Säkrare hemsida med .sehttp://secon.se/ (194.9.94.102) - Serp-hijackingAttacked url: http://secon.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 21 Aug 2017 11:21:09 +0200<br><br>Visitors with referer are redirected to http://c2b1.localtds.com/?bxbTNJ&amp;keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: secon.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Mon, 21 Aug 2017 09:21:12 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>X-Pingback: http://secon.se/xmlrpc.php <br>Link: &lt;http://secon.se/?p=24&gt;; rel=shortlink <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: secon.se <br>Referer: http://www.google.com/search?q=secon.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Mon, 21 Aug 2017 09:21:10 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://c2b1.localtds.com/?bxbTNJ&amp;keyword=&amp;pill=<br><br>secon.se is on 194.9.94.102<br>ASN for 194.9.94.102: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.102 corresponds with s377.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1503318076http://konditoriregnbagen.se/ (194.9.94.14) - Serp-hijackingAttacked url: http://konditoriregnbagen.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 21 Aug 2017 08:12:38 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: konditoriregnbagen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Mon, 21 Aug 2017 06:12:38 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Cookie <br>X-Powered-By: PHP/5.6.30 <br>Link: &lt;http://konditoriregnbagen.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br>Link: &lt;http://konditoriregnbagen.se/&gt;; rel=shortlink <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: konditoriregnbagen.se <br>Referer: http://www.google.com/search?q=konditoriregnbagen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Mon, 21 Aug 2017 06:12:35 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>konditoriregnbagen.se is on 194.9.94.14<br>ASN for 194.9.94.14: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.14 corresponds with s514.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1503318032http://ithu.se/ (194.9.94.15) - Serp-hijackingAttacked url: http://ithu.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 21 Aug 2017 00:22:17 +0200<br><br>Visitors with referer are redirected to http://04b962.localtds.com/?bxbTNJ&amp;keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: ithu.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx/1.12.1 <br>Date: Sun, 20 Aug 2017 22:22:21 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://ny.ithu.se/ <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: ithu.se <br>Referer: http://www.google.com/search?q=ithu.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Sun, 20 Aug 2017 22:22:19 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://04b962.localtds.com/?bxbTNJ&amp;keyword=&amp;pill=<br><br>ithu.se is on 194.9.94.15<br>ASN for 194.9.94.15: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.15 corresponds with s515.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1503317855http://wilkon.se/ (194.9.94.17) - Serp-hijackingAttacked url: http://wilkon.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Sun, 20 Aug 2017 23:12:23 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: wilkon.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Sun, 20 Aug 2017 21:12:23 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For,Accept-Encoding <br>X-Powered-By: PHP/5.6.30 <br>Set-Cookie: nm_transient_id=nmtr_d703b00d806f8ee8d2124a121944422c189bf74c; path=/ <br>Set-Cookie: PHPSESSID=40r2dngabtrv94aguj8ivna8s0; path=/ <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>Link: &lt;http://wilkon.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br>Link: &lt;http://wilkon.se/&gt;; rel=shortlink <br>Link: &lt;http://wilkon.se/wp-json&gt;; rel=&quot;https://github.com/WP-API/WP-API&quot; <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: wilkon.se <br>Referer: http://www.google.com/search?q=wilkon.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Sun, 20 Aug 2017 21:12:18 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For,Accept-Encoding <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/ <br>Cache-Control: max-age=86400 <br>Expires: Mon, 21 Aug 2017 21:11:52 GMT<br><br>wilkon.se is on 194.9.94.17<br>ASN for 194.9.94.17: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.17 corresponds with s540.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1503317835http://zogg.se/ (194.9.94.194) - Serp-hijackingAttacked url: http://zogg.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Sun, 20 Aug 2017 22:40:13 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Sun, 20 Aug 2017 20:40:13 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Accept-Encoding,Cookie <br>X-Powered-By: PHP/5.6.30 <br>Cache-Control: max-age=3, must-revalidate <br>WP-Super-Cache: Served supercache file from PHP <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Sun, 20 Aug 2017 20:40:13 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>zogg.se is on 194.9.94.194<br>ASN for 194.9.94.194: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.194 corresponds with s407.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1503317826http://skeptikerskolan.se/ (194.9.95.11) - Serp-hijackingAttacked url: http://skeptikerskolan.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Sun, 20 Aug 2017 19:10:50 +0200<br><br>Visitors with referer are redirected to http://vados.biz/gosw?keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: skeptikerskolan.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Sun, 20 Aug 2017 17:10:53 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Set-Cookie: wfvt_2444225130=5999c29db8732; expires=Sun, 20-Aug-2017 17:40:53 GMT; Max-Age=1800; path=/; httponly <br>Link: &lt;http://skeptikerskolan.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br>Link: &lt;http://wp.me/P2KKuc-9Y&gt;; rel=shortlink <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: skeptikerskolan.se <br>Referer: http://www.google.com/search?q=skeptikerskolan.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Sun, 20 Aug 2017 17:10:51 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://vados.biz/gosw?keyword=&amp;pill=<br><br>skeptikerskolan.se is on 194.9.95.11<br>ASN for 194.9.95.11: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.95.11 corresponds with s48.