Säkrare hemsida med .sehttp://bussfabriken.se/ (103.224.212.185) - Serp-hijackingAttacked url: http://bussfabriken.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Wed, 21 Jun 2017 14:33:24 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcRt1c%2FS253LSKS1A73V6xOVcjqjfmwR8rb%2Brv2bq8XHuMPFCW6%2FX69DJX5f4XD5TQ0NkxC9t7KJ2N%2FZ%2BzRaj%2FO3sY8iSNmGt3Y316bpVkNtV02z3WujUe9bJOWS33jey5zUb4I2DXHYKk1YiuYGhdpfntz%2BMT3Xcqg2ZBgSgvgFly4liDzc7hcilyYs9IpXt41krGHb7Ar5cJeCSqsI8ccRJPf6M9ftM0Lk8l5EnMCHIa9Tz8eSJlc0t5IY5w1uOdH8Bh6oZSLbNjjDNxVrPXMnZInskEGfjcLkNbaJdxvFTh5RGi5RWVKrbi8HD8zwXEsXZxRabgAL%2FYwnrO9wS1uUGYtzufDN9xgCyCWskj0cDfZBNK4qEOXNwHWr2SkEZRT%2FgdaPmGUdP9haWV%2BP80Gl%2FMdFXYbNKqFRkI7iugo42SMWlCHhzBP0a6SNVksD5NApMhdmf4aRBBH7G6jMy%2Bgv6F0mb2nyRtBQ0dqu9XIwmKXpu%2F1W1JZ5rRfA5un%2FSMTnf%2FORoIFv3hAwfrW0tvzWjTkMX7PQhXp <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: bussfabriken.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 21 Jun 2017 12:33:24 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1498048404.2154130; expires=Sat, 19-Jun-2027 12:33:24 GMT; Max-Age=315360000 <br>Location: http://ww38.bussfabriken.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: bussfabriken.se <br>Referer: http://www.google.com/search?q=bussfabriken.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Wed, 21 Jun 2017 12:33:23 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45-0+deb7u8 <br>Set-Cookie: __tad=1498048403.3088131; expires=Sat, 19-Jun-2027 12:33:23 GMT <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcRt1c%2FS253LSKS1A73V6xOVcjqjfmwR8rb%2Brv2bq8XHuMPFCW6%2FX69DJX5f4XD5TQ0NkxC9t7KJ2N%2FZ%2BzRaj%2FO3sY8iSNmGt3Y316bpVkNtV02z3WujUe9bJOWS33jey5zUb4I2DXHYKk1YiuYGhdpfntz%2BMT3Xcqg2ZBgSgvgFly4liDzc7hcilyYs9IpXt41krGHb7Ar5cJeCSqsI8ccRJPf6M9ftM0Lk8l5EnMCHIa9Tz8eSJlc0t5IY5w1uOdH8Bh6oZSLbNjjDNxVrPXMnZInskEGfjcLkNbaJdxvFTh5RGi5RWVKrbi8HD8zwXEsXZxRabgAL%2FYwnrO9wS1uUGYtzufDN9xgCyCWskj0cDfZBNK4qEOXNwHWr2SkEZRT%2FgdaPmGUdP9haWV%2BP80Gl%2FMdFXYbNKqFRkI7iugo42SMWlCHhzBP0a6SNVksD5NApMhdmf4aRBBH7G6jMy%2Bgv6F0mb2nyRtBQ0dqu9XIwmKXpu%2F1W1JZ5rRfA5un%2FSMTnf%2FORoIFv3hAwfrW0tvzWjTkMX7PQhXp <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>bussfabriken.se is on 103.224.212.185<br>ASN for 103.224.212.185: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.185 corresponds with lb-212-185.above.com<br>Abuse.net does not have any reliable address for lb-212-185.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-185.above.com1498050424http://nenonnet.se/ (103.224.212.185) - Serp-hijackingAttacked url: http://nenonnet.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 20 Jun 2017 16:11:14 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcRvfhMZyUq9ZowYo7RUAtP7nl%2FfGVqqvzZMy5nLzsYOXEzD%2BG4odFc6j38e0aS3obdrPNWy%2FNQerssTtIBZRFUvjIm6YWl6J6V4Ib0heVwHAtSwfV3B5JnXO6PV9Z6FWPGo6C0KSvM3zs6DVMOIkNGHDqMWt6y%2B3zBeqCFEgkNhxbobjp7Ekp5CENKWSw%2BXlMfTEwBla6GsU%2BtIq5whw9Dro9017KXxJmLjW0wiAKguW%2Fj3wdW7xrpTLjlZKHyd%2FVuD2HT41VTrzkS4puqDou2QZms%2B9uRg1dpwEKwKUaqlGjP1Tm3Y0qeZDhIA6YqNDKI6wrAc5ifo5EPpMQh%2BHjN1v8MDmZxQzkqDwi%2F8ZAihmUkKoUnmYLBcPl5%2BdhjhIu1oD5HjOJiiGdu%2F8nN0FqC4EnrW%2FVeiC%2FYcmkorCLSHzW%2F2wSez9MESCS3W0ocQiCbUfwu2Dnh1P0aF0WRLubSMmwTcCV3DnMVECgjFgWg29NdNBm5tZiHJ5CAnYSCo9Ms1cgr8W83W84%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: nenonnet.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 20 Jun 2017 14:11:14 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497967874.3389931; expires=Fri, 18-Jun-2027 14:11:14 GMT; Max-Age=315360000 <br>Location: http://ww1.nenonnet.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: nenonnet.se <br>Referer: http://www.google.com/search?q=nenonnet.