Säkrare hemsida med .sehttp://shineonyou.se/ (195.74.38.97) - Serp-hijackingAttacked url: http://shineonyou.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 05 Dec 2018 14:20:30 +0100<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Wed, 05 Dec 2018 13:20:30 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://shineonyou.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=5lsvb4s9vetdab5ris6olj58f7; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Referer: http://www.google.com/search?q=shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Wed, 05 Dec 2018 13:20:15 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>shineonyou.se is on 195.74.38.97<br>ASN for 195.74.38.97: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.97 corresponds with cl-13.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1544097987http://dev.crescent.se/ (195.74.38.117) - Serp-hijackingAttacked url: http://dev.crescent.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 27 Nov 2018 22:27:52 +0100<br><br>Visitors with referer are redirected to http://www.cheapshop123.com/cheap1.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 27 Nov 2018 21:28:05 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=d6gkih7s3fipnf00otunqo34l4; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Referer: http://www.google.com/search?q=dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 27 Nov 2018 21:28:03 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=kfosbvvgqg00cod81c9l24lt82; path=/ <br>Location: http://www.cheapshop123.com/cheap1.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>dev.crescent.se is on 195.74.38.117<br>ASN for 195.74.38.117: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.117 corresponds with cl-17.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1543413644http://nioelva.se/ (81.93.152.111) - Serp-hijackingAttacked url: http://nioelva.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 27 Nov 2018 21:03:26 +0100<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: nioelva.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 3886 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSQCBRABD=FEEEPCFCNNLFLINEIJFHPAHE; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 27 Nov 2018 20:03:17 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: nioelva.se <br>Referer: http://www.google.com/search?q=nioelva.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 150 <br>Content-Type: text/html <br>Location: http://www.fapp.pw/app/se.php <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSQCBRABD=EEEEPCFCBKCLAJCOFLOKKFOI; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 27 Nov 2018 20:03:17 GMT <br>Connection: close<br><br>nioelva.se is on 81.93.152.111<br>ASN for 81.93.152.111: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>81.93.152.111 corresponds with wsp01.web.pin.se<br>Abuse.net does not have any reliable address for wsp01.web.pin.se<br>Found address in whois: abuse@pin.se1543413355http://exceltips.se/ (89.221.250.113) - Serp-hijackingAttacked url: http://exceltips.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 26 Nov 2018 21:06:59 +0100<br><br>Visitors with referer are redirected to http://fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: exceltips.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 18558 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.0 <br>Set-Cookie: ASPSESSIONIDQABRTCAC=AIIFBJCCLKKLGGBMLACHHOPL; path=/ <br>X-Powered-By: ASP.NET <br>Date: Mon, 26 Nov 2018 20:06:01 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: exceltips.se <br>Referer: http://www.google.com/search?q=exceltips.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Redirect <br>Content-Length: 148 <br>Content-Type: text/html; charset=UTF-8 <br>Location: http://fapp.pw/app/se.php <br>Server: Microsoft-IIS/7.0 <br>X-Powered-By: ASP.NET <br>Date: Mon, 26 Nov 2018 20:05:55 GMT <br>Connection: close<br><br>exceltips.se is on 89.221.250.113<br>ASN for 89.221.250.113: 1257<br>89.221.250.113 manually set to use abuse@aname.net1543334361http://dev.crescent.se/ (195.74.38.117) - Serp-hijackingAttacked url: http://dev.crescent.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 26 Nov 2018 18:31:32 +0100<br><br>Visitors with referer are redirected to http://www.cheapshop123.com/cheap1.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Mon, 26 Nov 2018 17:31:31 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=btp8q7dvvso9rupl822l2dqmd3; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Referer: http://www.google.com/search?q=dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 26 Nov 2018 17:31:27 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=sqn3q4t17a1gdus1tvc3nve9j2; path=/ <br>Location: http://www.cheapshop123.com/cheap1.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>dev.crescent.se is on 195.74.38.117<br>ASN for 195.74.38.117: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.117 corresponds with cl-17.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1543334067http://kinaskakor.se/ (89.221.250.111) - Serp-hijackingAttacked url: http://kinaskakor.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 26 Nov 2018 17:36:20 +0100<br><br>Visitors with referer are redirected to http://ajax.auowen.com/libs/jquery.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: kinaskakor.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 11418 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.0 <br>Set-Cookie: ASPSESSIONIDQARBSAAC=GAOLPOACHMMHLLEHBLNNJBCD; path=/ <br>X-Powered-By: ASP.NET <br>Date: Mon, 26 Nov 2018 16:35:38 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: kinaskakor.se <br>Referer: http://www.google.com/search?q=kinaskakor.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 159 <br>Content-Type: text/html <br>Location: http://ajax.auowen.com/libs/jquery.php <br>Server: Microsoft-IIS/7.0 <br>Set-Cookie: ASPSESSIONIDQARBSAAC=FAOLPOACDBGDMNGIPKBLHMKN; path=/ <br>X-Powered-By: ASP.NET <br>Date: Mon, 26 Nov 2018 16:35:36 GMT <br>Connection: close<br><br>kinaskakor.se is on 89.221.250.111<br>ASN for 89.221.250.111: 1257<br>89.221.250.111 manually set to use abuse@aname.net1543331482http://forlagetorda.se/ (93.188.2.53) - Serp-hijackingAttacked url: http://forlagetorda.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 22 Nov 2018 10:59:00 +0100<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: forlagetorda.