Säkrare hemsida med .sehttp://shineonyou.se/ (195.74.38.97) - Serp-hijackingAttacked url: http://shineonyou.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 04 Mar 2019 18:49:45 +0100<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Mon, 04 Mar 2019 17:49:45 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Set-Cookie: http_uid_utm=1; expires=Wed, 06-Mar-2019 17:49:45 GMT <br>Location: http://134.249.116.78/index.php <br>Connection: close <br>Content-Type: text/html <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Referer: http://www.google.com/search?q=shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Mon, 04 Mar 2019 17:49:41 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>shineonyou.se is on 195.74.38.97<br>ASN for 195.74.38.97: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.97 corresponds with cl-13.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1551790859http://sunone.nu/ (159.69.63.122) - Serp-hijackingAttacked url: http://sunone.nu/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 15 Feb 2019 02:02:35 +0100<br><br>Visitors with referer are redirected to http://companyupdate.ru/settings/index.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: sunone.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Last-Modified: Tue, 30 Jan 2018 13:43:29 GMT <br>Content-Type: text/html <br>Content-Length: 3241 <br>Accept-Ranges: bytes <br>Date: Fri, 15 Feb 2019 01:02:35 GMT <br>Server: LiteSpeed <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: sunone.nu <br>Referer: http://www.google.com/search?q=sunone.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Fri, 15 Feb 2019 01:02:35 GMT <br>Server: LiteSpeed <br>Location: http://companyupdate.ru/settings/index.php <br>Connection: close<br><br>sunone.nu is on 159.69.63.122<br>ASN for 159.69.63.122: 24940<br>Abusix contact information: abuse@hetzner.de (information only)<br>159.69.63.122 corresponds with falk1.azehosting.net<br>Abuse.net does not have any reliable address for falk1.azehosting.net<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@falk1.azehosting.net abuse@azehosting.net1550238227http://dev.crescent.se/ (195.74.38.117) - Serp-hijackingAttacked url: http://dev.crescent.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 06 Feb 2019 23:55:37 +0100<br><br>Visitors with referer are redirected to http://www.cheapshop123.com/cheap1.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Wed, 06 Feb 2019 22:55:40 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=eag5kg1aquvb4rck1rbpuciek5; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Referer: http://www.google.com/search?q=dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 06 Feb 2019 22:55:39 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=0oditomucqkpckfgomkr5v9ee2; path=/ <br>Location: http://www.cheapshop123.com/cheap1.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>dev.crescent.se is on 195.74.38.117<br>ASN for 195.74.38.117: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.117 corresponds with cl-17.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1549545003http://kinaskakor.se/ (89.221.250.111) - Serp-hijackingAttacked url: http://kinaskakor.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 06 Feb 2019 21:16:57 +0100<br><br>Visitors with referer are redirected to http://ajax.auowen.com/libs/jquery.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: kinaskakor.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 11412 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.0 <br>Set-Cookie: ASPSESSIONIDSQQQQRRD=HJFHLKJBLCCCDGGKLDEMFCNL; path=/ <br>X-Powered-By: ASP.NET <br>Date: Wed, 06 Feb 2019 20:15:11 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: kinaskakor.se <br>Referer: http://www.google.com/search?q=kinaskakor.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 159 <br>Content-Type: text/html <br>Location: http://ajax.auowen.com/libs/jquery.php <br>Server: Microsoft-IIS/7.0 <br>Set-Cookie: ASPSESSIONIDSQQQQRRD=GJFHLKJBJAPPAHOCFKCPGGDJ; path=/ <br>X-Powered-By: ASP.NET <br>Date: Wed, 06 Feb 2019 20:15:11 GMT <br>Connection: close<br><br>kinaskakor.se is on 89.221.250.111<br>ASN for 89.221.250.111: 1257<br>89.221.250.111 manually set to use abuse@aname.net1549544787http://exceltips.se/ (89.221.250.113) - Serp-hijackingAttacked url: http://exceltips.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 18 Jan 2019 03:49:16 +0100<br><br>Visitors with referer are redirected to http://fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: exceltips.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 18792 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.0 <br>Set-Cookie: ASPSESSIONIDSCARDBBC=BGPDPKJANCPMBJECLCGMNOBI; path=/ <br>X-Powered-By: ASP.NET <br>Date: Fri, 18 Jan 2019 02:47:28 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: exceltips.se <br>Referer: http://www.google.com/search?q=exceltips.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Redirect <br>Content-Length: 148 <br>Content-Type: text/html; charset=UTF-8 <br>Location: http://fapp.pw/app/se.php <br>Server: Microsoft-IIS/7.0 <br>X-Powered-By: ASP.NET <br>Date: Fri, 18 Jan 2019 02:47:23 GMT <br>Connection: close<br><br>exceltips.se is on 89.221.250.113<br>ASN for 89.221.250.113: 1257<br>89.221.250.113 manually set to use abuse@aname.net1547817897http://vaffeljarn.se/ (89.221.250.22) - Serp-hijackingAttacked url: http://vaffeljarn.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 17 Jan 2019 23:59:05 +0100<br><br>Visitors with referer are redirected to http://jindalo.ru:8080/forum/links/public_version.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeljarn.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Thu, 17 Jan 2019 22:59:05 GMT <br>Server: Apache <br>Last-Modified: Wed, 11 May 2011 09:58:07 GMT <br>ETag: &quot;2fc26e7-90c-4a2fd1bff89c0&quot; <br>Accept-Ranges: bytes <br>Content-Length: 2316 <br>Vary: Accept-Encoding <br>Connection: close <br>Content-Type: text/html <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeljarn.se <br>Referer: http://www.google.com/search?q=vaffeljarn.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Thu, 17 Jan 2019 22:59:04 GMT <br>Server: Apache <br>Location: http://jindalo.ru:8080/forum/links/public_version.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>vaffeljarn.se is on 89.221.250.22<br>ASN for 89.221.250.22: 1257<br>89.221.250.22 manually set to use abuse@aname.net1547817676http://ssmab.se/ (65.254.248.137) - Serp-hijackingAttacked url: http://ssmab.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 10 Jan 2019 14:56:39 +0100<br><br>Visitors with referer are redirected to http://fast-pharmacy.com/product/Cialis.html <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: ssmab.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Thu, 10 Jan 2019 13:56:39 GMT <br>Content-Type: text/html; charset=iso-8859-1 <br>Connection: close <br>Server: Apache/2 <br>X-Powered-By: PHP/5.6.30 <br>Location: http://www.ssmab.se/ <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: ssmab.se <br>Referer: http://www.google.com/search?q=ssmab.