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1503317592http://zogg.se/2013/01/03/stadig-frukost/ (194.9.94.194) - Serp-hijackingAttacked url: http://zogg.se/2013/01/03/stadig-frukost/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Sun, 20 Aug 2017 17:57:22 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Sun, 20 Aug 2017 15:57:26 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Accept-Encoding,Cookie <br>X-Powered-By: PHP/5.6.30 <br>Cache-Control: max-age=3, must-revalidate <br>WP-Super-Cache: Served supercache file from PHP <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Sun, 20 Aug 2017 15:57:26 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>zogg.se is on 194.9.94.194<br>ASN for 194.9.94.194: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.194 corresponds with s407.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1503317563http://ostacamping.se/ (194.9.95.65) - Serp-hijackingAttacked url: http://ostacamping.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Sun, 20 Aug 2017 16:48:06 +0200<br><br>Visitors with referer are redirected to http://vados.biz/gosw?keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: ostacamping.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Sun, 20 Aug 2017 14:48:06 GMT <br>Content-Type: text/html; charset=utf-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Set-Cookie: 72eaeff6113c9a3ed7fafc91f842c0d6=cm6a30qc3ustenlifu6n96n3h2; path=/; HttpOnly <br>P3P: CP=&quot;NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM&quot; <br>Expires: Mon, 1 Jan 2001 00:00:00 GMT <br>Last-Modified: Sun, 20 Aug 2017 14:48:06 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: ostacamping.se <br>Referer: http://www.google.com/search?q=ostacamping.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Sun, 20 Aug 2017 14:48:06 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://vados.biz/gosw?keyword=&amp;pill=<br><br>ostacamping.se is on 194.9.95.65<br>ASN for 194.9.95.65: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.95.65 corresponds with s210.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1503317544http://ithu.se/ (194.9.94.15) - Serp-hijackingAttacked url: http://ithu.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 18 Aug 2017 13:50:40 +0200<br><br>Visitors with referer are redirected to http://04b962.localtds.com/?bxbTNJ&amp;keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: ithu.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx/1.12.1 <br>Date: Fri, 18 Aug 2017 11:50:43 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://ny.ithu.se/ <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: ithu.se <br>Referer: http://www.google.com/search?q=ithu.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Fri, 18 Aug 2017 11:50:43 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://04b962.localtds.com/?bxbTNJ&amp;keyword=&amp;pill=<br><br>ithu.se is on 194.9.94.15<br>ASN for 194.9.94.15: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.15 corresponds with s515.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1503059430http://wilkon.se/ (194.9.94.17) - Serp-hijackingAttacked url: http://wilkon.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 18 Aug 2017 13:15:27 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: wilkon.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Fri, 18 Aug 2017 11:15:27 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For,Accept-Encoding <br>X-Powered-By: PHP/5.6.30 <br>Set-Cookie: nm_transient_id=nmtr_2465dbee0317b8d061d3763d2f67a177411c8b4f; path=/ <br>Set-Cookie: PHPSESSID=tf8irj4lbar4cu0seif4msvme0; path=/ <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>Link: &lt;http://wilkon.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br>Link: &lt;http://wilkon.se/&gt;; rel=shortlink <br>Link: &lt;http://wilkon.se/wp-json&gt;; rel=&quot;https://github.com/WP-API/WP-API&quot; <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: wilkon.se <br>Referer: http://www.google.com/search?q=wilkon.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Fri, 18 Aug 2017 11:15:25 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For,Accept-Encoding <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/ <br>Cache-Control: max-age=86400 <br>Expires: Sat, 19 Aug 2017 11:15:00 GMT<br><br>wilkon.se is on 194.9.94.17<br>ASN for 194.9.94.17: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.17 corresponds with s540.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1503059404http://davidlilja.se/ (194.9.95.75) - Serp-hijackingAttacked url: http://davidlilja.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 18 Aug 2017 12:26:57 +0200<br><br>Visitors with referer are redirected to http://vados.biz/gosw?keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: davidlilja.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Fri, 18 Aug 2017 10:27:00 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Link: &lt;http://davidlilja.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br>Link: &lt;http://wp.me/P8xTbr-nK&gt;; rel=shortlink <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: davidlilja.se <br>Referer: http://www.google.com/search?q=davidlilja.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Fri, 18 Aug 2017 10:26:57 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://vados.biz/gosw?keyword=&amp;pill=<br><br>davidlilja.se is on 194.9.95.75<br>ASN for 194.9.95.75: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.95.75 corresponds with s190.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1503059377http://skeptikerskolan.se/ (194.9.95.11) - Serp-hijackingAttacked url: http://skeptikerskolan.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 18 Aug 2017 09:23:06 +0200<br><br>Visitors with referer are redirected to http://vados.biz/gosw?keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: skeptikerskolan.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Fri, 18 Aug 2017 07:23:09 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Set-Cookie: wfvt_2444225130=599695dd97209; expires=Fri, 18-Aug-2017 07:53:09 GMT; Max-Age=1800; path=/; httponly <br>Link: &lt;http://skeptikerskolan.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br>Link: &lt;http://wp.me/P2KKuc-9Y&gt;; rel=shortlink <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: skeptikerskolan.se <br>Referer: http://www.google.com/search?q=skeptikerskolan.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Fri, 18 Aug 2017 07:23:07 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://vados.biz/gosw?keyword=&amp;pill=<br><br>skeptikerskolan.se is on 194.9.95.11<br>ASN for 194.9.95.11: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.95.11 corresponds with s48.