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 20 Jun 2017 14:11:13 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497967873.7655622; expires=Fri, 18-Jun-2027 14:11:13 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcRvfhMZyUq9ZowYo7RUAtP7nl%2FfGVqqvzZMy5nLzsYOXEzD%2BG4odFc6j38e0aS3obdrPNWy%2FNQerssTtIBZRFUvjIm6YWl6J6V4Ib0heVwHAtSwfV3B5JnXO6PV9Z6FWPGo6C0KSvM3zs6DVMOIkNGHDqMWt6y%2B3zBeqCFEgkNhxbobjp7Ekp5CENKWSw%2BXlMfTEwBla6GsU%2BtIq5whw9Dro9017KXxJmLjW0wiAKguW%2Fj3wdW7xrpTLjlZKHyd%2FVuD2HT41VTrzkS4puqDou2QZms%2B9uRg1dpwEKwKUaqlGjP1Tm3Y0qeZDhIA6YqNDKI6wrAc5ifo5EPpMQh%2BHjN1v8MDmZxQzkqDwi%2F8ZAihmUkKoUnmYLBcPl5%2BdhjhIu1oD5HjOJiiGdu%2F8nN0FqC4EnrW%2FVeiC%2FYcmkorCLSHzW%2F2wSez9MESCS3W0ocQiCbUfwu2Dnh1P0aF0WRLubSMmwTcCV3DnMVECgjFgWg29NdNBm5tZiHJ5CAnYSCo9Ms1cgr8W83W84%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>nenonnet.se is on 103.224.212.185<br>ASN for 103.224.212.185: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.185 corresponds with lb-212-185.above.com<br>Abuse.net does not have any reliable address for lb-212-185.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-185.above.com1498049870http://spedparts.se/ (103.224.212.185) - Serp-hijackingAttacked url: http://spedparts.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 19 Jun 2017 07:44:38 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT9c2HXXKlhVjjRNQqSXNhDJnYDupGWWnU8TKTrtQ80t%2FLtnneiujc9EAT73kX%2BlW7gGIfWpg6r1svJguq%2BWrWKc5%2FZrbsDAye0KXNlm4w%2Bj2milTxQxSIRB3Mxbqh%2Fbo3v%2BYHhqYU81o3Ij8kgJQUl%2ByQ13f9IGFWMBKothdBxNVQLebm35iNCv%2B6J3BE8UnchCfV9CDFnrivmzh9BmID0t%2FLNxldaS0QNhoU20z2JmIpUul3NOKXwViJnVHOdBWIQwXazhUGWuFYIlsmuE88uJT8WOqXmTPjWcCKT4uV%2BNZBpWYNKVZLk%2FbEuwhA2%2BTEjCSpmvJDjbO0WCflDM4cRxaIPBtkIzmxC2duG%2F0SuSHgDV0Pj3dXAMOgfbcfDAjHcxXGJ5uwHqT%2F1GacIoEn4ITNopi9cYmA%2BP9vGpYX%2BiDQvQnuoc6TK8jQ4OrRJJdcL2qGW82%2B1ufj6tCSmYgZ4vdL80V6%2BPf6FPQYyOiq6SKd%2B%2FHjyC3OYwDlDTlY7ER99KhToKyw2lACsPfOJg89Ys%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: spedparts.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 19 Jun 2017 05:44:38 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497851078.2552990; expires=Thu, 17-Jun-2027 05:44:38 GMT; Max-Age=315360000 <br>Location: http://ww11.spedparts.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: spedparts.se <br>Referer: http://www.google.com/search?q=spedparts.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 19 Jun 2017 05:44:37 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497851077.3096354; expires=Thu, 17-Jun-2027 05:44:37 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT9c2HXXKlhVjjRNQqSXNhDJnYDupGWWnU8TKTrtQ80t%2FLtnneiujc9EAT73kX%2BlW7gGIfWpg6r1svJguq%2BWrWKc5%2FZrbsDAye0KXNlm4w%2Bj2milTxQxSIRB3Mxbqh%2Fbo3v%2BYHhqYU81o3Ij8kgJQUl%2ByQ13f9IGFWMBKothdBxNVQLebm35iNCv%2B6J3BE8UnchCfV9CDFnrivmzh9BmID0t%2FLNxldaS0QNhoU20z2JmIpUul3NOKXwViJnVHOdBWIQwXazhUGWuFYIlsmuE88uJT8WOqXmTPjWcCKT4uV%2BNZBpWYNKVZLk%2FbEuwhA2%2BTEjCSpmvJDjbO0WCflDM4cRxaIPBtkIzmxC2duG%2F0SuSHgDV0Pj3dXAMOgfbcfDAjHcxXGJ5uwHqT%2F1GacIoEn4ITNopi9cYmA%2BP9vGpYX%2BiDQvQnuoc6TK8jQ4OrRJJdcL2qGW82%2B1ufj6tCSmYgZ4vdL80V6%2BPf6FPQYyOiq6SKd%2B%2FHjyC3OYwDlDTlY7ER99KhToKyw2lACsPfOJg89Ys%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>spedparts.se is on 103.224.212.185<br>ASN for 103.224.212.185: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.185 corresponds with lb-212-185.above.com<br>Abuse.net does not have any reliable address for lb-212-185.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@lb-212-185.above.com abuse@above.com1497853628http://blul.se/ (103.224.212.185) - Serp-hijackingAttacked url: http://blul.