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Thu, 10 Jan 2019 13:56:05 GMT <br>Content-Type: text/html; charset=iso-8859-1 <br>Connection: close <br>Server: Apache/2 <br>X-Powered-By: PHP/5.6.30 <br>Location: http://fast-pharmacy.com/product/Cialis.html<br><br>ssmab.se is on 65.254.248.137<br>ASN for 65.254.248.137: 29873<br>Abusix contact information: eig-abuse@endurance.com (information only)<br>65.254.248.137 corresponds with 65-254-248-137.yourhostingaccount.com<br>Abuse.net has 3 reliable address(es) for yourhostingaccount.com<br>Found address(es): abuse@enduranceinternational.com abuse@maileig.com abuse@yourhostingaccount.com1547214507http://webbexperterna.nu/ (81.95.105.73) - Serp-hijackingAttacked url: http://webbexperterna.nu/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 09 Jan 2019 16:21:30 +0100<br><br>Visitors with referer are redirected to http://ajax.auowen.com/libs/jquery.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: webbexperterna.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 164 <br>Content-Type: text/html <br>Location: http://www.webbexperterna.se/sv/start.shtml <br>Server: Microsoft-IIS/10.0 <br>Set-Cookie: ASPSESSIONIDCQRRBCDB=KEPNLIADHPLNGKDHFHAGHKPP; path=/ <br>Date: Wed, 09 Jan 2019 15:21:30 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: webbexperterna.nu <br>Referer: http://www.google.com/search?q=webbexperterna.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 159 <br>Content-Type: text/html <br>Location: http://ajax.auowen.com/libs/jquery.php <br>Server: Microsoft-IIS/10.0 <br>Set-Cookie: ASPSESSIONIDCQRRBCDB=JEPNLIADIJLFGIBNBFCIGKLP; path=/ <br>Date: Wed, 09 Jan 2019 15:21:30 GMT <br>Connection: close<br><br>webbexperterna.nu is on 81.95.105.73<br>ASN for 81.95.105.73: 25234<br>Abusix contact information: abuse@active24.cz (information only)<br>81.95.105.73 corresponds with iis107.windows.loopia.com<br>Abuse.net does not have any reliable address for iis107.windows.loopia.com<br>Found address in whois: abuse@active24.cz1547127666http://lostriders.se/ (66.96.149.1) - Serp-hijackingAttacked url: http://lostriders.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 09 Jan 2019 15:45:54 +0100<br><br>Visitors with referer are redirected to http://fast-pharmacy.com/product/Viagra.html <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: lostriders.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Wed, 09 Jan 2019 14:45:54 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Server: Apache/2 <br>X-Powered-By: PHP/5.6.30 <br>Expires: Wed, 11 Jan 1984 05:00:00 GMT <br>Cache-Control: no-cache, must-revalidate, max-age=0 <br>Pragma: no-cache <br>Link: &lt;http://lostriders.se/index.php?rest_route=/&gt;; rel=&quot;https://api.w.org/&quot; <br>Link: &lt;https://wp.me/9n7Ru&gt;; rel=shortlink <br>Age: 1 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: lostriders.se <br>Referer: http://www.google.com/search?q=lostriders.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Wed, 09 Jan 2019 14:45:53 GMT <br>Content-Type: text/html; charset=iso-8859-1 <br>Connection: close <br>Server: Apache/2 <br>X-Powered-By: PHP/5.6.30 <br>Expires: Wed, 11 Jan 1984 05:00:00 GMT <br>Cache-Control: no-cache, must-revalidate, max-age=0 <br>Pragma: no-cache <br>Location: http://fast-pharmacy.com/product/Viagra.html <br>Age: 1<br><br>lostriders.se is on 66.96.149.1<br>ASN for 66.96.149.1: 29873<br>Abusix contact information: eig-abuse@endurance.com (information only)<br>66.96.149.1 corresponds with 1.149.96.66.static.eigbox.net<br>Abuse.net has 1 reliable address(es) for eigbox.net<br>Found address(es): cogentabuse@maileig.com1547125411http://dev.crescent.se/ (195.74.38.117) - Serp-hijackingAttacked url: http://dev.crescent.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 18 Dec 2018 17:05:54 +0100<br><br>Visitors with referer are redirected to http://www.cheapshop123.com/cheap1.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 18 Dec 2018 16:06:09 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=404gm7pke9car2uvaq00et1tl3; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Referer: http://www.google.com/search?q=dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 18 Dec 2018 16:06:06 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=90aae572q395qtu9oarh9lmg04; path=/ <br>Location: http://www.cheapshop123.com/cheap1.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>dev.crescent.se is on 195.74.38.117<br>ASN for 195.74.38.117: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.117 corresponds with cl-17.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1545229609http://vaffeldagen.se/ (89.221.250.22) - Serp-hijackingAttacked url: http://vaffeldagen.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 18 Dec 2018 14:47:53 +0100<br><br>Visitors with referer are redirected to http://jindalo.ru:8080/forum/links/public_version.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeldagen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 18 Dec 2018 13:47:53 GMT <br>Server: Apache <br>Last-Modified: Wed, 11 May 2011 09:58:07 GMT <br>ETag: &quot;2fc26e7-90c-4a2fd1bff89c0&quot; <br>Accept-Ranges: bytes <br>Content-Length: 2316 <br>Vary: Accept-Encoding <br>Connection: close <br>Content-Type: text/html <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeldagen.se <br>Referer: http://www.google.com/search?q=vaffeldagen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Tue, 18 Dec 2018 13:47:53 GMT <br>Server: Apache <br>Location: http://jindalo.ru:8080/forum/links/public_version.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>vaffeldagen.se is on 89.221.250.22<br>ASN for 89.221.250.22: 1257<br>89.221.250.22 manually set to use abuse@aname.net1545223497http://shineonyou.se/ (195.74.38.97) - Serp-hijackingAttacked url: http://shineonyou.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 05 Dec 2018 14:20:30 +0100<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Wed, 05 Dec 2018 13:20:30 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://shineonyou.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=5lsvb4s9vetdab5ris6olj58f7; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Referer: http://www.google.com/search?q=shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Wed, 05 Dec 2018 13:20:15 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>shineonyou.se is on 195.74.38.97<br>ASN for 195.74.38.97: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.97 corresponds with cl-13.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1544097987http://dev.crescent.se/ (195.74.38.117) - Serp-hijackingAttacked url: http://dev.crescent.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 27 Nov 2018 22:27:52 +0100<br><br>Visitors with referer are redirected to http://www.cheapshop123.com/cheap1.