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Thu, 22 Nov 2018 09:59:14 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Set-Cookie: PHPSESSID=91680451b538a56015d15d83d8164567; path=/ <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://forlagetorda.se/xmlrpc.php <br>Link: &lt;http://forlagetorda.se/&gt;; rel=shortlink <br>X-Loopia-Node: 172.22.223.22 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: forlagetorda.se <br>Referer: http://www.google.com/search?q=forlagetorda.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Thu, 22 Nov 2018 09:59:14 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.22<br><br>forlagetorda.se is on 93.188.2.53<br>ASN for 93.188.2.53: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.53 corresponds with webfront3.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1542900133http://pilgrimstid.nu/ (81.27.47.157) - Serp-hijackingAttacked url: http://pilgrimstid.nu/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Nov 2018 14:12:07 +0100<br><br>Visitors with referer are redirected to http://www.sneakerses.com <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: pilgrimstid.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 30544 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDCCARAABQ=LDFLNMKCMOIGECDJOFDLFGGL; path=/ <br>X-Powered-By: ASP.NET <br>Date: Wed, 21 Nov 2018 13:12:22 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: pilgrimstid.nu <br>Referer: http://www.google.com/search?q=pilgrimstid.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 146 <br>Content-Type: text/html <br>Location: http://www.sneakerses.com <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDCCARAABQ=KDFLNMKCGJNPFPFPFJJBJNCI; path=/ <br>X-Powered-By: ASP.NET <br>Date: Wed, 21 Nov 2018 13:12:22 GMT <br>Connection: close<br><br>pilgrimstid.nu is on 81.27.47.157<br>ASN for 81.27.47.157: 8542<br>Abusix contact information: abuse@webhuset.no (information only)<br>rDNS not found for 81.27.47.157<br>Found address in whois: abuse@webhuset.no1542888120http://vaffeldagen.se/ (89.221.250.22) - Serp-hijackingAttacked url: http://vaffeldagen.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 20 Nov 2018 02:56:37 +0100<br><br>Visitors with referer are redirected to http://jindalo.ru:8080/forum/links/public_version.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeldagen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 20 Nov 2018 01:56:50 GMT <br>Server: Apache <br>Last-Modified: Wed, 11 May 2011 09:58:07 GMT <br>ETag: &quot;2fc26e7-90c-4a2fd1bff89c0&quot; <br>Accept-Ranges: bytes <br>Content-Length: 2316 <br>Vary: Accept-Encoding <br>Connection: close <br>Content-Type: text/html <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeldagen.se <br>Referer: http://www.google.com/search?q=vaffeldagen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Tue, 20 Nov 2018 01:56:50 GMT <br>Server: Apache <br>Location: http://jindalo.ru:8080/forum/links/public_version.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>vaffeldagen.se is on 89.221.250.22<br>ASN for 89.221.250.22: 1257<br>89.221.250.22 manually set to use abuse@aname.net1542721248http://kinaskakor.se/ (89.221.250.111) - Serp-hijackingAttacked url: http://kinaskakor.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 20 Nov 2018 02:28:44 +0100<br><br>Visitors with referer are redirected to http://ajax.auowen.com/libs/jquery.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: kinaskakor.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 11418 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.0 <br>Set-Cookie: ASPSESSIONIDCQCQTQTA=JBMDJBLBMKOBGFEBOBJCCGAH; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 20 Nov 2018 01:28:09 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: kinaskakor.se <br>Referer: http://www.google.com/search?q=kinaskakor.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 159 <br>Content-Type: text/html <br>Location: http://ajax.auowen.com/libs/jquery.php <br>Server: Microsoft-IIS/7.0 <br>Set-Cookie: ASPSESSIONIDCQCQTQTA=IBMDJBLBJJAJCBKHCGCAIPCN; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 20 Nov 2018 01:28:07 GMT <br>Connection: close<br><br>kinaskakor.se is on 89.221.250.111<br>ASN for 89.221.250.111: 1257<br>89.221.250.111 manually set to use abuse@aname.net1542721218http://studioolga.se/ (93.90.145.83) - Serp-hijackingAttacked url: http://studioolga.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 19 Nov 2018 21:52:30 +0100<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: studioolga.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 2940 <br>Content-Type: text/html <br>ETag: &quot;&quot; <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDACATTSAB=CMIHDBJBLLKLFJDGGLLJPHKH; path=/ <br>X-Powered-By: ASP.NET <br>Date: Mon, 19 Nov 2018 20:52:43 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: studioolga.se <br>Referer: http://www.google.com/search?q=studioolga.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 150 <br>Content-Type: text/html <br>ETag: &quot;&quot; <br>Location: http://www.fapp.pw/app/se.php <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDACATTSAB=BMIHDBJBKCMECEOALFLIGJDC; path=/ <br>X-Powered-By: ASP.NET <br>Date: Mon, 19 Nov 2018 20:52:43 GMT <br>Connection: close<br><br>studioolga.se is on 93.90.145.83<br>ASN for 93.90.145.83: 35041<br>Abusix contact information: abuse@levonline.com (information only)<br>rDNS not found for 93.90.145.83<br>Found address in whois: abuse@levonline.com1542720984http://vaffeljarn.se/ (89.221.250.22) - Serp-hijackingAttacked url: http://vaffeljarn.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 19 Nov 2018 17:03:42 +0100<br><br>Visitors with referer are redirected to http://jindalo.ru:8080/forum/links/public_version.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeljarn.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Mon, 19 Nov 2018 16:03:55 GMT <br>Server: Apache <br>Last-Modified: Wed, 11 May 2011 09:58:07 GMT <br>ETag: &quot;2fc26e7-90c-4a2fd1bff89c0&quot; <br>Accept-Ranges: bytes <br>Content-Length: 2316 <br>Vary: Accept-Encoding <br>Connection: close <br>Content-Type: text/html <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeljarn.se <br>Referer: http://www.google.com/search?q=vaffeljarn.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Mon, 19 Nov 2018 16:03:55 GMT <br>Server: Apache <br>Location: http://jindalo.ru:8080/forum/links/public_version.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>vaffeljarn.se is on 89.221.250.22<br>ASN for 89.221.250.22: 1257<br>89.221.250.22 manually set to use abuse@aname.net1542720664http://usagi.se/ (81.93.152.111) - Serp-hijackingAttacked url: http://usagi.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 16 Nov 2018 07:52:45 +0100<br><br>Visitors with referer are redirected to http://ajax.auowen.com/libs/jquery.