Säkrare hemsida med .sehttp://teamacriplan.se/ (194.68.38.41) - Serp-hijackingAttacked url: http://teamacriplan.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 20 Aug 2019 14:13:46 +0200<br><br>Visitors with referer are redirected to http://www.cheapsneakersshoes.com/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: teamacriplan.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Content-Length: 0 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.3.5 <br>X-Powered-By: ASP.NET <br>Date: Tue, 20 Aug 2019 12:13:45 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: teamacriplan.se <br>Referer: http://www.google.com/search?q=teamacriplan.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Content-Length: 157 <br>Content-Type: text/html; charset=UTF-8 <br>Location: http://www.cheapsneakersshoes.com/ <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.3.5 <br>X-Powered-By: ASP.NET <br>Date: Tue, 20 Aug 2019 12:13:45 GMT <br>Connection: close<br><br>teamacriplan.se is on 194.68.38.41<br>ASN for 194.68.38.41: 42708<br>Abusix contact information: abuse@glesys.se (information only)<br>rDNS not found for 194.68.38.41<br>Found address in whois: abuse@glesys.se1566386601http://acriplan.se/ (194.68.38.41) - Serp-hijackingAttacked url: http://acriplan.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 20 Aug 2019 13:24:13 +0200<br><br>Visitors with referer are redirected to http://www.cheapsneakersshoes.com/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: acriplan.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Content-Length: 0 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.3.5 <br>X-Powered-By: ASP.NET <br>Date: Tue, 20 Aug 2019 11:24:13 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: acriplan.se <br>Referer: http://www.google.com/search?q=acriplan.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Content-Length: 157 <br>Content-Type: text/html; charset=UTF-8 <br>Location: http://www.cheapsneakersshoes.com/ <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.3.5 <br>X-Powered-By: ASP.NET <br>Date: Tue, 20 Aug 2019 11:24:13 GMT <br>Connection: close<br><br>acriplan.se is on 194.68.38.41<br>ASN for 194.68.38.41: 42708<br>Abusix contact information: abuse@glesys.se (information only)<br>rDNS not found for 194.68.38.41<br>Found address in whois: abuse@glesys.se1566386581http://centrumkyrkansaffle.se/ (194.68.38.41) - Serp-hijackingAttacked url: http://centrumkyrkansaffle.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 31 Jul 2019 01:50:24 +0200<br><br>Visitors with referer are redirected to http://www.cheapsneakersshoes.com/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: centrumkyrkansaffle.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Content-Length: 0 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.3.5 <br>X-Powered-By: ASP.NET <br>Date: Tue, 30 Jul 2019 23:50:24 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: centrumkyrkansaffle.se <br>Referer: http://www.google.com/search?q=centrumkyrkansaffle.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Content-Length: 157 <br>Content-Type: text/html; charset=UTF-8 <br>Location: http://www.cheapsneakersshoes.com/ <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.3.5 <br>X-Powered-By: ASP.NET <br>Date: Tue, 30 Jul 2019 23:50:24 GMT <br>Connection: close<br><br>centrumkyrkansaffle.se is on 194.68.38.41<br>ASN for 194.68.38.41: 42708<br>Abusix contact information: abuse@glesys.se (information only)<br>rDNS not found for 194.68.38.41<br>Found address in whois: abuse@glesys.se1564583453http://kajneta.se/ (194.68.38.41) - Serp-hijackingAttacked url: http://kajneta.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 31 Jul 2019 00:19:18 +0200<br><br>Visitors with referer are redirected to http://www.asneakershoes.com/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: kajneta.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Content-Length: 0 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.3.5 <br>X-Powered-By: ASP.NET <br>Date: Tue, 30 Jul 2019 22:19:17 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: kajneta.se <br>Referer: http://www.google.com/search?q=kajneta.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Content-Length: 152 <br>Content-Type: text/html; charset=UTF-8 <br>Location: http://www.asneakershoes.com/ <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.3.5 <br>X-Powered-By: ASP.NET <br>Date: Tue, 30 Jul 2019 22:19:17 GMT <br>Connection: close<br><br>kajneta.se is on 194.68.38.41<br>ASN for 194.68.38.41: 42708<br>Abusix contact information: abuse@glesys.se (information only)<br>rDNS not found for 194.68.38.41<br>Found address in whois: abuse@glesys.se1564582736http://nioelva.se/ (81.93.152.111) - Serp-hijackingAttacked url: http://nioelva.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 30 Jul 2019 22:38:40 +0200<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: nioelva.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 3886 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSSRBDCAD=MJBMFOMDKJMFNLHLKHMJKGKK; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 30 Jul 2019 20:38:36 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: nioelva.se <br>Referer: http://www.google.com/search?q=nioelva.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 150 <br>Content-Type: text/html <br>Location: http://www.fapp.pw/app/se.php <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSSRBDCAD=LJBMFOMDOLCJBABDPFAANPGO; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 30 Jul 2019 20:38:34 GMT <br>Connection: close<br><br>nioelva.se is on 81.93.152.111<br>ASN for 81.93.152.111: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>81.93.152.111 corresponds with wsp01.web.pin.se<br>Abuse.net does not have any reliable address for wsp01.web.pin.se<br>Found address in whois: abuse@pin.se1564582369http://vitavidder.se/ (194.68.38.41) - Serp-hijackingAttacked url: http://vitavidder.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 30 Jul 2019 21:49:14 +0200<br><br>Visitors with referer are redirected to http://www.cheapsneakersshoes.com/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vitavidder.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Content-Length: 0 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.3.5 <br>X-Powered-By: ASP.NET <br>Date: Tue, 30 Jul 2019 19:49:14 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vitavidder.se <br>Referer: http://www.google.com/search?q=vitavidder.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Content-Length: 157 <br>Content-Type: text/html; charset=UTF-8 <br>Location: http://www.cheapsneakersshoes.com/ <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.3.5 <br>X-Powered-By: ASP.NET <br>Date: Tue, 30 Jul 2019 19:49:14 GMT <br>Connection: close<br><br>vitavidder.se is on 194.68.38.41<br>ASN for 194.68.38.41: 42708<br>Abusix contact information: abuse@glesys.se (information only)<br>rDNS not found for 194.68.38.41<br>Found address in whois: abuse@glesys.se1564579353http://vaffeldagen.se/ (89.221.250.22) - Serp-hijackingAttacked url: http://vaffeldagen.