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1503059323http://zogg.se/ (194.9.94.194) - Serp-hijackingAttacked url: http://zogg.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 18 Aug 2017 04:05:39 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Fri, 18 Aug 2017 02:05:39 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Accept-Encoding,Cookie <br>X-Powered-By: PHP/5.6.30 <br>Cache-Control: max-age=3, must-revalidate <br>WP-Super-Cache: Served supercache file from PHP <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Fri, 18 Aug 2017 02:05:39 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>zogg.se is on 194.9.94.194<br>ASN for 194.9.94.194: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.194 corresponds with s407.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1503059244http://purefitbars.se/ (194.9.94.38) - Serp-hijackingAttacked url: http://purefitbars.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 17 Aug 2017 17:51:23 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: purefitbars.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Thu, 17 Aug 2017 15:51:26 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Set-Cookie: wfvt_505271604=5995bb7e294d2; expires=Thu, 17-Aug-2017 16:21:26 GMT; Max-Age=1800; path=/; httponly <br>Link: &lt;http://purefitbars.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: purefitbars.se <br>Referer: http://www.google.com/search?q=purefitbars.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Thu, 17 Aug 2017 15:51:23 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>purefitbars.se is on 194.9.94.38<br>ASN for 194.9.94.38: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.38 corresponds with s439.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1503058523http://zogg.se/page/2/ (194.9.94.194) - Serp-hijackingAttacked url: http://zogg.se/page/2/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 17 Aug 2017 16:02:13 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Thu, 17 Aug 2017 14:02:13 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Cookie <br>X-Powered-By: PHP/5.6.30 <br>X-Pingback: http://zogg.se/xmlrpc.php <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Thu, 17 Aug 2017 14:02:12 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>zogg.se is on 194.9.94.194<br>ASN for 194.9.94.194: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.194 corresponds with s407.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1503058462http://passivist.se/ (194.9.94.213) - Serp-hijackingAttacked url: http://passivist.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 17 Aug 2017 12:04:39 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: passivist.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx/1.12.1 <br>Date: Thu, 17 Aug 2017 10:04:41 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Cookie <br>X-Powered-By: PHP/5.6.30 <br>Location: http://www.igpassivhus.se/ <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: passivist.se <br>Referer: http://www.google.com/search?q=passivist.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Thu, 17 Aug 2017 10:04:40 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>passivist.se is on 194.9.94.213<br>ASN for 194.9.94.213: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.213 corresponds with s368.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1502973298http://khal.se/ (194.9.94.137) - Serp-hijackingAttacked url: http://khal.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 17 Aug 2017 00:46:59 +0200<br><br>Visitors with referer are redirected to http://vados.biz/cialisse?keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: khal.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Wed, 16 Aug 2017 22:46:59 GMT <br>Content-Type: text/html; charset=utf-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Set-Cookie: c025e142ae5dd797a899add9154e4949=2mvhj49amhchrqvtber70nsqa2; path=/; HttpOnly <br>P3P: CP=&quot;NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM&quot; <br>Expires: Mon, 1 Jan 2001 00:00:00 GMT <br>Last-Modified: Wed, 16 Aug 2017 22:46:59 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: khal.se <br>Referer: http://www.google.com/search?q=khal.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Wed, 16 Aug 2017 22:46:57 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://vados.biz/cialisse?keyword=&amp;pill=<br><br>khal.se is on 194.9.94.137<br>ASN for 194.9.94.137: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.137 corresponds with s529.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1502971568http://zogg.se/2013/01/03/stadig-frukost/ (194.9.94.194) - Serp-hijackingAttacked url: http://zogg.se/2013/01/03/stadig-frukost/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 16 Aug 2017 17:31:49 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Wed, 16 Aug 2017 15:31:49 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Accept-Encoding,Cookie <br>X-Powered-By: PHP/5.6.30 <br>Cache-Control: max-age=3, must-revalidate <br>WP-Super-Cache: Served supercache file from PHP <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Wed, 16 Aug 2017 15:31:49 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>zogg.se is on 194.9.94.194<br>ASN for 194.9.94.194: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.194 corresponds with s407.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1502971026http://purefitbars.se/ (194.9.94.38) - Serp-hijackingAttacked url: http://purefitbars.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 16 Aug 2017 13:22:24 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: purefitbars.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Wed, 16 Aug 2017 11:22:27 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Set-Cookie: wfvt_505271604=59942af2f0abb; expires=Wed, 16-Aug-2017 11:52:26 GMT; Max-Age=1800; path=/; httponly <br>Link: &lt;http://purefitbars.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: purefitbars.se <br>Referer: http://www.google.com/search?q=purefitbars.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Wed, 16 Aug 2017 11:22:23 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>purefitbars.se is on 194.9.94.38<br>ASN for 194.9.94.38: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.38 corresponds with s439.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1502889760http://konditoriregnbagen.se/ (194.9.94.14) - Serp-hijackingAttacked url: http://konditoriregnbagen.