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: usagi.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 32921 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDQQACSBBC=NJIFNHCDAAAHGAMGIMCCCHCA; path=/ <br>X-Powered-By: ASP.NET <br>Date: Fri, 16 Nov 2018 06:52:48 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: usagi.se <br>Referer: http://www.google.com/search?q=usagi.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 159 <br>Content-Type: text/html <br>Location: http://ajax.auowen.com/libs/jquery.php <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDQQACSBBC=MJIFNHCDPAIAGIKLMMFADGJE; path=/ <br>X-Powered-By: ASP.NET <br>Date: Fri, 16 Nov 2018 06:52:46 GMT <br>Connection: close<br><br>usagi.se is on 81.93.152.111<br>ASN for 81.93.152.111: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>81.93.152.111 corresponds with wsp01.web.pin.se<br>Abuse.net does not have any reliable address for wsp01.web.pin.se<br>Found address in whois: abuse@pin.se1542376250http://studioolga.se/ (93.90.145.83) - Serp-hijackingAttacked url: http://studioolga.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 15 Nov 2018 16:22:16 +0100<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: studioolga.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 2940 <br>Content-Type: text/html <br>ETag: &quot;&quot; <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDCSDTARQA=LNDDJHMCJICBNFHLMELNDBHH; path=/ <br>X-Powered-By: ASP.NET <br>Date: Thu, 15 Nov 2018 15:22:15 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: studioolga.se <br>Referer: http://www.google.com/search?q=studioolga.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 150 <br>Content-Type: text/html <br>ETag: &quot;&quot; <br>Location: http://www.fapp.pw/app/se.php <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDCSDTARQA=KNDDJHMCJLLFKMJKMLDEBCGJ; path=/ <br>X-Powered-By: ASP.NET <br>Date: Thu, 15 Nov 2018 15:22:15 GMT <br>Connection: close<br><br>studioolga.se is on 93.90.145.83<br>ASN for 93.90.145.83: 35041<br>Abusix contact information: abuse@levonline.com (information only)<br>rDNS not found for 93.90.145.83<br>Found address in whois: abuse@levonline.com1542374356http://nietlater.nu/ (37.97.223.41) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://heirem-art.de/crpzw3bh.php?id=595921&quot;&gt;<br><br>Offensive url: http://heirem-art.de/crpzw3bh.php?id=595921<br>Url is blacklisted in Google Safe Browsing<br><br>nietlater.nu is on 37.97.223.41<br>ASN for 37.97.223.41: 20857<br>Abusix contact information: abuse@transip.nl (information only)<br>37.97.223.41 corresponds with dbasehosting.nl<br>Abuse.net does not have any reliable address for dbasehosting.nl<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@dbasehosting.nl1542283389http://pionbutiken.se/ (93.90.145.81) - Serp-hijackingAttacked url: http://pionbutiken.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 12 Nov 2018 09:41:43 +0100<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: pionbutiken.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 785 <br>Content-Type: text/html <br>ETag: &quot;&quot; <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDQATASCRR=EPBBKNJAAMEFAIHNLDCABNNJ; path=/ <br>X-Powered-By: ASP.NET <br>Date: Mon, 12 Nov 2018 08:41:56 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: pionbutiken.se <br>Referer: http://www.google.com/search?q=pionbutiken.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 150 <br>Content-Type: text/html <br>ETag: &quot;&quot; <br>Location: http://www.fapp.pw/app/se.php <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDQATASCRR=DPBBKNJAKJAPHDMIPLIBICMI; path=/ <br>X-Powered-By: ASP.NET <br>Date: Mon, 12 Nov 2018 08:41:55 GMT <br>Connection: close<br><br>pionbutiken.se is on 93.90.145.81<br>ASN for 93.90.145.81: 35041<br>Abusix contact information: abuse@levonline.com (information only)<br>93.90.145.81 corresponds with iis-01.crystone.se<br>Abuse.net has 2 reliable address(es) for crystone.se<br>Found address(es): abuse@crystone.se abuse@crystone.net1542027866http://exceltips.se/ (89.221.250.113) - Serp-hijackingAttacked url: http://exceltips.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 12 Nov 2018 08:49:04 +0100<br><br>Visitors with referer are redirected to http://fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: exceltips.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 18828 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.0 <br>Set-Cookie: ASPSESSIONIDSQCRCARQ=BFPDBMIACGGNHFAAFBMGFKLO; path=/ <br>X-Powered-By: ASP.NET <br>Date: Mon, 12 Nov 2018 07:47:40 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: exceltips.se <br>Referer: http://www.google.com/search?q=exceltips.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Redirect <br>Content-Length: 148 <br>Content-Type: text/html; charset=UTF-8 <br>Location: http://fapp.pw/app/se.php <br>Server: Microsoft-IIS/7.0 <br>X-Powered-By: ASP.NET <br>Date: Mon, 12 Nov 2018 07:47:40 GMT <br>Connection: close<br><br>exceltips.se is on 89.221.250.113<br>ASN for 89.221.250.113: 1257<br>89.221.250.113 manually set to use abuse@aname.net1542027860http://landsbygdskraft.se/ (93.188.2.52) - Serp-hijackingAttacked url: http://landsbygdskraft.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 07 Nov 2018 22:52:39 +0100<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: landsbygdskraft.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Wed, 07 Nov 2018 21:52:52 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Vary: Cookie <br>X-Pingback: http://landsbygdskraft.se/xmlrpc.php <br>X-Loopia-Node: 172.22.223.35 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: landsbygdskraft.se <br>Referer: http://www.google.com/search?q=landsbygdskraft.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Wed, 07 Nov 2018 21:52:52 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.35<br><br>landsbygdskraft.se is on 93.188.2.52<br>ASN for 93.188.2.52: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.52 corresponds with webfront2.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1541683133http://zogg.se/ (93.188.2.52) - Serp-hijackingAttacked url: http://zogg.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 07 Nov 2018 21:37:50 +0100<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Wed, 07 Nov 2018 20:38:03 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Vary: Accept-Encoding,Cookie <br>Cache-Control: max-age=3, must-revalidate <br>WP-Super-Cache: Served supercache file from PHP <br>X-Loopia-Node: 172.22.223.35 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Wed, 07 Nov 2018 20:38:03 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.35<br><br>zogg.se is on 93.188.2.52<br>ASN for 93.188.2.52: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.52 corresponds with webfront2.