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 30 Jul 2019 20:49:05 +0200<br><br>Visitors with referer are redirected to http://jindalo.ru:8080/forum/links/public_version.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeldagen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 30 Jul 2019 18:49:05 GMT <br>Server: Apache <br>Last-Modified: Wed, 11 May 2011 09:58:07 GMT <br>ETag: &quot;2fc26e7-90c-4a2fd1bff89c0&quot; <br>Accept-Ranges: bytes <br>Content-Length: 2316 <br>Vary: Accept-Encoding <br>Connection: close <br>Content-Type: text/html <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeldagen.se <br>Referer: http://www.google.com/search?q=vaffeldagen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Tue, 30 Jul 2019 18:49:05 GMT <br>Server: Apache <br>Location: http://jindalo.ru:8080/forum/links/public_version.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>vaffeldagen.se is on 89.221.250.22<br>ASN for 89.221.250.22: 1257<br>89.221.250.22 manually set to use abuse@aname.net1564579304http://htstradgardsservice.se/ (194.68.38.41) - Serp-hijackingAttacked url: http://htstradgardsservice.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 30 Jul 2019 19:59:50 +0200<br><br>Visitors with referer are redirected to http://www.yeezyboostonline.store/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: htstradgardsservice.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Content-Length: 0 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.3.5 <br>X-Powered-By: ASP.NET <br>Date: Tue, 30 Jul 2019 17:59:50 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: htstradgardsservice.se <br>Referer: http://www.google.com/search?q=htstradgardsservice.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Content-Length: 157 <br>Content-Type: text/html; charset=UTF-8 <br>Location: http://www.yeezyboostonline.store/ <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.3.5 <br>X-Powered-By: ASP.NET <br>Date: Tue, 30 Jul 2019 17:59:50 GMT <br>Connection: close<br><br>htstradgardsservice.se is on 194.68.38.41<br>ASN for 194.68.38.41: 42708<br>Abusix contact information: abuse@glesys.se (information only)<br>rDNS not found for 194.68.38.41<br>Found address in whois: abuse@glesys.se1564576865http://aktivnaprapati.nu/ (194.68.38.41) - Serp-hijackingAttacked url: http://aktivnaprapati.nu/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 29 Jul 2019 14:06:46 +0200<br><br>Visitors with referer are redirected to http://www.asneakershoes.com/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: aktivnaprapati.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Content-Length: 0 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.3.5 <br>X-Powered-By: ASP.NET <br>Date: Mon, 29 Jul 2019 12:06:46 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: aktivnaprapati.nu <br>Referer: http://www.google.com/search?q=aktivnaprapati.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Content-Length: 152 <br>Content-Type: text/html; charset=UTF-8 <br>Location: http://www.asneakershoes.com/ <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.3.5 <br>X-Powered-By: ASP.NET <br>Date: Mon, 29 Jul 2019 12:06:46 GMT <br>Connection: close<br><br>aktivnaprapati.nu is on 194.68.38.41<br>ASN for 194.68.38.41: 42708<br>Abusix contact information: abuse@glesys.se (information only)<br>rDNS not found for 194.68.38.41<br>Found address in whois: abuse@glesys.se1564488057http://acriplan.se/ (194.68.38.41) - Serp-hijackingAttacked url: http://acriplan.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 25 Jul 2019 10:14:11 +0200<br><br>Visitors with referer are redirected to http://www.nikecheapbasketball.com/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: acriplan.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Content-Length: 0 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.3.5 <br>X-Powered-By: ASP.NET <br>Date: Thu, 25 Jul 2019 08:14:11 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: acriplan.se <br>Referer: http://www.google.com/search?q=acriplan.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Content-Length: 158 <br>Content-Type: text/html; charset=UTF-8 <br>Location: http://www.nikecheapbasketball.com/ <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.3.5 <br>X-Powered-By: ASP.NET <br>Date: Thu, 25 Jul 2019 08:14:11 GMT <br>Connection: close<br><br>acriplan.se is on 194.68.38.41<br>ASN for 194.68.38.41: 42708<br>Abusix contact information: abuse@glesys.se (information only)<br>rDNS not found for 194.68.38.41<br>Found address in whois: abuse@glesys.se1564061971http://osterbydack.se/ (194.68.38.41) - Serp-hijackingAttacked url: http://osterbydack.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 24 Jul 2019 17:54:05 +0200<br><br>Visitors with referer are redirected to http://www.yeezyboostonline.store/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: osterbydack.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Content-Length: 0 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.3.5 <br>X-Powered-By: ASP.NET <br>Date: Wed, 24 Jul 2019 15:54:04 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: osterbydack.se <br>Referer: http://www.google.com/search?q=osterbydack.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Content-Length: 157 <br>Content-Type: text/html; charset=UTF-8 <br>Location: http://www.yeezyboostonline.store/ <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.3.5 <br>X-Powered-By: ASP.NET <br>Date: Wed, 24 Jul 2019 15:54:04 GMT <br>Connection: close<br><br>osterbydack.se is on 194.68.38.41<br>ASN for 194.68.38.41: 42708<br>Abusix contact information: abuse@glesys.se (information only)<br>rDNS not found for 194.68.38.41<br>Found address in whois: abuse@glesys.se1564061739http://bl-products.se/ (91.189.45.80) - Serp-hijackingAttacked url: http://bl-products.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 22 Jul 2019 16:56:19 +0200<br><br>Visitors with referer are redirected to http://www.yeezyboostonline.store/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: bl-products.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Content-Length: 0 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.4.45 <br>X-Powered-By: ASP.NET <br>Date: Mon, 22 Jul 2019 14:56:18 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: bl-products.se <br>Referer: http://www.google.com/search?q=bl-products.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Content-Length: 157 <br>Content-Type: text/html; charset=UTF-8 <br>Location: http://www.yeezyboostonline.store/ <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.4.45 <br>X-Powered-By: ASP.NET <br>Date: Mon, 22 Jul 2019 14:56:18 GMT <br>Connection: close<br><br>bl-products.se is on 91.189.45.80<br>ASN for 91.189.45.80: 29024<br>Abusix contact information: abuse@ballou.se (information only)<br>91.189.45.80 corresponds with ns1.wrhs.se<br>Abuse.net does not have any reliable address for ns1.wrhs.se<br>Found address in whois: abuse@ballou.se1563889227http://norrkopingshus007.se/ (91.189.45.80) - Serp-hijackingAttacked url: http://norrkopingshus007.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 22 Jul 2019 16:38:43 +0200<br><br>Visitors with referer are redirected to http://www.yeezyboostonline.store/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: norrkopingshus007.