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 19 Jun 2017 07:23:21 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT9c2HXXKlhVjUcvatu8ol5OvITisoyQOepVo8dVIX5XRY95boNxRqXe%2Fdj5G3oNs6oQKl5uDVlAi74KUFMUt3nOetYOeXobLQVxXabkf5j8QRL5urVgHvjtPWDLH1DyLmus7GtaoQ98QpXmAwU6syupT%2BPW8qHodRxnq30%2FvntJoMkI2u7yaV8%2BGZArrpIOOXCmW2eGWOunJlw8SxJ%2FZKnZn3Pnr15DnLO8wz8abPd2XKwePzXfyaW5FScXUzNTZOsEmEzKSnb82ZU4PKWETxQUG%2FRGViwnDPS%2BSyZ1SqdriF7dEUg7V%2B7U67lyfKha73ih79LkIjr01FEBuDRTQJoTk4wAsiNoF7ngh3EC8S4PzBUMA1R7RtOtL8aNJzzH7j3COfJCRJN0vTCF5ebSI3VPoTVF83ch29MvLYG8jypgDKaYN67T9LQKFg%2Bs8iVPuCDeTej8WJ5mlWrr2Cy5ZnRKgf2EQ%2BXBe0Dj81wZBcvJRIiUUh4A63Bmt2IAgyQaUBer4sqLBoFSu <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: blul.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 19 Jun 2017 05:23:21 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497849801.7066559; expires=Thu, 17-Jun-2027 05:23:21 GMT; Max-Age=315360000 <br>Location: http://ww11.blul.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: blul.se <br>Referer: http://www.google.com/search?q=blul.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 19 Jun 2017 05:23:20 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497849800.8999197; expires=Thu, 17-Jun-2027 05:23:20 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT9c2HXXKlhVjUcvatu8ol5OvITisoyQOepVo8dVIX5XRY95boNxRqXe%2Fdj5G3oNs6oQKl5uDVlAi74KUFMUt3nOetYOeXobLQVxXabkf5j8QRL5urVgHvjtPWDLH1DyLmus7GtaoQ98QpXmAwU6syupT%2BPW8qHodRxnq30%2FvntJoMkI2u7yaV8%2BGZArrpIOOXCmW2eGWOunJlw8SxJ%2FZKnZn3Pnr15DnLO8wz8abPd2XKwePzXfyaW5FScXUzNTZOsEmEzKSnb82ZU4PKWETxQUG%2FRGViwnDPS%2BSyZ1SqdriF7dEUg7V%2B7U67lyfKha73ih79LkIjr01FEBuDRTQJoTk4wAsiNoF7ngh3EC8S4PzBUMA1R7RtOtL8aNJzzH7j3COfJCRJN0vTCF5ebSI3VPoTVF83ch29MvLYG8jypgDKaYN67T9LQKFg%2Bs8iVPuCDeTej8WJ5mlWrr2Cy5ZnRKgf2EQ%2BXBe0Dj81wZBcvJRIiUUh4A63Bmt2IAgyQaUBer4sqLBoFSu <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>blul.se is on 103.224.212.185<br>ASN for 103.224.212.185: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.185 corresponds with lb-212-185.above.com<br>Abuse.net does not have any reliable address for lb-212-185.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-185.above.com1497853626http://dxa.se/ (103.224.212.185) - Serp-hijackingAttacked url: http://dxa.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 19 Jun 2017 07:04:25 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT9c2HXXKlhVjgOcReg45Hw2yXCaxTF6MJZioTmDQTI9j9XUnT9g7BSux5lH7mnIlU%2BIVHCDN4I2Orx0cm4386L1oWcugee2t3XfmkuxS7Yr1eU%2BDhiGzrHXrH7QTN%2B%2FTgX5pjpC%2FAk6FU2TWNGXcSfcVg%2FAcSdxby7etKK5zU6MT79FjrDsF5dCeFfwRPkG3kkIblHE5cmWpkL8Ypdh%2BIhYE9d7HeKFsS8VAs6VgQhstd4CVWVVGE6hUbjXD1hoCiCDRrkWiNOwNOewc4NAkdJdj1M0xY2NUbOyqHv9mWAKnwq6GTCLeRsVvMgstzW%2ByjYtZEYLrS8qktpR6exUNIQEQFtqDyQGFad%2Bs9iCUggJlnwzc8F%2BKJeJiF0Ulxt05B%2FJaCO%2FVh8sCeF4fSCtU1VPmqzvcna9iIjGif%2Fw5d78sJ%2FJaIF4dTmDAWqJwixppHIc9Lgro%2FQ4IgyseB%2B04wkhevsLxfW%2BbU9zLvgHDd%2BWmItdMeFTtZwTnv%2Bc1L0PrImlmzj4pBxq%2F <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dxa.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 19 Jun 2017 05:04:25 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497848665.2595405; expires=Thu, 17-Jun-2027 05:04:25 GMT; Max-Age=315360000 <br>Location: http://ww11.dxa.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: dxa.se <br>Referer: http://www.google.com/search?q=dxa.