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 27 Nov 2018 21:28:05 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=d6gkih7s3fipnf00otunqo34l4; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Referer: http://www.google.com/search?q=dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 27 Nov 2018 21:28:03 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=kfosbvvgqg00cod81c9l24lt82; path=/ <br>Location: http://www.cheapshop123.com/cheap1.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>dev.crescent.se is on 195.74.38.117<br>ASN for 195.74.38.117: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.117 corresponds with cl-17.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1543413644http://nioelva.se/ (81.93.152.111) - Serp-hijackingAttacked url: http://nioelva.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 27 Nov 2018 21:03:26 +0100<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: nioelva.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 3886 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSQCBRABD=FEEEPCFCNNLFLINEIJFHPAHE; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 27 Nov 2018 20:03:17 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: nioelva.se <br>Referer: http://www.google.com/search?q=nioelva.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 150 <br>Content-Type: text/html <br>Location: http://www.fapp.pw/app/se.php <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSQCBRABD=EEEEPCFCBKCLAJCOFLOKKFOI; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 27 Nov 2018 20:03:17 GMT <br>Connection: close<br><br>nioelva.se is on 81.93.152.111<br>ASN for 81.93.152.111: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>81.93.152.111 corresponds with wsp01.web.pin.se<br>Abuse.net does not have any reliable address for wsp01.web.pin.se<br>Found address in whois: abuse@pin.se1543413355http://exceltips.se/ (89.221.250.113) - Serp-hijackingAttacked url: http://exceltips.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 26 Nov 2018 21:06:59 +0100<br><br>Visitors with referer are redirected to http://fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: exceltips.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 18558 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.0 <br>Set-Cookie: ASPSESSIONIDQABRTCAC=AIIFBJCCLKKLGGBMLACHHOPL; path=/ <br>X-Powered-By: ASP.NET <br>Date: Mon, 26 Nov 2018 20:06:01 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: exceltips.se <br>Referer: http://www.google.com/search?q=exceltips.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Redirect <br>Content-Length: 148 <br>Content-Type: text/html; charset=UTF-8 <br>Location: http://fapp.pw/app/se.php <br>Server: Microsoft-IIS/7.0 <br>X-Powered-By: ASP.NET <br>Date: Mon, 26 Nov 2018 20:05:55 GMT <br>Connection: close<br><br>exceltips.se is on 89.221.250.113<br>ASN for 89.221.250.113: 1257<br>89.221.250.113 manually set to use abuse@aname.net1543334361http://dev.crescent.se/ (195.74.38.117) - Serp-hijackingAttacked url: http://dev.crescent.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 26 Nov 2018 18:31:32 +0100<br><br>Visitors with referer are redirected to http://www.cheapshop123.com/cheap1.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Mon, 26 Nov 2018 17:31:31 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=btp8q7dvvso9rupl822l2dqmd3; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Referer: http://www.google.com/search?q=dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 26 Nov 2018 17:31:27 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=sqn3q4t17a1gdus1tvc3nve9j2; path=/ <br>Location: http://www.cheapshop123.com/cheap1.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>dev.crescent.se is on 195.74.38.117<br>ASN for 195.74.38.117: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.117 corresponds with cl-17.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1543334067http://kinaskakor.se/ (89.221.250.111) - Serp-hijackingAttacked url: http://kinaskakor.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 26 Nov 2018 17:36:20 +0100<br><br>Visitors with referer are redirected to http://ajax.auowen.com/libs/jquery.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: kinaskakor.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 11418 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.0 <br>Set-Cookie: ASPSESSIONIDQARBSAAC=GAOLPOACHMMHLLEHBLNNJBCD; path=/ <br>X-Powered-By: ASP.NET <br>Date: Mon, 26 Nov 2018 16:35:38 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: kinaskakor.se <br>Referer: http://www.google.com/search?q=kinaskakor.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 159 <br>Content-Type: text/html <br>Location: http://ajax.auowen.com/libs/jquery.php <br>Server: Microsoft-IIS/7.0 <br>Set-Cookie: ASPSESSIONIDQARBSAAC=FAOLPOACDBGDMNGIPKBLHMKN; path=/ <br>X-Powered-By: ASP.NET <br>Date: Mon, 26 Nov 2018 16:35:36 GMT <br>Connection: close<br><br>kinaskakor.se is on 89.221.250.111<br>ASN for 89.221.250.111: 1257<br>89.221.250.111 manually set to use abuse@aname.net1543331482http://forlagetorda.se/ (93.188.2.53) - Serp-hijackingAttacked url: http://forlagetorda.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 22 Nov 2018 10:59:00 +0100<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: forlagetorda.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Thu, 22 Nov 2018 09:59:14 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Set-Cookie: PHPSESSID=91680451b538a56015d15d83d8164567; path=/ <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://forlagetorda.se/xmlrpc.php <br>Link: &lt;http://forlagetorda.se/&gt;; rel=shortlink <br>X-Loopia-Node: 172.22.223.22 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: forlagetorda.se <br>Referer: http://www.google.com/search?q=forlagetorda.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Thu, 22 Nov 2018 09:59:14 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.22<br><br>forlagetorda.se is on 93.188.2.53<br>ASN for 93.188.2.53: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.53 corresponds with webfront3.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1542900133http://pilgrimstid.nu/ (81.27.47.157) - Serp-hijackingAttacked url: http://pilgrimstid.nu/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Nov 2018 14:12:07 +0100<br><br>Visitors with referer are redirected to http://www.sneakerses.com <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: pilgrimstid.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 30544 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDCCARAABQ=LDFLNMKCMOIGECDJOFDLFGGL; path=/ <br>X-Powered-By: ASP.NET <br>Date: Wed, 21 Nov 2018 13:12:22 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: pilgrimstid.nu <br>Referer: http://www.google.com/search?q=pilgrimstid.