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Content-Length: 0 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.4.45 <br>X-Powered-By: ASP.NET <br>Date: Mon, 22 Jul 2019 14:38:42 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: norrkopingshus007.se <br>Referer: http://www.google.com/search?q=norrkopingshus007.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Content-Length: 157 <br>Content-Type: text/html; charset=UTF-8 <br>Location: http://www.yeezyboostonline.store/ <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.4.45 <br>X-Powered-By: ASP.NET <br>Date: Mon, 22 Jul 2019 14:38:40 GMT <br>Connection: close<br><br>norrkopingshus007.se is on 91.189.45.80<br>ASN for 91.189.45.80: 29024<br>Abusix contact information: abuse@ballou.se (information only)<br>91.189.45.80 corresponds with ns1.wrhs.se<br>Abuse.net does not have any reliable address for ns1.wrhs.se<br>Found address in whois: abuse@ballou.se1563889194http://fogelbergs.se/ (91.189.45.80) - Serp-hijackingAttacked url: http://fogelbergs.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 22 Jul 2019 16:07:58 +0200<br><br>Visitors with referer are redirected to http://www.yeezyboostonline.store/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: fogelbergs.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Content-Length: 0 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.4.45 <br>X-Powered-By: ASP.NET <br>Date: Mon, 22 Jul 2019 14:07:57 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: fogelbergs.se <br>Referer: http://www.google.com/search?q=fogelbergs.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Content-Length: 157 <br>Content-Type: text/html; charset=UTF-8 <br>Location: http://www.yeezyboostonline.store/ <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.4.45 <br>X-Powered-By: ASP.NET <br>Date: Mon, 22 Jul 2019 14:07:57 GMT <br>Connection: close<br><br>fogelbergs.se is on 91.189.45.80<br>ASN for 91.189.45.80: 29024<br>Abusix contact information: abuse@ballou.se (information only)<br>91.189.45.80 corresponds with ns1.wrhs.se<br>Abuse.net does not have any reliable address for ns1.wrhs.se<br>Found address in whois: abuse@ballou.se1563889136http://houseofbeauty.se/ (91.189.45.80) - Serp-hijackingAttacked url: http://houseofbeauty.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 22 Jul 2019 10:01:30 +0200<br><br>Visitors with referer are redirected to http://www.yeezyboostonline.store/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: houseofbeauty.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Content-Length: 0 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.4.45 <br>X-Powered-By: ASP.NET <br>Date: Mon, 22 Jul 2019 08:01:29 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: houseofbeauty.se <br>Referer: http://www.google.com/search?q=houseofbeauty.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Content-Length: 157 <br>Content-Type: text/html; charset=UTF-8 <br>Location: http://www.yeezyboostonline.store/ <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.4.45 <br>X-Powered-By: ASP.NET <br>Date: Mon, 22 Jul 2019 08:01:28 GMT <br>Connection: close<br><br>houseofbeauty.se is on 91.189.45.80<br>ASN for 91.189.45.80: 29024<br>Abusix contact information: abuse@ballou.se (information only)<br>91.189.45.80 corresponds with ns1.wrhs.se<br>Abuse.net does not have any reliable address for ns1.wrhs.se<br>Found address in whois: abuse@ballou.se1563788535http://skaleriet.se/ (91.189.45.80) - Serp-hijackingAttacked url: http://skaleriet.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 22 Jul 2019 07:25:56 +0200<br><br>Visitors with referer are redirected to http://www.yeezyboostonline.store/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: skaleriet.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Content-Length: 0 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.4.45 <br>X-Powered-By: ASP.NET <br>Date: Mon, 22 Jul 2019 05:25:55 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: skaleriet.se <br>Referer: http://www.google.com/search?q=skaleriet.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Content-Length: 157 <br>Content-Type: text/html; charset=UTF-8 <br>Location: http://www.yeezyboostonline.store/ <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.4.45 <br>X-Powered-By: ASP.NET <br>Date: Mon, 22 Jul 2019 05:25:55 GMT <br>Connection: close<br><br>skaleriet.se is on 91.189.45.80<br>ASN for 91.189.45.80: 29024<br>Abusix contact information: abuse@ballou.se (information only)<br>91.189.45.80 corresponds with ns1.wrhs.se<br>Abuse.net does not have any reliable address for ns1.wrhs.se<br>Found address in whois: abuse@ballou.se1563788374http://nrk-ror.se/ (91.189.45.80) - Serp-hijackingAttacked url: http://nrk-ror.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Sun, 21 Jul 2019 20:16:34 +0200<br><br>Visitors with referer are redirected to http://www.yeezyboostonline.store/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: nrk-ror.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Content-Length: 0 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.4.45 <br>X-Powered-By: ASP.NET <br>Date: Sun, 21 Jul 2019 18:16:28 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: nrk-ror.se <br>Referer: http://www.google.com/search?q=nrk-ror.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Content-Length: 157 <br>Content-Type: text/html; charset=UTF-8 <br>Location: http://www.yeezyboostonline.store/ <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.4.45 <br>X-Powered-By: ASP.NET <br>Date: Sun, 21 Jul 2019 18:16:28 GMT <br>Connection: close<br><br>nrk-ror.se is on 91.189.45.80<br>ASN for 91.189.45.80: 29024<br>Abusix contact information: abuse@ballou.se (information only)<br>91.189.45.80 corresponds with ns1.wrhs.se<br>Abuse.net does not have any reliable address for ns1.wrhs.se<br>Found address in whois: abuse@ballou.se1563788178http://rogerperssonbil.se/ (91.189.45.80) - Serp-hijackingAttacked url: http://rogerperssonbil.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Sun, 21 Jul 2019 18:47:57 +0200<br><br>Visitors with referer are redirected to http://www.yeezyboostonline.store/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: rogerperssonbil.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Content-Length: 0 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.4.45 <br>X-Powered-By: ASP.NET <br>Date: Sun, 21 Jul 2019 16:47:51 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: rogerperssonbil.se <br>Referer: http://www.google.com/search?q=rogerperssonbil.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Content-Length: 157 <br>Content-Type: text/html; charset=UTF-8 <br>Location: http://www.yeezyboostonline.store/ <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.4.45 <br>X-Powered-By: ASP.NET <br>Date: Sun, 21 Jul 2019 16:47:51 GMT <br>Connection: close<br><br>rogerperssonbil.se is on 91.189.45.80<br>ASN for 91.189.45.80: 29024<br>Abusix contact information: abuse@ballou.se (information only)<br>91.189.45.80 corresponds with ns1.wrhs.se<br>Abuse.net does not have any reliable address for ns1.wrhs.se<br>Found address in whois: abuse@ballou.se1563788168http://gunillahjelte.se/ (91.189.45.80) - Serp-hijackingAttacked url: http://gunillahjelte.