MmXAavAofsYgqKbixEn7yQ6caE5Hu2OYXnMKDWfg%2BUno1VR2H5K8YsWiAeWeqKGcvUKkUVUH8QARUKZ4v%2FPTEZJzpyVcU2pe4RChgau20tQB1LlrQ%3D%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: wjo.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 20 Jun 2017 12:59:39 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497963579.3360927; expires=Fri, 18-Jun-2027 12:59:39 GMT; Max-Age=315360000 <br>Location: http://ww11.wjo.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: wjo.se <br>Referer: http://www.google.com/search?q=wjo.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 20 Jun 2017 12:59:38 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45-0+deb7u8 <br>Set-Cookie: __tad=1497963578.4791181; expires=Fri, 18-Jun-2027 12:59:38 GMT <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT4XKo%2Fgxkdz1v4aR9Nu598tmgDInYXemmdZCpijafVL%2BbBOw7sqiarOLGOmh4mGk8jxMz6hvgegw%2F6wHYX6pZpIdUXLsIGZ1iabAvsVTtaFnuJt6rc6PdfKYjR5xQMbonILlHGKvjd0Q21wJQc0ld9FOsSvjDERIH406Aeb2nD4YsbmBbRwms8FklAfM6zlwHlQ4Ri%2FcRvzl3lG9CcaNBrJYZT2pX%2FL5U6qQNj8proOQSEtCRc5Q9MBYUnReAoQeuSKRaXHn47fwGVktLBd5RJvrTHo2IwP1Y%2BElBY95HcMbN%2Fb2Mzfy%2FCZyULiueirPxKg54e4wvKI%2BXFKdD9kY3m7zoOCLRTbj%2F4d0QOSeru%2B3mRo0BjkBkANZ3cFMIf2QPK%2BzhDbiHqF0Zpqa7MmXAavAofsYgqKbixEn7yQ6caE5Hu2OYXnMKDWfg%2BUno1VR2H5K8YsWiAeWeqKGcvUKkUVUH8QARUKZ4v%2FPTEZJzpyVcU2pe4RChgau20tQB1LlrQ%3D%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>wjo.se is on 103.224.212.190<br>ASN for 103.224.212.190: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.190 corresponds with lb-212-190.above.com<br>Abuse.net does not have any reliable address for lb-212-190.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@lb-212-190.above.com abuse@above.com1498049860http://ifmetallakassa.se/ (103.224.212.191) - Serp-hijackingAttacked url: http://ifmetallakassa.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 20 Jun 2017 05:01:25 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT4XKo%2Fgxkdz1ZjM7aoRp8SSztnYuEPHsm22fFTf1KMZ9gkjmlneMP5W5yQtmPaKG%2BekAiU33k4y4eU3PcUvQbVaiuRbBRT2cFe3GiWsnXt1r%2BilVn0cmUBp8nBRia0Mz6bT8mbMweTyIvMKqytP4ScuVAHXtMUBUgKnAJ0PH6e46jqueyqVCJkaP9MZQ86asCIrsdnsMFDSJnmRF0NwXU49r%2FL%2FdtUco4WFjJqcUF5ZiXTqUr7Tv7x3YxctpbzoCwoiwGQRKnAHqPaGFpoqBwHfH1RVl5J4zUz6FoatZUrx9AfZiouRFvkeTMCa5q%2FI221WyvH7yL9zQ84iLAsQsTmc%2Fx1WW%2BSB3SKQqOzEqH2OlYK6kALKzpuSmg0nWT%2F0bBESILo3ak%2FSmeFOZR9sDN%2Bz%2BvjFBFrZUArjocr1PrxnbxykpNLcxRkIjuwHYMiTvLlEiEtw21t9Y47Z5ZeNKnG8Hyl64KArcDBSjsBwTMbGrUoLvH8o5JNi%2BuSeU6zrVHb1r2POfN2u1prQf1Jzqay1Xe5bGs4%2FKZ54Nu%2B43t7wm <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: ifmetallakassa.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 20 Jun 2017 03:01:26 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45-0+deb7u8 <br>Set-Cookie: __tad=1497927686.3997423; expires=Fri, 18-Jun-2027 03:01:26 GMT <br>Location: http://ww38.ifmetallakassa.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: ifmetallakassa.se <br>Referer: http://www.google.com/search?q=ifmetallakassa.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 20 Jun 2017 03:01:25 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497927685.5615534; expires=Fri, 18-Jun-2027 03:01:25 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT4XKo%2Fgxkdz1ZjM7aoRp8SSztnYuEPHsm22fFTf1KMZ9gkjmlneMP5W5yQtmPaKG%2BekAiU33k4y4eU3PcUvQbVaiuRbBRT2cFe3GiWsnXt1r%2BilVn0cmUBp8nBRia0Mz6bT8mbMweTyIvMKqytP4ScuVAHXtMUBUgKnAJ0PH6e46jqueyqVCJkaP9MZQ86asCIrsdnsMFDSJnmRF0NwXU49r%2FL%2FdtUco4WFjJqcUF5ZiXTqUr7Tv7x3YxctpbzoCwoiwGQRKnAHqPaGFpoqBwHfH1RVl5J4zUz6FoatZUrx9AfZiouRFvkeTMCa5q%2FI221WyvH7yL9zQ84iLAsQsTmc%2Fx1WW%2BSB3SKQqOzEqH2OlYK6kALKzpuSmg0nWT%2F0bBESILo3ak%2FSmeFOZR9sDN%2Bz%2BvjFBFrZUArjocr1PrxnbxykpNLcxRkIjuwHYMiTvLlEiEtw21t9Y47Z5ZeNKnG8Hyl64KArcDBSjsBwTMbGrUoLvH8o5JNi%2BuSeU6zrVHb1r2POfN2u1prQf1Jzqay1Xe5bGs4%2FKZ54Nu%2B43t7wm <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>ifmetallakassa.se is on 103.224.212.191<br>ASN for 103.224.212.191: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.191 corresponds with lb-212-191.above.com<br>Abuse.net does not have any reliable address for lb-212-191.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-191.above.com1497971104