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 146 <br>Content-Type: text/html <br>Location: http://www.sneakerses.com <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDCCARAABQ=KDFLNMKCGJNPFPFPFJJBJNCI; path=/ <br>X-Powered-By: ASP.NET <br>Date: Wed, 21 Nov 2018 13:12:22 GMT <br>Connection: close<br><br>pilgrimstid.nu is on 81.27.47.157<br>ASN for 81.27.47.157: 8542<br>Abusix contact information: abuse@webhuset.no (information only)<br>rDNS not found for 81.27.47.157<br>Found address in whois: abuse@webhuset.no1542888120http://vaffeldagen.se/ (89.221.250.22) - Serp-hijackingAttacked url: http://vaffeldagen.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 20 Nov 2018 02:56:37 +0100<br><br>Visitors with referer are redirected to http://jindalo.ru:8080/forum/links/public_version.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeldagen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 20 Nov 2018 01:56:50 GMT <br>Server: Apache <br>Last-Modified: Wed, 11 May 2011 09:58:07 GMT <br>ETag: &quot;2fc26e7-90c-4a2fd1bff89c0&quot; <br>Accept-Ranges: bytes <br>Content-Length: 2316 <br>Vary: Accept-Encoding <br>Connection: close <br>Content-Type: text/html <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeldagen.se <br>Referer: http://www.google.com/search?q=vaffeldagen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Tue, 20 Nov 2018 01:56:50 GMT <br>Server: Apache <br>Location: http://jindalo.ru:8080/forum/links/public_version.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>vaffeldagen.se is on 89.221.250.22<br>ASN for 89.221.250.22: 1257<br>89.221.250.22 manually set to use abuse@aname.net1542721248http://kinaskakor.se/ (89.221.250.111) - Serp-hijackingAttacked url: http://kinaskakor.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 20 Nov 2018 02:28:44 +0100<br><br>Visitors with referer are redirected to http://ajax.auowen.com/libs/jquery.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: kinaskakor.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 11418 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.0 <br>Set-Cookie: ASPSESSIONIDCQCQTQTA=JBMDJBLBMKOBGFEBOBJCCGAH; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 20 Nov 2018 01:28:09 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: kinaskakor.se <br>Referer: http://www.google.com/search?q=kinaskakor.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 159 <br>Content-Type: text/html <br>Location: http://ajax.auowen.com/libs/jquery.php <br>Server: Microsoft-IIS/7.0 <br>Set-Cookie: ASPSESSIONIDCQCQTQTA=IBMDJBLBJJAJCBKHCGCAIPCN; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 20 Nov 2018 01:28:07 GMT <br>Connection: close<br><br>kinaskakor.se is on 89.221.250.111<br>ASN for 89.221.250.111: 1257<br>89.221.250.111 manually set to use abuse@aname.net1542721218http://studioolga.se/ (93.90.145.83) - Serp-hijackingAttacked url: http://studioolga.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 19 Nov 2018 21:52:30 +0100<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: studioolga.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 2940 <br>Content-Type: text/html <br>ETag: &quot;&quot; <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDACATTSAB=CMIHDBJBLLKLFJDGGLLJPHKH; path=/ <br>X-Powered-By: ASP.NET <br>Date: Mon, 19 Nov 2018 20:52:43 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: studioolga.se <br>Referer: http://www.google.com/search?q=studioolga.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 150 <br>Content-Type: text/html <br>ETag: &quot;&quot; <br>Location: http://www.fapp.pw/app/se.php <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDACATTSAB=BMIHDBJBKCMECEOALFLIGJDC; path=/ <br>X-Powered-By: ASP.NET <br>Date: Mon, 19 Nov 2018 20:52:43 GMT <br>Connection: close<br><br>studioolga.se is on 93.90.145.83<br>ASN for 93.90.145.83: 35041<br>Abusix contact information: abuse@levonline.com (information only)<br>rDNS not found for 93.90.145.83<br>Found address in whois: abuse@levonline.com1542720984http://vaffeljarn.se/ (89.221.250.22) - Serp-hijackingAttacked url: http://vaffeljarn.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 19 Nov 2018 17:03:42 +0100<br><br>Visitors with referer are redirected to http://jindalo.ru:8080/forum/links/public_version.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeljarn.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Mon, 19 Nov 2018 16:03:55 GMT <br>Server: Apache <br>Last-Modified: Wed, 11 May 2011 09:58:07 GMT <br>ETag: &quot;2fc26e7-90c-4a2fd1bff89c0&quot; <br>Accept-Ranges: bytes <br>Content-Length: 2316 <br>Vary: Accept-Encoding <br>Connection: close <br>Content-Type: text/html <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeljarn.se <br>Referer: http://www.google.com/search?q=vaffeljarn.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Mon, 19 Nov 2018 16:03:55 GMT <br>Server: Apache <br>Location: http://jindalo.ru:8080/forum/links/public_version.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>vaffeljarn.se is on 89.221.250.22<br>ASN for 89.221.250.22: 1257<br>89.221.250.22 manually set to use abuse@aname.net1542720664http://usagi.se/ (81.93.152.111) - Serp-hijackingAttacked url: http://usagi.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 16 Nov 2018 07:52:45 +0100<br><br>Visitors with referer are redirected to http://ajax.auowen.com/libs/jquery.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: usagi.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 32921 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDQQACSBBC=NJIFNHCDAAAHGAMGIMCCCHCA; path=/ <br>X-Powered-By: ASP.NET <br>Date: Fri, 16 Nov 2018 06:52:48 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: usagi.se <br>Referer: http://www.google.com/search?q=usagi.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 159 <br>Content-Type: text/html <br>Location: http://ajax.auowen.com/libs/jquery.php <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDQQACSBBC=MJIFNHCDPAIAGIKLMMFADGJE; path=/ <br>X-Powered-By: ASP.NET <br>Date: Fri, 16 Nov 2018 06:52:46 GMT <br>Connection: close<br><br>usagi.se is on 81.93.152.111<br>ASN for 81.93.152.111: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>81.93.152.111 corresponds with wsp01.web.pin.se<br>Abuse.net does not have any reliable address for wsp01.web.pin.se<br>Found address in whois: abuse@pin.se1542376250http://studioolga.se/ (93.90.145.83) - Serp-hijackingAttacked url: http://studioolga.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 15 Nov 2018 16:22:16 +0100<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: studioolga.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 2940 <br>Content-Type: text/html <br>ETag: &quot;&quot; <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDCSDTARQA=LNDDJHMCJICBNFHLMELNDBHH; path=/ <br>X-Powered-By: ASP.NET <br>Date: Thu, 15 Nov 2018 15:22:15 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: studioolga.se <br>Referer: http://www.google.com/search?q=studioolga.