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Sun, 21 Jul 2019 18:25:15 +0200<br><br>Visitors with referer are redirected to http://www.yeezyboostonline.store/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: gunillahjelte.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Content-Length: 0 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.4.45 <br>X-Powered-By: ASP.NET <br>Date: Sun, 21 Jul 2019 16:25:10 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: gunillahjelte.se <br>Referer: http://www.google.com/search?q=gunillahjelte.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Content-Length: 157 <br>Content-Type: text/html; charset=UTF-8 <br>Location: http://www.yeezyboostonline.store/ <br>Server: Microsoft-IIS/7.5 <br>X-Powered-By: PHP/5.4.45 <br>X-Powered-By: ASP.NET <br>Date: Sun, 21 Jul 2019 16:25:10 GMT <br>Connection: close<br><br>gunillahjelte.se is on 91.189.45.80<br>ASN for 91.189.45.80: 29024<br>Abusix contact information: abuse@ballou.se (information only)<br>91.189.45.80 corresponds with ns1.wrhs.se<br>Abuse.net does not have any reliable address for ns1.wrhs.se<br>Found address in whois: abuse@ballou.se1563788114http://rickyrou.se/ (217.70.184.38) - Serp-hijackingAttacked url: http://rickyrou.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 18 Jul 2019 17:05:29 +0200<br><br>Visitors with referer are redirected to http://www.selfmadehero.com/title.php?isbn=9781906838829&amp;edition_id=254 <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: rickyrou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 502 Bad Gateway <br>Server: nginx <br>Date: Thu, 18 Jul 2019 15:05:29 GMT <br>Content-Type: text/html <br>Content-Length: 166 <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: rickyrou.se <br>Referer: http://www.google.com/search?q=rickyrou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx <br>Date: Thu, 18 Jul 2019 15:05:29 GMT <br>Content-Type: text/html <br>Connection: close <br>Location: http://www.selfmadehero.com/title.php?isbn=9781906838829&amp;edition_id=254 <br>Cache-Control: max-age=10800 <br>Vary: Accept-Language<br><br>rickyrou.se is on 217.70.184.38<br>ASN for 217.70.184.38: 29169<br>Abusix contact information: abuse@gandi.net (information only)<br>217.70.184.38 corresponds with webredir.vip.gandi.net<br>Abuse.net has 1 reliable address(es) for gandi.net<br>Found address(es): abuse@gandi.net1563544901http://pilgrimstid.nu/ (81.27.47.157) - Serp-hijackingAttacked url: http://pilgrimstid.nu/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 15 Jul 2019 15:08:34 +0200<br><br>Visitors with referer are redirected to http://www.sneakerses.com <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: pilgrimstid.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 30158 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSSBCBRBD=PKJHGNDCFNMPHOGGCGAEGPGC; path=/ <br>X-Powered-By: ASP.NET <br>Date: Mon, 15 Jul 2019 13:08:35 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: pilgrimstid.nu <br>Referer: http://www.google.com/search?q=pilgrimstid.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 146 <br>Content-Type: text/html <br>Location: http://www.sneakerses.com <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSSBCBRBD=OKJHGNDCFKOOAGBGOPIJJBEM; path=/ <br>X-Powered-By: ASP.NET <br>Date: Mon, 15 Jul 2019 13:08:33 GMT <br>Connection: close<br><br>pilgrimstid.nu is on 81.27.47.157<br>ASN for 81.27.47.157: 29486<br>Abusix contact information: abuse@webhuset.no (information only)<br>rDNS not found for 81.27.47.157<br>Found address in whois: abuse@webhuset.no1563279712http://dev.crescent.se/ (195.74.38.117) - Serp-hijackingAttacked url: http://dev.crescent.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 19 Jun 2019 17:20:24 +0200<br><br>Visitors with referer are redirected to http://www.cheapshop123.com/cheap1.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Wed, 19 Jun 2019 15:20:20 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=taq83951n2ese6h934e7dnkt44; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Referer: http://www.google.com/search?q=dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 19 Jun 2019 15:20:08 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=8bn07euat1hcji7n6ro9dk4i60; path=/ <br>Location: http://www.cheapshop123.com/cheap1.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>dev.crescent.se is on 195.74.38.117<br>ASN for 195.74.38.117: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.117 corresponds with cl-17.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1561039178http://dev.crescent.se/ (195.74.38.117) - Serp-hijackingAttacked url: http://dev.crescent.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Sun, 16 Jun 2019 18:15:51 +0200<br><br>Visitors with referer are redirected to http://www.cheapshop123.com/cheap1.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Sun, 16 Jun 2019 16:15:49 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=3enjb03iafq1o8ti94tlvrahe1; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Referer: http://www.google.com/search?q=dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Sun, 16 Jun 2019 16:15:47 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=bbv87igtn5oirtifr9c2cb8415; path=/ <br>Location: http://www.cheapshop123.com/cheap1.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>dev.crescent.se is on 195.74.38.117<br>ASN for 195.74.38.117: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.117 corresponds with cl-17.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1560783231http://sitevisibility.se/ (184.168.131.241) - Serp-hijackingAttacked url: http://sitevisibility.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 13 Jun 2019 18:26:19 +0200<br><br>Visitors with referer are redirected to http://sitevisibility.co.uk <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: sitevisibility.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 502 Bad Gateway <br>Server: nginx/1.12.2 <br>Date: Thu, 13 Jun 2019 16:26:19 GMT <br>Content-Type: text/html <br>Content-Length: 173 <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: sitevisibility.se <br>Referer: http://www.google.com/search?q=sitevisibility.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx/1.12.2 <br>Date: Thu, 13 Jun 2019 16:26:19 GMT <br>Content-Type: text/html; charset=utf-8 <br>Connection: close <br>Location: http://sitevisibility.co.uk<br><br>sitevisibility.se is on 184.168.131.241<br>ASN for 184.168.131.241: 26496<br>Abusix contact information: abuse@godaddy.com (information only)<br>184.168.131.241 corresponds with ip-184-168-131-241.ip.secureserver.net<br>Abuse.net has 2 reliable address(es) for secureserver.net<br>Found address(es): abuse@godaddy.com abuse@secureserver.net1560513954http://vaffeldagen.se/ (89.221.250.22) - Serp-hijackingAttacked url: http://vaffeldagen.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 12 Jun 2019 01:52:26 +0200<br><br>Visitors with referer are redirected to http://jindalo.ru:8080/forum/links/public_version.