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 19 Jun 2017 05:04:24 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497848664.2235959; expires=Thu, 17-Jun-2027 05:04:24 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT9c2HXXKlhVjgOcReg45Hw2yXCaxTF6MJZioTmDQTI9j9XUnT9g7BSux5lH7mnIlU%2BIVHCDN4I2Orx0cm4386L1oWcugee2t3XfmkuxS7Yr1eU%2BDhiGzrHXrH7QTN%2B%2FTgX5pjpC%2FAk6FU2TWNGXcSfcVg%2FAcSdxby7etKK5zU6MT79FjrDsF5dCeFfwRPkG3kkIblHE5cmWpkL8Ypdh%2BIhYE9d7HeKFsS8VAs6VgQhstd4CVWVVGE6hUbjXD1hoCiCDRrkWiNOwNOewc4NAkdJdj1M0xY2NUbOyqHv9mWAKnwq6GTCLeRsVvMgstzW%2ByjYtZEYLrS8qktpR6exUNIQEQFtqDyQGFad%2Bs9iCUggJlnwzc8F%2BKJeJiF0Ulxt05B%2FJaCO%2FVh8sCeF4fSCtU1VPmqzvcna9iIjGif%2Fw5d78sJ%2FJaIF4dTmDAWqJwixppHIc9Lgro%2FQ4IgyseB%2B04wkhevsLxfW%2BbU9zLvgHDd%2BWmItdMeFTtZwTnv%2Bc1L0PrImlmzj4pBxq%2F <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>dxa.se is on 103.224.212.185<br>ASN for 103.224.212.185: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.185 corresponds with lb-212-185.above.com<br>Abuse.net does not have any reliable address for lb-212-185.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-185.above.com1497853624http://carqvistbil.se/ (103.224.212.185) - Serp-hijackingAttacked url: http://carqvistbil.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 19 Jun 2017 02:09:12 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT9c2HXXKlhVj3%2B9U5CWNdY8BjcI8b1EZIFskQNUu4luN9ubumd7CL%2Bc6V2TuV0WAqWrJEg3437YhAvqGHCalPXuce8xrgZyBCvzsDaOStM8LnNKd3iRkfQ%2BFWtjsKg%2FaPldT%2FoX6SVzGX4TNMhS%2BOa1srp4GIs6jBy2ogeOWKaTBpC%2BtMEDFVWqgl%2FwEOUD33ZP0orHzO0zcY9W7iKNuo5ijTJ%2FRqHu92eab35qIAjeCOoM%2FYfSflpdyPNF%2FyGFDQNHd0swzHe%2Fx7Q0i6d0UVK8GsiACDf%2Fc%2Bz63nT%2FiUGIp2AHEMEndmVcJeJAY%2BwZ1n3ajy3ulnEXGVdKIRF%2BC2u7fF0Qgteb8r8f5sxtx%2BJFomZhEm8jApGdWhNzYUFjAQvimY2VB99jW42Xev5ue7pcsZMlFXj46BnTTyr%2FZCcWekTwBMmy35Mn1hbWFPjeX%2B4Ldk2j0esbwOdlP6pVmDdwKoPnZspDsevdoT%2BbrqZmHrPvo6%2FITgZ9p0Bcq14GWti2VfJPijHZLFjne7Al3kkMONYAJBzT%2F7g%3D%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: carqvistbil.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 19 Jun 2017 00:09:12 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45-0+deb7u8 <br>Set-Cookie: __tad=1497830952.1555372; expires=Thu, 17-Jun-2027 00:09:12 GMT <br>Location: http://ww11.carqvistbil.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: carqvistbil.se <br>Referer: http://www.google.com/search?q=carqvistbil.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 19 Jun 2017 00:09:11 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45-0+deb7u8 <br>Set-Cookie: __tad=1497830951.3342426; expires=Thu, 17-Jun-2027 00:09:11 GMT <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT9c2HXXKlhVj3%2B9U5CWNdY8BjcI8b1EZIFskQNUu4luN9ubumd7CL%2Bc6V2TuV0WAqWrJEg3437YhAvqGHCalPXuce8xrgZyBCvzsDaOStM8LnNKd3iRkfQ%2BFWtjsKg%2FaPldT%2FoX6SVzGX4TNMhS%2BOa1srp4GIs6jBy2ogeOWKaTBpC%2BtMEDFVWqgl%2FwEOUD33ZP0orHzO0zcY9W7iKNuo5ijTJ%2FRqHu92eab35qIAjeCOoM%2FYfSflpdyPNF%2FyGFDQNHd0swzHe%2Fx7Q0i6d0UVK8GsiACDf%2Fc%2Bz63nT%2FiUGIp2AHEMEndmVcJeJAY%2BwZ1n3ajy3ulnEXGVdKIRF%2BC2u7fF0Qgteb8r8f5sxtx%2BJFomZhEm8jApGdWhNzYUFjAQvimY2VB99jW42Xev5ue7pcsZMlFXj46BnTTyr%2FZCcWekTwBMmy35Mn1hbWFPjeX%2B4Ldk2j0esbwOdlP6pVmDdwKoPnZspDsevdoT%2BbrqZmHrPvo6%2FITgZ9p0Bcq14GWti2VfJPijHZLFjne7Al3kkMONYAJBzT%2F7g%3D%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>carqvistbil.se is on 103.224.212.185<br>ASN for 103.224.212.185: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.185 corresponds with lb-212-185.above.com<br>Abuse.net does not have any reliable address for lb-212-185.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@lb-212-185.above.com abuse@above.com1497853541http://fiskarhedsvillan.se/ (103.224.212.185) - Serp-hijackingAttacked url: http://fiskarhedsvillan.