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1541683116http://vaffeljarn.se/ (89.221.250.22) - Serp-hijackingAttacked url: http://vaffeljarn.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 06 Nov 2018 10:52:35 +0100<br><br>Visitors with referer are redirected to http://jindalo.ru:8080/forum/links/public_version.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeljarn.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 06 Nov 2018 09:52:35 GMT <br>Server: Apache <br>Last-Modified: Wed, 11 May 2011 09:58:07 GMT <br>ETag: &quot;2fc26e7-90c-4a2fd1bff89c0&quot; <br>Accept-Ranges: bytes <br>Content-Length: 2316 <br>Vary: Accept-Encoding <br>Connection: close <br>Content-Type: text/html <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeljarn.se <br>Referer: http://www.google.com/search?q=vaffeljarn.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Tue, 06 Nov 2018 09:52:35 GMT <br>Server: Apache <br>Location: http://jindalo.ru:8080/forum/links/public_version.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>vaffeljarn.se is on 89.221.250.22<br>ASN for 89.221.250.22: 1257<br>89.221.250.22 manually set to use abuse@aname.net1541506485http://zogg.se/2013/01/01/vags-ande/ (93.188.2.52) - Serp-hijackingAttacked url: http://zogg.se/2013/01/01/vags-ande/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 06 Nov 2018 06:02:44 +0100<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Tue, 06 Nov 2018 05:02:57 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Vary: Cookie <br>X-Pingback: http://zogg.se/xmlrpc.php <br>X-Loopia-Node: 172.22.223.35 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Tue, 06 Nov 2018 05:02:57 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.35<br><br>zogg.se is on 93.188.2.52<br>ASN for 93.188.2.52: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.52 corresponds with webfront2.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1541506423http://shineonyou.se/ (195.74.38.97) - Serp-hijackingAttacked url: http://shineonyou.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 05 Nov 2018 14:30:03 +0100<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Mon, 05 Nov 2018 13:30:03 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://shineonyou.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=gttnamd4e1r8rhk6drbgdmp1a0; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Referer: http://www.google.com/search?q=shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Mon, 05 Nov 2018 13:29:46 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>shineonyou.se is on 195.74.38.97<br>ASN for 195.74.38.97: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.97 corresponds with cl-13.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1541505703http://vaffeldagen.se/ (89.221.250.22) - Serp-hijackingAttacked url: http://vaffeldagen.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 01 Nov 2018 15:35:22 +0100<br><br>Visitors with referer are redirected to http://jindalo.ru:8080/forum/links/public_version.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeldagen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Thu, 01 Nov 2018 14:35:22 GMT <br>Server: Apache <br>Last-Modified: Wed, 11 May 2011 09:58:07 GMT <br>ETag: &quot;2fc26e7-90c-4a2fd1bff89c0&quot; <br>Accept-Ranges: bytes <br>Content-Length: 2316 <br>Vary: Accept-Encoding <br>Connection: close <br>Content-Type: text/html <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeldagen.se <br>Referer: http://www.google.com/search?q=vaffeldagen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Thu, 01 Nov 2018 14:35:22 GMT <br>Server: Apache <br>Location: http://jindalo.ru:8080/forum/links/public_version.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>vaffeldagen.se is on 89.221.250.22<br>ASN for 89.221.250.22: 1257<br>89.221.250.22 manually set to use abuse@aname.net1541083093http://exceltips.se/ (89.221.250.113) - Serp-hijackingAttacked url: http://exceltips.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 01 Nov 2018 11:34:04 +0100<br><br>Visitors with referer are redirected to http://fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: exceltips.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 19237 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.0 <br>Set-Cookie: ASPSESSIONIDASQSCCSR=DNGLDHGBDFGJHEKMGMOEHBHA; path=/ <br>X-Powered-By: ASP.NET <br>Date: Thu, 01 Nov 2018 11:33:19 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: exceltips.se <br>Referer: http://www.google.com/search?q=exceltips.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Redirect <br>Content-Length: 148 <br>Content-Type: text/html; charset=UTF-8 <br>Location: http://fapp.pw/app/se.php <br>Server: Microsoft-IIS/7.0 <br>X-Powered-By: ASP.NET <br>Date: Thu, 01 Nov 2018 11:33:19 GMT <br>Connection: close<br><br>exceltips.se is on 89.221.250.113<br>ASN for 89.221.250.113: 1257<br>89.221.250.113 manually set to use abuse@aname.net1541083043http://dev.crescent.se/ (195.74.38.117) - Serp-hijackingAttacked url: http://dev.crescent.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 01 Nov 2018 11:13:57 +0100<br><br>Visitors with referer are redirected to http://www.cheapshop123.com/cheap1.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Thu, 01 Nov 2018 10:13:56 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=i44e538fm0t797f3eulvgm4is7; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Referer: http://www.google.com/search?q=dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Thu, 01 Nov 2018 10:13:52 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=fvnmcrl4hkhmqs30cpi7hkc773; path=/ <br>Location: http://www.cheapshop123.com/cheap1.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>dev.crescent.se is on 195.74.38.117<br>ASN for 195.74.38.117: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.117 corresponds with cl-17.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1541083037http://kinaskakor.se/ (89.221.250.111) - Serp-hijackingAttacked url: http://kinaskakor.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 31 Oct 2018 21:58:49 +0100<br><br>Visitors with referer are redirected to http://ajax.auowen.com/libs/jquery.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: kinaskakor.