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeldagen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 11 Jun 2019 23:52:26 GMT <br>Server: Apache <br>Last-Modified: Wed, 11 May 2011 09:58:07 GMT <br>ETag: &quot;2fc26e7-90c-4a2fd1bff89c0&quot; <br>Accept-Ranges: bytes <br>Content-Length: 2316 <br>Vary: Accept-Encoding <br>Connection: close <br>Content-Type: text/html <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeldagen.se <br>Referer: http://www.google.com/search?q=vaffeldagen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Tue, 11 Jun 2019 23:52:26 GMT <br>Server: Apache <br>Location: http://jindalo.ru:8080/forum/links/public_version.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>vaffeldagen.se is on 89.221.250.22<br>ASN for 89.221.250.22: 1257<br>89.221.250.22 manually set to use abuse@aname.net1560334770http://exceltips.se/ (89.221.250.113) - Serp-hijackingAttacked url: http://exceltips.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 11 Jun 2019 17:44:01 +0200<br><br>Visitors with referer are redirected to http://fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: exceltips.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 18609 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.0 <br>Set-Cookie: ASPSESSIONIDSATRRCSR=GPHJPPNDIIFIEKHGOOFNHLFM; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 11 Jun 2019 15:42:44 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: exceltips.se <br>Referer: http://www.google.com/search?q=exceltips.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Redirect <br>Content-Length: 148 <br>Content-Type: text/html; charset=UTF-8 <br>Location: http://fapp.pw/app/se.php <br>Server: Microsoft-IIS/7.0 <br>X-Powered-By: ASP.NET <br>Date: Tue, 11 Jun 2019 15:42:44 GMT <br>Connection: close<br><br>exceltips.se is on 89.221.250.113<br>ASN for 89.221.250.113: 1257<br>89.221.250.113 manually set to use abuse@aname.net1560333455http://vaffeljarn.se/ (89.221.250.22) - Serp-hijackingAttacked url: http://vaffeljarn.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 11 Jun 2019 14:35:28 +0200<br><br>Visitors with referer are redirected to http://jindalo.ru:8080/forum/links/public_version.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeljarn.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 11 Jun 2019 12:35:28 GMT <br>Server: Apache <br>Last-Modified: Wed, 11 May 2011 09:58:07 GMT <br>ETag: &quot;2fc26e7-90c-4a2fd1bff89c0&quot; <br>Accept-Ranges: bytes <br>Content-Length: 2316 <br>Vary: Accept-Encoding <br>Connection: close <br>Content-Type: text/html <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeljarn.se <br>Referer: http://www.google.com/search?q=vaffeljarn.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Tue, 11 Jun 2019 12:35:28 GMT <br>Server: Apache <br>Location: http://jindalo.ru:8080/forum/links/public_version.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>vaffeljarn.se is on 89.221.250.22<br>ASN for 89.221.250.22: 1257<br>89.221.250.22 manually set to use abuse@aname.net1560332913http://kinaskakor.se/ (89.221.250.111) - Serp-hijackingAttacked url: http://kinaskakor.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Sun, 09 Jun 2019 16:00:41 +0200<br><br>Visitors with referer are redirected to http://ajax.auowen.com/libs/jquery.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: kinaskakor.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 11412 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.0 <br>Set-Cookie: ASPSESSIONIDSSBRCCDR=BODPFIICAKPBAGGMBDBPCMMI; path=/ <br>X-Powered-By: ASP.NET <br>Date: Sun, 09 Jun 2019 13:59:27 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: kinaskakor.se <br>Referer: http://www.google.com/search?q=kinaskakor.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 159 <br>Content-Type: text/html <br>Location: http://ajax.auowen.com/libs/jquery.php <br>Server: Microsoft-IIS/7.0 <br>Set-Cookie: ASPSESSIONIDSSBRCCDR=AODPFIICBJMFCHKOIBBEHPGD; path=/ <br>X-Powered-By: ASP.NET <br>Date: Sun, 09 Jun 2019 13:59:27 GMT <br>Connection: close<br><br>kinaskakor.se is on 89.221.250.111<br>ASN for 89.221.250.111: 1257<br>89.221.250.111 manually set to use abuse@aname.net1560168052http://vaffeldagen.se/ (89.221.250.22) - Serp-hijackingAttacked url: http://vaffeldagen.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 04 Jun 2019 16:22:56 +0200<br><br>Visitors with referer are redirected to http://jindalo.ru:8080/forum/links/public_version.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeldagen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 04 Jun 2019 14:22:56 GMT <br>Server: Apache <br>Last-Modified: Wed, 11 May 2011 09:58:07 GMT <br>ETag: &quot;2fc26e7-90c-4a2fd1bff89c0&quot; <br>Accept-Ranges: bytes <br>Content-Length: 2316 <br>Vary: Accept-Encoding <br>Connection: close <br>Content-Type: text/html <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeldagen.se <br>Referer: http://www.google.com/search?q=vaffeldagen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Tue, 04 Jun 2019 14:22:56 GMT <br>Server: Apache <br>Location: http://jindalo.ru:8080/forum/links/public_version.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>vaffeldagen.se is on 89.221.250.22<br>ASN for 89.221.250.22: 1257<br>89.221.250.22 manually set to use abuse@aname.net1559743397http://dev.crescent.se/ (195.74.38.117) - Serp-hijackingAttacked url: http://dev.crescent.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 23 May 2019 16:43:19 +0200<br><br>Visitors with referer are redirected to http://www.cheapshop123.com/cheap1.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Thu, 23 May 2019 14:43:18 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=efuf9n0i7mpg1l9toj39691ua7; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Referer: http://www.google.com/search?q=dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Thu, 23 May 2019 14:43:13 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=7h1l5kj1pvji2tbbn95ism55t3; path=/ <br>Location: http://www.cheapshop123.com/cheap1.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>dev.crescent.se is on 195.74.38.117<br>ASN for 195.74.38.117: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.117 corresponds with cl-17.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1558699284http://nioelva.se/ (81.93.152.111) - Serp-hijackingAttacked url: http://nioelva.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 14 May 2019 17:59:29 +0200<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: nioelva.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 3886 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDCSRQSTAD=OBLIMLABEOKGNKNIDAIJCLAN; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 14 May 2019 15:59:27 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: nioelva.se <br>Referer: http://www.google.com/search?q=nioelva.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 150 <br>Content-Type: text/html <br>Location: http://www.fapp.pw/app/se.php <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDCSRQSTAD=NBLIMLABEPCNLNCHHBFOCHLG; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 14 May 2019 15:59:27 GMT <br>Connection: close<br><br>nioelva.se is on 81.93.152.111<br>ASN for 81.93.152.111: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>81.93.152.111 corresponds with wsp01.web.pin.se<br>Abuse.net does not have any reliable address for wsp01.web.pin.se<br>Found address in whois: abuse@pin.se1557920720http://dev.crescent.se/ (195.74.38.117) - Serp-hijackingAttacked url: http://dev.crescent.