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 16 Jun 2017 16:34:12 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT7ODPDAl%2Bm3K1HyY8mwDbyep9wQx8%2F9Hu5YOr4NlRiRPDCQoFzojS0b4d%2BNG%2BBp0gr4HW1yEQe1ScAq2tY%2F3lfMvQLK%2FviZogZCkA3cjXAIqtUh2EEzhksShR9mYLRqpFNy8VL8nCiSzo%2BG5QEghKC6epIRwsuXJzi37DieRKMdzveuJYjYQMBFL0aXj5iRb6cSsX0f8jomuJHoPTScuiHmqEfwKUoZ4NBr1zXIRlNY%2B5A4xaMtM85CAU%2FNkfkGs%2F7SLrbBsVJ2TylCxUVjObo4ZbMS5Qjsi8lxVDSdIophetOMPxryaTSoKnZ8Gr9bw8IYYrD9Q7f32hzN1SWuIMRciGxsJXMecbsytUVKLKkbbYDHJLHJMKGbJsqc3tIFedqt%2BY3Oz417Er%2FSFYttcCM8Bph2LFiw%2FCmUrbL6Kd1fRpwcHwn2o8S4x1tZBwBbU6sPxFzTzbQxoF5hX%2Fwrj%2FLepRFiw6FwnxNFznrQqKuD1Yfiu2f8AgZhitLsga8tAVebDWb6JDsvidA9M7lFK7jiOgbQuLWCbTrnxV1u4wnClmNmHkokr0srIXhNnpr5ThQ%3D%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: fiskarhedsvillan.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Fri, 16 Jun 2017 14:34:12 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45-0+deb7u8 <br>Set-Cookie: __tad=1497623652.8226861; expires=Mon, 14-Jun-2027 14:34:12 GMT <br>Location: http://ww11.fiskarhedsvillan.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: fiskarhedsvillan.se <br>Referer: http://www.google.com/search?q=fiskarhedsvillan.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Fri, 16 Jun 2017 14:34:11 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45-0+deb7u8 <br>Set-Cookie: __tad=1497623651.6147917; expires=Mon, 14-Jun-2027 14:34:11 GMT <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT7ODPDAl%2Bm3K1HyY8mwDbyep9wQx8%2F9Hu5YOr4NlRiRPDCQoFzojS0b4d%2BNG%2BBp0gr4HW1yEQe1ScAq2tY%2F3lfMvQLK%2FviZogZCkA3cjXAIqtUh2EEzhksShR9mYLRqpFNy8VL8nCiSzo%2BG5QEghKC6epIRwsuXJzi37DieRKMdzveuJYjYQMBFL0aXj5iRb6cSsX0f8jomuJHoPTScuiHmqEfwKUoZ4NBr1zXIRlNY%2B5A4xaMtM85CAU%2FNkfkGs%2F7SLrbBsVJ2TylCxUVjObo4ZbMS5Qjsi8lxVDSdIophetOMPxryaTSoKnZ8Gr9bw8IYYrD9Q7f32hzN1SWuIMRciGxsJXMecbsytUVKLKkbbYDHJLHJMKGbJsqc3tIFedqt%2BY3Oz417Er%2FSFYttcCM8Bph2LFiw%2FCmUrbL6Kd1fRpwcHwn2o8S4x1tZBwBbU6sPxFzTzbQxoF5hX%2Fwrj%2FLepRFiw6FwnxNFznrQqKuD1Yfiu2f8AgZhitLsga8tAVebDWb6JDsvidA9M7lFK7jiOgbQuLWCbTrnxV1u4wnClmNmHkokr0srIXhNnpr5ThQ%3D%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>fiskarhedsvillan.se is on 103.224.212.185<br>ASN for 103.224.212.185: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.185 corresponds with lb-212-185.above.com<br>Abuse.net does not have any reliable address for lb-212-185.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-185.above.com1497625787http://matchmake.se/ (103.224.212.185) - Serp-hijackingAttacked url: http://matchmake.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 16 Jun 2017 14:58:07 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT1U1o%2BKUv4rfDg3u6cBe0Fh1Sstq%2BCkzdkYNBPIjtqaj7u3f66psLKmiHXwjjc%2BpCelWSAomenYJ9m4dTMHju8WgqXzhOjZAoxRPtxbsMDLoYtDKGKIUwJrfyqkfFOt4rjb8ajEZ6VaJanVT5JZtOZlROw3e1ElDinI8ZqH%2BHSc6aFDiAtF10RmsX9Xpe82g23TQ52Pglgekhnviih8KeagYZXP2eXXMBCheMAOWMxhRHFMXGon1D9F2e%2F4SmNeuINIwy69xD8xbBp8imwd78unTvS%2FlGer7w1UU1IwOTF6JoDP%2FTcPkdjTg0Fs5tgUWWjGypFXaw9DPTFK4J%2B7JGXhTial77Ue5XpgLcLjD%2FJl9WhuTHwdnyK%2FCx%2B8UZzJvaM5cm8bN5AsXs8HPZzvhMUGNUXfdSFwFE2QqHE%2FsDOZe%2BBHKJV5peKlLQAVBlJI3p2rYMK3ioe216fKXnF5JR02fCpIk48mxoZ2KVeWuL6q%2B9J6RZuITWW%2F81etxLpmEweofyKAHvpmS6fsf291OHuzgzKNqJSQageIQKhgcNjHS <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: matchmake.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Fri, 16 Jun 2017 12:58:07 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45-0+deb7u8 <br>Set-Cookie: __tad=1497617887.7776446; expires=Mon, 14-Jun-2027 12:58:07 GMT <br>Location: http://ww11.matchmake.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: matchmake.se <br>Referer: http://www.google.com/search?q=matchmake.