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 500 Internal Server Error <br>Cache-Control: private <br>Content-Length: 5984 <br>Content-Type: text/html; charset=utf-8 <br>Server: Microsoft-IIS/7.0 <br>Set-Cookie: ASPSESSIONIDSSBRQSBT=LHCFAHABGNADOPGOFHBHHLOA; path=/ <br>X-Powered-By: ASP.NET <br>Date: Wed, 31 Oct 2018 20:57:48 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: kinaskakor.se <br>Referer: http://www.google.com/search?q=kinaskakor.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 159 <br>Content-Type: text/html <br>Location: http://ajax.auowen.com/libs/jquery.php <br>Server: Microsoft-IIS/7.0 <br>Set-Cookie: ASPSESSIONIDSSBRQSBT=KHCFAHABNIBFBBCJBNEGAFEF; path=/ <br>X-Powered-By: ASP.NET <br>Date: Wed, 31 Oct 2018 20:57:36 GMT <br>Connection: close<br><br>kinaskakor.se is on 89.221.250.111<br>ASN for 89.221.250.111: 1257<br>89.221.250.111 manually set to use abuse@aname.net1541082784http://dev.crescent.se/ (195.74.38.117) - Serp-hijackingAttacked url: http://dev.crescent.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 30 Oct 2018 15:56:46 +0100<br><br>Visitors with referer are redirected to http://www.cheapshop123.com/cheap1.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 30 Oct 2018 14:56:45 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=ooimhj2rarlmftmjp6hjetgei0; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Referer: http://www.google.com/search?q=dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 30 Oct 2018 14:56:41 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=bdhauj1egeg0etfqectf81eaq0; path=/ <br>Location: http://www.cheapshop123.com/cheap1.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>dev.crescent.se is on 195.74.38.117<br>ASN for 195.74.38.117: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.117 corresponds with cl-17.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1540991172http://zogg.se/2013/01/01/vags-ande/ (93.188.2.52) - Serp-hijackingAttacked url: http://zogg.se/2013/01/01/vags-ande/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 22 Oct 2018 05:38:15 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Mon, 22 Oct 2018 03:38:15 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Vary: Cookie <br>X-Pingback: http://zogg.se/xmlrpc.php <br>X-Loopia-Node: 172.22.223.70 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Mon, 22 Oct 2018 03:38:15 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.70<br><br>zogg.se is on 93.188.2.52<br>ASN for 93.188.2.52: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.52 corresponds with webfront2.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1540209691http://landsbygdskraft.se/ (93.188.2.52) - Serp-hijackingAttacked url: http://landsbygdskraft.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 19 Oct 2018 16:02:18 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: landsbygdskraft.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Fri, 19 Oct 2018 14:02:18 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Vary: Cookie <br>X-Pingback: http://landsbygdskraft.se/xmlrpc.php <br>X-Loopia-Node: 172.22.223.76 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: landsbygdskraft.se <br>Referer: http://www.google.com/search?q=landsbygdskraft.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Fri, 19 Oct 2018 14:02:18 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.76<br><br>landsbygdskraft.se is on 93.188.2.52<br>ASN for 93.188.2.52: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.52 corresponds with webfront2.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1539959646http://adventure-academy.se/ (192.185.85.61) - Serp-hijackingAttacked url: http://adventure-academy.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 19 Oct 2018 09:43:16 +0200<br><br>Visitors with referer are redirected to http://universalic.info/api/redirect?offerid=47&amp;sourceid=5197&amp;landingid=356&amp;subid_1=Alpha <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: adventure-academy.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx/1.14.0 <br>Date: Fri, 19 Oct 2018 07:43:28 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Pragma: no-cache <br>Expires: Wed, 11 Jan 1984 05:00:00 GMT <br>Cache-Control: no-cache, must-revalidate, max-age=0 <br>Set-Cookie: visits=1539935006; expires=Tue, 19-Jan-2038 03:14:07 GMT <br>Set-Cookie: PHPSESSID=cc8a5f3edb86fddd6e9fbf1169a9b328; path=/ <br>Location: http://www.adventure-academy.se/ <br>X-Endurance-Cache-Level: 2 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: adventure-academy.se <br>Referer: http://www.google.com/search?q=adventure-academy.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Server: nginx/1.14.0 <br>Date: Fri, 19 Oct 2018 07:43:25 GMT <br>Content-Type: text/html; charset=utf-8 <br>Connection: close <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>Set-Cookie: visits=1539935005; expires=Tue, 19-Jan-2038 03:14:07 GMT <br>Set-Cookie: PHPSESSID=f7806d91a1d179891413fc85218370c6; path=/ <br>Set-Cookie: e855537258ac5146b4895e5e719d4ab79dcbc0be=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE0XCI6MTUzOTkzNDk3MX0sXCJjYW1wYWlnbnNcIjp7XCIxXCI6MTUzOTkzNDk3MX0sXCJ0aW1lXCI6MTUzOTkzNDk3MX0ifQ.KuQsubAk-ULkV6Q0kEnlLGWRSfPPTHHYGk6xkqNzbTM; expires=Sat, 20-Oct-2018 07:43:25 GMT; path=/; domain=.adventure-academy.se <br>Location: http://universalic.info/api/redirect?offerid=47&amp;sourceid=5197&amp;landingid=356&amp;subid_1=Alpha <br>X-Endurance-Cache-Level: 2<br><br>adventure-academy.se is on 192.185.85.61<br>ASN for 192.185.85.61: 20013<br>Abusix contact information: ipadmin@websitewelcome.com (information only)<br>192.185.85.61 corresponds with 192-185-85-61.unifiedlayer.com<br>Abuse.net has 1 reliable address(es) for unifiedlayer.com<br>Found address(es): abuse@unifiedlayer.com1539958690http://syf.nu/ (212.97.132.153) - Serp-hijackingAttacked url: http://syf.nu/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 19 Oct 2018 07:30:34 +0200<br><br>Visitors with referer are redirected to http://www.swogo.com/wp-content/uploads/Scan327.zip <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: syf.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>X-Powered-By: PHP/5.6.36 <br>X-Pingback: http://syf.nu/xmlrpc.php <br>Content-Type: text/html; charset=UTF-8 <br>Date: Fri, 19 Oct 2018 05:30:34 GMT <br>Accept-Ranges: bytes <br>Server: LiteSpeed <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: syf.nu <br>Referer: http://www.google.com/search?q=syf.