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 14 May 2019 01:07:08 +0200<br><br>Visitors with referer are redirected to http://www.cheapshop123.com/cheap1.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Mon, 13 May 2019 23:07:07 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=ohbqbk916d3gf7dq96qn4dh8f0; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Referer: http://www.google.com/search?q=dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 13 May 2019 23:07:03 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=1181ughkpk74g8bmbkt9530si7; path=/ <br>Location: http://www.cheapshop123.com/cheap1.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>dev.crescent.se is on 195.74.38.117<br>ASN for 195.74.38.117: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.117 corresponds with cl-17.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1557839580http://webbexperterna.nu/ (81.95.105.73) - Serp-hijackingAttacked url: http://webbexperterna.nu/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 14 May 2019 00:41:42 +0200<br><br>Visitors with referer are redirected to http://ajax.auowen.com/libs/jquery.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: webbexperterna.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 164 <br>Content-Type: text/html <br>Location: http://www.webbexperterna.se/sv/start.shtml <br>Server: Microsoft-IIS/10.0 <br>Set-Cookie: ASPSESSIONIDQCBARCCB=HCEDFJPAFJCGCKDNPLAFHKNO; path=/ <br>Date: Mon, 13 May 2019 22:41:42 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: webbexperterna.nu <br>Referer: http://www.google.com/search?q=webbexperterna.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 159 <br>Content-Type: text/html <br>Location: http://ajax.auowen.com/libs/jquery.php <br>Server: Microsoft-IIS/10.0 <br>Set-Cookie: ASPSESSIONIDQCBARCCB=GCEDFJPAHODNHIMBELJPOGNI; path=/ <br>Date: Mon, 13 May 2019 22:41:42 GMT <br>Connection: close<br><br>webbexperterna.nu is on 81.95.105.73<br>ASN for 81.95.105.73: 25234<br>Abusix contact information: abuse@active24.cz (information only)<br>81.95.105.73 corresponds with iis107.windows.loopia.com<br>Abuse.net does not have any reliable address for iis107.windows.loopia.com<br>Found address in whois: abuse@active24.cz1557838677http://balsjomaskin.se/ (81.95.105.71) - Serp-hijackingAttacked url: http://balsjomaskin.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 10 May 2019 02:40:49 +0200<br><br>Visitors with referer are redirected to http://www.serverjump.com/jump.aspx?jumpid=0sichm <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: balsjomaskin.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 16712 <br>Content-Type: text/html <br>Server: Microsoft-IIS/10.0 <br>Set-Cookie: unikTry=bes%F6k; expires=Sun, 09-Jun-2019 22:00:00 GMT; path=/ <br>Set-Cookie: ASPSESSIONIDAAACASQQ=ECNHEEGCMKKDILKEECOKAOJL; path=/ <br>Date: Fri, 10 May 2019 00:40:49 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: balsjomaskin.se <br>Referer: http://www.google.com/search?q=balsjomaskin.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Content-Length: 172 <br>Content-Type: text/html; charset=UTF-8 <br>Location: http://www.serverjump.com/jump.aspx?jumpid=0sichm <br>Server: Microsoft-IIS/10.0 <br>Date: Fri, 10 May 2019 00:40:47 GMT <br>Connection: close<br><br>balsjomaskin.se is on 81.95.105.71<br>ASN for 81.95.105.71: 25234<br>Abusix contact information: abuse@active24.cz (information only)<br>81.95.105.71 corresponds with iis105.windows.loopia.com<br>Abuse.net does not have any reliable address for iis105.windows.loopia.com<br>Found address in whois: abuse@active24.cz1557492212http://dev.crescent.se/ (195.74.38.117) - Serp-hijackingAttacked url: http://dev.crescent.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 09 May 2019 15:05:48 +0200<br><br>Visitors with referer are redirected to http://www.cheapshop123.com/cheap1.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Thu, 09 May 2019 13:05:47 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=vs0rpar2v367ucok289fi7mbv0; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Referer: http://www.google.com/search?q=dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Thu, 09 May 2019 13:05:43 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=3ifn0423s3eri48rir7kb9ad02; path=/ <br>Location: http://www.cheapshop123.com/cheap1.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>dev.crescent.se is on 195.74.38.117<br>ASN for 195.74.38.117: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.117 corresponds with cl-17.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1557489992http://webbwebb.nu/ (193.42.159.250) - Serp-hijackingAttacked url: http://webbwebb.nu/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 02 May 2019 16:52:39 +0200<br><br>Visitors with referer are redirected to http://146.66.237.76 <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: webbwebb.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 502 Bad Gateway <br>Server: nginx <br>Date: Thu, 02 May 2019 14:52:39 GMT <br>Content-Type: text/html <br>Content-Length: 133 <br>Connection: close <br>ETag: &quot;59fb37dd-85&quot; <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: webbwebb.nu <br>Referer: http://www.google.com/search?q=webbwebb.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Thu, 02 May 2019 14:51:40 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Location: http://146.66.237.76<br><br>webbwebb.nu is on 193.42.159.250<br>ASN for 193.42.159.250: 3246<br>Abusix contact information: abuse@tdc.se (information only)<br>193.42.159.250 corresponds with egensajt.se<br>Abuse.net does not have any reliable address for egensajt.se<br>Found address in whois: abuse@tdc.se1556869654http://dev.crescent.se/ (195.74.38.117) - Serp-hijackingAttacked url: http://dev.crescent.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 16 Apr 2019 18:43:11 +0200<br><br>Visitors with referer are redirected to http://www.cheapshop123.com/cheap1.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 16 Apr 2019 16:43:10 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=fac55fieff4q77bdvtsv4v0v40; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Referer: http://www.google.com/search?q=dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 16 Apr 2019 16:43:08 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=b13uoj0jgro8ia8njf1ceb05k1; path=/ <br>Location: http://www.cheapshop123.com/cheap1.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>dev.crescent.se is on 195.74.38.117<br>ASN for 195.74.38.117: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.117 corresponds with cl-17.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1555506714http://dev.crescent.se/ (195.74.38.117) - Serp-hijackingAttacked url: http://dev.crescent.