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 150 <br>Content-Type: text/html <br>ETag: &quot;&quot; <br>Location: http://www.fapp.pw/app/se.php <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDCSDTARQA=KNDDJHMCJLLFKMJKMLDEBCGJ; path=/ <br>X-Powered-By: ASP.NET <br>Date: Thu, 15 Nov 2018 15:22:15 GMT <br>Connection: close<br><br>studioolga.se is on 93.90.145.83<br>ASN for 93.90.145.83: 35041<br>Abusix contact information: abuse@levonline.com (information only)<br>rDNS not found for 93.90.145.83<br>Found address in whois: abuse@levonline.com1542374356http://nietlater.nu/ (37.97.223.41) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://heirem-art.de/crpzw3bh.php?id=595921&quot;&gt;<br><br>Offensive url: http://heirem-art.de/crpzw3bh.php?id=595921<br>Url is blacklisted in Google Safe Browsing<br><br>nietlater.nu is on 37.97.223.41<br>ASN for 37.97.223.41: 20857<br>Abusix contact information: abuse@transip.nl (information only)<br>37.97.223.41 corresponds with dbasehosting.nl<br>Abuse.net does not have any reliable address for dbasehosting.nl<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@dbasehosting.nl1542283389http://pionbutiken.se/ (93.90.145.81) - Serp-hijackingAttacked url: http://pionbutiken.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 12 Nov 2018 09:41:43 +0100<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: pionbutiken.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 785 <br>Content-Type: text/html <br>ETag: &quot;&quot; <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDQATASCRR=EPBBKNJAAMEFAIHNLDCABNNJ; path=/ <br>X-Powered-By: ASP.NET <br>Date: Mon, 12 Nov 2018 08:41:56 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: pionbutiken.se <br>Referer: http://www.google.com/search?q=pionbutiken.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 150 <br>Content-Type: text/html <br>ETag: &quot;&quot; <br>Location: http://www.fapp.pw/app/se.php <br>Server: Microsoft-IIS/8.5 <br>Set-Cookie: ASPSESSIONIDQATASCRR=DPBBKNJAKJAPHDMIPLIBICMI; path=/ <br>X-Powered-By: ASP.NET <br>Date: Mon, 12 Nov 2018 08:41:55 GMT <br>Connection: close<br><br>pionbutiken.se is on 93.90.145.81<br>ASN for 93.90.145.81: 35041<br>Abusix contact information: abuse@levonline.com (information only)<br>93.90.145.81 corresponds with iis-01.crystone.se<br>Abuse.net has 2 reliable address(es) for crystone.se<br>Found address(es): abuse@crystone.se abuse@crystone.net1542027866http://exceltips.se/ (89.221.250.113) - Serp-hijackingAttacked url: http://exceltips.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 12 Nov 2018 08:49:04 +0100<br><br>Visitors with referer are redirected to http://fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: exceltips.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 18828 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.0 <br>Set-Cookie: ASPSESSIONIDSQCRCARQ=BFPDBMIACGGNHFAAFBMGFKLO; path=/ <br>X-Powered-By: ASP.NET <br>Date: Mon, 12 Nov 2018 07:47:40 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: exceltips.se <br>Referer: http://www.google.com/search?q=exceltips.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Redirect <br>Content-Length: 148 <br>Content-Type: text/html; charset=UTF-8 <br>Location: http://fapp.pw/app/se.php <br>Server: Microsoft-IIS/7.0 <br>X-Powered-By: ASP.NET <br>Date: Mon, 12 Nov 2018 07:47:40 GMT <br>Connection: close<br><br>exceltips.se is on 89.221.250.113<br>ASN for 89.221.250.113: 1257<br>89.221.250.113 manually set to use abuse@aname.net1542027860http://landsbygdskraft.se/ (93.188.2.52) - Serp-hijackingAttacked url: http://landsbygdskraft.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 07 Nov 2018 22:52:39 +0100<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: landsbygdskraft.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Wed, 07 Nov 2018 21:52:52 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Vary: Cookie <br>X-Pingback: http://landsbygdskraft.se/xmlrpc.php <br>X-Loopia-Node: 172.22.223.35 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: landsbygdskraft.se <br>Referer: http://www.google.com/search?q=landsbygdskraft.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Wed, 07 Nov 2018 21:52:52 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.35<br><br>landsbygdskraft.se is on 93.188.2.52<br>ASN for 93.188.2.52: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.52 corresponds with webfront2.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1541683133http://zogg.se/ (93.188.2.52) - Serp-hijackingAttacked url: http://zogg.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 07 Nov 2018 21:37:50 +0100<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Wed, 07 Nov 2018 20:38:03 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Vary: Accept-Encoding,Cookie <br>Cache-Control: max-age=3, must-revalidate <br>WP-Super-Cache: Served supercache file from PHP <br>X-Loopia-Node: 172.22.223.35 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Wed, 07 Nov 2018 20:38:03 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.35<br><br>zogg.se is on 93.188.2.52<br>ASN for 93.188.2.52: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.52 corresponds with webfront2.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1541683116http://vaffeljarn.se/ (89.221.250.22) - Serp-hijackingAttacked url: http://vaffeljarn.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 06 Nov 2018 10:52:35 +0100<br><br>Visitors with referer are redirected to http://jindalo.ru:8080/forum/links/public_version.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeljarn.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 06 Nov 2018 09:52:35 GMT <br>Server: Apache <br>Last-Modified: Wed, 11 May 2011 09:58:07 GMT <br>ETag: &quot;2fc26e7-90c-4a2fd1bff89c0&quot; <br>Accept-Ranges: bytes <br>Content-Length: 2316 <br>Vary: Accept-Encoding <br>Connection: close <br>Content-Type: text/html <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeljarn.se <br>Referer: http://www.google.com/search?q=vaffeljarn.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Tue, 06 Nov 2018 09:52:35 GMT <br>Server: Apache <br>Location: http://jindalo.ru:8080/forum/links/public_version.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>vaffeljarn.se is on 89.221.250.22<br>ASN for 89.221.250.22: 1257<br>89.221.250.22 manually set to use abuse@aname.net1541506485http://zogg.se/2013/01/01/vags-ande/ (93.188.2.52) - Serp-hijackingAttacked url: http://zogg.se/2013/01/01/vags-ande/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 06 Nov 2018 06:02:44 +0100<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Tue, 06 Nov 2018 05:02:57 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Vary: Cookie <br>X-Pingback: http://zogg.se/xmlrpc.php <br>X-Loopia-Node: 172.22.223.35 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Tue, 06 Nov 2018 05:02:57 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.35<br><br>zogg.se is on 93.188.2.52<br>ASN for 93.188.2.52: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.52 corresponds with webfront2.