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Fri, 19 Oct 2018 05:30:34 GMT <br>Accept-Ranges: bytes <br>Server: LiteSpeed <br>Location: http://www.swogo.com/wp-content/uploads/Scan327.zip <br>Connection: close<br><br>syf.nu is on 212.97.132.153<br>ASN for 212.97.132.153: 9120<br>Abusix contact information: abuse@surftown.com (information only)<br>212.97.132.153 corresponds with ws50.surf-town.net<br>Abuse.net has 2 reliable address(es) for surf-town.net<br>Found address(es): abuse@surf-town.net abuse@cohaesio.com1539958476http://dev.crescent.se/ (195.74.38.117) - Serp-hijackingAttacked url: http://dev.crescent.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 19 Oct 2018 05:32:10 +0200<br><br>Visitors with referer are redirected to http://www.cheapshop123.com/cheap1.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Fri, 19 Oct 2018 03:32:20 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=nlj94hpg0rdg1ojcg95a9ohhc4; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Referer: http://www.google.com/search?q=dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Fri, 19 Oct 2018 03:32:17 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=ikcno48e7pkdqb99671thbvjr0; path=/ <br>Location: http://www.cheapshop123.com/cheap1.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>dev.crescent.se is on 195.74.38.117<br>ASN for 195.74.38.117: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.117 corresponds with cl-17.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1539958170http://pvi.karolinanorstrom.se/ (52.58.78.16) - Serp-hijackingAttacked url: http://pvi.karolinanorstrom.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 18 Oct 2018 20:29:31 +0200<br><br>Visitors with referer are redirected to http://karolinanorstrom.se <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: pvi.karolinanorstrom.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 503 Service Temporarily Unavailable <br>Server: openresty/1.13.6.2 <br>Date: Thu, 18 Oct 2018 18:29:30 GMT <br>Content-Type: text/html <br>Content-Length: 219 <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: pvi.karolinanorstrom.se <br>Referer: http://www.google.com/search?q=pvi.karolinanorstrom.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: openresty/1.13.6.2 <br>Date: Thu, 18 Oct 2018 18:29:30 GMT <br>Content-Type: text/html; charset=utf-8 <br>Connection: close <br>X-Frame-Options: SAMEORIGIN <br>X-XSS-Protection: 1; mode=block <br>X-Content-Type-Options: nosniff <br>Location: http://karolinanorstrom.se <br>Cache-Control: no-cache <br>Set-Cookie: _undeveloped_session=VzYrcVl3ZXZMbkVkaUJhY0ZIcjU2ZlJQYXJ3MTNWVWgxVFNuZ1RNa0V1SEpyM1RJa0lyZjY1RHNIV2gvc3BTNDRLaktGNXBPT1hIWVNBYzdqa3dzRUkwZFg0Z29Bd09XMXRWalJpdFBSVmc9LS1FYzdCR0JHZE9KOU1yQnVhZ3p1bUJ3PT0%3D--9939c293e0dd7e2974d609d2e00c75cdd6de1ae0; path=/; HttpOnly <br>X-Request-Id: 3f365642-fba0-4c4e-9d33-e145c946c52b <br>X-Runtime: 0.003791<br><br>pvi.karolinanorstrom.se is on 52.58.78.16<br>ASN for 52.58.78.16: 16509<br>Abusix contact information: abuse@amazonaws.com (information only)<br>52.58.78.16 corresponds with ec2-52-58-78-16.eu-central-1.compute.amazonaws.com<br>Abuse.net has 1 reliable address(es) for amazonaws.com<br>Found address(es): abuse@amazonaws.com1539957414http://adventure-academy.se/ (192.185.85.61) - Serp-hijackingAttacked url: http://adventure-academy.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 18 Oct 2018 09:14:36 +0200<br><br>Visitors with referer are redirected to http://universalic.info/api/redirect?offerid=47&amp;sourceid=5197&amp;landingid=356&amp;subid_1=Alpha <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: adventure-academy.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx/1.14.0 <br>Date: Thu, 18 Oct 2018 07:14:47 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Pragma: no-cache <br>Expires: Wed, 11 Jan 1984 05:00:00 GMT <br>Cache-Control: no-cache, must-revalidate, max-age=0 <br>Set-Cookie: visits=1539846877; expires=Tue, 19-Jan-2038 03:14:07 GMT <br>Set-Cookie: PHPSESSID=7778a947c745ce9bcc78d1f1c319d047; path=/ <br>Location: http://www.adventure-academy.se/ <br>X-Endurance-Cache-Level: 2 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: adventure-academy.se <br>Referer: http://www.google.com/search?q=adventure-academy.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Server: nginx/1.14.0 <br>Date: Thu, 18 Oct 2018 07:14:36 GMT <br>Content-Type: text/html; charset=utf-8 <br>Connection: close <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>Set-Cookie: visits=1539846876; expires=Tue, 19-Jan-2038 03:14:07 GMT <br>Set-Cookie: PHPSESSID=3d2c04861147ba10966f301b4b0b541c; path=/ <br>Set-Cookie: e855537258ac5146b4895e5e719d4ab79dcbc0be=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE0XCI6MTUzOTg0Njg0MH0sXCJjYW1wYWlnbnNcIjp7XCIxXCI6MTUzOTg0Njg0MH0sXCJ0aW1lXCI6MTUzOTg0Njg0MH0ifQ.8TTCRZUdnNmgtcGoknyWNgVXpXNKTkhwJ7GB_o66L7E; expires=Fri, 19-Oct-2018 07:14:36 GMT; path=/; domain=.adventure-academy.se <br>Location: http://universalic.info/api/redirect?offerid=47&amp;sourceid=5197&amp;landingid=356&amp;subid_1=Alpha <br>X-Endurance-Cache-Level: 2<br><br>adventure-academy.se is on 192.185.85.61<br>ASN for 192.185.85.61: 20013<br>Abusix contact information: ipadmin@websitewelcome.com (information only)<br>192.185.85.61 corresponds with 192-185-85-61.unifiedlayer.com<br>Abuse.net has 1 reliable address(es) for unifiedlayer.com<br>Found address(es): abuse@unifiedlayer.com1539874159http://shineonyou.se/ (195.74.38.97) - Serp-hijackingAttacked url: http://shineonyou.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 17 Oct 2018 15:33:48 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Wed, 17 Oct 2018 13:34:00 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://shineonyou.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=ru46t9npbrv7ctq93a34hssho1; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Referer: http://www.google.com/search?q=shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Wed, 17 Oct 2018 13:33:45 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>shineonyou.se is on 195.74.38.97<br>ASN for 195.74.38.97: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.97 corresponds with cl-13.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1539862082http://zogg.se/ (93.188.2.52) - Serp-hijackingAttacked url: http://zogg.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 17 Oct 2018 12:06:36 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Wed, 17 Oct 2018 10:06:48 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Vary: Accept-Encoding,Cookie <br>Cache-Control: max-age=3, must-revalidate <br>WP-Super-Cache: Served supercache file from PHP <br>X-Loopia-Node: 172.22.223.70 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Wed, 17 Oct 2018 10:06:48 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.70<br><br>zogg.se is on 93.188.2.52<br>ASN for 93.188.2.52: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.52 corresponds with webfront2.