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 16 Aug 2017 12:49:33 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: konditoriregnbagen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Wed, 16 Aug 2017 10:49:35 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Cookie <br>X-Powered-By: PHP/5.6.30 <br>Link: &lt;http://konditoriregnbagen.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br>Link: &lt;http://konditoriregnbagen.se/&gt;; rel=shortlink <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: konditoriregnbagen.se <br>Referer: http://www.google.com/search?q=konditoriregnbagen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Wed, 16 Aug 2017 10:49:33 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>konditoriregnbagen.se is on 194.9.94.14<br>ASN for 194.9.94.14: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.14 corresponds with s514.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1502889733http://wilkon.se/ (194.9.94.17) - Serp-hijackingAttacked url: http://wilkon.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 16 Aug 2017 05:47:16 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: wilkon.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Wed, 16 Aug 2017 03:47:19 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For,Accept-Encoding <br>X-Powered-By: PHP/5.6.30 <br>Set-Cookie: nm_transient_id=nmtr_69defd27ae0f816fab9f5e4dc7662072065870ca; path=/ <br>Set-Cookie: PHPSESSID=hb9utvvforti51a464m3crh130; path=/ <br>Expires: Thu, 19 Nov 1981 08:52:00 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br>Link: &lt;http://wilkon.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br>Link: &lt;http://wilkon.se/&gt;; rel=shortlink <br>Link: &lt;http://wilkon.se/wp-json&gt;; rel=&quot;https://github.com/WP-API/WP-API&quot; <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: wilkon.se <br>Referer: http://www.google.com/search?q=wilkon.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Wed, 16 Aug 2017 03:47:16 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For,Accept-Encoding <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/ <br>Cache-Control: max-age=86400 <br>Expires: Thu, 17 Aug 2017 03:46:54 GMT<br><br>wilkon.se is on 194.9.94.17<br>ASN for 194.9.94.17: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.17 corresponds with s540.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1502889560http://djurahembygdsforening.se/ (194.9.94.7) - Serp-hijackingAttacked url: http://djurahembygdsforening.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 16 Aug 2017 01:40:38 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: djurahembygdsforening.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Tue, 15 Aug 2017 23:40:41 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>X-Pingback: http://djurahembygdsforening.se/xmlrpc.php <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: djurahembygdsforening.se <br>Referer: http://www.google.com/search?q=djurahembygdsforening.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Tue, 15 Aug 2017 23:40:40 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>djurahembygdsforening.se is on 194.9.94.7<br>ASN for 194.9.94.7: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.7 corresponds with s98.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1502889472http://huggetsgross.se/ (194.9.94.73) - Serp-hijackingAttacked url: http://huggetsgross.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 15 Aug 2017 23:56:37 +0200<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: huggetsgross.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 11006 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSCRBBTAT=NEKAIHBBEMFLCKBFLBJGFFEE; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 15 Aug 2017 21:56:39 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: huggetsgross.se <br>Referer: http://www.google.com/search?q=huggetsgross.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 150 <br>Content-Type: text/html <br>Location: http://www.fapp.pw/app/se.php <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSCRBBTAT=MEKAIHBBCFHJPDOFOIHODNDF; path=/ <br>X-Powered-By: ASP.NET <br>Date: Tue, 15 Aug 2017 21:56:39 GMT <br>Connection: close<br><br>huggetsgross.se is on 194.9.94.73<br>ASN for 194.9.94.73: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.73 corresponds with iis10.windowscluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1502889383http://secon.se/ (194.9.94.102) - Serp-hijackingAttacked url: http://secon.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 15 Aug 2017 21:43:39 +0200<br><br>Visitors with referer are redirected to http://c2b1.localtds.com/?bxbTNJ&amp;keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: secon.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Tue, 15 Aug 2017 19:43:39 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>X-Pingback: http://secon.se/xmlrpc.php <br>Link: &lt;http://secon.se/?p=24&gt;; rel=shortlink <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: secon.se <br>Referer: http://www.google.com/search?q=secon.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Tue, 15 Aug 2017 19:43:37 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://c2b1.localtds.com/?bxbTNJ&amp;keyword=&amp;pill=<br><br>secon.se is on 194.9.94.102<br>ASN for 194.9.94.102: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.102 corresponds with s377.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1502888768http://buttlekvarn.nu/ (93.188.2.51) - Serp-hijackingAttacked url: http://buttlekvarn.nu/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 15 Aug 2017 17:29:25 +0200<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: buttlekvarn.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx <br>Date: Tue, 15 Aug 2017 15:29:27 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>X-Powered-By: PHP/7.1.7 <br>Vary: Cookie <br>Set-Cookie: wfvt_2653984931=59931357677cb; expires=Tue, 15-Aug-2017 15:59:27 GMT; Max-Age=1800; path=/; HttpOnly <br>Link: &lt;http://buttlekvarn.nu/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br>Link: &lt;http://buttlekvarn.nu/&gt;; rel=shortlink <br>X-Loopia-Node: 172.22.223.25 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: buttlekvarn.nu <br>Referer: http://www.google.com/search?q=buttlekvarn.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx <br>Date: Tue, 15 Aug 2017 15:29:26 GMT <br>Content-Type: text/html; charset=iso-8859-1 <br>Connection: close <br>Location: http://www.fapp.pw/app/se.php <br>X-Loopia-Node: 172.22.223.25<br><br>buttlekvarn.nu is on 93.188.2.51<br>ASN for 93.188.2.51: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.51 corresponds with webfront1.