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1541506423http://shineonyou.se/ (195.74.38.97) - Serp-hijackingAttacked url: http://shineonyou.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 05 Nov 2018 14:30:03 +0100<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Mon, 05 Nov 2018 13:30:03 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://shineonyou.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=gttnamd4e1r8rhk6drbgdmp1a0; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Referer: http://www.google.com/search?q=shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Mon, 05 Nov 2018 13:29:46 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>shineonyou.se is on 195.74.38.97<br>ASN for 195.74.38.97: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.97 corresponds with cl-13.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1541505703http://vaffeldagen.se/ (89.221.250.22) - Serp-hijackingAttacked url: http://vaffeldagen.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 01 Nov 2018 15:35:22 +0100<br><br>Visitors with referer are redirected to http://jindalo.ru:8080/forum/links/public_version.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeldagen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Thu, 01 Nov 2018 14:35:22 GMT <br>Server: Apache <br>Last-Modified: Wed, 11 May 2011 09:58:07 GMT <br>ETag: &quot;2fc26e7-90c-4a2fd1bff89c0&quot; <br>Accept-Ranges: bytes <br>Content-Length: 2316 <br>Vary: Accept-Encoding <br>Connection: close <br>Content-Type: text/html <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: vaffeldagen.se <br>Referer: http://www.google.com/search?q=vaffeldagen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Thu, 01 Nov 2018 14:35:22 GMT <br>Server: Apache <br>Location: http://jindalo.ru:8080/forum/links/public_version.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>vaffeldagen.se is on 89.221.250.22<br>ASN for 89.221.250.22: 1257<br>89.221.250.22 manually set to use abuse@aname.net1541083093http://exceltips.se/ (89.221.250.113) - Serp-hijackingAttacked url: http://exceltips.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 01 Nov 2018 11:34:04 +0100<br><br>Visitors with referer are redirected to http://fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: exceltips.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 19237 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.0 <br>Set-Cookie: ASPSESSIONIDASQSCCSR=DNGLDHGBDFGJHEKMGMOEHBHA; path=/ <br>X-Powered-By: ASP.NET <br>Date: Thu, 01 Nov 2018 11:33:19 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: exceltips.se <br>Referer: http://www.google.com/search?q=exceltips.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Redirect <br>Content-Length: 148 <br>Content-Type: text/html; charset=UTF-8 <br>Location: http://fapp.pw/app/se.php <br>Server: Microsoft-IIS/7.0 <br>X-Powered-By: ASP.NET <br>Date: Thu, 01 Nov 2018 11:33:19 GMT <br>Connection: close<br><br>exceltips.se is on 89.221.250.113<br>ASN for 89.221.250.113: 1257<br>89.221.250.113 manually set to use abuse@aname.net1541083043http://dev.crescent.se/ (195.74.38.117) - Serp-hijackingAttacked url: http://dev.crescent.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 01 Nov 2018 11:13:57 +0100<br><br>Visitors with referer are redirected to http://www.cheapshop123.com/cheap1.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Thu, 01 Nov 2018 10:13:56 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=i44e538fm0t797f3eulvgm4is7; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Referer: http://www.google.com/search?q=dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Thu, 01 Nov 2018 10:13:52 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=fvnmcrl4hkhmqs30cpi7hkc773; path=/ <br>Location: http://www.cheapshop123.com/cheap1.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>dev.crescent.se is on 195.74.38.117<br>ASN for 195.74.38.117: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.117 corresponds with cl-17.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1541083037http://kinaskakor.se/ (89.221.250.111) - Serp-hijackingAttacked url: http://kinaskakor.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 31 Oct 2018 21:58:49 +0100<br><br>Visitors with referer are redirected to http://ajax.auowen.com/libs/jquery.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: kinaskakor.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 500 Internal Server Error <br>Cache-Control: private <br>Content-Length: 5984 <br>Content-Type: text/html; charset=utf-8 <br>Server: Microsoft-IIS/7.0 <br>Set-Cookie: ASPSESSIONIDSSBRQSBT=LHCFAHABGNADOPGOFHBHHLOA; path=/ <br>X-Powered-By: ASP.NET <br>Date: Wed, 31 Oct 2018 20:57:48 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: kinaskakor.se <br>Referer: http://www.google.com/search?q=kinaskakor.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 159 <br>Content-Type: text/html <br>Location: http://ajax.auowen.com/libs/jquery.php <br>Server: Microsoft-IIS/7.0 <br>Set-Cookie: ASPSESSIONIDSSBRQSBT=KHCFAHABNIBFBBCJBNEGAFEF; path=/ <br>X-Powered-By: ASP.NET <br>Date: Wed, 31 Oct 2018 20:57:36 GMT <br>Connection: close<br><br>kinaskakor.se is on 89.221.250.111<br>ASN for 89.221.250.111: 1257<br>89.221.250.111 manually set to use abuse@aname.net1541082784http://dev.crescent.se/ (195.74.38.117) - Serp-hijackingAttacked url: http://dev.crescent.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 30 Oct 2018 15:56:46 +0100<br><br>Visitors with referer are redirected to http://www.cheapshop123.com/cheap1.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 30 Oct 2018 14:56:45 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=ooimhj2rarlmftmjp6hjetgei0; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Referer: http://www.google.com/search?q=dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 30 Oct 2018 14:56:41 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=bdhauj1egeg0etfqectf81eaq0; path=/ <br>Location: http://www.cheapshop123.com/cheap1.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>dev.crescent.se is on 195.74.38.117<br>ASN for 195.74.38.117: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.117 corresponds with cl-17.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1540991172http://zogg.se/2013/01/01/vags-ande/ (93.188.2.52) - Serp-hijackingAttacked url: http://zogg.se/2013/01/01/vags-ande/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 22 Oct 2018 05:38:15 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Mon, 22 Oct 2018 03:38:15 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Vary: Cookie <br>X-Pingback: http://zogg.se/xmlrpc.php <br>X-Loopia-Node: 172.22.223.70 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Mon, 22 Oct 2018 03:38:15 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.70<br><br>zogg.se is on 93.188.2.52<br>ASN for 93.188.2.52: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.52 corresponds with webfront2.