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 15 Apr 2019 16:53:46 +0200<br><br>Visitors with referer are redirected to http://www.cheapshop123.com/cheap1.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Mon, 15 Apr 2019 14:53:46 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=3ujgatt04a2vceosa8hf166o91; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Referer: http://www.google.com/search?q=dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 15 Apr 2019 14:53:42 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=lfov5oa7h2fe60l21rut53og42; path=/ <br>Location: http://www.cheapshop123.com/cheap1.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>dev.crescent.se is on 195.74.38.117<br>ASN for 195.74.38.117: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.117 corresponds with cl-17.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1555416927http://joopot.se/ (195.74.38.63) - Serp-hijackingAttacked url: http://joopot.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 11 Apr 2019 14:04:52 +0200<br><br>Visitors with referer are redirected to http://www.tatlitarifleri.tv/2670/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: joopot.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 403 Forbidden <br>Date: Thu, 11 Apr 2019 12:04:52 GMT <br>Server: Apache <br>Vary: accept-language,accept-charset <br>Accept-Ranges: bytes <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1 <br>Content-Language: en <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: joopot.se <br>Referer: http://www.google.com/search?q=joopot.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Thu, 11 Apr 2019 12:04:52 GMT <br>Server: Apache <br>Location: http://www.tatlitarifleri.tv/2670/ <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>joopot.se is on 195.74.38.63<br>ASN for 195.74.38.63: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.63 corresponds with cl-02.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1554991384http://webbexperterna.nu/ (81.95.105.73) - Serp-hijackingAttacked url: http://webbexperterna.nu/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 10 Apr 2019 15:29:56 +0200<br><br>Visitors with referer are redirected to http://ajax.auowen.com/libs/jquery.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: webbexperterna.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 164 <br>Content-Type: text/html <br>Location: http://www.webbexperterna.se/sv/start.shtml <br>Server: Microsoft-IIS/10.0 <br>Set-Cookie: ASPSESSIONIDCADRBBCD=PDNJOHPCNMFIHGKNKFNHIHEE; path=/ <br>Date: Wed, 10 Apr 2019 13:29:55 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: webbexperterna.nu <br>Referer: http://www.google.com/search?q=webbexperterna.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 159 <br>Content-Type: text/html <br>Location: http://ajax.auowen.com/libs/jquery.php <br>Server: Microsoft-IIS/10.0 <br>Set-Cookie: ASPSESSIONIDCADRBBCD=ODNJOHPCMBNLEEBHCCMMOIIH; path=/ <br>Date: Wed, 10 Apr 2019 13:29:55 GMT <br>Connection: close<br><br>webbexperterna.nu is on 81.95.105.73<br>ASN for 81.95.105.73: 25234<br>Abusix contact information: abuse@active24.cz (information only)<br>81.95.105.73 corresponds with iis107.windows.loopia.com<br>Abuse.net does not have any reliable address for iis107.windows.loopia.com<br>Found address in whois: abuse@active24.cz1554987608http://exceltips.se/ (89.221.250.113) - Serp-hijackingAttacked url: http://exceltips.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 09 Apr 2019 15:58:34 +0200<br><br>Visitors with referer are redirected to http://fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: exceltips.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 18992 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.0 <br>Set-Cookie: ASPSESSIONIDQAATAQDQ=MNKFPAFCEOOHBDMMNHAFFONF; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 09 Apr 2019 13:56:55 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: exceltips.se <br>Referer: http://www.google.com/search?q=exceltips.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Redirect <br>Content-Length: 148 <br>Content-Type: text/html; charset=UTF-8 <br>Location: http://fapp.pw/app/se.php <br>Server: Microsoft-IIS/7.0 <br>X-Powered-By: ASP.NET <br>Date: Tue, 09 Apr 2019 13:56:55 GMT <br>Connection: close<br><br>exceltips.se is on 89.221.250.113<br>ASN for 89.221.250.113: 1257<br>89.221.250.113 manually set to use abuse@aname.net1554901409http://kinaskakor.se/ (89.221.250.111) - Serp-hijackingAttacked url: http://kinaskakor.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 09 Apr 2019 15:18:42 +0200<br><br>Visitors with referer are redirected to http://ajax.auowen.com/libs/jquery.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: kinaskakor.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 11412 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.0 <br>Set-Cookie: ASPSESSIONIDQQSRRSQC=NDFFKNECIEDMKBKMEAGIKMFC; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 09 Apr 2019 13:17:04 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: kinaskakor.se <br>Referer: http://www.google.com/search?q=kinaskakor.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 159 <br>Content-Type: text/html <br>Location: http://ajax.auowen.com/libs/jquery.php <br>Server: Microsoft-IIS/7.0 <br>Set-Cookie: ASPSESSIONIDQQSRRSQC=MDFFKNECINMMJPMHJIHLKKLL; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 09 Apr 2019 13:16:57 GMT <br>Connection: close<br><br>kinaskakor.se is on 89.221.250.111<br>ASN for 89.221.250.111: 1257<br>89.221.250.111 manually set to use abuse@aname.net1554901338http://vaffeljarn.se/ (89.221.250.22) - Serp-hijackingAttacked url: http://vaffeljarn.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 09 Apr 2019 09:53:11 +0200<br><br>Visitors with referer are redirected to http://jindalo.ru:8080/forum/links/public_version.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeljarn.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 09 Apr 2019 07:53:11 GMT <br>Server: Apache <br>Last-Modified: Wed, 11 May 2011 09:58:07 GMT <br>ETag: &quot;2fc26e7-90c-4a2fd1bff89c0&quot; <br>Accept-Ranges: bytes <br>Content-Length: 2316 <br>Vary: Accept-Encoding <br>Connection: close <br>Content-Type: text/html <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeljarn.se <br>Referer: http://www.google.com/search?q=vaffeljarn.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Tue, 09 Apr 2019 07:53:05 GMT <br>Server: Apache <br>Location: http://jindalo.ru:8080/forum/links/public_version.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>vaffeljarn.se is on 89.221.250.22<br>ASN for 89.221.250.22: 1257<br>89.221.250.22 manually set to use abuse@aname.net1554882731http://usagi.se/ (81.93.152.111) - Serp-hijackingAttacked url: http://usagi.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 08 Apr 2019 09:41:26 +0200<br><br>Visitors with referer are redirected to http://ajax.auowen.com/libs/jquery.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: usagi.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 33833 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSQCTSSCT=IEMFIJHBBLDBNCHEBFAFNLCO; path=/ <br>X-Powered-By: ASP.NET <br>Date: Mon, 08 Apr 2019 07:41:26 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: usagi.se <br>Referer: http://www.google.com/search?q=usagi.