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1539777527http://dev.crescent.se/ (195.74.38.117) - Serp-hijackingAttacked url: http://dev.crescent.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 16 Oct 2018 20:35:32 +0200<br><br>Visitors with referer are redirected to http://www.cheapshop123.com/cheap1.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 16 Oct 2018 18:35:42 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=tv0qkgri45gunms028d7810ul0; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Referer: http://www.google.com/search?q=dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 16 Oct 2018 18:35:40 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=l39sehn9vopg7i0v4med47n9p5; path=/ <br>Location: http://www.cheapshop123.com/cheap1.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>dev.crescent.se is on 195.74.38.117<br>ASN for 195.74.38.117: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.117 corresponds with cl-17.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1539777253http://aquelius.se/ (81.236.49.251) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://mtmoriahcogic.org/zk7qvbjh.php?id=14607427&quot;&gt;<br><br>Offensive url: http://mtmoriahcogic.org/zk7qvbjh.php?id=14607427<br>Url is blacklisted in Google Safe Browsing<br><br>aquelius.se is on 81.236.49.251<br>ASN for 81.236.49.251: 3301<br>Abusix contact information: abuse@telia.com (information only)<br>81.236.49.251 corresponds with lb-win.webhosting.telia.com<br>Abuse.net has 1 reliable address(es) for telia.com<br>Found address(es): abuse@telia.com1539601890http://shineonyou.se/ (195.74.38.97) - Serp-hijackingAttacked url: http://shineonyou.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Sun, 14 Oct 2018 22:40:47 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Sun, 14 Oct 2018 20:40:58 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://shineonyou.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=v1ep14d0u55uso5qi0leb1d4l6; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Referer: http://www.google.com/search?q=shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Sun, 14 Oct 2018 20:40:49 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>shineonyou.se is on 195.74.38.97<br>ASN for 195.74.38.97: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.97 corresponds with cl-13.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1539601543http://forlagetorda.se/ (93.188.2.53) - Serp-hijackingAttacked url: http://forlagetorda.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 12 Oct 2018 13:13:03 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: forlagetorda.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Fri, 12 Oct 2018 11:13:03 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Set-Cookie: PHPSESSID=a883643f8b8cfa53985a095bc8d8af15; path=/ <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://forlagetorda.se/xmlrpc.php <br>Link: &lt;http://forlagetorda.se/&gt;; rel=shortlink <br>X-Loopia-Node: 172.22.223.65 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: forlagetorda.se <br>Referer: http://www.google.com/search?q=forlagetorda.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Fri, 12 Oct 2018 11:13:02 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.65<br><br>forlagetorda.se is on 93.188.2.53<br>ASN for 93.188.2.53: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.53 corresponds with webfront3.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1539343603http://joopot.se/ (195.74.38.63) - Serp-hijackingAttacked url: http://joopot.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 12 Oct 2018 08:33:03 +0200<br><br>Visitors with referer are redirected to http://www.tatlitarifleri.tv/2670/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: joopot.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 403 Forbidden <br>Date: Fri, 12 Oct 2018 06:33:14 GMT <br>Server: Apache <br>Vary: accept-language,accept-charset <br>Accept-Ranges: bytes <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1 <br>Content-Language: en <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: joopot.se <br>Referer: http://www.google.com/search?q=joopot.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Fri, 12 Oct 2018 06:33:14 GMT <br>Server: Apache <br>Location: http://www.tatlitarifleri.tv/2670/ <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>joopot.se is on 195.74.38.63<br>ASN for 195.74.38.63: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.63 corresponds with cl-02.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1539343492http://dev.crescent.se/ (195.74.38.117) - Serp-hijackingAttacked url: http://dev.crescent.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 12 Oct 2018 00:09:07 +0200<br><br>Visitors with referer are redirected to http://www.cheapshop123.com/cheap1.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Thu, 11 Oct 2018 22:09:06 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=e27od8ktuehk5tto9pofsjr2j3; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Referer: http://www.google.com/search?q=dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Thu, 11 Oct 2018 22:09:01 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=ivt6ndag90r84qjfiurq550ic2; path=/ <br>Location: http://www.cheapshop123.com/cheap1.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>dev.crescent.se is on 195.74.38.117<br>ASN for 195.74.38.117: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.117 corresponds with cl-17.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1539343222http://pionbutiken.se/ (93.90.145.81) - Serp-hijackingAttacked url: http://pionbutiken.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 11 Oct 2018 19:53:07 +0200<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: pionbutiken.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 785 <br>Content-Type: text/html <br>ETag: &quot;&quot; <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDCARBTDQS=GFHFLKJDDCGHKJEKPEBKNABM; path=/ <br>X-Powered-By: ASP.NET <br>Date: Thu, 11 Oct 2018 17:53:18 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: pionbutiken.se <br>Referer: http://www.google.com/search?q=pionbutiken.