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Fri, 16 Jun 2017 12:58:06 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497617886.7510157; expires=Mon, 14-Jun-2027 12:58:06 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT1U1o%2BKUv4rfDg3u6cBe0Fh1Sstq%2BCkzdkYNBPIjtqaj7u3f66psLKmiHXwjjc%2BpCelWSAomenYJ9m4dTMHju8WgqXzhOjZAoxRPtxbsMDLoYtDKGKIUwJrfyqkfFOt4rjb8ajEZ6VaJanVT5JZtOZlROw3e1ElDinI8ZqH%2BHSc6aFDiAtF10RmsX9Xpe82g23TQ52Pglgekhnviih8KeagYZXP2eXXMBCheMAOWMxhRHFMXGon1D9F2e%2F4SmNeuINIwy69xD8xbBp8imwd78unTvS%2FlGer7w1UU1IwOTF6JoDP%2FTcPkdjTg0Fs5tgUWWjGypFXaw9DPTFK4J%2B7JGXhTial77Ue5XpgLcLjD%2FJl9WhuTHwdnyK%2FCx%2B8UZzJvaM5cm8bN5AsXs8HPZzvhMUGNUXfdSFwFE2QqHE%2FsDOZe%2BBHKJV5peKlLQAVBlJI3p2rYMK3ioe216fKXnF5JR02fCpIk48mxoZ2KVeWuL6q%2B9J6RZuITWW%2F81etxLpmEweofyKAHvpmS6fsf291OHuzgzKNqJSQageIQKhgcNjHS <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>matchmake.se is on 103.224.212.185<br>ASN for 103.224.212.185: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.185 corresponds with lb-212-185.above.com<br>Abuse.net does not have any reliable address for lb-212-185.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@lb-212-185.above.com abuse@above.com1497625775http://beautylook.se/ (103.224.212.185) - Serp-hijackingAttacked url: http://beautylook.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 16 Jun 2017 07:53:53 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT1U1o%2BKUv4rfeLuOe9a7p8ti99i7zT2%2FMtbkHfaScmnQ702d1oeW8%2FaAB8zOrP1tPX8vlq5eZgKcPjAMHCPfjGOnBhlIkc1WahC%2BTb%2FIXg3l0aoHhgcvciM7BGKf1oEYnff8RX8RtyB7SvAlIt5v%2FJ9qg3Jo%2BrHGQ10qNqhUvTDM%2B6CIb0lvkJJmQ2gU%2B5Q%2FiwvFns864TOB6D%2FTshZEauGdXi4euLx%2FiWAqSKhQaXMiezvFmyPQoEVFdwnTRUrDGu%2BqXoM4fRvFr%2FcWpAc%2BBiDXtTtCon9ZsAmHqINYHz%2BD%2BharjCWsy0%2BE2WEK68Dj0lEyuLOP5NdlCw1z3OaUP%2BvBgmqgXh%2F7dUgbIY5JSVyoN3VRkqfTDucZQdrvyCtfwmdGsuh69d67SZ%2FZTbRMvNCFCbqGDk4q19eXKOdt%2FHMBGlNabA97G4nkwmTFtl0bun%2BUN%2FS3%2F3tyBs5UWcG1LVJrBXlfrmoAbIf1aClKGGK%2FhAT59zl9L9qszEI3IEr0TCA5MARVRJWlz9VaolhbNwYW7rLNdnrJkA%3D%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: beautylook.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Fri, 16 Jun 2017 05:53:53 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497592433.1198576; expires=Mon, 14-Jun-2027 05:53:53 GMT; Max-Age=315360000 <br>Location: http://ww11.beautylook.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: beautylook.se <br>Referer: http://www.google.com/search?q=beautylook.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Fri, 16 Jun 2017 05:53:52 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497592432.3549622; expires=Mon, 14-Jun-2027 05:53:52 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT1U1o%2BKUv4rfeLuOe9a7p8ti99i7zT2%2FMtbkHfaScmnQ702d1oeW8%2FaAB8zOrP1tPX8vlq5eZgKcPjAMHCPfjGOnBhlIkc1WahC%2BTb%2FIXg3l0aoHhgcvciM7BGKf1oEYnff8RX8RtyB7SvAlIt5v%2FJ9qg3Jo%2BrHGQ10qNqhUvTDM%2B6CIb0lvkJJmQ2gU%2B5Q%2FiwvFns864TOB6D%2FTshZEauGdXi4euLx%2FiWAqSKhQaXMiezvFmyPQoEVFdwnTRUrDGu%2BqXoM4fRvFr%2FcWpAc%2BBiDXtTtCon9ZsAmHqINYHz%2BD%2BharjCWsy0%2BE2WEK68Dj0lEyuLOP5NdlCw1z3OaUP%2BvBgmqgXh%2F7dUgbIY5JSVyoN3VRkqfTDucZQdrvyCtfwmdGsuh69d67SZ%2FZTbRMvNCFCbqGDk4q19eXKOdt%2FHMBGlNabA97G4nkwmTFtl0bun%2BUN%2FS3%2F3tyBs5UWcG1LVJrBXlfrmoAbIf1aClKGGK%2FhAT59zl9L9qszEI3IEr0TCA5MARVRJWlz9VaolhbNwYW7rLNdnrJkA%3D%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>beautylook.se is on 103.224.212.185<br>ASN for 103.224.212.185: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.185 corresponds with lb-212-185.above.com<br>Abuse.net does not have any reliable address for lb-212-185.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-185.above.com1497625640http://badycontakt.se/ (103.224.212.185) - Serp-hijackingAttacked url: http://badycontakt.