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1502887053http://stadsmagasinet.se/ (194.9.95.119) - Serp-hijackingAttacked url: http://stadsmagasinet.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 15 Aug 2017 05:04:43 +0200<br><br>Visitors with referer are redirected to http://1e7.localtds.com/?bxbTNJ&amp;keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: stadsmagasinet.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Tue, 15 Aug 2017 03:04:43 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Link: &lt;http://stadsmagasinet.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br>Link: &lt;http://stadsmagasinet.se/&gt;; rel=shortlink <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: stadsmagasinet.se <br>Referer: http://www.google.com/search?q=stadsmagasinet.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Tue, 15 Aug 2017 03:04:42 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://1e7.localtds.com/?bxbTNJ&amp;keyword=&amp;pill=<br><br>stadsmagasinet.se is on 194.9.95.119<br>ASN for 194.9.95.119: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.95.119 corresponds with s298.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1502782925http://etena.se/ (194.9.94.137) - Serp-hijackingAttacked url: http://etena.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 15 Aug 2017 04:44:28 +0200<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: etena.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Tue, 15 Aug 2017 02:44:30 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://www.etena.se/ <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: etena.se <br>Referer: http://www.google.com/search?q=etena.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx/1.12.1 <br>Date: Tue, 15 Aug 2017 02:44:30 GMT <br>Content-Type: text/html; charset=iso-8859-1 <br>Connection: close <br>Location: http://www.fapp.pw/app/se.php<br><br>etena.se is on 194.9.94.137<br>ASN for 194.9.94.137: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.137 corresponds with s529.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1502782893http://mhs.se/ (194.9.94.228) - Serp-hijackingAttacked url: http://mhs.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 15 Aug 2017 01:18:54 +0200<br><br>Visitors with referer are redirected to http://vados.biz/gosw?keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: mhs.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Mon, 14 Aug 2017 23:18:54 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Set-Cookie: wfvt_159242594=59922fde85a7a; expires=Mon, 14-Aug-2017 23:48:54 GMT; Max-Age=1800; path=/; httponly <br>Link: &lt;http://mhs.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br>Link: &lt;http://mhs.se/&gt;; rel=shortlink <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: mhs.se <br>Referer: http://www.google.com/search?q=mhs.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Mon, 14 Aug 2017 23:18:52 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://vados.biz/gosw?keyword=&amp;pill=<br><br>mhs.se is on 194.9.94.228<br>ASN for 194.9.94.228: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.228 corresponds with s169.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1502782703http://ithu.se/ (194.9.94.15) - Serp-hijackingAttacked url: http://ithu.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 14 Aug 2017 22:47:34 +0200<br><br>Visitors with referer are redirected to http://04b962.localtds.com/?bxbTNJ&amp;keyword=08a8c4f8eaedb616a1fa2715b53bc976&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: ithu.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx/1.12.1 <br>Date: Mon, 14 Aug 2017 20:47:36 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Cookie <br>X-Powered-By: PHP/5.6.30 <br>Location: http://ny.ithu.se/ <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: ithu.se <br>Referer: http://www.google.com/search?q=ithu.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Mon, 14 Aug 2017 20:47:35 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://04b962.localtds.com/?bxbTNJ&amp;keyword=08a8c4f8eaedb616a1fa2715b53bc976&amp;pill=<br><br>ithu.se is on 194.9.94.15<br>ASN for 194.9.94.15: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.15 corresponds with s515.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1502782610http://ledlampor.nu/ (194.9.94.155) - Serp-hijackingAttacked url: http://ledlampor.nu/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 14 Aug 2017 19:12:31 +0200<br><br>Visitors with referer are redirected to http://guysflinching.ru/extended?7 <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: ledlampor.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 403 Forbidden <br>Server: nginx/1.12.1 <br>Date: Mon, 14 Aug 2017 17:12:31 GMT <br>Content-Type: text/html; charset=iso-8859-1 <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: ledlampor.nu <br>Referer: http://www.google.com/search?q=ledlampor.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx/1.12.1 <br>Date: Mon, 14 Aug 2017 17:12:31 GMT <br>Content-Type: text/html; charset=iso-8859-1 <br>Connection: close <br>Location: http://guysflinching.ru/extended?7<br><br>ledlampor.nu is on 194.9.94.155<br>ASN for 194.9.94.155: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.155 corresponds with s362.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1502782311http://zogg.se/ (194.9.94.194) - Serp-hijackingAttacked url: http://zogg.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 14 Aug 2017 16:40:55 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Mon, 14 Aug 2017 14:40:55 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Accept-Encoding,Cookie <br>X-Powered-By: PHP/5.6.30 <br>Cache-Control: max-age=3, must-revalidate <br>WP-Super-Cache: Served supercache file from PHP <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Mon, 14 Aug 2017 14:40:55 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>zogg.se is on 194.9.94.194<br>ASN for 194.9.94.194: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.194 corresponds with s407.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1502782170http://khal.se/ (194.9.94.137) - Serp-hijackingAttacked url: http://khal.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 14 Aug 2017 16:39:43 +0200<br><br>Visitors with referer are redirected to http://vados.biz/cialisse?keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: khal.