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 159 <br>Content-Type: text/html <br>Location: http://ajax.auowen.com/libs/jquery.php <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSQCTSSCT=HEMFIJHBDPBIAJLBEMLJLFHP; path=/ <br>X-Powered-By: ASP.NET <br>Date: Mon, 08 Apr 2019 07:41:26 GMT <br>Connection: close<br><br>usagi.se is on 81.93.152.111<br>ASN for 81.93.152.111: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>81.93.152.111 corresponds with wsp01.web.pin.se<br>Abuse.net does not have any reliable address for wsp01.web.pin.se<br>Found address in whois: abuse@pin.se1554731297http://sunone.nu/ (159.69.63.122) - Serp-hijackingAttacked url: http://sunone.nu/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 04 Apr 2019 15:32:46 +0200<br><br>Visitors with referer are redirected to http://companyupdate.ru/settings/index.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: sunone.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Last-Modified: Tue, 30 Jan 2018 13:43:29 GMT <br>Content-Type: text/html <br>Content-Length: 3241 <br>Accept-Ranges: bytes <br>Date: Thu, 04 Apr 2019 13:32:46 GMT <br>Server: LiteSpeed <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: sunone.nu <br>Referer: http://www.google.com/search?q=sunone.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Thu, 04 Apr 2019 13:32:46 GMT <br>Server: LiteSpeed <br>Location: http://companyupdate.ru/settings/index.php <br>Connection: close<br><br>sunone.nu is on 159.69.63.122<br>ASN for 159.69.63.122: 24940<br>Abusix contact information: abuse@hetzner.de (information only)<br>159.69.63.122 corresponds with falk1.azehosting.net<br>Abuse.net does not have any reliable address for falk1.azehosting.net<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@falk1.azehosting.net abuse@azehosting.net1554465040http://vaffeldagen.se/ (89.221.250.22) - Serp-hijackingAttacked url: http://vaffeldagen.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 28 Mar 2019 17:14:51 +0100<br><br>Visitors with referer are redirected to http://jindalo.ru:8080/forum/links/public_version.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeldagen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Thu, 28 Mar 2019 16:15:11 GMT <br>Server: Apache <br>Last-Modified: Wed, 11 May 2011 09:58:07 GMT <br>ETag: &quot;2fc26e7-90c-4a2fd1bff89c0&quot; <br>Accept-Ranges: bytes <br>Content-Length: 2316 <br>Vary: Accept-Encoding <br>Connection: close <br>Content-Type: text/html <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeldagen.se <br>Referer: http://www.google.com/search?q=vaffeldagen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Thu, 28 Mar 2019 16:15:05 GMT <br>Server: Apache <br>Location: http://jindalo.ru:8080/forum/links/public_version.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>vaffeldagen.se is on 89.221.250.22<br>ASN for 89.221.250.22: 1257<br>89.221.250.22 manually set to use abuse@aname.net1554112284http://exceltips.se/ (89.221.250.113) - Serp-hijackingAttacked url: http://exceltips.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 25 Mar 2019 17:27:09 +0100<br><br>Visitors with referer are redirected to http://fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: exceltips.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 18789 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.0 <br>Set-Cookie: ASPSESSIONIDSAATASCR=OOGHPJHAOMHFHHJHOILBAFJC; path=/ <br>X-Powered-By: ASP.NET <br>Date: Mon, 25 Mar 2019 16:25:59 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: exceltips.se <br>Referer: http://www.google.com/search?q=exceltips.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Redirect <br>Content-Length: 148 <br>Content-Type: text/html; charset=UTF-8 <br>Location: http://fapp.pw/app/se.php <br>Server: Microsoft-IIS/7.0 <br>X-Powered-By: ASP.NET <br>Date: Mon, 25 Mar 2019 16:25:59 GMT <br>Connection: close<br><br>exceltips.se is on 89.221.250.113<br>ASN for 89.221.250.113: 1257<br>89.221.250.113 manually set to use abuse@aname.net1553607274http://shineonyou.se/ (195.74.38.97) - Serp-hijackingAttacked url: http://shineonyou.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 04 Mar 2019 18:49:45 +0100<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Mon, 04 Mar 2019 17:49:45 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Set-Cookie: http_uid_utm=1; expires=Wed, 06-Mar-2019 17:49:45 GMT <br>Location: http://134.249.116.78/index.php <br>Connection: close <br>Content-Type: text/html <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Referer: http://www.google.com/search?q=shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Mon, 04 Mar 2019 17:49:41 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>shineonyou.se is on 195.74.38.97<br>ASN for 195.74.38.97: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.97 corresponds with cl-13.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1551790859http://sunone.nu/ (159.69.63.122) - Serp-hijackingAttacked url: http://sunone.nu/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 15 Feb 2019 02:02:35 +0100<br><br>Visitors with referer are redirected to http://companyupdate.ru/settings/index.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: sunone.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Last-Modified: Tue, 30 Jan 2018 13:43:29 GMT <br>Content-Type: text/html <br>Content-Length: 3241 <br>Accept-Ranges: bytes <br>Date: Fri, 15 Feb 2019 01:02:35 GMT <br>Server: LiteSpeed <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: sunone.nu <br>Referer: http://www.google.com/search?q=sunone.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Fri, 15 Feb 2019 01:02:35 GMT <br>Server: LiteSpeed <br>Location: http://companyupdate.ru/settings/index.php <br>Connection: close<br><br>sunone.nu is on 159.69.63.122<br>ASN for 159.69.63.122: 24940<br>Abusix contact information: abuse@hetzner.de (information only)<br>159.69.63.122 corresponds with falk1.azehosting.net<br>Abuse.net does not have any reliable address for falk1.azehosting.net<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@falk1.azehosting.net abuse@azehosting.net1550238227http://dev.crescent.se/ (195.74.38.117) - Serp-hijackingAttacked url: http://dev.crescent.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 06 Feb 2019 23:55:37 +0100<br><br>Visitors with referer are redirected to http://www.cheapshop123.com/cheap1.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Wed, 06 Feb 2019 22:55:40 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=eag5kg1aquvb4rck1rbpuciek5; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Referer: http://www.google.com/search?q=dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 06 Feb 2019 22:55:39 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=0oditomucqkpckfgomkr5v9ee2; path=/ <br>Location: http://www.cheapshop123.com/cheap1.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>dev.crescent.se is on 195.74.38.117<br>ASN for 195.74.38.117: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.117 corresponds with cl-17.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1549545003