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 150 <br>Content-Type: text/html <br>ETag: &quot;&quot; <br>Location: http://www.fapp.pw/app/se.php <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDCARBTDQS=FFHFLKJDADMFMEKINDNLGHJI; path=/ <br>X-Powered-By: ASP.NET <br>Date: Thu, 11 Oct 2018 17:53:18 GMT <br>Connection: close<br><br>pionbutiken.se is on 93.90.145.81<br>ASN for 93.90.145.81: 35041<br>Abusix contact information: abuse@levonline.com (information only)<br>93.90.145.81 corresponds with iis-01.crystone.se<br>Abuse.net has 2 reliable address(es) for crystone.se<br>Found address(es): abuse@crystone.se abuse@crystone.net1539343169http://brfakerholmen.se/ (195.74.38.130) - Serp-hijackingAttacked url: http://brfakerholmen.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 11 Oct 2018 15:12:34 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: brfakerholmen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Thu, 11 Oct 2018 13:12:45 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.38 <br>X-Pingback: http://www.brfakerholmen.se/xmlrpc.php <br>Location: http://www.brfakerholmen.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: brfakerholmen.se <br>Referer: http://www.google.com/search?q=brfakerholmen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Thu, 11 Oct 2018 13:12:35 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.38 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>brfakerholmen.se is on 195.74.38.130<br>ASN for 195.74.38.130: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.130 corresponds with cl-26.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1539343152http://shineonyou.se/ (195.74.38.97) - Serp-hijackingAttacked url: http://shineonyou.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 11 Oct 2018 13:17:14 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Thu, 11 Oct 2018 11:17:25 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://shineonyou.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=e9ddkk4jre9h4ucvmoglv93nf0; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Referer: http://www.google.com/search?q=shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Thu, 11 Oct 2018 11:17:14 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>shineonyou.se is on 195.74.38.97<br>ASN for 195.74.38.97: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.97 corresponds with cl-13.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1539260402http://zogg.se/ (93.188.2.52) - Serp-hijackingAttacked url: http://zogg.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 11 Oct 2018 12:30:32 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Thu, 11 Oct 2018 10:30:32 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Vary: Cookie <br>X-Pingback: http://zogg.se/xmlrpc.php <br>X-Loopia-Node: 172.22.223.70 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Thu, 11 Oct 2018 10:30:31 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.70<br><br>zogg.se is on 93.188.2.52<br>ASN for 93.188.2.52: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.52 corresponds with webfront2.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1539260379http://zogg.se/page/2/ (93.188.2.52) - Serp-hijackingAttacked url: http://zogg.se/page/2/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 10 Oct 2018 23:08:55 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Wed, 10 Oct 2018 21:09:07 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.36 <br>Vary: Cookie <br>X-Pingback: http://zogg.se/xmlrpc.php <br>X-Loopia-Node: 172.22.223.70 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Wed, 10 Oct 2018 21:09:05 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.36 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.70<br><br>zogg.se is on 93.188.2.52<br>ASN for 93.188.2.52: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.52 corresponds with webfront2.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1539260248http://studioolga.se/ (93.90.145.83) - Serp-hijackingAttacked url: http://studioolga.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 10 Oct 2018 17:22:25 +0200<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: studioolga.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 2940 <br>Content-Type: text/html <br>ETag: &quot;&quot; <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDCCQDTBTQ=COIFDDOCOLHNCKHMDBPDHIPP; path=/ <br>X-Powered-By: ASP.NET <br>Date: Wed, 10 Oct 2018 15:22:24 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: studioolga.se <br>Referer: http://www.google.com/search?q=studioolga.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 150 <br>Content-Type: text/html <br>ETag: &quot;&quot; <br>Location: http://www.fapp.pw/app/se.php <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDCCQDTBTQ=BOIFDDOCNHKMEEJIPNNLNFJJ; path=/ <br>X-Powered-By: ASP.NET <br>Date: Wed, 10 Oct 2018 15:22:24 GMT <br>Connection: close<br><br>studioolga.se is on 93.90.145.83<br>ASN for 93.90.145.83: 35041<br>Abusix contact information: abuse@levonline.com (information only)<br>rDNS not found for 93.90.145.83<br>Found address in whois: abuse@levonline.com1539260062http://brfakerholmen.se/ (195.74.38.130) - Serp-hijackingAttacked url: http://brfakerholmen.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 10 Oct 2018 14:55:27 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: brfakerholmen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Wed, 10 Oct 2018 12:55:38 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.38 <br>X-Pingback: http://www.brfakerholmen.se/xmlrpc.php <br>Location: http://www.brfakerholmen.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: brfakerholmen.se <br>Referer: http://www.google.com/search?q=brfakerholmen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Wed, 10 Oct 2018 12:55:25 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.38 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>brfakerholmen.se is on 195.74.38.130<br>ASN for 195.74.38.130: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.130 corresponds with cl-26.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1539259982http://shineonyou.se/ (195.74.38.97) - Serp-hijackingAttacked url: http://shineonyou.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 09 Oct 2018 08:43:18 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 09 Oct 2018 06:43:29 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://shineonyou.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=0sdeskqfgk1radccsecrp3e7s1; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Referer: http://www.google.com/search?q=shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Tue, 09 Oct 2018 06:43:06 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>shineonyou.se is on 195.74.38.97<br>ASN for 195.74.38.97: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.97 corresponds with cl-13.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1539070951