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 16 Jun 2017 07:24:43 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT1U1o%2BKUv4rf%2BSaGBgRmruLy2UvbWL4tMMQhiWrUIQiH4%2B3qM16rdJAiW6P%2FDJ2oVMhUpG0ne1xiFdLUMFeHOXMQJ0YOAPneqW6VBX0jmgIOc0ahGQ8UzuQyv81%2B0iXkulzLyOMetSoGXFcCaFlHvAmKt%2B5ybnYAr96iDp7JHIEpZSfz8MeIf1D%2B1OFfT740p0r6me%2FQs5BtNARc1PfqjZvmwEndlaFI7%2BXNMuCatqvrUt5njSRAvoPYdCQissMiUDzX37eKAQENrd2%2BelKFYxiu%2BzzgTfDVrClJNKfSUJ3j0eMkI%2B4PHoT907xvxKi7%2B1nZPCjgB2YzX7ITaNPyappF9dI2JklmvJDfmfbw1iwywyShoboD0psX7riBBA4QwpSRDH7JQRv4s53F%2BVxTiA8ZaDxSBlUXkpqb2oLNdh4M7oiA5DzczIGE%2Bxo7T2W6vnGZYvXjyG2s9%2BgSvZSFkJY3f%2F9uCdptIRQygoWviXkrcYOZvJQvh6537Za83PIgjb1jjKtlOe3Mbya3SwJ8%2BXQguMj%2BI4Lc4A%3D%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: badycontakt.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Fri, 16 Jun 2017 05:24:43 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497590683.6748671; expires=Mon, 14-Jun-2027 05:24:43 GMT; Max-Age=315360000 <br>Location: http://ww11.badycontakt.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: badycontakt.se <br>Referer: http://www.google.com/search?q=badycontakt.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Fri, 16 Jun 2017 05:24:42 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45-0+deb7u8 <br>Set-Cookie: __tad=1497590682.2073553; expires=Mon, 14-Jun-2027 05:24:42 GMT <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT1U1o%2BKUv4rf%2BSaGBgRmruLy2UvbWL4tMMQhiWrUIQiH4%2B3qM16rdJAiW6P%2FDJ2oVMhUpG0ne1xiFdLUMFeHOXMQJ0YOAPneqW6VBX0jmgIOc0ahGQ8UzuQyv81%2B0iXkulzLyOMetSoGXFcCaFlHvAmKt%2B5ybnYAr96iDp7JHIEpZSfz8MeIf1D%2B1OFfT740p0r6me%2FQs5BtNARc1PfqjZvmwEndlaFI7%2BXNMuCatqvrUt5njSRAvoPYdCQissMiUDzX37eKAQENrd2%2BelKFYxiu%2BzzgTfDVrClJNKfSUJ3j0eMkI%2B4PHoT907xvxKi7%2B1nZPCjgB2YzX7ITaNPyappF9dI2JklmvJDfmfbw1iwywyShoboD0psX7riBBA4QwpSRDH7JQRv4s53F%2BVxTiA8ZaDxSBlUXkpqb2oLNdh4M7oiA5DzczIGE%2Bxo7T2W6vnGZYvXjyG2s9%2BgSvZSFkJY3f%2F9uCdptIRQygoWviXkrcYOZvJQvh6537Za83PIgjb1jjKtlOe3Mbya3SwJ8%2BXQguMj%2BI4Lc4A%3D%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>badycontakt.se is on 103.224.212.185<br>ASN for 103.224.212.185: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.185 corresponds with lb-212-185.above.com<br>Abuse.net does not have any reliable address for lb-212-185.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-185.above.com1497625627http://cheekymonkey.se/ (103.224.212.185) - Serp-hijackingAttacked url: http://cheekymonkey.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Thu, 15 Jun 2017 22:55:55 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT1U1o%2BKUv4rfB5C%2BWwkLLxfGZbg%2FNoh5JobapnDGUjlhj8tR%2Bmd49kj1rr1%2Bkbclqx9cnhmEA2SU9%2F9J6IGcknl0I6U%2FouAmNsxxMAwcgBT3DZMBBOSZAaCDGabtVsVwu6ABQ%2FVRZpVSr5VB5h6k%2B6s8pHc7d79EPp2sPNV8M69SIIq1H6Ze7phzF88hlQSWNtexgTqJNNbmHH%2Bz%2FuPRLoH9yhVD%2FoQdbLzvt37Fcw1mQVGijSivzIohvJfD4KJv5hxuXqISIM4B9XlM5MhfAFdLLbU5c2i2GSC7URLdfV83ca7Pud9tKYdvAU0oGQuB0nHETBOyDhV55LM3Oh5peiDSGfm6ReDNXCjS8hJcxRVgeJ7I%2FV5p54C75o4LvLbg2dALNIHQ4wsNv36luHwC14aSWuanQvHW97LucsJ9%2FOdTjUtA1tvVd1hokTyguS6R93HCwE7W%2Fngs4xK7xBhQymjuCtM32qM9C2b5ujpTU21WTYyRgGG%2BBE0ENcCzKOuoSrpp9cqboM2jwD8eZuwdWHqH%2Bv%2B9Fxi2O%2BEnEMMveF%2BuKZsCPfjpYww%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: cheekymonkey.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Thu, 15 Jun 2017 20:55:55 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497560155.7250199; expires=Sun, 13-Jun-2027 20:55:55 GMT; Max-Age=315360000 <br>Location: http://ww11.cheekymonkey.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: cheekymonkey.se <br>Referer: http://www.google.com/search?q=cheekymonkey.