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1540209691http://landsbygdskraft.se/ (93.188.2.52) - Serp-hijackingAttacked url: http://landsbygdskraft.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 19 Oct 2018 16:02:18 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: landsbygdskraft.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Fri, 19 Oct 2018 14:02:18 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Vary: Cookie <br>X-Pingback: http://landsbygdskraft.se/xmlrpc.php <br>X-Loopia-Node: 172.22.223.76 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: landsbygdskraft.se <br>Referer: http://www.google.com/search?q=landsbygdskraft.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Fri, 19 Oct 2018 14:02:18 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.76<br><br>landsbygdskraft.se is on 93.188.2.52<br>ASN for 93.188.2.52: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.52 corresponds with webfront2.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1539959646http://adventure-academy.se/ (192.185.85.61) - Serp-hijackingAttacked url: http://adventure-academy.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 19 Oct 2018 09:43:16 +0200<br><br>Visitors with referer are redirected to http://universalic.info/api/redirect?offerid=47&amp;sourceid=5197&amp;landingid=356&amp;subid_1=Alpha <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: adventure-academy.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx/1.14.0 <br>Date: Fri, 19 Oct 2018 07:43:28 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Pragma: no-cache <br>Expires: Wed, 11 Jan 1984 05:00:00 GMT <br>Cache-Control: no-cache, must-revalidate, max-age=0 <br>Set-Cookie: visits=1539935006; expires=Tue, 19-Jan-2038 03:14:07 GMT <br>Set-Cookie: PHPSESSID=cc8a5f3edb86fddd6e9fbf1169a9b328; path=/ <br>Location: http://www.adventure-academy.se/ <br>X-Endurance-Cache-Level: 2 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: adventure-academy.se <br>Referer: http://www.google.com/search?q=adventure-academy.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Server: nginx/1.14.0 <br>Date: Fri, 19 Oct 2018 07:43:25 GMT <br>Content-Type: text/html; charset=utf-8 <br>Connection: close <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>Set-Cookie: visits=1539935005; expires=Tue, 19-Jan-2038 03:14:07 GMT <br>Set-Cookie: PHPSESSID=f7806d91a1d179891413fc85218370c6; path=/ <br>Set-Cookie: e855537258ac5146b4895e5e719d4ab79dcbc0be=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE0XCI6MTUzOTkzNDk3MX0sXCJjYW1wYWlnbnNcIjp7XCIxXCI6MTUzOTkzNDk3MX0sXCJ0aW1lXCI6MTUzOTkzNDk3MX0ifQ.KuQsubAk-ULkV6Q0kEnlLGWRSfPPTHHYGk6xkqNzbTM; expires=Sat, 20-Oct-2018 07:43:25 GMT; path=/; domain=.adventure-academy.se <br>Location: http://universalic.info/api/redirect?offerid=47&amp;sourceid=5197&amp;landingid=356&amp;subid_1=Alpha <br>X-Endurance-Cache-Level: 2<br><br>adventure-academy.se is on 192.185.85.61<br>ASN for 192.185.85.61: 20013<br>Abusix contact information: ipadmin@websitewelcome.com (information only)<br>192.185.85.61 corresponds with 192-185-85-61.unifiedlayer.com<br>Abuse.net has 1 reliable address(es) for unifiedlayer.com<br>Found address(es): abuse@unifiedlayer.com1539958690http://syf.nu/ (212.97.132.153) - Serp-hijackingAttacked url: http://syf.nu/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 19 Oct 2018 07:30:34 +0200<br><br>Visitors with referer are redirected to http://www.swogo.com/wp-content/uploads/Scan327.zip <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: syf.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>X-Powered-By: PHP/5.6.36 <br>X-Pingback: http://syf.nu/xmlrpc.php <br>Content-Type: text/html; charset=UTF-8 <br>Date: Fri, 19 Oct 2018 05:30:34 GMT <br>Accept-Ranges: bytes <br>Server: LiteSpeed <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: syf.nu <br>Referer: http://www.google.com/search?q=syf.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Fri, 19 Oct 2018 05:30:34 GMT <br>Accept-Ranges: bytes <br>Server: LiteSpeed <br>Location: http://www.swogo.com/wp-content/uploads/Scan327.zip <br>Connection: close<br><br>syf.nu is on 212.97.132.153<br>ASN for 212.97.132.153: 9120<br>Abusix contact information: abuse@surftown.com (information only)<br>212.97.132.153 corresponds with ws50.surf-town.net<br>Abuse.net has 2 reliable address(es) for surf-town.net<br>Found address(es): abuse@surf-town.net abuse@cohaesio.com1539958476http://dev.crescent.se/ (195.74.38.117) - Serp-hijackingAttacked url: http://dev.crescent.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 19 Oct 2018 05:32:10 +0200<br><br>Visitors with referer are redirected to http://www.cheapshop123.com/cheap1.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Fri, 19 Oct 2018 03:32:20 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=nlj94hpg0rdg1ojcg95a9ohhc4; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Referer: http://www.google.com/search?q=dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Fri, 19 Oct 2018 03:32:17 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=ikcno48e7pkdqb99671thbvjr0; path=/ <br>Location: http://www.cheapshop123.com/cheap1.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>dev.crescent.se is on 195.74.38.117<br>ASN for 195.74.38.117: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.117 corresponds with cl-17.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1539958170http://pvi.karolinanorstrom.se/ (52.58.78.16) - Serp-hijackingAttacked url: http://pvi.karolinanorstrom.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 18 Oct 2018 20:29:31 +0200<br><br>Visitors with referer are redirected to http://karolinanorstrom.se <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: pvi.karolinanorstrom.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 503 Service Temporarily Unavailable <br>Server: openresty/1.13.6.2 <br>Date: Thu, 18 Oct 2018 18:29:30 GMT <br>Content-Type: text/html <br>Content-Length: 219 <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: pvi.karolinanorstrom.se <br>Referer: http://www.google.com/search?q=pvi.karolinanorstrom.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: openresty/1.13.6.2 <br>Date: Thu, 18 Oct 2018 18:29:30 GMT <br>Content-Type: text/html; charset=utf-8 <br>Connection: close <br>X-Frame-Options: SAMEORIGIN <br>X-XSS-Protection: 1; mode=block <br>X-Content-Type-Options: nosniff <br>Location: http://karolinanorstrom.se <br>Cache-Control: no-cache <br>Set-Cookie: _undeveloped_session=VzYrcVl3ZXZMbkVkaUJhY0ZIcjU2ZlJQYXJ3MTNWVWgxVFNuZ1RNa0V1SEpyM1RJa0lyZjY1RHNIV2gvc3BTNDRLaktGNXBPT1hIWVNBYzdqa3dzRUkwZFg0Z29Bd09XMXRWalJpdFBSVmc9LS1FYzdCR0JHZE9KOU1yQnVhZ3p1bUJ3PT0%3D--9939c293e0dd7e2974d609d2e00c75cdd6de1ae0; path=/; HttpOnly <br>X-Request-Id: 3f365642-fba0-4c4e-9d33-e145c946c52b <br>X-Runtime: 0.003791<br><br>pvi.karolinanorstrom.se is on 52.58.78.16<br>ASN for 52.58.78.16: 16509<br>Abusix contact information: abuse@amazonaws.com (information only)<br>52.58.78.16 corresponds with ec2-52-58-78-16.eu-central-1.compute.amazonaws.com<br>Abuse.net has 1 reliable address(es) for amazonaws.com<br>Found address(es): abuse@amazonaws.com1539957414http://adventure-academy.se/ (192.185.85.61) - Serp-hijackingAttacked url: http://adventure-academy.