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Mon, 14 Aug 2017 14:39:45 GMT <br>Content-Type: text/html; charset=utf-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Set-Cookie: c025e142ae5dd797a899add9154e4949=ji8pmgolh0jdcrlp6aahb03b66; path=/; HttpOnly <br>P3P: CP=&quot;NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM&quot; <br>Expires: Mon, 1 Jan 2001 00:00:00 GMT <br>Last-Modified: Mon, 14 Aug 2017 14:39:45 GMT <br>Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 <br>Pragma: no-cache <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: khal.se <br>Referer: http://www.google.com/search?q=khal.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Mon, 14 Aug 2017 14:39:43 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://vados.biz/cialisse?keyword=&amp;pill=<br><br>khal.se is on 194.9.94.137<br>ASN for 194.9.94.137: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.137 corresponds with s529.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1502782168http://manspodden.se/ (194.9.94.15) - Serp-hijackingAttacked url: http://manspodden.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 14 Aug 2017 06:18:51 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: manspodden.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Mon, 14 Aug 2017 04:18:51 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Link: &lt;http://manspodden.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: manspodden.se <br>Referer: http://www.google.com/search?q=manspodden.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Mon, 14 Aug 2017 04:18:48 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Set-Cookie: redirectCookie=1; expires=Tue, 15-Aug-2017 04:18:48 GMT; Max-Age=86400 <br>Location: http://islas.co.uk/college/image/<br><br>manspodden.se is on 194.9.94.15<br>ASN for 194.9.94.15: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.15 corresponds with s515.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1502713495http://zogg.se/ (194.9.94.194) - Serp-hijackingAttacked url: http://zogg.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 10 Aug 2017 17:55:58 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Thu, 10 Aug 2017 15:56:00 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Accept-Encoding,Cookie <br>X-Powered-By: PHP/5.6.30 <br>Cache-Control: max-age=3, must-revalidate <br>WP-Super-Cache: Served supercache file from PHP <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Thu, 10 Aug 2017 15:56:00 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>zogg.se is on 194.9.94.194<br>ASN for 194.9.94.194: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.194 corresponds with s407.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1502445119http://zogg.se/page/2/ (194.9.94.194) - Serp-hijackingAttacked url: http://zogg.se/page/2/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 10 Aug 2017 15:01:32 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Thu, 10 Aug 2017 13:01:32 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Cookie <br>X-Powered-By: PHP/5.6.30 <br>X-Pingback: http://zogg.se/xmlrpc.php <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Thu, 10 Aug 2017 13:01:32 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>zogg.se is on 194.9.94.194<br>ASN for 194.9.94.194: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.194 corresponds with s407.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1502373742http://mhs.se/ (194.9.94.228) - Serp-hijackingAttacked url: http://mhs.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 10 Aug 2017 10:26:03 +0200<br><br>Visitors with referer are redirected to http://vados.biz/gosw?keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: mhs.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Thu, 10 Aug 2017 08:26:04 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Set-Cookie: wfvt_159242594=598c189c208df; expires=Thu, 10-Aug-2017 08:56:04 GMT; Max-Age=1800; path=/; httponly <br>Link: &lt;http://mhs.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br>Link: &lt;http://mhs.se/&gt;; rel=shortlink <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: mhs.se <br>Referer: http://www.google.com/search?q=mhs.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Thu, 10 Aug 2017 08:26:00 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://vados.biz/gosw?keyword=&amp;pill=<br><br>mhs.se is on 194.9.94.228<br>ASN for 194.9.94.228: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.228 corresponds with s169.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1502373537http://advokatfirmangronvall.se/ (194.9.94.83) - Serp-hijackingAttacked url: http://advokatfirmangronvall.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 10 Aug 2017 09:53:45 +0200<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: advokatfirmangronvall.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Cache-Control: private <br>Content-Length: 1804 <br>Content-Type: text/html <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSCCABSCS=PDOAGHOBIHCFEIDJKPLIMNOC; path=/ <br>X-Powered-By: ASP.NET <br>Date: Thu, 10 Aug 2017 07:53:44 GMT <br>Connection: close <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: advokatfirmangronvall.se <br>Referer: http://www.google.com/search?q=advokatfirmangronvall.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Object moved <br>Cache-Control: private <br>Content-Length: 150 <br>Content-Type: text/html <br>Location: http://www.fapp.pw/app/se.php <br>Server: Microsoft-IIS/7.5 <br>Set-Cookie: ASPSESSIONIDSCCABSCS=ODOAGHOBGHKNMBDDODOKGPLO; path=/ <br>X-Powered-By: ASP.NET <br>Date: Thu, 10 Aug 2017 07:53:44 GMT <br>Connection: close<br><br>advokatfirmangronvall.se is on 194.9.94.83<br>ASN for 194.9.94.83: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.83 corresponds with iis13.windowscluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1502373517http://manspodden.se/ (194.9.94.15) - Serp-hijackingAttacked url: http://manspodden.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 10 Aug 2017 08:15:11 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: manspodden.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Thu, 10 Aug 2017 06:15:12 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Link: &lt;http://manspodden.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: manspodden.se <br>Referer: http://www.google.com/search?q=manspodden.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Thu, 10 Aug 2017 06:15:09 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Set-Cookie: redirectCookie=1; expires=Fri, 11-Aug-2017 06:15:09 GMT; Max-Age=86400 <br>Location: http://islas.co.uk/college/image/<br><br>manspodden.se is on 194.9.94.15<br>ASN for 194.9.94.15: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.15 corresponds with s515.