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Thu, 15 Jun 2017 20:55:54 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45-0+deb7u8 <br>Set-Cookie: __tad=1497560154.1153588; expires=Sun, 13-Jun-2027 20:55:54 GMT <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT1U1o%2BKUv4rfB5C%2BWwkLLxfGZbg%2FNoh5JobapnDGUjlhj8tR%2Bmd49kj1rr1%2Bkbclqx9cnhmEA2SU9%2F9J6IGcknl0I6U%2FouAmNsxxMAwcgBT3DZMBBOSZAaCDGabtVsVwu6ABQ%2FVRZpVSr5VB5h6k%2B6s8pHc7d79EPp2sPNV8M69SIIq1H6Ze7phzF88hlQSWNtexgTqJNNbmHH%2Bz%2FuPRLoH9yhVD%2FoQdbLzvt37Fcw1mQVGijSivzIohvJfD4KJv5hxuXqISIM4B9XlM5MhfAFdLLbU5c2i2GSC7URLdfV83ca7Pud9tKYdvAU0oGQuB0nHETBOyDhV55LM3Oh5peiDSGfm6ReDNXCjS8hJcxRVgeJ7I%2FV5p54C75o4LvLbg2dALNIHQ4wsNv36luHwC14aSWuanQvHW97LucsJ9%2FOdTjUtA1tvVd1hokTyguS6R93HCwE7W%2Fngs4xK7xBhQymjuCtM32qM9C2b5ujpTU21WTYyRgGG%2BBE0ENcCzKOuoSrpp9cqboM2jwD8eZuwdWHqH%2Bv%2B9Fxi2O%2BEnEMMveF%2BuKZsCPfjpYww%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>cheekymonkey.se is on 103.224.212.185<br>ASN for 103.224.212.185: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.185 corresponds with lb-212-185.above.com<br>Abuse.net does not have any reliable address for lb-212-185.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@lb-212-185.above.com abuse@above.com1497625281http://bussfabriken.se/ (103.224.212.185) - Serp-hijackingAttacked url: http://bussfabriken.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 13 Jun 2017 03:04:04 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3gQkIDbz2IDsXKuuQcAfPxcyaYjwtt99gAtGGmuStmkG2JivqlP%2FkNEeWLxVJlVL5bvCcoKQ0JoqiIMGlZ7iu4O9DHKu8FaGNHxp6%2F9JP24YAE9Jfs%2BAb%2BbbmaVTgBEzH8M0XH6688E0YzI4XJjI1LpAozDphnk6ylSV1l3eQG7PckXu2W%2FJAWI9At8SY%2FY7dvXI%2BkpbG%2FuEMv%2B69KDLjZvM6KJzN5xl1r6MXCPzq2SdnPBrxmvZUWEoSrLIu7kYdY7hqfLTbSEoTPIHYHma6YSTS%2BRiOh6VYJ0PPl54XwfZyGkrArVP6%2FcbEPRJ1iu9Xh5byVLsjTmcHXA0bZBGmT3nEOCPJT%2BGf8O3o3%2B0HBiS9nqgTlQ8gVJo80KQZiIX6QJgjTqv5%2F93rm4t0xLiyGeS2v0aTQfElkT%2FcppKLK6HP7o3cUMKBD7odIAQJ38Xf3x1nDST%2FszDzxoIlk%2FKTv9g8z6GKrerFXnMnTImEeu48aW6aXVZtuxGSRaNMfm6QspcK2wijjxHxZNlQtAaJEXhhKq1S38bWuptVnDhLKQ2xK3ZTdfXL4%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: bussfabriken.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 13 Jun 2017 01:04:04 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45-0+deb7u8 <br>Set-Cookie: __tad=1497315844.8216805; expires=Fri, 11-Jun-2027 01:04:04 GMT <br>Location: http://ww11.bussfabriken.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: bussfabriken.se <br>Referer: http://www.google.com/search?q=bussfabriken.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 13 Jun 2017 01:04:03 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497315843.5637757; expires=Fri, 11-Jun-2027 01:04:03 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3gQkIDbz2IDsXKuuQcAfPxcyaYjwtt99gAtGGmuStmkG2JivqlP%2FkNEeWLxVJlVL5bvCcoKQ0JoqiIMGlZ7iu4O9DHKu8FaGNHxp6%2F9JP24YAE9Jfs%2BAb%2BbbmaVTgBEzH8M0XH6688E0YzI4XJjI1LpAozDphnk6ylSV1l3eQG7PckXu2W%2FJAWI9At8SY%2FY7dvXI%2BkpbG%2FuEMv%2B69KDLjZvM6KJzN5xl1r6MXCPzq2SdnPBrxmvZUWEoSrLIu7kYdY7hqfLTbSEoTPIHYHma6YSTS%2BRiOh6VYJ0PPl54XwfZyGkrArVP6%2FcbEPRJ1iu9Xh5byVLsjTmcHXA0bZBGmT3nEOCPJT%2BGf8O3o3%2B0HBiS9nqgTlQ8gVJo80KQZiIX6QJgjTqv5%2F93rm4t0xLiyGeS2v0aTQfElkT%2FcppKLK6HP7o3cUMKBD7odIAQJ38Xf3x1nDST%2FszDzxoIlk%2FKTv9g8z6GKrerFXnMnTImEeu48aW6aXVZtuxGSRaNMfm6QspcK2wijjxHxZNlQtAaJEXhhKq1S38bWuptVnDhLKQ2xK3ZTdfXL4%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>bussfabriken.se is on 103.224.212.185<br>ASN for 103.224.212.185: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.185 corresponds with lb-212-185.above.com<br>Abuse.net does not have any reliable address for lb-212-185.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-185.above.com1497350337