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 18 Oct 2018 09:14:36 +0200<br><br>Visitors with referer are redirected to http://universalic.info/api/redirect?offerid=47&amp;sourceid=5197&amp;landingid=356&amp;subid_1=Alpha <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: adventure-academy.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx/1.14.0 <br>Date: Thu, 18 Oct 2018 07:14:47 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Pragma: no-cache <br>Expires: Wed, 11 Jan 1984 05:00:00 GMT <br>Cache-Control: no-cache, must-revalidate, max-age=0 <br>Set-Cookie: visits=1539846877; expires=Tue, 19-Jan-2038 03:14:07 GMT <br>Set-Cookie: PHPSESSID=7778a947c745ce9bcc78d1f1c319d047; path=/ <br>Location: http://www.adventure-academy.se/ <br>X-Endurance-Cache-Level: 2 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: adventure-academy.se <br>Referer: http://www.google.com/search?q=adventure-academy.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Server: nginx/1.14.0 <br>Date: Thu, 18 Oct 2018 07:14:36 GMT <br>Content-Type: text/html; charset=utf-8 <br>Connection: close <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>Set-Cookie: visits=1539846876; expires=Tue, 19-Jan-2038 03:14:07 GMT <br>Set-Cookie: PHPSESSID=3d2c04861147ba10966f301b4b0b541c; path=/ <br>Set-Cookie: e855537258ac5146b4895e5e719d4ab79dcbc0be=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE0XCI6MTUzOTg0Njg0MH0sXCJjYW1wYWlnbnNcIjp7XCIxXCI6MTUzOTg0Njg0MH0sXCJ0aW1lXCI6MTUzOTg0Njg0MH0ifQ.8TTCRZUdnNmgtcGoknyWNgVXpXNKTkhwJ7GB_o66L7E; expires=Fri, 19-Oct-2018 07:14:36 GMT; path=/; domain=.adventure-academy.se <br>Location: http://universalic.info/api/redirect?offerid=47&amp;sourceid=5197&amp;landingid=356&amp;subid_1=Alpha <br>X-Endurance-Cache-Level: 2<br><br>adventure-academy.se is on 192.185.85.61<br>ASN for 192.185.85.61: 20013<br>Abusix contact information: ipadmin@websitewelcome.com (information only)<br>192.185.85.61 corresponds with 192-185-85-61.unifiedlayer.com<br>Abuse.net has 1 reliable address(es) for unifiedlayer.com<br>Found address(es): abuse@unifiedlayer.com1539874159http://shineonyou.se/ (195.74.38.97) - Serp-hijackingAttacked url: http://shineonyou.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 17 Oct 2018 15:33:48 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Wed, 17 Oct 2018 13:34:00 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://shineonyou.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=ru46t9npbrv7ctq93a34hssho1; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Referer: http://www.google.com/search?q=shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Wed, 17 Oct 2018 13:33:45 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>shineonyou.se is on 195.74.38.97<br>ASN for 195.74.38.97: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.97 corresponds with cl-13.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1539862082http://zogg.se/ (93.188.2.52) - Serp-hijackingAttacked url: http://zogg.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 17 Oct 2018 12:06:36 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Wed, 17 Oct 2018 10:06:48 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Vary: Accept-Encoding,Cookie <br>Cache-Control: max-age=3, must-revalidate <br>WP-Super-Cache: Served supercache file from PHP <br>X-Loopia-Node: 172.22.223.70 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx <br>Date: Wed, 17 Oct 2018 10:06:48 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/5.6.38 <br>Location: http://islas.co.uk/college/image/ <br>X-Loopia-Node: 172.22.223.70<br><br>zogg.se is on 93.188.2.52<br>ASN for 93.188.2.52: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.52 corresponds with webfront2.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1539777527http://dev.crescent.se/ (195.74.38.117) - Serp-hijackingAttacked url: http://dev.crescent.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 16 Oct 2018 20:35:32 +0200<br><br>Visitors with referer are redirected to http://www.cheapshop123.com/cheap1.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 16 Oct 2018 18:35:42 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=tv0qkgri45gunms028d7810ul0; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dev.crescent.se <br>Referer: http://www.google.com/search?q=dev.crescent.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 16 Oct 2018 18:35:40 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://dev.crescent.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=l39sehn9vopg7i0v4med47n9p5; path=/ <br>Location: http://www.cheapshop123.com/cheap1.php <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>dev.crescent.se is on 195.74.38.117<br>ASN for 195.74.38.117: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.117 corresponds with cl-17.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1539777253http://aquelius.se/ (81.236.49.251) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://mtmoriahcogic.org/zk7qvbjh.php?id=14607427&quot;&gt;<br><br>Offensive url: http://mtmoriahcogic.org/zk7qvbjh.php?id=14607427<br>Url is blacklisted in Google Safe Browsing<br><br>aquelius.se is on 81.236.49.251<br>ASN for 81.236.49.251: 3301<br>Abusix contact information: abuse@telia.com (information only)<br>81.236.49.251 corresponds with lb-win.webhosting.telia.com<br>Abuse.net has 1 reliable address(es) for telia.com<br>Found address(es): abuse@telia.com1539601890http://shineonyou.se/ (195.74.38.97) - Serp-hijackingAttacked url: http://shineonyou.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Sun, 14 Oct 2018 22:40:47 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Sun, 14 Oct 2018 20:40:58 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>X-Pingback: http://shineonyou.se/xmlrpc.php <br>Set-Cookie: PHPSESSID=v1ep14d0u55uso5qi0leb1d4l6; path=/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: shineonyou.se <br>Referer: http://www.google.com/search?q=shineonyou.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Sun, 14 Oct 2018 20:40:49 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.3.29 <br>Location: http://islas.co.uk/college/image/ <br>Connection: close <br>Content-Type: text/html<br><br>shineonyou.se is on 195.74.38.97<br>ASN for 195.74.38.97: 35041<br>Abusix contact information: drift@binero.se (information only)<br>195.74.38.97 corresponds with cl-13.atm.binero.net<br>Abuse.net has 1 reliable address(es) for binero.net<br>Found address(es): abuse@binero.se1539601543