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1502373379http://kaffehornan.se/ (194.9.94.54) - Serp-hijackingAttacked url: http://kaffehornan.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 10 Aug 2017 04:35:07 +0200<br><br>Visitors with referer are redirected to http://vados.biz/gosw?keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: kaffehornan.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Thu, 10 Aug 2017 02:35:07 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Link: &lt;http://kaffehornan.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: kaffehornan.se <br>Referer: http://www.google.com/search?q=kaffehornan.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Thu, 10 Aug 2017 02:35:06 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://vados.biz/gosw?keyword=&amp;pill=<br><br>kaffehornan.se is on 194.9.94.54<br>ASN for 194.9.94.54: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.54 corresponds with s517.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1502373065http://secon.se/ (194.9.94.102) - Serp-hijackingAttacked url: http://secon.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 09 Aug 2017 16:27:41 +0200<br><br>Visitors with referer are redirected to http://c2b1.localtds.com/?bxbTNJ&amp;keyword=&amp;pill= <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: secon.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.12.1 <br>Date: Wed, 09 Aug 2017 14:27:42 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>X-Pingback: http://secon.se/xmlrpc.php <br>Link: &lt;http://secon.se/?p=24&gt;; rel=shortlink <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: secon.se <br>Referer: http://www.google.com/search?q=secon.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.12.1 <br>Date: Wed, 09 Aug 2017 14:27:41 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://c2b1.localtds.com/?bxbTNJ&amp;keyword=&amp;pill=<br><br>secon.se is on 194.9.94.102<br>ASN for 194.9.94.102: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.102 corresponds with s377.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1502372443http://purefitbars.se/ (194.9.94.38) - Serp-hijackingAttacked url: http://purefitbars.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 12 Jul 2017 10:32:54 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: purefitbars.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.10.3 <br>Date: Wed, 12 Jul 2017 08:32:54 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Set-Cookie: wfvt_505271604=5965deb5d0e4a; expires=Wed, 12-Jul-2017 09:02:53 GMT; Max-Age=1800; path=/; httponly <br>Link: &lt;http://purefitbars.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: purefitbars.se <br>Referer: http://www.google.com/search?q=purefitbars.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.10.3 <br>Date: Wed, 12 Jul 2017 08:32:51 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>purefitbars.se is on 194.9.94.38<br>ASN for 194.9.94.38: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.38 corresponds with s439.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1499859610http://tdance.se/ (93.188.2.51) - Serp-hijackingAttacked url: http://tdance.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 04 Jul 2017 13:54:53 +0200<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: tdance.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx <br>Date: Tue, 04 Jul 2017 11:54:53 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://tdans.se/ <br>X-Loopia-Node: 172.22.223.20 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: tdance.se <br>Referer: http://www.google.com/search?q=tdance.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx <br>Date: Tue, 04 Jul 2017 11:54:52 GMT <br>Content-Type: text/html; charset=iso-8859-1 <br>Connection: close <br>Location: http://www.fapp.pw/app/se.php <br>X-Loopia-Node: 172.22.223.20<br><br>tdance.se is on 93.188.2.51<br>ASN for 93.188.2.51: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.51 corresponds with webfront1.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1499173347http://zogg.se/2013/01/01/vags-ande/ (194.9.94.194) - Serp-hijackingAttacked url: http://zogg.se/2013/01/01/vags-ande/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 04 Jul 2017 11:58:42 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.10.3 <br>Date: Tue, 04 Jul 2017 09:58:47 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Accept-Encoding,Cookie <br>X-Powered-By: PHP/5.6.30 <br>Cache-Control: max-age=3, must-revalidate <br>WP-Super-Cache: Served supercache file from PHP <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.10.3 <br>Date: Tue, 04 Jul 2017 09:58:47 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>zogg.se is on 194.9.94.194<br>ASN for 194.9.94.194: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.194 corresponds with s407.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1499173329http://zogg.se/page/2/ (194.9.94.194) - Serp-hijackingAttacked url: http://zogg.se/page/2/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 04 Jul 2017 11:04:16 +0200<br><br>Visitors with referer are redirected to http://islas.co.uk/college/image/ <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.10.3 <br>Date: Tue, 04 Jul 2017 09:04:16 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: Accept-Encoding,Cookie <br>X-Powered-By: PHP/5.6.30 <br>Cache-Control: max-age=3, must-revalidate <br>WP-Super-Cache: Served supercache file from PHP <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: zogg.se <br>Referer: http://www.google.com/search?q=zogg.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Server: nginx/1.10.3 <br>Date: Tue, 04 Jul 2017 09:04:16 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://islas.co.uk/college/image/<br><br>zogg.se is on 194.9.94.194<br>ASN for 194.9.94.194: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.194 corresponds with s407.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1499173325http://tdans.nu/ (93.188.2.51) - Serp-hijackingAttacked url: http://tdans.nu/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 04 Jul 2017 04:47:16 +0200<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: tdans.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx <br>Date: Tue, 04 Jul 2017 02:47:16 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://tdans.se/ <br>X-Loopia-Node: 172.22.223.20 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: tdans.nu <br>Referer: http://www.google.com/search?q=tdans.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx <br>Date: Tue, 04 Jul 2017 02:47:15 GMT <br>Content-Type: text/html; charset=iso-8859-1 <br>Connection: close <br>Location: http://www.fapp.pw/app/se.php <br>X-Loopia-Node: 172.22.223.20<br><br>tdans.nu is on 93.188.2.51<br>ASN for 93.188.2.51: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.51 corresponds with webfront1.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1499173294http://tedans.nu/ (93.188.2.51) - Serp-hijackingAttacked url: http://tedans.nu/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 03 Jul 2017 22:03:43 +0200<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: tedans.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx <br>Date: Mon, 03 Jul 2017 20:03:48 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Location: http://tdans.se/ <br>X-Loopia-Node: 172.22.223.20 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: tedans.nu <br>Referer: http://www.google.com/search?q=tedans.nu <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx <br>Date: Mon, 03 Jul 2017 20:03:45 GMT <br>Content-Type: text/html; charset=iso-8859-1 <br>Connection: close <br>Location: http://www.fapp.pw/app/se.php <br>X-Loopia-Node: 172.22.223.20<br><br>tedans.nu is on 93.188.2.51<br>ASN for 93.188.2.51: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>93.188.2.51 corresponds with webfront1.webcluster.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1499173235http://rakstabatklubb.se/ (194.9.94.60) - Serp-hijackingAttacked url: http://rakstabatklubb.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Sun, 02 Jul 2017 20:11:05 +0200<br><br>Visitors with referer are redirected to http://www.diy90.ru/js/se/max.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: rakstabatklubb.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.10.3 <br>Date: Sun, 02 Jul 2017 18:11:09 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/5.6.30 <br>Set-Cookie: wfvt_3476123565=5959373dd3d19; expires=Sun, 02-Jul-2017 18:41:09 GMT; Max-Age=1800; path=/; httponly <br>Link: &lt;http://rakstabatklubb.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br>Link: &lt;http://rakstabatklubb.se/&gt;; rel=shortlink <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: rakstabatklubb.se <br>Referer: http://www.google.com/search?q=rakstabatklubb.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx/1.10.3 <br>Date: Sun, 02 Jul 2017 18:11:09 GMT <br>Content-Type: text/html; charset=iso-8859-1 <br>Connection: close <br>Location: http://www.diy90.ru/js/se/max.php<br><br>rakstabatklubb.se is on 194.9.94.60<br>ASN for 194.9.94.60: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.60 corresponds with s516.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1499087596http://incollection.se/ (194.9.94.53) - Serp-hijackingAttacked url: http://incollection.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 28 Jun 2017 07:51:20 +0200<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: incollection.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx/1.10.3 <br>Date: Wed, 28 Jun 2017 05:51:24 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/7.0.20 <br>Set-Cookie: wfvt_2436595216=595343dc03b39; expires=Wed, 28-Jun-2017 06:21:24 GMT; Max-Age=1800; path=/; HttpOnly <br>Location: http://infurncontract.se/ <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: incollection.se <br>Referer: http://www.google.com/search?q=incollection.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx/1.10.3 <br>Date: Wed, 28 Jun 2017 05:51:23 GMT <br>Content-Type: text/html; charset=iso-8859-1 <br>Connection: close <br>Location: http://www.fapp.pw/app/se.php<br><br>incollection.se is on 194.9.94.53<br>ASN for 194.9.94.53: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.53 corresponds with s596.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1498637370http://infurn.se/ (194.9.94.53) - Serp-hijackingAttacked url: http://infurn.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 28 Jun 2017 07:38:19 +0200<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: infurn.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx/1.10.3 <br>Date: Wed, 28 Jun 2017 05:38:22 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/7.0.20 <br>Set-Cookie: wfvt_2436595216=595340ce93602; expires=Wed, 28-Jun-2017 06:08:22 GMT; Max-Age=1800; path=/; HttpOnly <br>Location: http://infurncontract.se/ <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: infurn.se <br>Referer: http://www.google.com/search?q=infurn.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx/1.10.3 <br>Date: Wed, 28 Jun 2017 05:38:21 GMT <br>Content-Type: text/html; charset=iso-8859-1 <br>Connection: close <br>Location: http://www.fapp.pw/app/se.php<br><br>infurn.se is on 194.9.94.53<br>ASN for 194.9.94.53: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.53 corresponds with s596.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1498637369http://infurncontract.se/ (194.9.94.53) - Serp-hijackingAttacked url: http://infurncontract.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 28 Jun 2017 06:36:52 +0200<br><br>Visitors with referer are redirected to http://www.fapp.pw/app/se.php <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: infurncontract.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 200 OK <br>Server: nginx/1.10.3 <br>Date: Wed, 28 Jun 2017 04:36:52 GMT <br>Content-Type: text/html; charset=UTF-8 <br>Connection: close <br>Vary: X-Forwarded-For <br>X-Powered-By: PHP/7.0.20 <br>Set-Cookie: wfvt_2436595216=59533264574d8; expires=Wed, 28-Jun-2017 05:06:52 GMT; Max-Age=1800; path=/; HttpOnly <br>Link: &lt;http://infurncontract.se/wp-json/&gt;; rel=&quot;https://api.w.org/&quot; <br>Link: &lt;http://infurncontract.se/&gt;; rel=shortlink <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: infurncontract.se <br>Referer: http://www.google.com/search?q=infurncontract.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 301 Moved Permanently <br>Server: nginx/1.10.3 <br>Date: Wed, 28 Jun 2017 04:36:51 GMT <br>Content-Type: text/html; charset=iso-8859-1 <br>Connection: close <br>Location: http://www.fapp.pw/app/se.php<br><br>infurncontract.se is on 194.9.94.53<br>ASN for 194.9.94.53: 39570<br>Abusix contact information: abuse@loopia.se (information only)<br>194.9.94.53 corresponds with s596.loopia.se<br>Abuse.net has 1 reliable address(es) for loopia.se<br>Found address(es): abuse@loopia.se1498637362